CCNA System Management Questions

75 of 137 questions · Page 1/2 · System Management topic · Answers revealed

1
MCQhard

Based on the exhibit, what is the most likely cause of the 'PV Status: not available'?

A.The volume group is corrupted.
B.The logical volume is not mounted.
C.LVM metadata is damaged.
D.The physical volume is missing or disconnected.
AnswerD

PV status 'not available' indicates the PV cannot be accessed.

Why this answer

The status 'not available' indicates that the physical volume (PV) is missing or not accessible. This often happens when the underlying disk or partition is removed or fails. The VG and LV metadata may still be present but the PV cannot be found.

2
Multi-Selecteasy

Which THREE commands can be used to display the mount points and file system usage? (Choose three.)

Select 3 answers
A.df -h
B.du
C.df -i
D.mount
E.lsblk
AnswersA, D, E

Shows filesystem usage with mount points.

Why this answer

Option A shows disk usage per directory. Option B shows filesystem usage with mount points. Option D shows mounted filesystems.

Option C shows inode usage. Option E shows overall disk space but not mount points.

3
MCQeasy

A user reports that the /home partition is running out of space. Which command identifies the largest directories under /home?

A.du -sh /home/*
B.df -h /home
C.ls -lhS /home
D.find /home -type d -size +100M
AnswerA

du -sh gives human-readable totals for each top-level item under /home.

Why this answer

Option C is correct because 'du -sh /home/*' calculates disk usage in human-readable format (-sh) for each subdirectory. Option A is wrong because 'df -h' shows filesystem-level usage, not per-directory. Option B is wrong because 'ls -lhS' lists files sorted by size, but not recursively.

Option D is wrong because 'find /home -type d -size +100M' finds based on directory size, which is often not accurate.

4
MCQmedium

An administrator needs to extend the size of a logical volume named 'lv_data' in volume group 'vg_data' by 10 GB. A new disk /dev/sdb has been added to the system. What is the correct sequence of commands?

A.pvcreate /dev/sdb; vgextend vg_data /dev/sdb; lvextend -L +10G /dev/vg_data/lv_data
B.lvextend -L +10G /dev/vg_data/lv_data; vgextend vg_data /dev/sdb; pvcreate /dev/sdb
C.vgextend vg_data /dev/sdb; pvcreate /dev/sdb; lvextend -L +10G /dev/vg_data/lv_data
D.pvcreate /dev/sdb; lvextend -L +10G /dev/vg_data/lv_data; vgextend vg_data /dev/sdb
AnswerA

This sequence correctly initializes the physical volume, extends the volume group, then extends the logical volume.

Why this answer

Option A is correct. The correct order is: pvcreate to initialize the disk, vgextend to add it to the volume group, then lvextend to increase the logical volume size. Options B and D have wrong order; Option C misses pvcreate or has it after vgextend.

5
MCQmedium

A developer needs to run a one-time script after the network is up on a systemd-based server. Which unit type should be used?

A.forking
B.exec
C.simple
D.oneshot
AnswerD

Oneshot units run a single command and then exit.

Why this answer

The `oneshot` unit type is correct because it is designed for services that run a single task to completion and then exit, making it ideal for a one-time script that must execute after the network is up. In systemd, `oneshot` units can be configured with `RemainAfterExit=no` (the default) to indicate they do not need to stay running, and they support ordering dependencies like `After=network-online.target` to ensure the network is available before the script runs.

Exam trap

The trap here is that candidates confuse `oneshot` with `simple` or `forking`, mistakenly thinking a one-time script needs to remain running (`simple`) or fork into the background (`forking`), but systemd's `oneshot` is explicitly designed for tasks that exit after completion.

How to eliminate wrong answers

Option A is wrong because `forking` is used for daemons that fork into the background after startup, and systemd tracks the parent process; a one-time script that exits does not fork, so this type is inappropriate. Option B is wrong because `exec` is not a valid systemd service type; the correct types are `simple`, `forking`, `oneshot`, `dbus`, `notify`, and `idle`. Option C is wrong because `simple` is for services that start and remain running in the foreground, which does not match a one-time script that exits after execution.

6
MCQeasy

A new user 'jdoe' has been added using the command 'useradd jdoe', but upon first login, the user receives a message that the home directory does not exist. Which command should the administrator run to resolve this issue while also populating the home directory with default skeleton files?

A.chown jdoe:jdoe /home/jdoe
B.mkdir /home/jdoe; cp /etc/skel/* /home/jdoe/
C.usermod -d /home/jdoe jdoe
D.useradd -m jdoe
AnswerD

The -m flag creates the home directory and copies skeleton files from /etc/skel.

Why this answer

Option B is correct because useradd -m creates the home directory and copies skeleton files. Option A only changes the home directory entry in /etc/passwd but does not create it. Option C manually creates the directory but is not the standard tool.

Option D only fixes ownership.

7
MCQhard

A server with multiple disks is configured with RAID 5 for performance and redundancy. The administrator notices that write performance is lower than expected. Which RAID level would provide better write performance while still offering fault tolerance with the same number of disks (minimum 4)?

A.RAID 0
B.RAID 6
C.RAID 10
D.RAID 1
AnswerC

RAID 10 combines striping and mirroring, providing high write performance and fault tolerance.

Why this answer

Option C is correct. RAID 10 (striping + mirroring) offers better write performance than RAID 5 because it does not require parity calculation. RAID 0 has no fault tolerance.

RAID 1 has slower writes due to mirroring. RAID 6 has double parity, even slower writes.

8
MCQmedium

A system administrator needs to configure a Linux server to automatically synchronize time with the NTP pool servers. The server should also act as an NTP peer for other servers on the local network. Which file should be modified, and which directive should be added?

A./etc/chrony/chrony.conf with "pool pool.ntp.org iburst" and "allow 192.168.1.0/24"
B./etc/npt.conf with "peer pool.ntp.org"
C./etc/systemd/timesyncd.conf with "NTP=pool.ntp.org" and "LocalPort=123"
D./etc/ntp.conf with "server pool.ntp.org iburst"
AnswerA

Correct file and directives for both client sync and allowing other servers to peer.

Why this answer

Chrony is the default NTP implementation on modern RHEL/CentOS 7+ and many distributions. The configuration file is /etc/chrony/chrony.conf. The 'pool' directive with 'iburst' synchronizes with NTP servers, and 'allow' specifies which networks can query the server as an NTP peer.

Option A uses ntpd but lacks the 'allow' directive. Option C uses timesyncd which is client-only. Option D has typo and incorrect directive.

9
MCQmedium

Based on the exhibit, the myapp service fails to start. Which troubleshooting step should be taken first?

A.Increase the RestartSec value to allow more time for startup
B.Verify that /usr/local/bin/myapp has execute permission
C.Inspect the system journal for more detailed error messages
D.Check that the application's configuration file exists and is readable
AnswerD

The error indicates a missing config file.

Why this answer

The exhibit shows a systemd unit file for the myapp service with `ExecStart=/usr/local/bin/myapp` and `Restart=on-failure`. The service fails to start, and the most common cause for such a failure is a missing or misconfigured application configuration file that the binary expects at launch. Option D is correct because verifying the configuration file's existence and readability is a fundamental prerequisite before investigating deeper issues like permissions or logs.

Exam trap

The trap here is that candidates often jump to inspecting logs (Option C) or adjusting restart timers (Option A) without first verifying the most basic prerequisite—the configuration file—which is a direct and faster check that aligns with the 'first step' in systematic troubleshooting.

How to eliminate wrong answers

Option A is wrong because increasing RestartSec only affects the delay between restart attempts, not the root cause of the startup failure; it would merely slow down retries without fixing the underlying issue. Option B is wrong because if the binary lacked execute permission, systemd would typically report a specific 'Permission denied' error in the journal, and the exhibit does not indicate that; also, the binary path is hardcoded in ExecStart, and execute permission is a secondary check after ensuring the configuration file is valid. Option C is wrong because while inspecting the system journal is a valid troubleshooting step, it is not the first step; the question asks for the first step, and checking the configuration file is a quicker, more direct check that often reveals the problem without needing to parse logs.

10
MCQeasy

An administrator needs to schedule a backup script located at '/usr/local/bin/backup.sh' to run every Sunday at 2:30 AM. The server uses cron for task scheduling. The administrator currently has the following crontab entry: '30 2 * * 0 /usr/local/bin/backup.sh'. However, the administrator wants to verify that the cron job is configured correctly and will run as expected. Which of the following commands should the administrator use to list the current user's cron jobs and verify the entry?

A.cat /var/spool/cron/crontabs/root
B.systemctl status cron
C.cron -l
D.crontab -l
AnswerD

Lists the current user's crontab entries, allowing verification.

Why this answer

The 'crontab -l' command lists the current user's crontab entries. Option A is correct. 'cron -l' is not a valid command. 'cat /var/spool/cron/crontabs/root' might work for root but not for a regular user, and the path varies. 'systemctl status cron' shows the cron service status, not the job list.

11
MCQmedium

An administrator is troubleshooting a server that fails to boot. The system displays 'kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0).' Which of the following is the most likely cause?

A.The init binary is missing
B.The hard drive has a hardware failure
C.The kernel image is corrupted
D.The Master Boot Record is damaged
E.Incorrect root= parameter in the kernel command line
AnswerE

The root filesystem cannot be mounted due to wrong root= parameter.

Why this answer

Option B is correct because this error indicates the kernel cannot find or mount the root filesystem, often due to an incorrect root= parameter in the boot loader configuration. Option A is wrong because missing init would cause a different error about /sbin/init. Option C is wrong because a corrupted kernel would usually cause an earlier error during decompression.

Option D is wrong because GRUB stage 1 damage would prevent the boot loader from loading. Option E is wrong because a hardware failure is unlikely to produce this specific message.

12
MCQhard

A company requires that all systems be configured to log all authentication attempts, both successful and failed. Which configuration file and directive should be used to ensure all auth messages are logged to /var/log/secure?

A.In /etc/rsyslog.conf: *.info /var/log/secure
B.In /etc/rsyslog.conf: auth.* /var/log/secure
C.In /etc/rsyslog.conf: authpriv.* /var/log/secure
D.In /etc/rsyslog.conf: kern.* /var/log/secure
AnswerC

Correct facility and action.

Why this answer

In rsyslog, the `authpriv` facility covers authentication and authorization messages, including both successful and failed login attempts. The directive `authpriv.* /var/log/secure` directs all messages from this facility to `/var/log/secure`, which is the standard secure log file on RHEL/CentOS systems. This meets the requirement to log all authentication attempts.

Exam trap

The trap here is that candidates confuse the `auth` and `authpriv` facilities, assuming `auth.*` is correct because it sounds like 'authentication', but `authpriv` is the actual facility used by modern Linux authentication subsystems like PAM and sshd.

How to eliminate wrong answers

Option A is wrong because `*.info` selects all messages with severity info or higher, which would flood `/var/log/secure` with non-authentication messages (e.g., cron, mail, daemon logs), not specifically auth messages. Option B is wrong because `auth.*` uses the `auth` facility, which is typically used for legacy or non-privileged authentication; on modern Linux systems, authentication logs are generated under the `authpriv` facility, so `auth.*` would miss many auth-related messages. Option D is wrong because `kern.*` selects kernel messages only, which are unrelated to authentication attempts and are typically logged to `/var/log/kern.log` or `/var/log/messages`.

13
MCQeasy

A Linux administrator needs to check which process is using the most memory on a system. The administrator wants to view dynamically updating list of processes sorted by memory usage. Which command should the administrator use?

A.ps aux --sort=-%mem
B.top -o %MEM
C.htop -s MEM
D.vmstat 1 5
AnswerB

top with -o sorts by the specified field and updates dynamically.

Why this answer

The top command provides a real-time, dynamically updating view of system processes. Using the -o %MEM flag sorts processes by memory usage. Option A (ps) shows a static snapshot.

Option C (htop) is not installed by default on many systems and uses -s for sort. Option D (vmstat) shows system-wide stats, not per process.

14
MCQeasy

Based on the exhibit, what is the most likely cause of the sshd service failure?

A.The SSH configuration file has a syntax error.
B.The privilege separation directory /var/empty/sshd does not exist.
C.The sshd PID file cannot be written.
D.The SSH port is already in use by another service.
AnswerB

The error message directly states this directory is missing.

Why this answer

The error message 'Privilege separation directory /var/empty/sshd does not exist' directly indicates that the required chroot directory for the unprivileged sshd process is missing. Without this directory, sshd cannot drop privileges after authentication, causing it to fail on startup. This is a common issue after a partial installation or cleanup of OpenSSH.

Exam trap

CompTIA often tests the specific error message 'Privilege separation directory /var/empty/sshd does not exist' to trap candidates who assume the failure is due to a configuration syntax error or port conflict, rather than recognizing the missing chroot directory as a distinct startup prerequisite.

How to eliminate wrong answers

Option A is wrong because a syntax error in the SSH configuration file would typically produce a specific parse error message (e.g., 'Bad configuration option' or 'line X: syntax error'), not a missing directory error. Option C is wrong because the inability to write the PID file would generate a 'Could not create PID file' or 'Permission denied' message, not a privilege separation directory error. Option D is wrong because if the SSH port were already in use, the error would be 'Address already in use' or 'bind: Address in use', which is a socket binding failure, not a missing directory.

15
MCQeasy

What does the output in the exhibit indicate about the /etc/shadow file?

A.The file has an SELinux context.
B.The file is encrypted.
C.The file has an ACL applied.
D.The file is compressed.
AnswerA

The output format is standard for SELinux labels.

Why this answer

The output shows an SELinux context: system_u (user), object_r (role), shadow_t (type), and s0 (sensitivity). This indicates the file has an SELinux security label.

16
MCQhard

A company policy requires all systems to have a specific set of security patches applied. The administrator needs to generate a report listing all installed packages that contain security updates available. Which command sequence should be used on Red Hat-based systems?

A.yum check-update
B.yum updateinfo list security
C.yum info-sec
D.yum list-security
E.yum list updates
AnswerD

Lists security-related updates.

Why this answer

Option D is correct because `yum list-security` (or `dnf list-security`) lists security advisories and the associated packages with available updates. Option A is wrong because `yum check-update` lists all updates, not just security. Option B is wrong because `yum updateinfo list security` is not a valid command; the correct is `yum updateinfo list --sec`.

Option C is wrong because `yum list updates` lists all updateable packages. Option E is wrong because `yum info-sec` is not a valid command.

17
MCQmedium

Based on the exhibit, which statement is true about the sshd service?

A.The service is masked.
B.The service is inactive.
C.The service has exited.
D.The service is not enabled to start at boot.
AnswerD

'disabled' indicates the service is not enabled for automatic start.

Why this answer

The exhibit shows the output of `systemctl status sshd.service`. The line `Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: enabled)` indicates the service is currently loaded but its enablement state is `disabled`, meaning it is not configured to start automatically at boot. The `Active: inactive (dead)` line confirms the service is not running now, but the question asks about boot-time behavior, which is governed by the `disabled` state.

Therefore, option D is correct.

Exam trap

The trap here is that candidates see `inactive (dead)` and incorrectly assume the service is not enabled to start at boot, but the actual evidence for boot behavior is the `disabled` keyword in the Loaded line, not the Active line.

How to eliminate wrong answers

Option A is wrong because the service is `loaded`, not `masked`; a masked service would show `masked` in the Loaded line and cannot be started directly. Option B is wrong because while the service is currently `inactive (dead)`, the question asks for a true statement about the service overall, and the key fact is its disabled boot status, not just its current runtime state. Option C is wrong because `exited` is a specific active state for services that run and terminate (e.g., oneshot type), but this service shows `inactive (dead)`, not `exited`; `exited` would appear as `Active: active (exited)`.

18
MCQmedium

A system administrator is configuring a firewall using iptables. The requirement is to allow incoming SSH connections from the 192.168.1.0/24 network only. Which iptables rule should be added to the INPUT chain?

A.iptables -A INPUT -p tcp --dport 22 -d 192.168.1.0/24 -j ACCEPT
B.iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j REJECT
C.iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
D.iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j LOG
E.iptables -A INPUT -p tcp --dport 22 -j ACCEPT
AnswerC

Allows SSH from the specified network.

Why this answer

Option A is correct because it specifies the source IP range, destination port 22, and accepts the connection. Option B is wrong because it refers to the output interface. Option C is wrong because it uses REJECT instead of DROP, but more importantly, it doesn't specify source.

Option D is wrong because it only logs and does not accept. Option E is wrong because -s is missing, so it accepts from any source.

19
MCQmedium

A Linux administrator receives reports that the system's log files are growing rapidly and consuming disk space. The administrator needs to configure the system to rotate logs weekly, keep 4 weeks of logs, compress old logs, and ensure that log rotation does not cause logs to be lost if the log file is still being written. Which configuration file and setting should be used?

A./etc/rsyslog.conf with action(type="omfile" file="/var/log/syslog" rotate="weekly" keep="4" compress)
B./etc/logrotate.d/syslog with directives: weekly, rotate 4, compress, delaycompress
C./etc/systemd/journald.conf with Settings=MaxRetentionSec=4weeks and Compress=yes
D./etc/cron.daily/logrotate script that calls logrotate -f /etc/logrotate.conf
AnswerB

logrotate is the standard tool; delaycompress ensures current log is not compressed until next rotation, preventing data loss.

Why this answer

The logrotate utility is responsible for log rotation. The configuration snippet 'weekly, rotate 4, compress, delaycompress' in /etc/logrotate.d/syslog will rotate logs weekly, keep 4 rotations, compress older logs, and delay compression by one rotation to avoid losing data if the log is still being written. Option B uses rsyslog which does not handle rotation.

Option C is for journald. Option D is a cron job but not specific.

20
Multi-Selecteasy

Which TWO commands display disk usage information for filesystems? (Select 2.)

Select 2 answers
A.ls
B.du
C.parted
D.df
E.fdisk
AnswersB, D

du estimates file and directory space usage.

Why this answer

Options A (df) and B (du) are correct. df shows filesystem-level usage, du shows per-directory usage. ls, fdisk, and parted do not primarily show disk usage.

21
MCQhard

Refer to the exhibit. A network administrator is troubleshooting a failed network connection. Based on the journalctl output, what is the most likely cause?

A.The NetworkManager service is not running.
B.The network interface eth0 is not physically connected.
C.The network configuration file has an invalid IP address.
D.The DHCP server is unreachable.
AnswerB

'No suitable device found' suggests the interface is not available or not plugged in.

22
MCQmedium

A Linux administrator needs to mount a new ext4 filesystem on /dev/sdb1 to /mnt/data. The administrator wants the filesystem to be mounted automatically at boot with noatime and with user ownership of files to be preserved (i.e., the filesystem should be owned by a specific user). Which line should be added to /etc/fstab?

A./dev/sdb1 /mnt/data ext4 defaults,noatime 0 2
B.LABEL=DATA /mnt/data ext4 noatime,user 0 2
C.UUID=xxxx /mnt/data ext4 defaults,noatime,uid=1000 0 2
D./dev/sdb1 /mnt/data ext4 rw,noatime 0 0
AnswerA

Correct line for ext4 with noatime and pass 2 for fsck.

Why this answer

For ext4, the uid mount option does not exist; ownership is based on the files themselves. The default mount options are specified by 'defaults', which includes rw, suid, dev, exec, auto, nouser, async, and relatime. Adding 'noatime' replaces relatime.

A typical /etc/fstab entry for a data filesystem uses 'defaults,noatime' and pass number 2 for non-root filesystems. Option B uses uid which is invalid for ext4. Option C uses rw but pass 0 prevents fsck.

Option D uses user which allows non-root users to mount.

23
MCQmedium

A Linux server runs a web application that frequently runs out of file descriptors. Which configuration change would permanently increase the maximum number of open files for all users?

A.Set 'fs.file-max = 65536' in /etc/sysctl.conf
B.Add 'session required pam_limits.so' to /etc/pam.d/login
C.Run 'ulimit -n 65536' in a startup script
D.Edit /etc/security/limits.conf and add 'soft nofile 65536' and 'hard nofile 65536'
AnswerD

Correct file and syntax.

Why this answer

Option D is correct because editing /etc/security/limits.conf with both 'soft nofile' and 'hard nofile' entries permanently raises the per-user limit on open file descriptors for all users (or specified users/groups) at login. The soft limit is the current working limit, while the hard limit is the maximum ceiling; setting both ensures the user can reach the desired value without needing to run ulimit with root privileges.

Exam trap

The trap here is that candidates confuse the system-wide kernel parameter 'fs.file-max' (Option A) with the per-user PAM limits in limits.conf, assuming that raising the kernel value alone will resolve per-process file descriptor exhaustion.

How to eliminate wrong answers

Option A is wrong because 'fs.file-max' in /etc/sysctl.conf sets the system-wide kernel limit on open files, not the per-user limit; even if this is high, users are still constrained by their per-user limits from PAM. Option B is wrong because adding 'session required pam_limits.so' to /etc/pam.d/login enables PAM's limits module but does not itself set any file descriptor values; it only activates the mechanism that reads limits.conf. Option C is wrong because running 'ulimit -n 65536' in a startup script only changes the limit for the current shell session and its child processes, and it is not persistent across reboots or inherited by other users' sessions.

24
Multi-Selectmedium

A system administrator needs to monitor system performance over time. Which THREE tools can be used to collect and display CPU, memory, and I/O statistics? (Choose three.)

Select 3 answers
A.iostat
B.top
C.sar
D.vmstat
E.htop
AnswersA, B, D

Reports CPU and I/O statistics for devices and partitions.

Why this answer

Options A, B, and D are correct. top provides real-time process and system stats; iostat shows CPU and I/O statistics; vmstat reports virtual memory, processes, CPU, and I/O. htop is an interactive process viewer but not necessarily installed by default; sar collects and reports system activity over time. However, the correct trio here is top, iostat, vmstat. htop is a top alternative, and sar is for historical data. The question asks for tools to collect and display, so sar qualifies but not installed by default? Typically top, iostat, vmstat are standard sysstat and procps packages.

To align with exam, choose these three.

25
MCQmedium

A Linux server running RHEL 9 has SELinux in enforcing mode. A web application (Apache) is serving content from a custom directory /var/www/html/myapp. The application needs to write to a subdirectory /var/www/html/myapp/uploads. The administrator sets the context of the uploads directory to httpd_sys_content_t and also runs `restorecon -Rv /var/www/html/myapp`. However, Apache still cannot write to the uploads directory. The administrator checks the SELinux denials in /var/log/audit/audit.log and sees AVC denials related to writing. Which step should the administrator take next?

A.Disable SELinux temporarily.
B.Set the boolean httpd_enable_homedirs to on.
C.Add the apache user to the group that owns uploads.
D.Change the type of the uploads directory to httpd_sys_rw_content_t.
AnswerD

This type allows Apache to write into the directory.

Why this answer

The httpd_sys_content_t type is for read-only content. For read-write access, the directory must have type httpd_sys_rw_content_t (or httpd_sys_script_rw_t for scripts). Setting this type via `chcon -t httpd_sys_rw_content_t /var/www/html/myapp/uploads` will allow Apache to write.

Option A (boolean httpd_enable_homedirs) is unrelated. Option D (add to group) does not address SELinux.

26
MCQmedium

After using 'apt-get install' to install several packages, the administrator notices that disk space is low. Which command cleans up the package cache?

A.apt-get clean
B.apt-get purge
C.apt-get autoremove
D.apt-get remove
AnswerA

Clean deletes the downloaded .deb files in the cache, freeing space.

Why this answer

Option C is correct because 'apt-get clean' removes all .deb files from /var/cache/apt/archives. Option A is wrong because 'apt-get remove' uninstalls packages. Option B is wrong because 'apt-get autoremove' removes orphaned packages, but does not clean the cache.

Option D is wrong because 'apt-get purge' removes packages and configuration files.

27
Matchingmedium

Match each SELinux context component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SELinux user identity

Part of RBAC, defines allowed roles

Main attribute for type enforcement

Sensitivity level for MLS/MCS

Optional categories for MCS

Why these pairings

SELinux contexts are structured as user:role:type:level.

28
MCQeasy

A system administrator notices that a critical application's process is consuming too much CPU, affecting other services. The administrator needs to reduce the CPU priority of that process without affecting its memory or other resources. The process PID is 4521. Which command should the administrator use?

A.renice -n 10 -p 4521
B.nice -n 10 -p 4521
C.renice -p 4521 10
D.chrt -p 10 4521
AnswerA

Correct syntax for changing priority of a running process.

Why this answer

The renice command changes the niceness of an existing process. The correct syntax is 'renice -n 10 -p 4521'. Option A uses nice, which is for starting processes.

Option C has incorrect order. Option D uses chrt for real-time scheduling, not niceness.

29
MCQeasy

A system administrator wants to schedule a script to run every Monday at 3 AM. Which cron entry is correct?

A.0 3 1 * * /path/to/script.sh
B.3 0 * * 1 /path/to/script.sh
C.0 3 * * 2 /path/to/script.sh
D.0 3 * * 1 /path/to/script.sh
AnswerD

This executes at 3:00 AM every Monday.

Why this answer

Option A is correct. The cron format is minute hour day-of-month month day-of-week. 0 3 * * 1 means minute 0, hour 3, any day of month, any month, Monday. Option B has hour and minute swapped.

Option C is Tuesday. Option D is the 1st of every month.

30
MCQeasy

A system administrator needs to create a new user account with a home directory and the bash shell. Which command should be used?

A.useradd -r -s /bin/bash user
B.useradd -c -s /bin/bash user
C.useradd -d /home/user -s /bin/bash user
D.useradd -m -s /bin/bash user
AnswerD

Correct: -m creates home directory, -s sets shell to /bin/bash.

Why this answer

Option B is correct because 'useradd -m -s /bin/bash user' creates a home directory (-m) and sets the shell (-s). Option A is wrong because -d sets the home directory path but doesn't create it unless -m is used. Option C is wrong because -c adds a comment, not shell.

Option D is wrong because -r creates a system account without a home directory by default.

31
MCQeasy

A system administrator needs to ensure that the Apache HTTP server starts automatically at boot and is started immediately without rebooting. Which command accomplishes both tasks?

A.systemctl disable --now httpd
B.systemctl enable httpd
C.systemctl start httpd
D.systemctl enable --now httpd
AnswerD

Performs both enable and start in one command.

Why this answer

Option C is correct because 'systemctl enable --now httpd' both enables the service to start at boot and starts it immediately. Option A only enables; B only starts; D disables and stops.

32
MCQmedium

A system administrator notices that a service fails to start at boot with the message "Failed to start MyApp.service: Unit not found". The administrator checks the service unit file at /etc/systemd/system/myapp.service. The target wanted-by is multi-user.target. The administrator runs `systemctl enable myapp.service` successfully, but the service still does not start at boot. What is the most likely cause?

A.The systemd daemon has not been reloaded after enabling.
B.The service unit file has a syntax error.
C.The service requires a dependency that is not installed.
D.The service is not symlinked into the correct .wants directory.
AnswerA

After adding a new unit file, daemon-reload is required. Even though enable succeeded, systemd's in-memory state might be stale.

Why this answer

When a new unit file is added, systemctl daemon-reload must be run before systemd recognizes the unit. Even though enable succeeded, if daemon-reload was not performed after creating the unit file, systemd may not have the unit in its internal cache and may fail to find it at boot. Option A would produce a different error.

Option B is incorrect because enable creates the symlink. Option C would show a dependency error.

33
Multi-Selecthard

An administrator needs to set up a new LVM volume. Which two commands are necessary in the initial setup before creating a logical volume?

Select 2 answers
A.mount
B.lvcreate
C.vgcreate
D.pvcreate
E.mkfs
AnswersC, D

vgcreate creates a volume group from one or more physical volumes.

Why this answer

Options A and B are correct. pvcreate initializes a physical volume, and vgcreate creates a volume group. lvcreate is used after these steps to create the logical volume. mkfs and mount are filesystem operations after the logical volume is created.

34
MCQhard

Refer to the exhibit. A system administrator notices that /var/log is nearly full. Which configuration change would resolve the issue and prevent recurrence?

A.Decrease the size threshold from 100M to 50M.
B.Add the 'delaycompress' option to the logrotate config.
C.Remove the postrotate script to avoid restarting syslog.
D.Increase the rotate count from 4 to 7.
AnswerA

Smaller size triggers rotation sooner, keeping log files smaller and freeing space.

35
MCQeasy

A Linux administrator is tasked with adding a new 1TB hard drive to a server. The drive has been partitioned and formatted with ext4, resulting in the device /dev/sdb1. The administrator needs the drive to be mounted persistently at /data. After adding an entry to /etc/fstab, the administrator runs 'mount -a' and sees the error: 'mount: /data: mount point does not exist.' Which of the following should the administrator do first to resolve the issue?

A.Run mkfs.ext4 on /dev/sdb1
B.Reboot the server
C.Create the /data directory with mkdir
D.Run fsck on /dev/sdb1
AnswerC

The mount point must exist before mounting; mkdir creates it.

Why this answer

The error 'mount point does not exist' indicates that the directory /data has not been created on the filesystem. The mount command requires an existing directory to attach the device to. Creating the /data directory with mkdir resolves this, allowing mount -a to succeed.

Exam trap

The trap here is that candidates may assume the mount point is automatically created by the system or that the error indicates a filesystem problem, leading them to choose fsck or reformatting instead of the simple directory creation step.

How to eliminate wrong answers

Option A is wrong because mkfs.ext4 would reformat the partition, destroying any existing filesystem and data, which is unnecessary since the drive is already formatted with ext4. Option B is wrong because rebooting will not create the missing mount point directory; it would only reattempt the same failing mount from /etc/fstab. Option D is wrong because fsck checks and repairs filesystem integrity, but the error is about a missing directory, not filesystem corruption.

36
MCQeasy

An administrator wants to schedule a script to run every Monday at 3 AM. Which crontab entry is correct?

A.0 3 * * 1 /path/to/script
B.* 3 * * 1 /path/to/script
C.0 3 * * * /path/to/script
D.0 3 1 * * /path/to/script
AnswerA

Runs at 3:00 AM every Monday.

Why this answer

Option A is correct because the crontab syntax requires five fields: minute, hour, day of month, month, and day of week. '0 3 * * 1' means minute 0, hour 3 (3 AM), any day of month (*), any month (*), and day of week 1 (Monday). This precisely schedules the script to run at 3:00 AM every Monday.

Exam trap

CompTIA often tests the distinction between the minute field and the day-of-week field, trapping candidates who confuse the first field (minute) with the hour field, or who misinterpret the day-of-week field as the day-of-month field.

How to eliminate wrong answers

Option B is wrong because the first field is '*' instead of '0', which means the script would run every minute from 3:00 AM to 3:59 AM on Mondays, not just once at 3:00 AM. Option C is wrong because the day-of-week field is '*' (every day), so the script would run at 3:00 AM every day, not just Mondays. Option D is wrong because the third field is '1' (day of month), which schedules the script to run at 3:00 AM on the 1st day of every month, regardless of the day of week; the '1' in the day-of-week field is ignored because the day-of-month field is not '*'.

37
MCQhard

After a system update, a server takes significantly longer to boot. The administrator wants to identify which systemd service is causing the delay. Which command provides a detailed analysis of boot time spent by each service?

A.systemd-analyze time
B.systemd-analyze blame
C.systemd-analyze critical-chain
D.systemd-analyze plot
AnswerB

Outputs a list of services with time taken, sorted from longest to shortest.

Why this answer

Option D is correct because 'systemd-analyze blame' lists services sorted by the time they took during boot. Option A shows boot sequence in a plot; B shows only total boot time; C shows critical chain, but 'blame' gives detailed per-service time.

38
MCQmedium

A system administrator is troubleshooting a DNS resolution issue. The command `dig example.com` returns a response, but `ping example.com` fails with 'ping: example.com: Name or service not known'. Which of the following is the most likely cause?

A.An incorrect entry in /etc/hosts
B.The Name Service Cache Daemon (nscd) is not running
C.The system resolver is using different DNS servers than dig
D.The DNS server is not configured in /etc/resolv.conf
E.A firewall is blocking ICMP packets
AnswerC

dig uses resolver settings in /etc/resolv.conf but may use its own; inconsistent config can cause this.

Why this answer

Option E is correct because `dig` performs direct DNS queries to the configured resolvers, while `ping` uses the system resolver library (gethostbyname), which may be configured to use different DNS servers or settings (e.g., /etc/resolv.conf). Option A is wrong because if the host file had an entry, both would resolve. Option B is wrong because both rely on DNS.

Option C is wrong because firewall would not affect name resolution. Option D is wrong because if nscd is caching, it might return outdated results, but both would be affected similarly.

39
MCQmedium

A Linux server with systemd is experiencing boot issues after a recent kernel update. Which command sequence should be used to boot into the previous kernel version?

A.Boot from a live CD and run 'rpm -Uvh --oldkernel' to revert the kernel.
B.Interrupt the boot process, select 'Advanced options' in GRUB, then choose the previous kernel.
C.Use 'systemctl set-default multi-user.target' and reboot.
D.Use 'grub2-set-default' with the previous kernel entry before rebooting.
AnswerB

Allows selection of a specific kernel version from the GRUB menu.

Why this answer

Option B is correct because GRUB (Grand Unified Bootloader) stores multiple kernel versions in its menu. By interrupting the boot process and selecting 'Advanced options for Ubuntu' (or similar), you can choose the previous kernel entry, which loads the older kernel and its associated initramfs. This is the standard method to recover from a failed kernel update on systems using systemd and GRUB.

Exam trap

The trap here is that candidates confuse changing the default boot target (runlevel) with selecting a different kernel version, or they assume a package manager command can revert the running kernel without understanding that the bootloader controls which kernel is loaded at startup.

How to eliminate wrong answers

Option A is wrong because 'rpm -Uvh --oldkernel' is not a valid RPM command; RPM does not have an '--oldkernel' flag, and booting from a live CD to revert a kernel is an overly complex, non-standard approach that does not leverage the bootloader. Option C is wrong because 'systemctl set-default multi-user.target' changes the default systemd target (runlevel) to multi-user mode, which does not affect which kernel is loaded; it only controls the services started after boot. Option D is wrong because 'grub2-set-default' sets the default boot entry for future boots, but the question asks for a command sequence to boot into the previous kernel *now* during the current boot process, not to change the default for subsequent reboots.

40
Multi-Selecthard

A Linux administrator is troubleshooting a service that fails to start. Which THREE files or commands should be checked to diagnose the issue? (Select THREE.)

Select 3 answers
A.dmesg
B.journalctl -u service-name
C./var/log/messages (or /var/log/syslog)
D./etc/rc.local
E.systemctl status service-name
AnswersB, C, E

Shows service-specific logs from journald.

Why this answer

B is correct because `journalctl -u service-name` displays the systemd journal logs specifically for that service, which includes detailed error messages, timestamps, and status changes that are essential for diagnosing why the service failed to start. This command is the primary tool for viewing service-specific logs in modern systemd-based Linux distributions.

Exam trap

CompTIA often tests the distinction between kernel-level logs (dmesg) and service-level logs (journalctl), and the trap here is that candidates may confuse `dmesg` with service troubleshooting because it shows boot-time messages, but it does not capture service-specific failures.

41
MCQeasy

A user reports that they cannot write files to their home directory. The administrator runs `ls -ld /home/user` and sees 'drwxr-xr-x'. Which command will allow the user to write to the directory?

A.chmod 644 /home/user
B.chown user:user /home/user
C.usermod -aG user /home/user
D.chmod 755 /home/user
E.setfacl -m u:user:rwx /home/user
AnswerB

Changes ownership to the user, granting write permission.

Why this answer

Option A is correct because the current permissions (rwxr-xr-x) give the owner (user) write permission; but wait, the user is the owner? Actually if the user is owner, write is already allowed. The question is flawed. Let me adjust: make permissions 'drwxr-xr-x' but the user is not owner; ownership is root.

Then need to change owner. So correct answer: chown user:user /home/user. But options: A: chown user:user /home/user, B: chmod 755 /home/user, C: chmod 644 /home/user, D: setfacl -m u:user:rwx /home/user, E: usermod -aG user /home/user.

Correct: A or D? Both could work. But typical best practice is chown. I'll set A correct.

Explanation.

42
Multi-Selecthard

A system administrator is troubleshooting why a user cannot execute a script in their home directory. Which THREE conditions could prevent execution? (Choose three.)

Select 3 answers
A.The script is owned by a different user
B.The user's umask is set to 022
C.The script does not have the execute permission set for the user
D.The filesystem containing the script is mounted with the noexec option
E.The script is interpreted by a shell that is not listed in /etc/shells
AnswersC, D, E

Without execute permission, the script cannot be run.

Why this answer

Option C is correct because for a user to execute a script, the file must have the execute permission bit set for that user (or for the group or others, depending on the user's relationship to the file). Without the execute permission (e.g., `chmod +x`), the shell will refuse to run the script directly, returning a 'Permission denied' error.

Exam trap

CompTIA often tests the misconception that file ownership alone blocks execution, when in fact execute permissions and mount options are the primary blockers, and that `/etc/shells` is irrelevant to direct script execution unless combined with a restricted shell environment.

43
MCQmedium

A user reports that a custom application service fails to start with a 'Permission denied' error in the logs. The service runs under the 'appuser' account. Which is the most likely cause and the first step to diagnose?

A.The root password is incorrect; change root password with passwd.
B.SELinux is blocking the service; check journalctl for AVC denials and use restorecon or setsebool.
C.The service binary does not have execute permission for appuser; use chmod +x.
D.The systemd target is not set to multi-user; run systemctl set-default multi-user.target.
AnswerB

SELinux often causes 'Permission denied' and journalctl shows the denial message.

Why this answer

Option B is correct because SELinux denials are a common cause of permission errors for services; journalctl can reveal the SELinux denial message. Option A: file permissions might be an issue but SELinux is more likely with a service; C: root password does not affect service startup; D: systemd targets are for runlevel, not file access.

44
MCQeasy

The /home partition is nearly full. The administrator wants to increase the size of the home filesystem. Which action should be taken first?

A.Unmount the /home filesystem
B.Use resize2fs on /dev/mapper/vg-home
C.Use lvextend to extend the logical volume
D.Add a new disk to the volume group
AnswerA

Unmounting ensures no writes occur during the resize process, minimizing risk of data corruption.

Why this answer

Option C is correct. For safety, the filesystem should be unmounted before extending the logical volume and resizing the filesystem. Option A and B are steps after unmounting.

Option D is unnecessary unless there is no free space in the volume group.

45
MCQhard

Refer to the exhibit. A web server is experiencing performance issues. Based on the process list shown, which action should the administrator take first?

A.Increase the PID limit in /proc/sys/kernel/pid_max.
B.Kill the parent process of the zombie (PID 1234).
C.Identify and restart the parent process to clean up the zombie.
D.Terminate the zombie process with SIGKILL.
AnswerC

The zombie's parent (PID 1234 - httpd master) should reap it. Restarting the master process will clean orphans.

46
MCQeasy

An administrator needs to add a script to be executed daily. The script is placed at /etc/cron.daily/myscript. After placing the script, it does not run. Based on the exhibit, what is the most likely issue?

A.The script is owned by the wrong user
B.The cron daemon is not running
C.The script is not executable
D.The script is not listed in /etc/crontab
E.Anacron is not installed
AnswerC

Scripts must have execute permission to be run by run-parts.

Why this answer

Option A is correct because scripts in /etc/cron.daily must be executable. The exhibit shows the existing scripts have execute permission, so the new script likely does not. Option B is wrong because cron.daily runs in the system crontab and does not require an entry in /etc/crontab.

Option C is wrong because anacron is used for missed runs, but cron.daily still executes. Option D is wrong because run-parts is used to execute the scripts, but missing it would affect all, not just one. Option E is wrong because the script should be owned by root like the others.

47
Multi-Selecthard

Which TWO commands can be used to immediately synchronize the system time with an NTP server, even if the time difference is large? (Choose two.)

Select 2 answers
A.chronyd -q
B.systemctl restart ntp
C.timedatectl set-ntp true
D.ntpd -g
E.ntpdate pool.ntp.org
AnswersD, E

ntpd -g allows a large time correction on startup.

Why this answer

ntpd -g and ntpdate both can perform a large time step. ntpd -g allows ntpd to ignore the panic threshold once. ntpdate does a one-time sync. timedatectl set-ntp true enables the NTP service but does not force an immediate sync. chronyd can be used but -q or -n options are not equivalent to immediate sync. systemctl restart ntp restarts the service but does not force sync.

48
MCQhard

Based on the exhibit, what is the most likely cause of the sshd service failure?

A.The firewall is blocking port 22
B.The sshd configuration file has incorrect permissions
C.The sshd service is not installed
D.Another process is already listening on port 22
AnswerD

Error message directly indicates address already in use.

Why this answer

The sshd service failed because another process is already listening on port 22, which prevents sshd from binding to that port. This is indicated by the error message in the exhibit (e.g., 'bind: Address already in use'), which is a common symptom when a conflicting service or a previously running instance of sshd occupies the port. The system cannot start a new instance of sshd until the port is freed.

Exam trap

The trap here is that candidates often assume a firewall or permission issue is the cause, but the specific 'Address already in use' error directly points to a port conflict, which is a distinct and common scenario on Linux systems.

How to eliminate wrong answers

Option A is wrong because the firewall blocking port 22 would cause connection timeouts or 'No route to host' errors, not a failure of the sshd service to start; the service would still bind successfully. Option B is wrong because incorrect permissions on the sshd configuration file (e.g., /etc/ssh/sshd_config) would typically cause a 'Bad permissions' error during startup, not a port binding failure. Option C is wrong because if sshd were not installed, the system would report 'Unit sshd.service not found' or 'command not found', not a port conflict error.

49
MCQeasy

A server is experiencing high CPU load. The administrator needs to identify which process is consuming the most CPU resources in real time. Which command should be used?

A.w
B.vmstat
C.uptime
D.ps aux --sort=-%cpu
E.top
AnswerE

top provides real-time process CPU usage.

Why this answer

Option A is correct because the `top` command provides a real-time, dynamic view of running processes, sorted by CPU usage by default. Option B is wrong because `ps aux --sort=-%cpu` shows a static snapshot sorted by CPU, not real-time. Option C is wrong because `uptime` only shows system load averages.

Option D is wrong because `w` shows who is logged in and what they are doing, not per-process CPU. Option E is wrong because `vmstat` reports system processes, memory, paging, block IO, traps, and CPU activity but not per-process details.

50
MCQeasy

An administrator wants to verify which RPM packages are installed on a Red Hat Enterprise Linux system. Which command displays that information?

A.dpkg -l
B.apt list --installed
C.rpm -qa
D.yum list installed
AnswerC

rpm -qa queries all installed RPM packages.

Why this answer

rpm -qa lists all installed RPM packages. dpkg is for Debian. yum and apt are package managers that can list packages but rpm is the base tool. In Linux+, rpm -qa is the most direct answer.

51
Multi-Selecthard

Which TWO conditions must be met for a user to successfully delete a file owned by a different user in a directory? (Choose two.)

Select 2 answers
A.The user has write permission on the file
B.The user has write permission on the directory
C.The user has execute permission on the directory
D.The user is the owner of the file
E.The user is a member of the group that owns the directory
AnswersB, C

Write permission on the directory is required to delete entries.

Why this answer

Option A is correct because the user must have write permission on the directory to modify its contents (delete files). Option B is correct because the user must have execute permission on the directory to traverse it. Option C is wrong because file write permission is not required for deletion; directory permissions govern.

Option D is wrong because owning the file is not required; directory permissions override. Option E is wrong because being in the group that owns the directory is not necessary; permissions cover all.

52
Multi-Selecteasy

A security administrator needs to verify the SELinux context of files in a directory. Which TWO commands can be used? (Choose two.)

Select 2 answers
A.getenforce
B.ps -Z
C.ls -Z
D.stat -Z
E.chcon
AnswersC, D

Lists files with their SELinux security context.

Why this answer

Options A and D are correct. ls -Z displays the SELinux context of files, and stat -Z (or stat with appropriate option) also displays the security context. ps -Z is for processes, getenforce shows the current enforcing mode, and chcon changes the context.

53
Multi-Selecthard

A Linux administrator needs to configure a service to start automatically after a network connection is established. The service should only run when the network is up, and should stop when the network goes down. Which two systemd unit options should be used? (Choose two.)

Select 2 answers
A.Requires=network.target
B.PartOf=network.service
C.BindsTo=network.target
D.Wants=network.target
E.After=network.target
AnswersC, E

BindsTo ties service lifecycle to network; if network stops, service stops.

Why this answer

After=network.target ensures the service starts after network is configured. BindsTo=network.target ties the service lifecycle to the network target; if network goes down, the service stops. Requires does not imply ordering; Wants is weaker; PartOf is for resource partitioning.

54
MCQmedium

A system is experiencing high CPU usage due to a background process with PID 2345. The administrator wants to reduce the process's priority by 5 without stopping it. Which command should be used?

A.kill -STOP 2345
B.renice -n -5 -p 2345
C.kill -9 2345
D.renice -n +5 -p 2345
AnswerD

Adds 5 to the nice value, lowering the priority.

Why this answer

Option B is correct because 'renice -n +5 -p 2345' increases the nice value by 5, lowering the priority. Option A changes the value to -5, which raises priority; C and D use kill with signal names, which would terminate or suspend the process.

55
MCQhard

An administrator needs to set a password expiration policy so that all users must change their password every 90 days. Which command and option accomplishes this for an existing user?

A.usermod -e 90 <username>
B.passwd -x 90 <username>
C.chage -W 90 <username>
D.chage -M 90 <username>
AnswerD

This sets the maximum password age to 90 days; the user must change the password after that period.

Why this answer

Option A is correct. chage -M sets the maximum number of days a password is valid. Option B uses an invalid option for passwd. Option C sets the account expiration date.

Option D sets the warning days.

56
MCQhard

Refer to the exhibit. An administrator attempts to mount all filesystems and receives an error. What is the most likely cause?

A.The /var entry has a wrong filesystem type.
B.The UUID for /var is incorrect in fstab.
C.The /var directory has been deleted or is missing.
D.The /var filesystem is corrupted.
AnswerC

The error 'mount point does not exist' and 'No such file or directory' for /var indicate the directory is missing.

57
Multi-Selectmedium

Which TWO commands effectively disable a systemd service to prevent it from starting, either automatically or manually? (Select 2.)

Select 2 answers
A.systemctl disable
B.systemctl stop
C.systemctl reset-failed
D.systemctl kill
E.systemctl mask
AnswersA, E

Disable removes the symlink that enables the service at boot, preventing automatic start.

Why this answer

Options B (systemctl disable) and C (systemctl mask) are correct. Disable prevents automatic startup, mask prevents any startup. Stop only halts current session, kill sends signals, reset-failed resets failure state.

58
MCQhard

An administrator is configuring a server to act as a router and needs to enable IP forwarding persistently across reboots. Which file should be modified?

A./etc/network/interfaces
B./etc/sysctl.conf
C./etc/rc.local
D./proc/sys/net/ipv4/ip_forward
AnswerB

Adding net.ipv4.ip_forward=1 here makes it persistent.

Why this answer

The correct file is /etc/sysctl.conf or a file in /etc/sysctl.d/ with the parameter net.ipv4.ip_forward = 1. /proc/sys/net/ipv4/ip_forward is temporary. /etc/network/interfaces is Debian-specific. /etc/rc.local is legacy.

59
MCQhard

Based on the exhibit, the service has failed. Which of the following is the most appropriate first step to diagnose the cause of the failure?

A.Check if the service is a timer and was triggered
B.Check the script /usr/local/bin/myservice.sh for errors and run it manually
C.Run systemctl daemon-reload to reload unit files
D.Restart the service using systemctl restart myservice.service
E.Run journalctl -u myservice.service to view logs
AnswerB

Directly diagnose the script's failure.

Why this answer

Option B is correct because the service exited with status 1, indicating that the script /usr/local/bin/myservice.sh encountered an error. Checking the script's output or running it manually will reveal the error. Option A is wrong because restarting without investigation will likely fail again.

Option C is wrong because the process exited, so journalctl for the service will show any output, but the most direct step is to run the script manually. Option D is wrong because the service is not a timer. Option E is wrong because reloading daemon is unnecessary; the unit is already loaded.

60
MCQmedium

A company runs a web application on a Linux server (Ubuntu 22.04). The application writes log files to /var/log/app/access.log and error.log. Over time, these logs have grown to several gigabytes, causing the /var partition to reach 98% capacity. The administrator decides to implement log rotation using logrotate. They create a configuration file at /etc/logrotate.d/app with the following content: /var/log/app/*.log { weekly rotate 7 compress delaycompress size 100M missingok } They then run `logrotate -d /etc/logrotate.d/app` for debugging, which indicates no errors. However, after several days, the logs are not being rotated. Which step should the administrator take to resolve this?

A.Ensure that the logrotate cron job is enabled and that the configuration file is readable (644) and owned by root.
B.Change the ownership of /var/log/app to appuser:appgroup.
C.Run `logrotate -f /etc/logrotate.d/app` to force rotation immediately.
D.Add a cron job to run logrotate hourly.
AnswerA

The cron job may be disabled or the config file may have wrong permissions; these are common pitfalls.

Why this answer

The most likely cause is that the logrotate cron job (typically /etc/cron.daily/logrotate) is not being executed, or the configuration file has incorrect permissions. The administrator should verify that the cron job is enabled and running daily, and that the config file is readable by the cron process (owned by root, permissions 644). Option A only forces a one-time rotation, not a permanent fix.

Option B is unnecessary because logrotate runs daily by default. Option C is not the root cause; ownership of logs doesn't prevent rotation.

61
MCQmedium

A cron job scheduled by the root user is not executing. Which file is the most likely location for the root user's personal cron table?

A./var/spool/cron/root
B./var/spool/cron/crontabs
C./etc/crontab
D./etc/cron.d
AnswerA

User crontabs are stored in /var/spool/cron/.

Why this answer

User crontabs are stored in /var/spool/cron/ with the username as filename (e.g., /var/spool/cron/root). /etc/crontab is system-wide, /etc/cron.d is for packaged cron jobs, and /var/spool/cron/crontabs is not standard.

62
MCQhard

A financial services company runs a critical trading application on a Linux server. The application logs to /var/log/trade/app.log. Recently, the application has been crashing intermittently. The administrator suspects disk space issues. Upon checking, /var/log/trade is on a separate partition with 200 GB capacity, and df -h shows only 10% used. However, the administrator notices that log rotation is not working; the log file has grown to 50 GB and is still being written to. The administrator needs to immediately free up space without stopping the application, and also ensure proper log rotation is configured. Which command sequence should the administrator use?

A.Run 'mv /var/log/trade/app.log /tmp' to move the file, then create a new empty log file, and check with 'df -h'.
B.Run 'logrotate -f /etc/logrotate.conf' to force rotation, then verify with 'df -h'.
C.Run 'systemctl stop trade && rm /var/log/trade/app.log && systemctl start trade' to stop the application, delete the log, and restart.
D.Run '> /var/log/trade/app.log' to truncate the log file, then check with 'df -h'.
AnswerB

Forces log rotation without stopping the application, freeing space.

Why this answer

Option B is correct because 'logrotate -f' forces an immediate log rotation without stopping the application, which frees disk space by compressing or removing the old log file and creating a new empty one. The administrator can then verify the freed space with 'df -h'. This approach solves both the immediate space issue and ensures proper rotation is configured for the future.

Exam trap

CompTIA often tests the misconception that deleting or moving a log file while an application holds an open file handle will immediately free disk space, when in fact the space is only released after the file handle is closed.

How to eliminate wrong answers

Option A is wrong because moving the log file while the application is still writing to it will cause the application to continue writing to the moved file (since the file handle remains open), and the new empty file will not receive logs until the application is restarted or the file handle is released; this does not free space immediately. Option C is wrong because stopping the application to delete the log file violates the requirement to not stop the application, and deleting the file while the application holds an open handle will not free the disk space until the handle is closed (the space remains allocated). Option D is wrong because truncating the file with '> /var/log/trade/app.log' only empties the file content but does not release the disk space immediately on some filesystems (e.g., ext4 with delayed allocation) and may cause the application to lose its write position or crash if it does not handle the truncation gracefully.

63
MCQmedium

A web server in a remote data center logs timestamps in UTC, but the operations team wants all logs to reflect the local timezone (America/New_York). Which command changes the system timezone?

A.timedatectl set-time '2025-03-01 12:00:00'
B.timedatectl set-timezone America/New_York
C.timedatectl list-timezones
D.timedatectl set-ntp yes
AnswerB

Sets the system timezone to the specified zone.

Why this answer

Option C is correct because 'timedatectl set-timezone' changes the system timezone. Option A sets time with NTP; B sets date; D lists timezones.

64
Multi-Selectmedium

An administrator is managing a server using systemd and needs to control services and units. Which THREE of the following are valid systemd commands for service management? (Choose three.)

Select 3 answers
A.service start
B.systemctl mask
C.systemctl start
D.systemctl enable
E.chkconfig on
AnswersB, C, D

Masks a unit, preventing it from being started.

Why this answer

Systemctl is the primary systemd command; start, enable, and mask are valid subcommands. Service and chkconfig are legacy SysVinit commands.

65
MCQeasy

A system administrator notices that a server's disk space is critically low. Which command should be used to identify the largest files or directories consuming space?

A.ls -la /
B.fdisk -l
C.df -h
D.du -sh /*
AnswerD

Summarizes disk usage for each top-level directory in human-readable format.

Why this answer

Option D is correct because `du -sh /*` recursively calculates disk usage for each top-level directory and file under root, summarizing sizes in human-readable format. This directly identifies the largest space consumers, which is the stated goal. The `-s` flag provides a total per argument, and `/*` targets all immediate children of `/`.

Exam trap

The trap here is that candidates confuse `df -h` (filesystem-level usage) with `du` (directory-level usage), mistakenly thinking `df` can identify specific large files or directories when it only shows aggregate mount-point consumption.

How to eliminate wrong answers

Option A is wrong because `ls -la /` lists file names, permissions, and metadata but does not show disk usage or sort by size, making it useless for identifying largest consumers. Option B is wrong because `fdisk -l` displays partition table information (sectors, start/end blocks) and is used for disk partitioning, not for measuring file or directory sizes. Option C is wrong because `df -h` shows free and used space on mounted filesystems as a whole, not the breakdown of which files or directories are consuming that space.

66
MCQmedium

A service named 'myapp' is currently running but should be disabled so it does not start automatically at boot. Which command accomplishes this?

A.systemctl disable myapp
B.systemctl kill myapp
C.systemctl mask myapp
D.systemctl stop myapp
AnswerA

Disable removes the 'wants' or 'requires' symlinks, preventing automatic startup.

Why this answer

Option A is correct because 'systemctl disable myapp' removes the symlinks that start the service at boot. Option B is wrong because 'systemctl stop myapp' stops it now but does not disable startup. Option C is wrong because 'systemctl mask' is used to prevent any start, including manual.

Option D is wrong because 'systemctl kill' sends signals to the process.

67
MCQeasy

An administrator needs to update the system time using an NTP server immediately without waiting for the next scheduled sync. Which command should be used?

A.timedatectl set-ntp true
B.systemctl start ntpd
C.ntpq -p
D.ntpdate pool.ntp.org
AnswerD

Forces immediate time sync.

Why this answer

The `ntpdate` command is used to immediately synchronize the system clock with an NTP server, bypassing the daemon-based scheduled sync. Option D runs `ntpdate pool.ntp.org`, which performs a one-time query and sets the time instantly, making it the correct choice for an immediate update.

Exam trap

The trap here is that candidates confuse enabling the NTP service (option A or B) with performing an immediate synchronization, not realizing that those commands only start or activate the daemon for gradual, ongoing adjustments rather than an instant update.

How to eliminate wrong answers

Option A is wrong because `timedatectl set-ntp true` enables the NTP service (chronyd or systemd-timesyncd) for ongoing synchronization, but does not trigger an immediate sync. Option B is wrong because `systemctl start ntpd` starts the NTP daemon, which will sync gradually over time, not instantly. Option C is wrong because `ntpq -p` only queries and displays the current NTP peers and their status; it does not perform any time synchronization.

68
Multi-Selectmedium

A systems administrator wants to monitor system performance in real time. Which TWO commands can be used to display live updating information about processes, CPU, and memory usage? (Select TWO.)

Select 2 answers
A.top
B.htop
C.ps aux
D.sar -u 1 5
E.vmstat 1
AnswersA, B

Real-time interactive process viewer.

Why this answer

The `top` command provides a real-time, dynamically updating view of system processes, CPU usage, and memory usage. It refreshes by default every few seconds, making it a standard tool for live performance monitoring. Similarly, `htop` is an enhanced interactive process viewer that offers a more user-friendly interface with color-coded, real-time updates on CPU, memory, and process information.

Exam trap

The trap here is that candidates often confuse static commands like `ps aux` with live monitoring tools, or they mistake `vmstat 1` for a process-level viewer when it actually provides aggregate system statistics without per-process details.

69
MCQmedium

A Linux system is experiencing high CPU load. The administrator runs 'top' and sees that the 'kworker' processes are consuming significant CPU time. What is the most likely cause?

A.A kernel module memory leak
B.A hardware interrupt storm caused by a failing disk controller
C.A user process stuck in an infinite loop
D.Insufficient memory causing swapping
AnswerB

kworker handles workqueues; hardware issues cause interrupts.

Why this answer

The 'kworker' processes in the 'top' output indicate kernel workqueue threads that handle deferred work. High CPU usage by kworker is typically caused by a hardware interrupt storm, often from a failing disk controller or other faulty hardware generating excessive interrupts that the kernel must service. This forces the workqueue to constantly process interrupt-related tasks, consuming significant CPU time.

Exam trap

The trap here is that candidates may confuse 'kworker' with a user-space process or attribute high CPU to a memory leak or swapping, but the key is recognizing that kworker is a kernel thread tied to hardware interrupt handling, making a hardware fault the most likely cause.

How to eliminate wrong answers

Option A is wrong because a kernel module memory leak would manifest as increasing memory consumption over time, not as high CPU usage by kworker processes; memory leaks primarily affect available memory and may trigger OOM, not CPU load. Option C is wrong because a user process stuck in an infinite loop would appear as a specific user-space process (e.g., 'myapp') consuming CPU in 'top', not as 'kworker' which is a kernel thread. Option D is wrong because insufficient memory causing swapping would show high 'si' and 'so' values in 'vmstat' and high I/O wait, not high CPU usage by kworker; swapping is a memory management issue, not a direct cause of kernel workqueue activity.

70
MCQhard

A server running a critical application needs to be rebooted. To ensure the application stops gracefully and data is not corrupted, which sequence of commands should the administrator use?

A.killall -9 application; reboot
B.reboot
C.systemctl stop application; sync; reboot
D.umount -a; reboot
AnswerC

Stops service gracefully, syncs disks, then reboots.

Why this answer

Option C is correct because it first uses systemctl to send a SIGTERM to the application, allowing it to perform a graceful shutdown and flush its data. The sync command then forces any pending disk writes to complete, ensuring filesystem consistency before the reboot. This sequence minimizes the risk of data corruption by giving the application and kernel time to finalize all I/O operations.

Exam trap

CompTIA often tests the misconception that a simple reboot or killall -9 is sufficient for critical applications, but the trap here is that candidates overlook the need for a graceful stop and filesystem sync to prevent data corruption.

How to eliminate wrong answers

Option A is wrong because killall -9 sends SIGKILL, which immediately terminates the application without allowing it to clean up resources or flush data, potentially causing corruption. Option B is wrong because a plain reboot command does not explicitly stop the application or sync the filesystem, relying on the system's shutdown scripts which may not handle the critical application gracefully. Option D is wrong because umount -a attempts to unmount all filesystems, which will fail if any filesystem is busy (e.g., the application has open files), and it does not stop the application first, leading to forced unmounts or data loss.

71
MCQeasy

An administrator needs to schedule a system maintenance task to run at 3 AM every Sunday. Which cron expression should be used?

A.0 3 * * 7
B.0 3 * * 0
C.0 3 * * 1
D.* 3 * * 0
AnswerB

Correct: minute 0, hour 3, every day, every month, Sunday.

Why this answer

Option B is correct because in cron, Sunday can be specified as either 0 or 7. The expression '0 3 * * 0' means the task runs at minute 0, hour 3 (3 AM), every day of the month (*), every month (*), and only on Sunday (0). This matches the requirement exactly.

Exam trap

The trap here is that candidates may remember that Sunday can be 0 or 7 and choose Option A, not realizing that the XK0-005 exam expects the standard POSIX value of 0 for Sunday, and that 7 is non-standard or implementation-specific.

How to eliminate wrong answers

Option A is wrong because while 7 also represents Sunday in some cron implementations, the standard POSIX cron and most Linux distributions (including those tested in XK0-005) treat 7 as invalid or undefined; the correct numeric value for Sunday is 0. Option C is wrong because 1 represents Monday, not Sunday. Option D is wrong because the minute field is set to '*' instead of '0', which would cause the task to run every minute from 3:00 AM to 3:59 AM on Sundays, not just at 3:00 AM.

72
MCQhard

An administrator needs to ensure that a custom script /usr/local/bin/backup.sh runs every day at 2:00 AM and logs output to /var/log/backup.log. How should this be configured using systemd?

A.Use anacron with a delay of 0 and a period of 1 day.
B.Add a cron job with '0 2 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1'.
C.Create a systemd timer unit that activates a service unit, with OnCalendar=daily and the desired time.
D.Place the script in /etc/cron.daily/ and set the time with the 'START_HOURS_RANGE' variable.
AnswerC

Systemd timers allow precise scheduling and integrate with journald for logging.

Why this answer

Option C is correct because systemd timer units are the modern, recommended method for scheduling recurring tasks on Linux systems that use systemd. By creating a timer unit with `OnCalendar=daily` and specifying the desired time (e.g., `02:00:00`), the associated service unit will execute `/usr/local/bin/backup.sh` at 2:00 AM daily. The service unit can also redirect output to `/var/log/backup.log` using standard output/error directives, ensuring logging is handled natively within the systemd framework.

Exam trap

The trap here is that candidates often default to cron (Option B) because it is familiar, but the question explicitly requires a systemd-based solution, testing knowledge of systemd timer units as the correct modern approach.

How to eliminate wrong answers

Option A is wrong because anacron is designed for systems that may not run continuously (e.g., laptops) and does not support precise time-of-day scheduling like 2:00 AM; it only guarantees execution within a day with a delay. Option B is wrong because while a cron job with the given syntax would work, the question explicitly asks for a systemd-based configuration, not cron; cron is a separate init system and not part of systemd. Option D is wrong because placing the script in `/etc/cron.daily/` runs it once per day via cron, but the `START_HOURS_RANGE` variable only controls the range of hours during which cron.daily jobs can start, not a specific time like 2:00 AM; it cannot guarantee execution at exactly 2:00 AM.

73
MCQhard

A server is experiencing intermittent high load. The administrator suspects a memory leak in a service. Which sysfs file should the administrator monitor to track memory usage per cgroup?

A./sys/fs/cgroup/memory/memory.limit_in_bytes
B./proc/meminfo
C./sys/fs/cgroup/memory/memory.usage_in_bytes
D./sys/fs/cgroup/memory/memory.stat
AnswerC

Directly shows the current memory usage in bytes for the cgroup.

Why this answer

Option C is correct because memory.usage_in_bytes in the cgroup v1 memory hierarchy shows the current memory consumption of processes within a specific cgroup, making it the direct metric to monitor for a suspected memory leak in a service. Unlike system-wide files, this per-cgroup file reflects only the memory used by the service's control group, allowing precise tracking of growth over time.

Exam trap

CompTIA often tests the distinction between 'limit' and 'usage' files, trapping candidates who confuse the configuration file (memory.limit_in_bytes) with the monitoring file (memory.usage_in_bytes).

How to eliminate wrong answers

Option A is wrong because memory.limit_in_bytes sets the maximum memory limit for a cgroup, not the current usage, so it cannot show a leak. Option B is wrong because /proc/meminfo provides system-wide memory statistics, not per-cgroup data, and cannot isolate a specific service's memory consumption. Option D is wrong because memory.stat contains detailed breakdowns (e.g., cache, RSS, swap) but not a single current usage value; it requires parsing multiple fields and is less direct for tracking a leak.

74
MCQeasy

A technician has just performed system maintenance and wants to verify that the server has been running continuously for the past 30 days. Which command should the technician use?

A.uptime
B.systemctl status rsyslog
C.ps aux
D.date
AnswerA

Displays the system uptime and load averages.

Why this answer

Option C is correct because 'uptime' shows the current time, how long the system has been running, number of users, and load averages. Option A shows system logging service status; B shows system date; D shows process statistics.

75
MCQmedium

An administrator runs 'systemctl list-units' and sees that httpd.service is in a failed state. To quickly see the error message that caused the failure, which command should be used?

A.systemctl show httpd.service -p ExecMainStatus
B.journalctl -p err -u httpd.service
C.systemctl status httpd.service
D.systemd-analyze blame
AnswerC

systemctl status shows the unit status along with the last few log entries that led to the failure.

Why this answer

Option B is correct. systemctl status displays the unit's state and recent journal entries showing the error. Option A filters errors but may not show the immediate failure cause as concisely. Option C shows properties.

Option D analyzes boot time.

Page 1 of 2 · 137 questions totalNext →

Ready to test yourself?

Try a timed practice session using only System Management questions.