Refer to the exhibit. A system administrator checks the status of the SSH service and sees the output shown. What is the most likely cause of the failure?
The error 'Address already in use' indicates port 22 is occupied.
62 of 137 questions · Page 2/2 · System Management topic · Answers revealed
Refer to the exhibit. A system administrator checks the status of the SSH service and sees the output shown. What is the most likely cause of the failure?
The error 'Address already in use' indicates port 22 is occupied.
An administrator needs to determine why a service failed to start due to an unresponsive network filesystem. Which systemd unit dependency directive should be added to ensure the service starts only after the remote filesystem is mounted?
Requires creates a strong dependency; the mount must be active for the service to start.
Why this answer
The correct directive is 'Requires' to create a strong dependency on the mount unit. 'After' only orders units, 'Wants' is a weaker dependency, and 'BindsTo' binds the service lifecycle. For a required mount, 'Requires' ensures the mount is active when the service starts.
A junior administrator needs to check the disk usage of the /var filesystem to ensure it does not exceed 80% capacity. Which command should be used?
df -h shows filesystem disk space usage in human-readable format.
Why this answer
df -h shows disk usage in human-readable format. du shows file/directory usage, fdisk displays partition table, lsblk lists block devices. Only df shows filesystem usage.
Which THREE methods are valid for setting the default systemd target (runlevel) to multi-user mode? (Choose three.)
This is the standard command to set default target.
Why this answer
Valid methods: using systemctl set-default, modifying the /etc/systemd/system/default.target symlink, or creating a symlink pointing to multi-user.target. Editing /etc/inittab is for SysV init, not systemd. telinit changes runlevel temporarily but does not set default.
An administrator is troubleshooting a server that is experiencing intermittent high load. The administrator wants to identify processes that are using excessive CPU. Which two of the following commands can provide real-time CPU usage per process? (Choose two.)
htop also provides real-time process monitoring.
Why this answer
top and htop provide real-time, dynamic views of process CPU usage. ps provides a static snapshot, iostat monitors I/O, and vmstat shows system-wide statistics.
An administrator modified kernel parameters in /etc/sysctl.conf. Which command applies the changes without rebooting?
The -p option loads settings from the specified file, defaulting to /etc/sysctl.conf.
Why this answer
Option A is correct because 'sysctl -p' loads settings from /etc/sysctl.conf. Option B is wrong because 'sysctl -a' displays all current values. Option C is wrong because 'sysctl -w' sets a parameter temporarily.
Option D is wrong because 'sysctl -r' is not a valid option.
Drag and drop the steps to set up a cron job that runs a script daily in the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
Cron jobs require an executable script and a crontab entry with proper syntax.
An administrator adds a new disk /dev/sdc1 and wants it mounted at /mnt/backup at every boot. Based on the exhibit, which line should be added to /etc/fstab?
Correct format with UUID.
Why this answer
Option C is correct because using UUID is the recommended method. The line should have the mount point, filesystem, options, dump, and pass fields. Option A does not specify the mount point correctly.
Option B uses device name which may change. Option D uses /dev/sdc1 without UUID. Option E has incorrect mount point /mnt/backups (typo).
A storage administrator is troubleshooting high disk I/O latency. Which THREE tools can provide detailed block I/O statistics at the device level? (Choose three.)
Reports I/O statistics per device and partition.
Why this answer
Options A, B, and C are correct. iostat provides device-level CPU and I/O statistics; iotop displays I/O usage by processes; blktrace traces block I/O events. dd is for copying data; fstrim is for SSD trim operations.
Based on the exhibit, why does the mv command fail?
SELinux enforcing mode and context mismatch cause denial.
Why this answer
Option C is correct because SELinux enforces mandatory access controls that can prevent file operations even when standard Linux permissions (DAC) allow them. When moving a file from one directory to another, SELinux checks the file context of the source and the target directory; if the context of the file does not match the expected type for the target directory (e.g., moving a file with `unconfined_u:object_r:user_home_t` into `/etc` which expects `etc_t`), the move is denied. The `mv` command fails with a 'Permission denied' error, and the denial is logged in `/var/log/audit/audit.log`.
Exam trap
CompTIA often tests the distinction between DAC (standard Linux permissions) and MAC (SELinux) by presenting a scenario where root appears to have permission but the command still fails, leading candidates to overlook SELinux and incorrectly blame filesystem mount options or directory permissions.
How to eliminate wrong answers
Option A is wrong because disk quotas are enforced per filesystem and user, but `/etc` is a system partition that typically does not have user quotas enabled; moreover, the error message from a quota violation would be 'Disk quota exceeded', not 'Permission denied'. Option B is wrong because if `/etc` were mounted read-only, the `mv` command would fail for all users, including root, and the error would be 'Read-only file system', not a permission denial specific to the user. Option D is wrong because the root user (UID 0) always has write permission to `/etc` regardless of the directory's permission bits, as root bypasses DAC checks; the failure is due to SELinux, not standard Unix permissions.
A Linux system is experiencing kernel panics after a recent update. The administrator wants to boot into a previous kernel version to restore functionality. Which three steps are required to achieve this? (Select THREE).
Makes the old kernel the default for future boots.
Why this answer
Option A is correct because after booting into a working kernel, editing /etc/default/grub to set GRUB_DEFAULT to 'saved' and running update-grub (or grub-mkconfig) ensures that the GRUB bootloader will remember and default to the last successfully booted kernel, which can be the previous version. This step is necessary to make the temporary fix persistent across reboots.
Exam trap
CompTIA often tests the distinction between temporary boot fixes (editing GRUB entries at boot time) and permanent configuration changes (editing /etc/default/grub and running update-grub), and candidates may mistakenly think that reinstalling the kernel package reverts to a previous version.
A server running Ubuntu 20.04 has a custom application that is started as a systemd service. The service often fails to start after a system reboot, although it can be started manually with 'systemctl start myapp' without errors. The administrator checks the service status after boot and sees 'Failed to start myapp.service: Unit is not loaded properly: Invalid argument'. Which of the following is the most likely cause of this issue?
Invalid arguments in ExecStart cause 'Invalid argument' error during loading.
Why this answer
The error 'Invalid argument' typically indicates a syntax error or invalid directive in the unit file. The most common cause is an incorrect path or syntax in the ExecStart line. Option A is correct.
Option B would show a 'not found' error. Option C could be a cause but would produce a different error like 'unrecognized option'. Option D might cause a 'timeout' error.
A company policy requires that only the root user can schedule cron jobs. Which configuration ensures this?
If /etc/cron.allow exists, only users listed can use crontab. Listing only root restricts it to root.
Why this answer
Option D is correct because /etc/cron.allow lists users allowed to use crontab; if it exists and contains only root, then only root can use crontab. Option A is wrong because /etc/crontab is for system-wide cron jobs, not user access control. Option B is wrong because modifying permissions on /usr/bin/crontab could break the binary.
Option C is wrong because /etc/cron.deny blocks users but if it contains all users except root, it's impractical; the standard approach is to use cron.allow.
A technician needs to find out which port the SSH daemon is listening on. Which command will show this information?
Lists all listening TCP sockets with port numbers and process info.
Why this answer
The `ss -tlnp` command displays listening TCP sockets with numeric addresses and the associated process information. The `-t` flag filters for TCP, `-l` shows only listening sockets, `-n` prevents DNS resolution, and `-p` reveals the PID and program name. Since SSH daemon (sshd) listens on TCP port 22 by default, this command will show the listening port and the sshd process.
Exam trap
The trap here is that candidates often choose `lsof -i :22` because it shows port 22 activity, but they overlook that it does not specifically filter for listening sockets and may require elevated privileges, whereas `ss -tlnp` is the precise tool for listing listening daemons.
How to eliminate wrong answers
Option A is wrong because `lsof -i :22` shows all open files related to port 22, including established connections, not just the listening daemon; it also requires root privileges to see all processes and may not be installed by default. Option B is wrong because `nmap -p 22 localhost` performs a port scan, which tests connectivity to port 22 but does not show which process is listening or the daemon's configuration; it is a scanning tool, not a process inspection tool. Option C is wrong because `netstat -i` displays interface statistics (packets, errors, etc.), not listening ports or socket information; it is unrelated to finding the SSH daemon's listening port.
An administrator is troubleshooting a web server that is running under SELinux enforcing mode. The web content is located in a non-standard directory /webfiles. Using the standard SELinux context 'httpd_sys_content_t', the files are still inaccessible. Which command will properly set the context recursively and persist across relabels?
semanage adds the context rule to the policy, and restorecon applies it recursively. This persists across relabels.
Why this answer
Option C is correct. semanage fcontext adds a rule to the file context database, and restorecon applies it. Option A uses chcon which does not survive relabel. Option B disables SELinux.
Option D only works if a rule already exists.
An administrator needs to ensure that a script runs once at system initialization, before any network services start. Which systemd target should the script be associated with?
Sysinit.target is intended for early system initialization tasks.
Why this answer
Option A is correct because 'sysinit.target' is designed for early system initialization, before network. Option B is wrong because 'multi-user.target' is the general multi-user target, started after network. Option C is wrong because 'basic.target' is also after sysinit but before multi-user.
Option D is wrong because 'network.target' indicates network services are up.
Refer to the exhibit. A technician sees that the httpd service has failed. Which command was used to view the detailed error log shown in the exhibit?
The output format matches journalctl filtered by service unit.
Why this answer
Option B is correct because the exhibit shows output from 'journalctl -u httpd.service'. Option A: 'systemctl status httpd' shows a different format; C: 'tail -f /var/log/messages' might show similar but not the specific service unit logs; D: 'systemctl show httpd' shows service properties, not logs.
Which two commands can be used to view the SELinux context of files or processes?
ps auxZ displays the SELinux context of processes.
Why this answer
Options A and B are correct. ls -Z displays file contexts; ps auxZ displays process contexts. getenforce shows enforcement mode; chcon changes context; setenforce changes mode.
A technician needs to identify the network interface configuration and IP address of a system. Which command provides the most comprehensive output for this task?
Shows all interfaces with IP addresses.
Why this answer
Option D is correct because `ip addr show` displays all network interfaces with their IP addresses, MAC addresses, and state. Option A is wrong because `ifconfig` is deprecated and may not show all interfaces. Option B is wrong because `netstat -i` shows interface statistics but not IP addresses.
Option C is wrong because `nmcli dev show` shows device details but requires NetworkManager. Option E is wrong because `hostname -I` shows only IP addresses without interface details.
Refer to the exhibit. A Linux administrator created a systemd service file for a custom script. When starting the service, it fails with 'Unit myservice.service entered failed state.' Which of the following is the most likely cause?
Systemd requires absolute paths; a relative path causes the service to fail.
Why this answer
The most likely cause is that the ExecStart path is relative. Systemd requires absolute paths for ExecStart directives; a relative path (e.g., `./script.sh` or just `script.sh`) will cause the unit to fail immediately because systemd cannot resolve the executable location. The error 'entered failed state' typically results from this path resolution failure.
Exam trap
CompTIA often tests the requirement for absolute paths in ExecStart, and the trap here is that candidates may assume relative paths are acceptable or that the [Install] section is mandatory for starting a service, when in fact it is only for enabling.
How to eliminate wrong answers
Option B is wrong because changing the service type to 'forking' would not fix a missing absolute path; forking is used for daemons that spawn child processes and requires a PIDFile, but the immediate failure here is due to the ExecStart path issue. Option C is wrong because the [Install] section is only needed for enabling the service to start at boot (via systemctl enable), not for starting the service manually; the service can start without it. Option D is wrong because the Requires directive is optional and used to declare dependency on other units; its absence does not cause a start failure—it simply means no hard dependency is enforced.
After a kernel upgrade, the system fails to boot. Which file should be edited to configure GRUB2 to boot into the previous kernel version by default?
Correct configuration file for GRUB2 defaults.
Why this answer
/etc/default/grub is the configuration file for GRUB2. After editing, run grub2-mkconfig to regenerate grub.cfg. Directly editing grub.cfg is overwritten on updates. /boot/grub2/grub.cfg is auto-generated. /etc/grub.d/40_custom is for custom entries.
A developer needs to grant a colleague read and write access to a directory /project, but the colleague should not have permission to delete any files created by the developer. The developer wants to set the directory so that all new files created in it automatically belong to the group 'project' and are writable by group. Which combination of configuration should be used?
Setgid ensures new files inherit project group; default ACL ensures new files have group rw permissions.
Why this answer
To achieve automatic group ownership and default permissions, set the setgid bit (chmod g+s) on the directory and use a default ACL to grant group read/write. Option C does both: chmod g+s sets the setgid bit so new files inherit the group, and setfacl with default:g:project:rw ensures new files get group rw. Option A gives rwx on directory but not default.
Option B sets setgid and permissions but does not use default ACL, so new files may not get group rw. Option D sets sticky bit (1) which prevents users from deleting others' files, but does not automatically set group ownership or permissions.
An administrator is tasked with setting up a new server that will run a time-sensitive application. The system must have accurate time synchronization. The administrator configures chronyd and adds four NTP servers. After verifying, the administrator notices that the system time drifts significantly. Which configuration parameter in /etc/chrony.conf is most likely causing the drift despite multiple servers?
Declares local clock as a high-priority time source, overriding NTP servers.
Why this answer
Option C is correct because if the local clock is set as a prefer time source with high trust, chronyd may use it over NTP servers, causing drift. Option A is wrong because a large maxslewrate can cause rapid time adjustments but not drift. Option B is wrong because a large makestep would allow stepping, not cause drift.
Option D is wrong because a small pollinterval would increase polling frequency, reducing drift. Option E is wrong because minsources is the minimum number of sources to synchronize; if set too low, it might accept inaccurate time, but drift is more likely due to local clock behavior.
Which THREE files are commonly used to store local user account information? (Select 3.)
Contains group information and group member lists.
Why this answer
Options A (/etc/passwd), B (/etc/shadow), and C (/etc/group) are correct. /etc/gshadow stores group passwords, not user accounts. /etc/login.defs contains default configuration for useradd, not account data.
An administrator configures a new web server with Apache and needs to ensure it starts automatically after a system reboot. The administrator runs 'systemctl enable httpd' but the service still does not start after reboot. What is the most likely reason?
A masked service cannot be started; check with 'systemctl is-enabled httpd'.
Why this answer
The most likely reason the httpd service does not start after reboot despite being enabled is that it is masked. A masked service is symlinked to /dev/null, which prevents systemd from starting it even if it is enabled. The 'systemctl enable' command creates the necessary symlinks for automatic startup, but a mask overrides this by blocking the service unit entirely.
Exam trap
The trap here is that candidates often confuse 'enabled' with 'started' and assume the service must be started manually after enabling, overlooking the more subtle masking mechanism that prevents automatic startup despite the enable state.
How to eliminate wrong answers
Option A is wrong because the service name 'httpd' is correct for Apache on RHEL/CentOS/Fedora systems; 'apache2' is used on Debian/Ubuntu, but the question does not specify the distribution, and the administrator used 'httpd' which is standard for the given context. Option B is wrong because 'systemctl start httpd' starts the service immediately but is not required for automatic startup after reboot; enabling the service is sufficient for that purpose. Option D is wrong because 'systemctl daemon-reload' is used to reload systemd manager configuration after unit files change, but it is not needed after enabling a service; enabling only creates symlinks, not unit file modifications.
A Linux server is experiencing slow boot times. The administrator wants to identify which systemd services are taking the longest to start. Which command should be used?
This displays each service and its initialization time, sorted descending.
Why this answer
Option D is correct. systemd-analyze blame lists services and their start times, sorted by time. Option A shows a summary of boot time breakdown. Option B lists units but not start times.
Option C shows kernel and initrd time.
A Linux server is experiencing high I/O wait, as shown by the 'iostat -x' command: 'avg-cpu: %iowait=45' and '/dev/sda: await=120ms, %util=95%'. The server has 16 GB of RAM, and the administrator notices that the system is using a significant amount of swap: 'free -m' shows 4 GB of swap used out of 8 GB. The server runs a database application that performs many synchronous writes. The administrator wants to reduce I/O wait without adding physical memory. Which of the following kernel parameter changes is most likely to help by reducing the frequency of write operations to disk?
Increasing the interval between writeback cycles allows more dirty pages to accumulate, possibly merging writes and reducing the number of I/O operations, thus lowering iowait.
Why this answer
Increasing vm.dirty_writeback_centisecs (time between writeback flushes) allows more dirty pages to accumulate before being written, reducing write frequency and potentially merging writes, which can lower I/O wait if the I/O subsystem is efficient at handling larger writes. However, if the writeback interval is too high, it may increase burstiness. The other options: increasing dirty_ratio or dirty_background_ratio would allow more dirty pages in memory, which could temporarily reduce writes but might cause burstier writes and not reduce overall I/O wait.
Decreasing dirty_writeback_centisecs would increase write frequency, likely worsening iowait. So Option C is the most plausible correct answer. Option D (swappiness) affects swap tendency, but swap usage indicates memory pressure; reducing swappiness might reduce swap but not directly address synchronous database writes.
A system administrator notices that the httpd service fails to start. Which command should be used to view the most recent log entries for that specific service?
Displays journal entries for the httpd unit.
Why this answer
journalctl -u httpd shows logs from the systemd journal for the httpd unit. tail on /var/log/messages may work but is not service-specific. dmesg shows kernel logs. systemctl status shows recent logs but not as detailed as journalctl.
A system is running out of disk space in the /var/log directory. The administrator needs to temporarily free up space while preserving the latest log entries. Which approach is best?
Rotates and compresses logs, preserving recent entries.
Why this answer
Logrotate with compression is the best approach because it rotates, compresses, and optionally removes old log files while preserving the latest entries. It can be configured to keep a specific number of rotated logs, thus freeing disk space without deleting current logs. This matches the requirement to temporarily free up space while retaining the most recent log data.
Exam trap
CompTIA often tests the misconception that deleting old files with find or truncating a log file is a safe way to free space, but the correct approach is to use logrotate to manage log rotation and compression while preserving the latest entries.
How to eliminate wrong answers
Option B is wrong because 'find /var/log -mtime +7 -delete' deletes all log files older than 7 days, which may remove important historical logs and does not preserve the latest entries in a controlled manner. Option C is wrong because 'cat /dev/null > /var/log/messages' truncates the file, which destroys all existing log entries in that file, failing to preserve the latest entries. Option D is wrong because 'rm -rf /var/log/*' removes all files and subdirectories in /var/log, including current logs, which is destructive and does not preserve any entries.
An administrator is troubleshooting a slow system. Which two commands can be used to identify processes consuming excessive CPU or memory? (Choose two.)
ps with sorting shows processes by memory usage.
Why this answer
Option C is correct because `ps aux --sort=-%mem` lists all processes with their memory usage, sorted by memory consumption in descending order, making it easy to identify processes consuming excessive memory. Option E is correct because `top` provides a real-time, dynamic view of system processes, including CPU and memory usage, and allows sorting by these metrics interactively.
Exam trap
CompTIA often tests the distinction between system-level resource commands (like `free`, `df`, `iostat`) and process-level monitoring commands (`ps`, `top`), leading candidates to choose commands that show overall usage rather than per-process details.
A system administrator needs to check the current runlevel on a system that uses systemd. Which command should the administrator use?
Displays the default target (runlevel equivalent).
Why this answer
Option C is correct because `systemctl get-default` displays the default target (runlevel equivalent) on a systemd-based Linux system. Systemd uses targets instead of traditional SysV runlevels, and this command shows which target is set as the default at boot, such as `multi-user.target` or `graphical.target`.
Exam trap
The trap here is that candidates familiar with SysV init may expect a command like `runlevel` or `who -r`, but systemd uses `systemctl get-default` for the default target and `systemctl list-units --type=target` to see the current active target, not a direct runlevel command.
How to eliminate wrong answers
Option A is wrong because `hostnamectl` is used to query or change the system hostname and related settings, not to check the current runlevel or default target. Option B is wrong because `getenforce` is a SELinux command that returns the current enforcement mode (Enforcing, Permissive, or Disabled), and has nothing to do with runlevels or systemd targets. Option D is wrong because `uname -r` prints the kernel release version, not the runlevel or default target.
A user on a shared system cannot create files larger than 1MB, even though the filesystem has ample free space. Which command should the administrator use to investigate?
quota -u shows the user's disk quota limits and current usage.
Why this answer
Option D is correct because 'quota -u username' displays the user's current quota limits. Option A is wrong because 'df -h' shows filesystem-level free space, not per-user limits. Option B is wrong because 'lsblk' shows block devices.
Option C is wrong because 'fdisk -l' shows partition tables.
Refer to the exhibit. Which service is likely causing the longest boot delay?
Has the highest boot time in the list.
Why this answer
Option A is correct because firewalld.service has the highest time (1.234s) in the blame output. The other services have lower times.
An administrator is configuring a custom kernel module to be loaded automatically at boot for a specialized hardware device. The module is named 'custom_hw'. Which file should be created to ensure the module is loaded at boot?
This file lists module names to be loaded at boot.
Why this answer
Option B is correct because modules-load.d directory contains .conf files with module names to be loaded at boot. Option A is for module parameters; C is for blacklisting; D is not a standard configuration file.
A file has permissions -rwxr-x---. The administrator wants to give the group write permission using symbolic mode. Which command is correct?
g+w adds write permission to the group, leaving other permissions unchanged.
Why this answer
Option B is correct because 'chmod g+w file' adds write permission for the group. Option A is wrong because 'chmod 775' sets permissions to rwxrwxr-x (not adding but setting). Option C is wrong because 'chmod o+w' adds write for others.
Option D is wrong because 'chmod u+w' adds write for the owner.
Drag and drop the steps to create a new LVM logical volume in the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Why this order
LVM requires physical volumes, a volume group, and then a logical volume before formatting and mounting.
Which TWO commands can be used to check the kernel version currently running on a system? (Choose two.)
Contains kernel version string.
Why this answer
Option A shows the kernel version via `uname -r`. Option C shows the kernel version via `cat /proc/version`. Option B shows distribution version.
Option D shows kernel parameters. Option E shows system uptime.
A database administrator needs to schedule a one-time system backup to run at 2:00 AM tomorrow. Which command should be used?
Schedules a one-time job at the specified time.
Why this answer
Option B is correct because 'at' is designed for one-time scheduled tasks. Option A is for recurring tasks; C is for repeating intervals; D shows the command to run but does not schedule it.
A system administrator needs to determine which process is using the most memory on a Linux server. Which command should be used to display processes sorted by memory usage?
Correctly sorts processes by memory usage descending.
Why this answer
Option C is correct because `ps aux --sort=-%mem` lists all processes with detailed information and sorts them by memory usage in descending order, showing the most memory-intensive process first. The `-%mem` flag specifies sorting by the %MEM column (resident set size as a percentage of total physical memory) in reverse order, which directly answers the requirement to determine which process is using the most memory.
Exam trap
CompTIA often tests the distinction between commands that show system-wide memory statistics (like `free` or `vmstat`) versus commands that display per-process memory usage (like `ps` or `top`), and candidates may mistakenly choose `free -m` because it shows memory usage, even though it does not identify which process is consuming the most memory.
How to eliminate wrong answers
Option A is wrong because `top -o %MEM` sorts processes by memory usage interactively, but the `-o` flag is not a valid option for the `top` command in most Linux distributions; the correct syntax is `top -o %MEM` (with a space) or simply pressing 'M' inside top, but the given command would fail or produce an error. Option B is wrong because `vmstat 1 5` reports system-wide virtual memory statistics (processes, memory, paging, block I/O, traps, and CPU activity) at one-second intervals for five samples, but it does not list individual processes or sort them by memory usage. Option D is wrong because `free -m` displays total, used, and free physical and swap memory in megabytes, but it provides no information about individual processes or their memory consumption.
A system administrator is troubleshooting a server that is experiencing periodic slowdowns. The administrator runs the 'ps aux' command and notices a process named 'cpu_burn' that is consistently using over 90% CPU. The administrator wants to identify which user is running the process and then terminate it. The server runs Red Hat Enterprise Linux 8. Which command should the administrator use to determine the owner of the 'cpu_burn' process?
This shows PID and user for the process, and the bracket trick avoids matching the grep process itself.
Why this answer
The 'ps -eo pid,user,comm' command outputs the PID, user, and command name for all processes, useful for identifying the owner of a specific process. Option A can show user but 'grep cpu_burn' will match other fields. Option B is correct as it directly greps the command name.
Option C uses 'top' which is interactive and not efficient for scripting. Option D shows all processes filtered by user, but that doesn't help find the user.
A junior administrator needs to monitor system resource usage on a production server. Which TWO commands should the administrator use to check CPU and memory utilization in real-time? (Choose two.)
Top displays real-time CPU and memory usage along with processes.
Why this answer
Top provides real-time CPU, memory, and process information. Free shows memory usage. Df checks disk space, lsof lists open files, and uptime shows system load but not resource utilization in real-time.
An administrator is investigating a security breach. The attacker gained root access via an application vulnerability. The administrator needs to determine which commands were executed by the attacker after gaining access. Which log file should be examined first?
Contains the root user's command history.
Why this answer
Option C is correct because `~/.bash_history` in the root user's home directory contains the command history for all commands executed by root in interactive bash sessions. Option A is wrong because /var/log/auth.log logs authentication attempts, not command execution. Option B is wrong because /var/log/syslog contains system messages but not per-user command history.
Option D is wrong because /var/log/secure logs authentication-related events on Red Hat systems. Option E is wrong because /var/log/audit/audit.log contains audit events but requires auditd to be configured.
A system administrator needs to configure a daily backup that creates hard links to unchanged files to save space. Which tool and option combination is most appropriate?
rsync --link-dest creates hard links to files in the previous backup that have not changed, saving disk space.
Why this answer
Option A is correct. rsync with --link-dest creates hard links to unchanged files, enabling incremental backups. Option B copies with hard links but not incremental. Option C does not handle incremental hard links.
Option D is for disk cloning.
A custom application service 'myapp.service' fails to start on a RHEL 8 system with the error: "Failed at step EXEC spawning /usr/local/bin/myapp: Permission denied". The service runs as user 'myapp'. The binary /usr/local/bin/myapp has permissions 755 and is owned by root:root. The user myapp is not in the sudoers. The administrator checks SELinux and finds the binary has the context 'unconfined_u:object_r:usr_t:s0'. The service unit file does not specify any SELinux context. What is the most likely cause of the failure?
The binary has usr_t context, which is not allowed for execution by the service; restoring to bin_t fixes it.
Why this answer
The error occurs because SELinux is enforcing and the binary has the type 'usr_t', which is not allowed to be executed by the service's domain (probably init_t or custom domain). The correct type for executables in /usr/local/bin is 'bin_t'. The solution is to restore the SELinux context to the default for binaries using `restorecon -v /usr/local/bin/myapp` or changing it to bin_t.
Option A is incorrect because permissions allow execution. Option C is unlikely because /usr/local/bin is in PATH. Option D is incorrect as user has execute permission.
An administrator runs the command `ls -l /data/file.txt` and sees the output: `-rw-r-----+ 1 root project 1024 Mar 15 10:00 file.txt`. The administrator wants to view the current ACL entries on this file. Which command should be used?
Correct command to view ACL entries.
Why this answer
The getfacl command is used to display the ACL entries of a file or directory. Option A is correct. The other commands do not exist or are not standard (lsacl, chacl, aclshow).
A system administrator is configuring centralized logging for a cluster of web servers. Each web server runs rsyslog and needs to forward its Apache access logs to a central log server at 192.168.1.100 over UDP port 514. The administrator adds the following line to /etc/rsyslog.conf on each web server: '*.* @192.168.1.100:514'. After restarting rsyslog, no logs appear on the central server. The administrator checks the network connectivity and finds that the central server is reachable and listening on UDP 514. Which additional configuration is most likely required on the web servers to forward the Apache logs?
By default Apache writes to files; to forward via syslog, it must use the syslog output.
Why this answer
The wildcard '*.*' forwards all logs, including Apache logs if they are sent to syslog. However, rsyslog by default only reads from its own sources; if Apache logs are written directly to a file and not via syslog, they won't be forwarded. The Apache module 'mod_log_config' can be configured to send logs to syslog using the 'syslog' facility.
Option B is correct. Option A (el8 conf includes) is a file but not for Apache. Option C adds modular configs but doesn't address Apache.
Option D (UDP vs TCP) might matter but the problem states UDP is used and listening.
A technician is configuring a system to automatically mount an NFS share at boot. Which two files must be edited or created? (Choose two.)
nfsmount.conf sets default NFS mount options.
Why this answer
Option D is correct because `/etc/nfsmount.conf` is the NFS configuration file that can be used to set default mount options for NFS shares, such as protocol version, read/write size, and timeouts. Option E is correct because `/etc/fstab` is the standard file system table that defines how block devices, remote filesystems, and swap partitions are mounted at boot, including NFS shares with the `nfs` or `nfs4` filesystem type.
Exam trap
The trap here is that candidates confuse the client-side NFS mount configuration file (`/etc/nfsmount.conf`) with the server-side configuration file (`/etc/nfs.conf`), or mistakenly think the automounter's `/etc/auto.master` is used for persistent boot-time mounts.
A system administrator is tuning a server for a high-performance computing workload and needs to disable NUMA (Non-Uniform Memory Access) at boot to improve memory access latency. Which kernel boot parameter should be added to the GRUB_CMDLINE_LINUX line in /etc/default/grub?
This parameter disables NUMA support in the kernel.
Why this answer
Option A is correct because 'numa=off' is the standard kernel parameter to disable NUMA. Option B disables ACPI, C disables APIC, and D sets the system to use only one CPU core.
A user is unable to create new files in a directory. Which command can the administrator use to view the Access Control Lists (ACLs) associated with that directory?
getfacl retrieves ACL entries.
Why this answer
getfacl displays ACLs. ls -l shows standard permissions, setfacl sets ACLs, chmod changes permissions. Only getfacl shows ACLs.
A Linux administrator is configuring secure remote access to a server. Which three of the following are recommended best practices for securing SSH? (Choose three.)
Key-based authentication is more secure than passwords.
Why this answer
Disabling root login (PermitRootLogin no), using public key authentication (PubkeyAuthentication yes), and restricting allowed users/groups (AllowUsers or AllowGroups) are common best practices. Changing the default port (Port 2222) is optional and considered security through obscurity, not a true security measure. Password authentication is less secure than key-based.
Match each Linux kernel parameter category to its description.
Drag a concept onto its matching description — or click a concept then click the description.
General kernel behavior
Virtual memory management
Network settings
Filesystem parameters
Device-specific settings
Why these pairings
Sysctl parameters are organized under these categories.
Which TWO commands can be used to view a list of all running processes with their PIDs? (Choose two.)
ps -ef displays all processes with PIDs.
Why this answer
ps and top both display running processes with PIDs. ps -ef or ps aux shows all processes. top shows an interactive view. ls lists files, pstree shows tree without PIDs by default, pidof finds PID of a specific process.
Based on the exhibit, which file has an incorrect SELinux context for serving web content via Apache?
index.html has context user_home_t, which prevents Apache from serving it; the correct context is httpd_sys_content_t.
Why this answer
Option A is correct. index.html has user_home_t, which is not the proper context for web content; it should be httpd_sys_content_t. style.css has the correct context. Therefore, both are not incorrect, and neither is not correct.
Which three are valid systemd unit types?
socket is a unit type for IPC or network sockets.
Why this answer
Options A, C, and D are correct. service, socket, and timer are standard systemd unit types. job and process are not valid unit types.
A server has a volume group 'vg_data' with a single logical volume 'lv_data' of 100GB mounted at /data. The filesystem on lv_data is XFS. The administrator needs to extend it to 150GB. A new 60GB disk /dev/sdc has been added and partitioned as LVM. The administrator runs `pvcreate /dev/sdc1`, then `vgextend vg_data /dev/sdc1`, then `lvextend -L +50G /dev/vg_data/lv_data`. The administrator runs `df -h /data` and sees that the filesystem still shows 100GB. Which command should be run next?
xfs_growfs grows an XFS filesystem to fill the available space.
Why this answer
For XFS filesystems, after extending the logical volume, the filesystem must be grown using xfs_growfs with the mount point as argument. resize2fs is for ext2/3/4. Option C checks the filesystem, but it's not needed. Option D would shrink, which is incorrect.
In the exhibit, what does 'Tasks: 11 (limit: 512)' indicate?
The limit is enforced by the pids cgroup controller.
Why this answer
The 'Tasks:' line in systemd status shows the current number of tasks (processes/threads) and the limit imposed by the cgroup pids controller. This is a resource control feature of systemd.
A system administrator needs to configure a cron job to run a script every Monday at 3:00 AM. Which two cron expressions are correct? (Select TWO).
Correct: minute 0, hour 3, any day, any month, Monday.
Why this answer
Option C is correct because the cron expression `0 3 * * 1` schedules the script to run at minute 0, hour 3 (3:00 AM), every day of the month (`*`), every month (`*`), and on Monday (day-of-week 1, where 0=Sunday, 1=Monday). Option E is correct because cron also accepts three-letter abbreviations for days of the week, so `Mon` is equivalent to `1`.
Exam trap
CompTIA often tests the misconception that day-of-week `0` is Monday (it is Sunday) and that using a specific day-of-month value like `1` combined with a day-of-week value still runs every Monday (it actually runs only when both conditions are true, but cron uses OR logic, so it would run on the 1st of any month OR any Monday, not just Mondays).
A systems administrator needs to ensure that a custom service runs with a specific priority on a Linux server. Which command should the administrator use to achieve this?
nice runs a command with a modified scheduling priority.
Why this answer
Option C is correct because the `nice` command adjusts the CPU scheduling priority of a process at launch time. Using `nice -n -10` sets a higher priority (lower nice value) for the new service, ensuring it runs with the specified priority from the start. This directly meets the requirement to run a custom service with a specific priority.
Exam trap
The trap here is that candidates confuse `nice` (for CPU priority at launch) with `renice` (for adjusting an already running process) or `ionice` (for I/O priority), leading them to select an option that does not set the priority at service start.
How to eliminate wrong answers
Option A is wrong because `renice` changes the priority of an already running process (by PID), not at launch time; the question asks to ensure the service runs with a specific priority, implying it should be set when the service starts. Option B is wrong because `ionice` sets I/O scheduling priority, not CPU priority; the question asks for a specific priority (likely CPU priority), and `ionice` controls disk I/O bandwidth, not CPU scheduling. Option D is wrong because `chrt -r 99` sets a real-time scheduling policy (SCHED_RR) with maximum priority, which is for real-time processes and can cause system instability if misused; the question does not specify real-time requirements, and `nice` is the standard tool for adjusting CPU priority in a non-real-time context.
A Linux administrator is troubleshooting a server that intermittently becomes unresponsive. The administrator suspects a memory leak. Which command should be used to monitor memory usage over time and identify the consuming process?
Displays real-time process list with memory usage.
Why this answer
The `top` command provides a real-time, dynamic view of system processes, including memory usage (RES, VIRT, %MEM) and can be sorted by memory consumption. It updates continuously, making it ideal for monitoring memory usage over time and identifying the specific process responsible for a suspected memory leak.
Exam trap
The trap here is that candidates confuse system-wide memory reporting (`free -h`) with per-process monitoring (`top`), or mistake disk usage commands (`df -h`) or network tools (`ss`) for memory diagnostics.
How to eliminate wrong answers
Option A is wrong because `free -h` shows total, used, and available memory in human-readable format, but it does not display per-process memory consumption or allow monitoring over time. Option C is wrong because `ss -tuln` lists listening and connected sockets (TCP/UDP) with numeric addresses; it is a network socket statistics tool, not a memory monitoring command. Option D is wrong because `df -h` reports filesystem disk space usage, not memory (RAM) usage, and cannot identify processes consuming memory.
A process has become unresponsive and is in a zombie state. Which action should the administrator take to remove the zombie process?
When the parent process dies, the zombie is inherited by init, which reaps it immediately.
Why this answer
Option D is correct. Zombie processes cannot be killed; they must be reaped by their parent. If the parent is killed, init reaps the zombie.
Option A has no effect. Option B sends a continue signal. Option C is not immediately effective.
Refer to the exhibit. What is the total amount of RAM installed on the system?
The total column shows 7.7G.
Why this answer
Option B is correct because the 'total' column for Mem shows 7.7G. Options A, C, D are incorrect: 7.5G is used, 8.0G is not shown, 0.1G is free.
A system administrator wants to limit the CPU and memory usage of a specific service to prevent it from affecting other processes. Which Linux feature should be used?
cgroups can limit CPU, memory, I/O for process groups.
Why this answer
cgroups (control groups) allow resource limiting per process group. ulimit sets per-process limits, nice/renice adjust priority but do not enforce hard limits. cgroups are the proper tool for service resource control.
Ready to test yourself?
Try a timed practice session using only System Management questions.