CCNA System Management Questions

62 of 137 questions · Page 2/2 · System Management topic · Answers revealed

76
MCQhard

Refer to the exhibit. A system administrator checks the status of the SSH service and sees the output shown. What is the most likely cause of the failure?

A.The SSH service is disabled and needs to be enabled.
B.The SSH service is masked and cannot start.
C.The SSH configuration file has a syntax error.
D.Another process is already listening on port 22.
AnswerD

The error 'Address already in use' indicates port 22 is occupied.

77
MCQhard

An administrator needs to determine why a service failed to start due to an unresponsive network filesystem. Which systemd unit dependency directive should be added to ensure the service starts only after the remote filesystem is mounted?

A.Wants
B.After
C.BindsTo
D.Requires
AnswerD

Requires creates a strong dependency; the mount must be active for the service to start.

Why this answer

The correct directive is 'Requires' to create a strong dependency on the mount unit. 'After' only orders units, 'Wants' is a weaker dependency, and 'BindsTo' binds the service lifecycle. For a required mount, 'Requires' ensures the mount is active when the service starts.

78
MCQeasy

A junior administrator needs to check the disk usage of the /var filesystem to ensure it does not exceed 80% capacity. Which command should be used?

A.df -h /var
B.fdisk -l /var
C.du -sh /var
D.lsblk /var
AnswerA

df -h shows filesystem disk space usage in human-readable format.

Why this answer

df -h shows disk usage in human-readable format. du shows file/directory usage, fdisk displays partition table, lsblk lists block devices. Only df shows filesystem usage.

79
Multi-Selectmedium

Which THREE methods are valid for setting the default systemd target (runlevel) to multi-user mode? (Choose three.)

Select 3 answers
A.Run telinit 3
B.systemctl set-default multi-user.target
C.Create a symlink /etc/systemd/system/default.target -> /lib/systemd/system/multi-user.target
D.Edit /etc/inittab
E.Modify /etc/systemd/system/default.target
AnswersB, C, E

This is the standard command to set default target.

Why this answer

Valid methods: using systemctl set-default, modifying the /etc/systemd/system/default.target symlink, or creating a symlink pointing to multi-user.target. Editing /etc/inittab is for SysV init, not systemd. telinit changes runlevel temporarily but does not set default.

80
Multi-Selecteasy

An administrator is troubleshooting a server that is experiencing intermittent high load. The administrator wants to identify processes that are using excessive CPU. Which two of the following commands can provide real-time CPU usage per process? (Choose two.)

Select 2 answers
A.htop
B.top
C.iostat
D.ps -aux
E.vmstat
AnswersA, B

htop also provides real-time process monitoring.

Why this answer

top and htop provide real-time, dynamic views of process CPU usage. ps provides a static snapshot, iostat monitors I/O, and vmstat shows system-wide statistics.

81
MCQhard

An administrator modified kernel parameters in /etc/sysctl.conf. Which command applies the changes without rebooting?

A.sysctl -p
B.sysctl -w
C.sysctl -r
D.sysctl -a
AnswerA

The -p option loads settings from the specified file, defaulting to /etc/sysctl.conf.

Why this answer

Option A is correct because 'sysctl -p' loads settings from /etc/sysctl.conf. Option B is wrong because 'sysctl -a' displays all current values. Option C is wrong because 'sysctl -w' sets a parameter temporarily.

Option D is wrong because 'sysctl -r' is not a valid option.

82
Drag & Dropmedium

Drag and drop the steps to set up a cron job that runs a script daily in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Cron jobs require an executable script and a crontab entry with proper syntax.

83
MCQmedium

An administrator adds a new disk /dev/sdc1 and wants it mounted at /mnt/backup at every boot. Based on the exhibit, which line should be added to /etc/fstab?

A.UUID=xyz789 /backup ext4 defaults 0 0
B.UUID=xyz789 /mnt/backup ext4 nofail 0 0
C./dev/sdc1 /mnt/backup ext4 defaults 0 2
D./dev/sdc1 /mnt/backup ext4 defaults 0 0
E.UUID=xyz789 /mnt/backup ext4 defaults 0 0
AnswerE

Correct format with UUID.

Why this answer

Option C is correct because using UUID is the recommended method. The line should have the mount point, filesystem, options, dump, and pass fields. Option A does not specify the mount point correctly.

Option B uses device name which may change. Option D uses /dev/sdc1 without UUID. Option E has incorrect mount point /mnt/backups (typo).

84
Multi-Selecthard

A storage administrator is troubleshooting high disk I/O latency. Which THREE tools can provide detailed block I/O statistics at the device level? (Choose three.)

Select 3 answers
A.dd
B.iostat
C.iotop
D.fstrim
E.blktrace
AnswersB, C, E

Reports I/O statistics per device and partition.

Why this answer

Options A, B, and C are correct. iostat provides device-level CPU and I/O statistics; iotop displays I/O usage by processes; blktrace traces block I/O events. dd is for copying data; fstrim is for SSD trim operations.

85
MCQmedium

Based on the exhibit, why does the mv command fail?

A.The user has exceeded the disk quota on the /etc partition.
B.The /etc filesystem is mounted read-only.
C.SELinux is preventing the move due to file context mismatch.
D.The /etc directory does not have write permissions for root.
AnswerC

SELinux enforcing mode and context mismatch cause denial.

Why this answer

Option C is correct because SELinux enforces mandatory access controls that can prevent file operations even when standard Linux permissions (DAC) allow them. When moving a file from one directory to another, SELinux checks the file context of the source and the target directory; if the context of the file does not match the expected type for the target directory (e.g., moving a file with `unconfined_u:object_r:user_home_t` into `/etc` which expects `etc_t`), the move is denied. The `mv` command fails with a 'Permission denied' error, and the denial is logged in `/var/log/audit/audit.log`.

Exam trap

CompTIA often tests the distinction between DAC (standard Linux permissions) and MAC (SELinux) by presenting a scenario where root appears to have permission but the command still fails, leading candidates to overlook SELinux and incorrectly blame filesystem mount options or directory permissions.

How to eliminate wrong answers

Option A is wrong because disk quotas are enforced per filesystem and user, but `/etc` is a system partition that typically does not have user quotas enabled; moreover, the error message from a quota violation would be 'Disk quota exceeded', not 'Permission denied'. Option B is wrong because if `/etc` were mounted read-only, the `mv` command would fail for all users, including root, and the error would be 'Read-only file system', not a permission denial specific to the user. Option D is wrong because the root user (UID 0) always has write permission to `/etc` regardless of the directory's permission bits, as root bypasses DAC checks; the failure is due to SELinux, not standard Unix permissions.

86
Multi-Selecthard

A Linux system is experiencing kernel panics after a recent update. The administrator wants to boot into a previous kernel version to restore functionality. Which three steps are required to achieve this? (Select THREE).

Select 3 answers
A.After booting, edit /etc/default/grub and set GRUB_DEFAULT to the saved entry, then run update-grub
B.At the GRUB menu, press 'e' to edit the boot entry
C.Run 'yum reinstall kernel' to revert to the previous version
D.Edit /etc/fstab to change root filesystem parameters
E.Select the old kernel from the 'Advanced options for Ubuntu' submenu
AnswersA, B, E

Makes the old kernel the default for future boots.

Why this answer

Option A is correct because after booting into a working kernel, editing /etc/default/grub to set GRUB_DEFAULT to 'saved' and running update-grub (or grub-mkconfig) ensures that the GRUB bootloader will remember and default to the last successfully booted kernel, which can be the previous version. This step is necessary to make the temporary fix persistent across reboots.

Exam trap

CompTIA often tests the distinction between temporary boot fixes (editing GRUB entries at boot time) and permanent configuration changes (editing /etc/default/grub and running update-grub), and candidates may mistakenly think that reinstalling the kernel package reverts to a previous version.

87
MCQmedium

A server running Ubuntu 20.04 has a custom application that is started as a systemd service. The service often fails to start after a system reboot, although it can be started manually with 'systemctl start myapp' without errors. The administrator checks the service status after boot and sees 'Failed to start myapp.service: Unit is not loaded properly: Invalid argument'. Which of the following is the most likely cause of this issue?

A.The service binary does not exist at the specified path.
B.The ExecStart line in the unit file contains an invalid parameter or malformed path.
C.The service uses a Type=oneshot but no RemainAfterExit=yes is set.
D.The service file has a missing [Install] section.
AnswerB

Invalid arguments in ExecStart cause 'Invalid argument' error during loading.

Why this answer

The error 'Invalid argument' typically indicates a syntax error or invalid directive in the unit file. The most common cause is an incorrect path or syntax in the ExecStart line. Option A is correct.

Option B would show a 'not found' error. Option C could be a cause but would produce a different error like 'unrecognized option'. Option D might cause a 'timeout' error.

88
MCQmedium

A company policy requires that only the root user can schedule cron jobs. Which configuration ensures this?

A.Create /etc/cron.allow with only 'root'
B.Add 'root' to /etc/crontab
C.Set /usr/bin/crontab permissions to 700
D.Add all non-root users to /etc/cron.deny
AnswerA

If /etc/cron.allow exists, only users listed can use crontab. Listing only root restricts it to root.

Why this answer

Option D is correct because /etc/cron.allow lists users allowed to use crontab; if it exists and contains only root, then only root can use crontab. Option A is wrong because /etc/crontab is for system-wide cron jobs, not user access control. Option B is wrong because modifying permissions on /usr/bin/crontab could break the binary.

Option C is wrong because /etc/cron.deny blocks users but if it contains all users except root, it's impractical; the standard approach is to use cron.allow.

89
MCQeasy

A technician needs to find out which port the SSH daemon is listening on. Which command will show this information?

A.lsof -i :22
B.nmap -p 22 localhost
C.netstat -i
D.ss -tlnp
AnswerD

Lists all listening TCP sockets with port numbers and process info.

Why this answer

The `ss -tlnp` command displays listening TCP sockets with numeric addresses and the associated process information. The `-t` flag filters for TCP, `-l` shows only listening sockets, `-n` prevents DNS resolution, and `-p` reveals the PID and program name. Since SSH daemon (sshd) listens on TCP port 22 by default, this command will show the listening port and the sshd process.

Exam trap

The trap here is that candidates often choose `lsof -i :22` because it shows port 22 activity, but they overlook that it does not specifically filter for listening sockets and may require elevated privileges, whereas `ss -tlnp` is the precise tool for listing listening daemons.

How to eliminate wrong answers

Option A is wrong because `lsof -i :22` shows all open files related to port 22, including established connections, not just the listening daemon; it also requires root privileges to see all processes and may not be installed by default. Option B is wrong because `nmap -p 22 localhost` performs a port scan, which tests connectivity to port 22 but does not show which process is listening or the daemon's configuration; it is a scanning tool, not a process inspection tool. Option C is wrong because `netstat -i` displays interface statistics (packets, errors, etc.), not listening ports or socket information; it is unrelated to finding the SSH daemon's listening port.

90
MCQhard

An administrator is troubleshooting a web server that is running under SELinux enforcing mode. The web content is located in a non-standard directory /webfiles. Using the standard SELinux context 'httpd_sys_content_t', the files are still inaccessible. Which command will properly set the context recursively and persist across relabels?

A.semanage fcontext -a -t httpd_sys_content_t '/webfiles(/.*)?' ; restorecon -Rv /webfiles
B.chcon -R -t httpd_sys_content_t /webfiles
C.setenforce 0
D.restorecon -Rv /webfiles
AnswerA

semanage adds the context rule to the policy, and restorecon applies it recursively. This persists across relabels.

Why this answer

Option C is correct. semanage fcontext adds a rule to the file context database, and restorecon applies it. Option A uses chcon which does not survive relabel. Option B disables SELinux.

Option D only works if a rule already exists.

91
MCQhard

An administrator needs to ensure that a script runs once at system initialization, before any network services start. Which systemd target should the script be associated with?

A.multi-user.target
B.basic.target
C.sysinit.target
D.network.target
AnswerC

Sysinit.target is intended for early system initialization tasks.

Why this answer

Option A is correct because 'sysinit.target' is designed for early system initialization, before network. Option B is wrong because 'multi-user.target' is the general multi-user target, started after network. Option C is wrong because 'basic.target' is also after sysinit but before multi-user.

Option D is wrong because 'network.target' indicates network services are up.

92
MCQhard

Refer to the exhibit. A technician sees that the httpd service has failed. Which command was used to view the detailed error log shown in the exhibit?

A.systemctl status httpd
B.journalctl -u httpd
C.tail -f /var/log/messages
D.systemctl show httpd
AnswerB

The output format matches journalctl filtered by service unit.

Why this answer

Option B is correct because the exhibit shows output from 'journalctl -u httpd.service'. Option A: 'systemctl status httpd' shows a different format; C: 'tail -f /var/log/messages' might show similar but not the specific service unit logs; D: 'systemctl show httpd' shows service properties, not logs.

93
Multi-Selecteasy

Which two commands can be used to view the SELinux context of files or processes?

Select 2 answers
A.chcon
B.getenforce
C.setenforce
D.ps auxZ
E.ls -Z
AnswersD, E

ps auxZ displays the SELinux context of processes.

Why this answer

Options A and B are correct. ls -Z displays file contexts; ps auxZ displays process contexts. getenforce shows enforcement mode; chcon changes context; setenforce changes mode.

94
MCQeasy

A technician needs to identify the network interface configuration and IP address of a system. Which command provides the most comprehensive output for this task?

A.nmcli dev show
B.ip addr show
C.netstat -i
D.ifconfig
E.hostname -I
AnswerB

Shows all interfaces with IP addresses.

Why this answer

Option D is correct because `ip addr show` displays all network interfaces with their IP addresses, MAC addresses, and state. Option A is wrong because `ifconfig` is deprecated and may not show all interfaces. Option B is wrong because `netstat -i` shows interface statistics but not IP addresses.

Option C is wrong because `nmcli dev show` shows device details but requires NetworkManager. Option E is wrong because `hostname -I` shows only IP addresses without interface details.

95
MCQmedium

Refer to the exhibit. A Linux administrator created a systemd service file for a custom script. When starting the service, it fails with 'Unit myservice.service entered failed state.' Which of the following is the most likely cause?

A.The ExecStart path is relative
B.The service type should be forking
C.The service file lacks an [Install] section
D.The Requires directive is missing
AnswerA

Systemd requires absolute paths; a relative path causes the service to fail.

Why this answer

The most likely cause is that the ExecStart path is relative. Systemd requires absolute paths for ExecStart directives; a relative path (e.g., `./script.sh` or just `script.sh`) will cause the unit to fail immediately because systemd cannot resolve the executable location. The error 'entered failed state' typically results from this path resolution failure.

Exam trap

CompTIA often tests the requirement for absolute paths in ExecStart, and the trap here is that candidates may assume relative paths are acceptable or that the [Install] section is mandatory for starting a service, when in fact it is only for enabling.

How to eliminate wrong answers

Option B is wrong because changing the service type to 'forking' would not fix a missing absolute path; forking is used for daemons that spawn child processes and requires a PIDFile, but the immediate failure here is due to the ExecStart path issue. Option C is wrong because the [Install] section is only needed for enabling the service to start at boot (via systemctl enable), not for starting the service manually; the service can start without it. Option D is wrong because the Requires directive is optional and used to declare dependency on other units; its absence does not cause a start failure—it simply means no hard dependency is enforced.

96
MCQhard

After a kernel upgrade, the system fails to boot. Which file should be edited to configure GRUB2 to boot into the previous kernel version by default?

A./etc/grub.d/40_custom
B./boot/grub/grub.conf
C./boot/grub2/grub.cfg
D./etc/default/grub
AnswerD

Correct configuration file for GRUB2 defaults.

Why this answer

/etc/default/grub is the configuration file for GRUB2. After editing, run grub2-mkconfig to regenerate grub.cfg. Directly editing grub.cfg is overwritten on updates. /boot/grub2/grub.cfg is auto-generated. /etc/grub.d/40_custom is for custom entries.

97
MCQhard

A developer needs to grant a colleague read and write access to a directory /project, but the colleague should not have permission to delete any files created by the developer. The developer wants to set the directory so that all new files created in it automatically belong to the group 'project' and are writable by group. Which combination of configuration should be used?

A.chmod g+s /project && setfacl -m default:g:project:rw /project
B.chmod 1770 /project && usermod -aG project colleague
C.chmod g+s /project && setfacl -m g:project:rwx /project
D.chown .project /project && chmod 2775 /project
AnswerA

Setgid ensures new files inherit project group; default ACL ensures new files have group rw permissions.

Why this answer

To achieve automatic group ownership and default permissions, set the setgid bit (chmod g+s) on the directory and use a default ACL to grant group read/write. Option C does both: chmod g+s sets the setgid bit so new files inherit the group, and setfacl with default:g:project:rw ensures new files get group rw. Option A gives rwx on directory but not default.

Option B sets setgid and permissions but does not use default ACL, so new files may not get group rw. Option D sets sticky bit (1) which prevents users from deleting others' files, but does not automatically set group ownership or permissions.

98
MCQhard

An administrator is tasked with setting up a new server that will run a time-sensitive application. The system must have accurate time synchronization. The administrator configures chronyd and adds four NTP servers. After verifying, the administrator notices that the system time drifts significantly. Which configuration parameter in /etc/chrony.conf is most likely causing the drift despite multiple servers?

A.pollinterval 2
B.minsources 2
C.makestep 100 -1
D.maxslewrate 1000
E.local stratum 10
AnswerE

Declares local clock as a high-priority time source, overriding NTP servers.

Why this answer

Option C is correct because if the local clock is set as a prefer time source with high trust, chronyd may use it over NTP servers, causing drift. Option A is wrong because a large maxslewrate can cause rapid time adjustments but not drift. Option B is wrong because a large makestep would allow stepping, not cause drift.

Option D is wrong because a small pollinterval would increase polling frequency, reducing drift. Option E is wrong because minsources is the minimum number of sources to synchronize; if set too low, it might accept inaccurate time, but drift is more likely due to local clock behavior.

99
Multi-Selecthard

Which THREE files are commonly used to store local user account information? (Select 3.)

Select 3 answers
A./etc/group
B./etc/gshadow
C./etc/shadow
D./etc/login.defs
E./etc/passwd
AnswersA, C, E

Contains group information and group member lists.

Why this answer

Options A (/etc/passwd), B (/etc/shadow), and C (/etc/group) are correct. /etc/gshadow stores group passwords, not user accounts. /etc/login.defs contains default configuration for useradd, not account data.

100
MCQhard

An administrator configures a new web server with Apache and needs to ensure it starts automatically after a system reboot. The administrator runs 'systemctl enable httpd' but the service still does not start after reboot. What is the most likely reason?

A.The service name is incorrect; it should be 'apache2' instead of 'httpd'.
B.The administrator forgot to run 'systemctl start httpd' after enabling it.
C.The httpd service is masked, preventing it from starting.
D.The systemd daemon needs to be reloaded with 'systemctl daemon-reload'.
AnswerC

A masked service cannot be started; check with 'systemctl is-enabled httpd'.

Why this answer

The most likely reason the httpd service does not start after reboot despite being enabled is that it is masked. A masked service is symlinked to /dev/null, which prevents systemd from starting it even if it is enabled. The 'systemctl enable' command creates the necessary symlinks for automatic startup, but a mask overrides this by blocking the service unit entirely.

Exam trap

The trap here is that candidates often confuse 'enabled' with 'started' and assume the service must be started manually after enabling, overlooking the more subtle masking mechanism that prevents automatic startup despite the enable state.

How to eliminate wrong answers

Option A is wrong because the service name 'httpd' is correct for Apache on RHEL/CentOS/Fedora systems; 'apache2' is used on Debian/Ubuntu, but the question does not specify the distribution, and the administrator used 'httpd' which is standard for the given context. Option B is wrong because 'systemctl start httpd' starts the service immediately but is not required for automatic startup after reboot; enabling the service is sufficient for that purpose. Option D is wrong because 'systemctl daemon-reload' is used to reload systemd manager configuration after unit files change, but it is not needed after enabling a service; enabling only creates symlinks, not unit file modifications.

101
MCQmedium

A Linux server is experiencing slow boot times. The administrator wants to identify which systemd services are taking the longest to start. Which command should be used?

A.systemd-analyze time
B.journalctl -b -p 3
C.systemctl list-units --all
D.systemd-analyze blame
AnswerD

This displays each service and its initialization time, sorted descending.

Why this answer

Option D is correct. systemd-analyze blame lists services and their start times, sorted by time. Option A shows a summary of boot time breakdown. Option B lists units but not start times.

Option C shows kernel and initrd time.

102
MCQhard

A Linux server is experiencing high I/O wait, as shown by the 'iostat -x' command: 'avg-cpu: %iowait=45' and '/dev/sda: await=120ms, %util=95%'. The server has 16 GB of RAM, and the administrator notices that the system is using a significant amount of swap: 'free -m' shows 4 GB of swap used out of 8 GB. The server runs a database application that performs many synchronous writes. The administrator wants to reduce I/O wait without adding physical memory. Which of the following kernel parameter changes is most likely to help by reducing the frequency of write operations to disk?

A.Increase vm.dirty_ratio from 20 to 40.
B.Increase vm.dirty_writeback_centisecs from 500 to 1000.
C.Set vm.swappiness to 0.
D.Decrease vm.dirty_background_ratio from 10 to 5.
AnswerB

Increasing the interval between writeback cycles allows more dirty pages to accumulate, possibly merging writes and reducing the number of I/O operations, thus lowering iowait.

Why this answer

Increasing vm.dirty_writeback_centisecs (time between writeback flushes) allows more dirty pages to accumulate before being written, reducing write frequency and potentially merging writes, which can lower I/O wait if the I/O subsystem is efficient at handling larger writes. However, if the writeback interval is too high, it may increase burstiness. The other options: increasing dirty_ratio or dirty_background_ratio would allow more dirty pages in memory, which could temporarily reduce writes but might cause burstier writes and not reduce overall I/O wait.

Decreasing dirty_writeback_centisecs would increase write frequency, likely worsening iowait. So Option C is the most plausible correct answer. Option D (swappiness) affects swap tendency, but swap usage indicates memory pressure; reducing swappiness might reduce swap but not directly address synchronous database writes.

103
MCQmedium

A system administrator notices that the httpd service fails to start. Which command should be used to view the most recent log entries for that specific service?

A.systemctl status httpd
B.dmesg | grep httpd
C.journalctl -u httpd
D.tail -f /var/log/messages
AnswerC

Displays journal entries for the httpd unit.

Why this answer

journalctl -u httpd shows logs from the systemd journal for the httpd unit. tail on /var/log/messages may work but is not service-specific. dmesg shows kernel logs. systemctl status shows recent logs but not as detailed as journalctl.

104
MCQmedium

A system is running out of disk space in the /var/log directory. The administrator needs to temporarily free up space while preserving the latest log entries. Which approach is best?

A.Run logrotate with compression enabled
B.find /var/log -mtime +7 -delete
C.cat /dev/null > /var/log/messages
D.rm -rf /var/log/*
AnswerA

Rotates and compresses logs, preserving recent entries.

Why this answer

Logrotate with compression is the best approach because it rotates, compresses, and optionally removes old log files while preserving the latest entries. It can be configured to keep a specific number of rotated logs, thus freeing disk space without deleting current logs. This matches the requirement to temporarily free up space while retaining the most recent log data.

Exam trap

CompTIA often tests the misconception that deleting old files with find or truncating a log file is a safe way to free space, but the correct approach is to use logrotate to manage log rotation and compression while preserving the latest entries.

How to eliminate wrong answers

Option B is wrong because 'find /var/log -mtime +7 -delete' deletes all log files older than 7 days, which may remove important historical logs and does not preserve the latest entries in a controlled manner. Option C is wrong because 'cat /dev/null > /var/log/messages' truncates the file, which destroys all existing log entries in that file, failing to preserve the latest entries. Option D is wrong because 'rm -rf /var/log/*' removes all files and subdirectories in /var/log, including current logs, which is destructive and does not preserve any entries.

105
Multi-Selecthard

An administrator is troubleshooting a slow system. Which two commands can be used to identify processes consuming excessive CPU or memory? (Choose two.)

Select 2 answers
A.free -m
B.iostat -x
C.ps aux --sort=-%mem
D.df -h
E.top
AnswersC, E

ps with sorting shows processes by memory usage.

Why this answer

Option C is correct because `ps aux --sort=-%mem` lists all processes with their memory usage, sorted by memory consumption in descending order, making it easy to identify processes consuming excessive memory. Option E is correct because `top` provides a real-time, dynamic view of system processes, including CPU and memory usage, and allows sorting by these metrics interactively.

Exam trap

CompTIA often tests the distinction between system-level resource commands (like `free`, `df`, `iostat`) and process-level monitoring commands (`ps`, `top`), leading candidates to choose commands that show overall usage rather than per-process details.

106
MCQeasy

A system administrator needs to check the current runlevel on a system that uses systemd. Which command should the administrator use?

A.hostnamectl
B.getenforce
C.systemctl get-default
D.uname -r
AnswerC

Displays the default target (runlevel equivalent).

Why this answer

Option C is correct because `systemctl get-default` displays the default target (runlevel equivalent) on a systemd-based Linux system. Systemd uses targets instead of traditional SysV runlevels, and this command shows which target is set as the default at boot, such as `multi-user.target` or `graphical.target`.

Exam trap

The trap here is that candidates familiar with SysV init may expect a command like `runlevel` or `who -r`, but systemd uses `systemctl get-default` for the default target and `systemctl list-units --type=target` to see the current active target, not a direct runlevel command.

How to eliminate wrong answers

Option A is wrong because `hostnamectl` is used to query or change the system hostname and related settings, not to check the current runlevel or default target. Option B is wrong because `getenforce` is a SELinux command that returns the current enforcement mode (Enforcing, Permissive, or Disabled), and has nothing to do with runlevels or systemd targets. Option D is wrong because `uname -r` prints the kernel release version, not the runlevel or default target.

107
MCQhard

A user on a shared system cannot create files larger than 1MB, even though the filesystem has ample free space. Which command should the administrator use to investigate?

A.df -h
B.fdisk -l
C.lsblk
D.quota -u username
AnswerD

quota -u shows the user's disk quota limits and current usage.

Why this answer

Option D is correct because 'quota -u username' displays the user's current quota limits. Option A is wrong because 'df -h' shows filesystem-level free space, not per-user limits. Option B is wrong because 'lsblk' shows block devices.

Option C is wrong because 'fdisk -l' shows partition tables.

108
MCQeasy

Refer to the exhibit. Which service is likely causing the longest boot delay?

A.sshd.service
B.firewalld.service
C.network.service
D.postfix.service
AnswerB

Has the highest boot time in the list.

Why this answer

Option A is correct because firewalld.service has the highest time (1.234s) in the blame output. The other services have lower times.

109
MCQhard

An administrator is configuring a custom kernel module to be loaded automatically at boot for a specialized hardware device. The module is named 'custom_hw'. Which file should be created to ensure the module is loaded at boot?

A./etc/modules-load.d/custom_hw.conf with the line 'custom_hw'
B./etc/sysconfig/modules/custom_hw.modules with modprobe commands
C./etc/modprobe.d/custom_hw.conf with 'options custom_hw param=value'
D./etc/modprobe.d/blacklist.conf with 'blacklist custom_hw'
AnswerA

This file lists module names to be loaded at boot.

Why this answer

Option B is correct because modules-load.d directory contains .conf files with module names to be loaded at boot. Option A is for module parameters; C is for blacklisting; D is not a standard configuration file.

110
MCQeasy

A file has permissions -rwxr-x---. The administrator wants to give the group write permission using symbolic mode. Which command is correct?

A.chmod 775 file
B.chmod o+w file
C.chmod u+w file
D.chmod g+w file
AnswerD

g+w adds write permission to the group, leaving other permissions unchanged.

Why this answer

Option B is correct because 'chmod g+w file' adds write permission for the group. Option A is wrong because 'chmod 775' sets permissions to rwxrwxr-x (not adding but setting). Option C is wrong because 'chmod o+w' adds write for others.

Option D is wrong because 'chmod u+w' adds write for the owner.

111
Drag & Dropmedium

Drag and drop the steps to create a new LVM logical volume in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

LVM requires physical volumes, a volume group, and then a logical volume before formatting and mounting.

112
Multi-Selectmedium

Which TWO commands can be used to check the kernel version currently running on a system? (Choose two.)

Select 2 answers
A.sysctl kernel.version
B.cat /proc/version
C.lsb_release -a
D.uptime
E.uname -r
AnswersB, E

Contains kernel version string.

Why this answer

Option A shows the kernel version via `uname -r`. Option C shows the kernel version via `cat /proc/version`. Option B shows distribution version.

Option D shows kernel parameters. Option E shows system uptime.

113
MCQeasy

A database administrator needs to schedule a one-time system backup to run at 2:00 AM tomorrow. Which command should be used?

A.systemd-run --on-calendar='*-*-* 02:00:00' /usr/bin/backup
B.at 2:00 AM tomorrow
C.echo '/usr/bin/backup' | atq
D.crontab -e
AnswerB

Schedules a one-time job at the specified time.

Why this answer

Option B is correct because 'at' is designed for one-time scheduled tasks. Option A is for recurring tasks; C is for repeating intervals; D shows the command to run but does not schedule it.

114
MCQeasy

A system administrator needs to determine which process is using the most memory on a Linux server. Which command should be used to display processes sorted by memory usage?

A.top -o %MEM
B.vmstat 1 5
C.ps aux --sort=-%mem
D.free -m
AnswerC

Correctly sorts processes by memory usage descending.

Why this answer

Option C is correct because `ps aux --sort=-%mem` lists all processes with detailed information and sorts them by memory usage in descending order, showing the most memory-intensive process first. The `-%mem` flag specifies sorting by the %MEM column (resident set size as a percentage of total physical memory) in reverse order, which directly answers the requirement to determine which process is using the most memory.

Exam trap

CompTIA often tests the distinction between commands that show system-wide memory statistics (like `free` or `vmstat`) versus commands that display per-process memory usage (like `ps` or `top`), and candidates may mistakenly choose `free -m` because it shows memory usage, even though it does not identify which process is consuming the most memory.

How to eliminate wrong answers

Option A is wrong because `top -o %MEM` sorts processes by memory usage interactively, but the `-o` flag is not a valid option for the `top` command in most Linux distributions; the correct syntax is `top -o %MEM` (with a space) or simply pressing 'M' inside top, but the given command would fail or produce an error. Option B is wrong because `vmstat 1 5` reports system-wide virtual memory statistics (processes, memory, paging, block I/O, traps, and CPU activity) at one-second intervals for five samples, but it does not list individual processes or sort them by memory usage. Option D is wrong because `free -m` displays total, used, and free physical and swap memory in megabytes, but it provides no information about individual processes or their memory consumption.

115
MCQeasy

A system administrator is troubleshooting a server that is experiencing periodic slowdowns. The administrator runs the 'ps aux' command and notices a process named 'cpu_burn' that is consistently using over 90% CPU. The administrator wants to identify which user is running the process and then terminate it. The server runs Red Hat Enterprise Linux 8. Which command should the administrator use to determine the owner of the 'cpu_burn' process?

A.ps -u cpu_burn
B.ps -ef | grep cpu_burn
C.top -bn1 | grep cpu_burn
D.ps -eo pid,user,comm | grep [c]pu_burn
AnswerD

This shows PID and user for the process, and the bracket trick avoids matching the grep process itself.

Why this answer

The 'ps -eo pid,user,comm' command outputs the PID, user, and command name for all processes, useful for identifying the owner of a specific process. Option A can show user but 'grep cpu_burn' will match other fields. Option B is correct as it directly greps the command name.

Option C uses 'top' which is interactive and not efficient for scripting. Option D shows all processes filtered by user, but that doesn't help find the user.

116
Multi-Selecteasy

A junior administrator needs to monitor system resource usage on a production server. Which TWO commands should the administrator use to check CPU and memory utilization in real-time? (Choose two.)

Select 2 answers
A.top
B.df
C.uptime
D.lsof
E.free
AnswersA, E

Top displays real-time CPU and memory usage along with processes.

Why this answer

Top provides real-time CPU, memory, and process information. Free shows memory usage. Df checks disk space, lsof lists open files, and uptime shows system load but not resource utilization in real-time.

117
MCQhard

An administrator is investigating a security breach. The attacker gained root access via an application vulnerability. The administrator needs to determine which commands were executed by the attacker after gaining access. Which log file should be examined first?

A./var/log/syslog
B./var/log/secure
C./var/log/audit/audit.log
D./var/log/auth.log
E./root/.bash_history
AnswerE

Contains the root user's command history.

Why this answer

Option C is correct because `~/.bash_history` in the root user's home directory contains the command history for all commands executed by root in interactive bash sessions. Option A is wrong because /var/log/auth.log logs authentication attempts, not command execution. Option B is wrong because /var/log/syslog contains system messages but not per-user command history.

Option D is wrong because /var/log/secure logs authentication-related events on Red Hat systems. Option E is wrong because /var/log/audit/audit.log contains audit events but requires auditd to be configured.

118
MCQmedium

A system administrator needs to configure a daily backup that creates hard links to unchanged files to save space. Which tool and option combination is most appropriate?

A.dd if=/source of=/destination conv=sync
B.cp -al /source /destination
C.rsync -a --link-dest=/previous/backup /source /current/backup
D.tar --hard-link --create /source > /destination/backup.tar
AnswerC

rsync --link-dest creates hard links to files in the previous backup that have not changed, saving disk space.

Why this answer

Option A is correct. rsync with --link-dest creates hard links to unchanged files, enabling incremental backups. Option B copies with hard links but not incremental. Option C does not handle incremental hard links.

Option D is for disk cloning.

119
MCQhard

A custom application service 'myapp.service' fails to start on a RHEL 8 system with the error: "Failed at step EXEC spawning /usr/local/bin/myapp: Permission denied". The service runs as user 'myapp'. The binary /usr/local/bin/myapp has permissions 755 and is owned by root:root. The user myapp is not in the sudoers. The administrator checks SELinux and finds the binary has the context 'unconfined_u:object_r:usr_t:s0'. The service unit file does not specify any SELinux context. What is the most likely cause of the failure?

A.The user myapp does not have read access to the binary.
B.The SELinux context of the binary is incorrect; it should be bin_t.
C.The binary is located in a directory that is not in the systemd safe path.
D.The binary is not executable by myapp due to file permissions.
AnswerB

The binary has usr_t context, which is not allowed for execution by the service; restoring to bin_t fixes it.

Why this answer

The error occurs because SELinux is enforcing and the binary has the type 'usr_t', which is not allowed to be executed by the service's domain (probably init_t or custom domain). The correct type for executables in /usr/local/bin is 'bin_t'. The solution is to restore the SELinux context to the default for binaries using `restorecon -v /usr/local/bin/myapp` or changing it to bin_t.

Option A is incorrect because permissions allow execution. Option C is unlikely because /usr/local/bin is in PATH. Option D is incorrect as user has execute permission.

120
MCQeasy

An administrator runs the command `ls -l /data/file.txt` and sees the output: `-rw-r-----+ 1 root project 1024 Mar 15 10:00 file.txt`. The administrator wants to view the current ACL entries on this file. Which command should be used?

A.getfacl /data/file.txt
B.chacl /data/file.txt
C.lsacl /data/file.txt
D.aclshow /data/file.txt
AnswerA

Correct command to view ACL entries.

Why this answer

The getfacl command is used to display the ACL entries of a file or directory. Option A is correct. The other commands do not exist or are not standard (lsacl, chacl, aclshow).

121
MCQmedium

A system administrator is configuring centralized logging for a cluster of web servers. Each web server runs rsyslog and needs to forward its Apache access logs to a central log server at 192.168.1.100 over UDP port 514. The administrator adds the following line to /etc/rsyslog.conf on each web server: '*.* @192.168.1.100:514'. After restarting rsyslog, no logs appear on the central server. The administrator checks the network connectivity and finds that the central server is reachable and listening on UDP 514. Which additional configuration is most likely required on the web servers to forward the Apache logs?

A.Enable the 'imuxsock' module in rsyslog to listen on a Unix socket for Apache logs.
B.Create a configuration file in /etc/rsyslog.d/ with a more specific filter for Apache logs.
C.Configure Apache to send access logs to syslog using the 'syslog' facility in the LogFormat directive.
D.Change the forwarding protocol from UDP to TCP in both the sender and receiver.
AnswerC

By default Apache writes to files; to forward via syslog, it must use the syslog output.

Why this answer

The wildcard '*.*' forwards all logs, including Apache logs if they are sent to syslog. However, rsyslog by default only reads from its own sources; if Apache logs are written directly to a file and not via syslog, they won't be forwarded. The Apache module 'mod_log_config' can be configured to send logs to syslog using the 'syslog' facility.

Option B is correct. Option A (el8 conf includes) is a file but not for Apache. Option C adds modular configs but doesn't address Apache.

Option D (UDP vs TCP) might matter but the problem states UDP is used and listening.

122
Multi-Selectmedium

A technician is configuring a system to automatically mount an NFS share at boot. Which two files must be edited or created? (Choose two.)

Select 2 answers
A./etc/auto.master
B./etc/exports
C./etc/nfs.conf
D./etc/nfsmount.conf
E./etc/fstab
AnswersD, E

nfsmount.conf sets default NFS mount options.

Why this answer

Option D is correct because `/etc/nfsmount.conf` is the NFS configuration file that can be used to set default mount options for NFS shares, such as protocol version, read/write size, and timeouts. Option E is correct because `/etc/fstab` is the standard file system table that defines how block devices, remote filesystems, and swap partitions are mounted at boot, including NFS shares with the `nfs` or `nfs4` filesystem type.

Exam trap

The trap here is that candidates confuse the client-side NFS mount configuration file (`/etc/nfsmount.conf`) with the server-side configuration file (`/etc/nfs.conf`), or mistakenly think the automounter's `/etc/auto.master` is used for persistent boot-time mounts.

123
MCQhard

A system administrator is tuning a server for a high-performance computing workload and needs to disable NUMA (Non-Uniform Memory Access) at boot to improve memory access latency. Which kernel boot parameter should be added to the GRUB_CMDLINE_LINUX line in /etc/default/grub?

A.maxcpus=1
B.numa=off
C.acpi=off
D.noapic
AnswerB

This parameter disables NUMA support in the kernel.

Why this answer

Option A is correct because 'numa=off' is the standard kernel parameter to disable NUMA. Option B disables ACPI, C disables APIC, and D sets the system to use only one CPU core.

124
MCQeasy

A user is unable to create new files in a directory. Which command can the administrator use to view the Access Control Lists (ACLs) associated with that directory?

A.getfacl
B.ls -l
C.setfacl
D.chmod
AnswerA

getfacl retrieves ACL entries.

Why this answer

getfacl displays ACLs. ls -l shows standard permissions, setfacl sets ACLs, chmod changes permissions. Only getfacl shows ACLs.

125
Multi-Selectmedium

A Linux administrator is configuring secure remote access to a server. Which three of the following are recommended best practices for securing SSH? (Choose three.)

Select 3 answers
A.Enable public key authentication.
B.Use password authentication only.
C.Disable root login via SSH.
D.Change the default SSH port to a non-standard port.
E.Allow only specific users or groups.
AnswersA, C, E

Key-based authentication is more secure than passwords.

Why this answer

Disabling root login (PermitRootLogin no), using public key authentication (PubkeyAuthentication yes), and restricting allowed users/groups (AllowUsers or AllowGroups) are common best practices. Changing the default port (Port 2222) is optional and considered security through obscurity, not a true security measure. Password authentication is less secure than key-based.

126
Matchingmedium

Match each Linux kernel parameter category to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

General kernel behavior

Virtual memory management

Network settings

Filesystem parameters

Device-specific settings

Why these pairings

Sysctl parameters are organized under these categories.

127
Multi-Selecteasy

Which TWO commands can be used to view a list of all running processes with their PIDs? (Choose two.)

Select 2 answers
A.ps
B.pidof
C.top
D.ls
E.pstree
AnswersA, C

ps -ef displays all processes with PIDs.

Why this answer

ps and top both display running processes with PIDs. ps -ef or ps aux shows all processes. top shows an interactive view. ls lists files, pstree shows tree without PIDs by default, pidof finds PID of a specific process.

128
MCQhard

Based on the exhibit, which file has an incorrect SELinux context for serving web content via Apache?

A.Neither
B.style.css
C.Both
D.index.html
AnswerD

index.html has context user_home_t, which prevents Apache from serving it; the correct context is httpd_sys_content_t.

Why this answer

Option A is correct. index.html has user_home_t, which is not the proper context for web content; it should be httpd_sys_content_t. style.css has the correct context. Therefore, both are not incorrect, and neither is not correct.

129
Multi-Selectmedium

Which three are valid systemd unit types?

Select 3 answers
A.process
B.socket
C.service
D.timer
E.job
AnswersB, C, D

socket is a unit type for IPC or network sockets.

Why this answer

Options A, C, and D are correct. service, socket, and timer are standard systemd unit types. job and process are not valid unit types.

130
MCQhard

A server has a volume group 'vg_data' with a single logical volume 'lv_data' of 100GB mounted at /data. The filesystem on lv_data is XFS. The administrator needs to extend it to 150GB. A new 60GB disk /dev/sdc has been added and partitioned as LVM. The administrator runs `pvcreate /dev/sdc1`, then `vgextend vg_data /dev/sdc1`, then `lvextend -L +50G /dev/vg_data/lv_data`. The administrator runs `df -h /data` and sees that the filesystem still shows 100GB. Which command should be run next?

A.lvreduce -L -50G /dev/vg_data/lv_data
B.fsck /dev/vg_data/lv_data
C.xfs_growfs /data
D.resize2fs /dev/vg_data/lv_data
AnswerC

xfs_growfs grows an XFS filesystem to fill the available space.

Why this answer

For XFS filesystems, after extending the logical volume, the filesystem must be grown using xfs_growfs with the mount point as argument. resize2fs is for ext2/3/4. Option C checks the filesystem, but it's not needed. Option D would shrink, which is incorrect.

131
MCQmedium

In the exhibit, what does 'Tasks: 11 (limit: 512)' indicate?

A.The process is using 512 MB of memory.
B.The service has been running for 512 seconds.
C.The cgroup pids controller is limiting the number of processes/threads.
D.The number of threads is limited to 512.
AnswerC

The limit is enforced by the pids cgroup controller.

Why this answer

The 'Tasks:' line in systemd status shows the current number of tasks (processes/threads) and the limit imposed by the cgroup pids controller. This is a resource control feature of systemd.

132
Multi-Selectmedium

A system administrator needs to configure a cron job to run a script every Monday at 3:00 AM. Which two cron expressions are correct? (Select TWO).

Select 2 answers
A.0 3 * * 0
B.0 3 1 * 1
C.0 3 * * 1
D.0 3 * * 1-5
E.0 3 * * Mon
AnswersC, E

Correct: minute 0, hour 3, any day, any month, Monday.

Why this answer

Option C is correct because the cron expression `0 3 * * 1` schedules the script to run at minute 0, hour 3 (3:00 AM), every day of the month (`*`), every month (`*`), and on Monday (day-of-week 1, where 0=Sunday, 1=Monday). Option E is correct because cron also accepts three-letter abbreviations for days of the week, so `Mon` is equivalent to `1`.

Exam trap

CompTIA often tests the misconception that day-of-week `0` is Monday (it is Sunday) and that using a specific day-of-month value like `1` combined with a day-of-week value still runs every Monday (it actually runs only when both conditions are true, but cron uses OR logic, so it would run on the 1st of any month OR any Monday, not just Mondays).

133
MCQmedium

A systems administrator needs to ensure that a custom service runs with a specific priority on a Linux server. Which command should the administrator use to achieve this?

A.renice -10 -p 1234
B.ionice -c 2 -n 0 -p 1234
C.nice -n -10 /usr/local/bin/myservice
D.chrt -r 99 /usr/local/bin/myservice
AnswerC

nice runs a command with a modified scheduling priority.

Why this answer

Option C is correct because the `nice` command adjusts the CPU scheduling priority of a process at launch time. Using `nice -n -10` sets a higher priority (lower nice value) for the new service, ensuring it runs with the specified priority from the start. This directly meets the requirement to run a custom service with a specific priority.

Exam trap

The trap here is that candidates confuse `nice` (for CPU priority at launch) with `renice` (for adjusting an already running process) or `ionice` (for I/O priority), leading them to select an option that does not set the priority at service start.

How to eliminate wrong answers

Option A is wrong because `renice` changes the priority of an already running process (by PID), not at launch time; the question asks to ensure the service runs with a specific priority, implying it should be set when the service starts. Option B is wrong because `ionice` sets I/O scheduling priority, not CPU priority; the question asks for a specific priority (likely CPU priority), and `ionice` controls disk I/O bandwidth, not CPU scheduling. Option D is wrong because `chrt -r 99` sets a real-time scheduling policy (SCHED_RR) with maximum priority, which is for real-time processes and can cause system instability if misused; the question does not specify real-time requirements, and `nice` is the standard tool for adjusting CPU priority in a non-real-time context.

134
MCQmedium

A Linux administrator is troubleshooting a server that intermittently becomes unresponsive. The administrator suspects a memory leak. Which command should be used to monitor memory usage over time and identify the consuming process?

A.free -h
B.top
C.ss -tuln
D.df -h
AnswerB

Displays real-time process list with memory usage.

Why this answer

The `top` command provides a real-time, dynamic view of system processes, including memory usage (RES, VIRT, %MEM) and can be sorted by memory consumption. It updates continuously, making it ideal for monitoring memory usage over time and identifying the specific process responsible for a suspected memory leak.

Exam trap

The trap here is that candidates confuse system-wide memory reporting (`free -h`) with per-process monitoring (`top`), or mistake disk usage commands (`df -h`) or network tools (`ss`) for memory diagnostics.

How to eliminate wrong answers

Option A is wrong because `free -h` shows total, used, and available memory in human-readable format, but it does not display per-process memory consumption or allow monitoring over time. Option C is wrong because `ss -tuln` lists listening and connected sockets (TCP/UDP) with numeric addresses; it is a network socket statistics tool, not a memory monitoring command. Option D is wrong because `df -h` reports filesystem disk space usage, not memory (RAM) usage, and cannot identify processes consuming memory.

135
MCQeasy

A process has become unresponsive and is in a zombie state. Which action should the administrator take to remove the zombie process?

A.kill -18 <PID>
B.kill -9 <PID>
C.Wait for the init process to clean it up; no action needed
D.Kill the parent process of the zombie
AnswerD

When the parent process dies, the zombie is inherited by init, which reaps it immediately.

Why this answer

Option D is correct. Zombie processes cannot be killed; they must be reaped by their parent. If the parent is killed, init reaps the zombie.

Option A has no effect. Option B sends a continue signal. Option C is not immediately effective.

136
MCQmedium

Refer to the exhibit. What is the total amount of RAM installed on the system?

A.7.7G
B.7.5G
C.8.0G
D.0.1G
AnswerA

The total column shows 7.7G.

Why this answer

Option B is correct because the 'total' column for Mem shows 7.7G. Options A, C, D are incorrect: 7.5G is used, 8.0G is not shown, 0.1G is free.

137
MCQmedium

A system administrator wants to limit the CPU and memory usage of a specific service to prevent it from affecting other processes. Which Linux feature should be used?

A.ulimit
B.renice
C.cgroups
D.nice
AnswerC

cgroups can limit CPU, memory, I/O for process groups.

Why this answer

cgroups (control groups) allow resource limiting per process group. ulimit sets per-process limits, nice/renice adjust priority but do not enforce hard limits. cgroups are the proper tool for service resource control.

← PreviousPage 2 of 2 · 137 questions total

Ready to test yourself?

Try a timed practice session using only System Management questions.