Sample questions
Linux Foundation Certified System Administrator LFCS practice questions
A system administrator needs to ensure the Apache httpd service starts automatically on system boot. Which command should they use?
Trap 1: systemctl start httpd
systemctl start only starts the service immediately, does not enable boot start.
Trap 2: systemctl disable httpd
systemctl disable removes symlinks, preventing boot start.
Trap 3: systemctl reload httpd
systemctl reload reloads configuration without changing enable status.
- A
systemctl enable httpd
systemctl enable creates symlinks for automatic start at boot.
- B
systemctl start httpd
Why wrong: systemctl start only starts the service immediately, does not enable boot start.
- C
systemctl disable httpd
Why wrong: systemctl disable removes symlinks, preventing boot start.
- D
systemctl reload httpd
Why wrong: systemctl reload reloads configuration without changing enable status.
Which THREE of the following are valid methods to mount an NFS filesystem on a client?
Trap 1: echo 'server:/export /mnt nfs defaults 0 0' >> /etc/fstab && mount…
Incorrect: mount -a reads /etc/fstab but the command as written is incomplete; also mount -a alone is not a mount method.
Trap 2: mount -t cifs server:/share /mnt
Incorrect: -t cifs is for CIFS, not NFS.
- A
echo 'server:/export /mnt nfs defaults 0 0' >> /etc/fstab && mount -a
Why wrong: Incorrect: mount -a reads /etc/fstab but the command as written is incomplete; also mount -a alone is not a mount method.
- B
mount -o hard,intr server:/export /mnt
Correct: NFS mount with options.
- C
mount -t cifs server:/share /mnt
Why wrong: Incorrect: -t cifs is for CIFS, not NFS.
- D
mount -t nfs server:/export /mnt
Correct: Explicit NFS type.
- E
mount -t nfs4 server:/export /mnt
Correct: NFSv4 type.
Refer to the exhibit. The administrator wants to create a RAID 1 array using /dev/sdb1 and /dev/sdc1. Which command should be used?
Exhibit
Refer to the exhibit. # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 1G 0 part /boot ├─sda2 8:2 0 10G 0 part / └─sda3 8:3 0 9G 0 part [SWAP] sdb 8:16 0 10G 0 disk └─sdb1 8:17 0 10G 0 part sdc 8:32 0 5G 0 disk └─sdc1 8:33 0 5G 0 part /data
Trap 1: mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sdb1…
Incorrect: RAID 5 needs at least 3 devices.
Trap 2: mdadm --create /dev/md0 --level=10 --raid-devices=2 /dev/sdb1…
Incorrect: RAID 10 needs at least 4 devices.
Trap 3: mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb1…
Incorrect: level=0 creates RAID 0, not RAID 1.
- A
mdadm --create /dev/md0 --level=5 --raid-devices=2 /dev/sdb1 /dev/sdc1
Why wrong: Incorrect: RAID 5 needs at least 3 devices.
- B
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1
Correct: RAID 1 requires level=1.
- C
mdadm --create /dev/md0 --level=10 --raid-devices=2 /dev/sdb1 /dev/sdc1
Why wrong: Incorrect: RAID 10 needs at least 4 devices.
- D
mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb1 /dev/sdc1
Why wrong: Incorrect: level=0 creates RAID 0, not RAID 1.
A system administrator needs to list all files in the current directory, including hidden files, in a long listing format sorted by modification time (oldest first). Which command achieves this?
Trap 1: ls -lihrt
Includes inode and human-readable but missing -t, sorts by name.
Trap 2: ls -lat
Shows newest first, not oldest.
Trap 3: ls -lrt
Lacks -a, so hidden files not shown.
- A
ls -lihrt
Why wrong: Includes inode and human-readable but missing -t, sorts by name.
- B
ls -lart
Correct: long, all, reverse, time.
- C
ls -lat
Why wrong: Shows newest first, not oldest.
- D
ls -lrt
Why wrong: Lacks -a, so hidden files not shown.
A user wants to find all files in /var/log that have been modified within the last 2 days. Which command should they use?
Trap 1: find /var/log -mmin -2880
Correct in minutes but less standard for days.
Trap 2: find /var/log -mtime +2
Finds files modified more than 2 days ago.
Trap 3: find /var/log -mtime 2
Finds files modified exactly 2 days ago.
- A
find /var/log -mtime -2
Finds files modified less than 2 days ago.
- B
find /var/log -mmin -2880
Why wrong: Correct in minutes but less standard for days.
- C
find /var/log -mtime +2
Why wrong: Finds files modified more than 2 days ago.
- D
find /var/log -mtime 2
Why wrong: Finds files modified exactly 2 days ago.
A user needs to view the contents of a compressed log file /var/log/syslog.gz without first decompressing it. Which command should they use?
Trap 1: gzip -d /var/log/syslog.gz
Same as gunzip, decompresses.
Trap 2: gunzip /var/log/syslog.gz
Decompresses to disk, not just view.
Trap 3: cat /var/log/syslog.gz
Outputs binary garbage.
- A
zcat /var/log/syslog.gz
Correct: prints compressed file to stdout.
- B
gzip -d /var/log/syslog.gz
Why wrong: Same as gunzip, decompresses.
- C
gunzip /var/log/syslog.gz
Why wrong: Decompresses to disk, not just view.
- D
cat /var/log/syslog.gz
Why wrong: Outputs binary garbage.
A developer wants to change the ownership of a directory and all its contents recursively to user 'appuser' and group 'appgroup'. Which command accomplishes this?
Trap 1: chown -R appuser /app && chgrp appgroup /app
Changes owner recursively, but group only on top directory.
Trap 2: chgrp -R appgroup /app && chown appuser /app
Only changes group recursively, then owner only on top directory.
Trap 3: chown -R appuser: /app && chgrp -R appgroup /app
First command changes owner to appuser and group to login group, second changes group recursively, but redundant.
- A
chown -R appuser:appgroup /app
Correct: recursive owner:group change.
- B
chown -R appuser /app && chgrp appgroup /app
Why wrong: Changes owner recursively, but group only on top directory.
- C
chgrp -R appgroup /app && chown appuser /app
Why wrong: Only changes group recursively, then owner only on top directory.
- D
chown -R appuser: /app && chgrp -R appgroup /app
Why wrong: First command changes owner to appuser and group to login group, second changes group recursively, but redundant.
A system administrator is troubleshooting a user's report that a command 'myapp' is not found. The administrator checks the PATH variable and sees it includes /usr/local/bin. The administrator verifies that the binary 'myapp' exists in /usr/local/bin with permissions 755. However, running 'myapp' still fails with 'command not found'. What is the most likely cause?
Trap 1: The user's PATH does not include /usr/local/bin
The administrator checked the PATH and it includes the directory, but this is the administrator's PATH, not the user's. However, the question implies the administrator is testing as the user or the user's environment is similar.
Trap 2: The binary is a shell script missing a shebang
If it's a binary, no shebang needed. If it's a script, missing shebang would cause different error.
Trap 3: The binary does not have execute permission for the user
Permissions are 755, so execute is allowed.
- A
The user's PATH does not include /usr/local/bin
Why wrong: The administrator checked the PATH and it includes the directory, but this is the administrator's PATH, not the user's. However, the question implies the administrator is testing as the user or the user's environment is similar.
- B
The binary is a shell script missing a shebang
Why wrong: If it's a binary, no shebang needed. If it's a script, missing shebang would cause different error.
- C
The shell's hash table is stale; run 'hash -r'
Correct: the shell caches command locations, and may not have updated after the binary was added.
- D
The binary does not have execute permission for the user
Why wrong: Permissions are 755, so execute is allowed.
Which THREE steps are necessary to permanently disable a systemd service from starting at boot?
Trap 1: systemctl reset-failed myapp.service
Resets the 'failed' state, irrelevant to disabling.
Trap 2: systemctl daemon-reload
Reloads systemd configuration, not needed for disabling.
- A
systemctl stop myapp.service
Stops the currently running service.
- B
systemctl mask myapp.service
Masks the service, preventing it from being started manually or by dependencies.
- C
systemctl reset-failed myapp.service
Why wrong: Resets the 'failed' state, irrelevant to disabling.
- D
systemctl disable myapp.service
Prevents the service from starting at boot.
- E
systemctl daemon-reload
Why wrong: Reloads systemd configuration, not needed for disabling.
A user wants to find the location of the 'grep' binary. Which command should they use?
Trap 1: man grep
Displays the manual page, not location.
Trap 2: uname -a
Shows system information, not command location.
Trap 3: grep -r 'grep' /usr/bin
Searches for string in files, not location.
- A
man grep
Why wrong: Displays the manual page, not location.
- B
which grep
Displays the full path of the grep command.
- C
uname -a
Why wrong: Shows system information, not command location.
- D
grep -r 'grep' /usr/bin
Why wrong: Searches for string in files, not location.
Based on the exhibit, which process will be affected if the root user runs 'kill 5678'?
Exhibit
Refer to the exhibit. $ ps aux | grep apache root 1234 0.0 0.2 12345 6789 ? Ss Jan01 0:00 /usr/sbin/apache2 -k start www-data 5678 0.0 0.1 12345 1234 ? S Jan01 0:00 /usr/sbin/apache2 -k start www-data 5679 0.0 0.1 12345 1234 ? S Jan01 0:00 /usr/sbin/apache2 -k start
Trap 1: The root process (PID 1234)
PID 5678 is different from 1234.
Trap 2: All www-data processes
Only the process with PID 5678 is killed.
Trap 3: No process, because root cannot kill www-data processes
Root can kill any process.
- A
The www-data process with PID 5678
kill 5678 terminates the process with that PID.
- B
The root process (PID 1234)
Why wrong: PID 5678 is different from 1234.
- C
All www-data processes
Why wrong: Only the process with PID 5678 is killed.
- D
No process, because root cannot kill www-data processes
Why wrong: Root can kill any process.
A system administrator needs to find all files in /var/log that have been modified in the last 7 days. Which command accomplishes this?
Trap 1: find /var/log -type f -atime -7
Uses access time, not modification time.
Trap 2: find /var/log -type f -ctime -7
Uses change time (inode change), not modification time.
Trap 3: find /var/log -type f -mtime +7
Finds files modified more than 7 days ago.
- A
find /var/log -type f -atime -7
Why wrong: Uses access time, not modification time.
- B
find /var/log -type f -ctime -7
Why wrong: Uses change time (inode change), not modification time.
- C
find /var/log -type f -mtime +7
Why wrong: Finds files modified more than 7 days ago.
- D
find /var/log -type f -mtime -7
Correct: -mtime -7 means modified less than 7 days ago.
A junior administrator needs to display the first 10 lines of a file named 'data.csv'. Which command should they use?
Trap 1: less data.csv
Opens file in interactive viewer showing entire content.
Trap 2: tail data.csv
Displays last 10 lines.
Trap 3: cat data.csv
Displays entire file.
- A
head data.csv
Correctly displays first 10 lines.
- B
less data.csv
Why wrong: Opens file in interactive viewer showing entire content.
- C
tail data.csv
Why wrong: Displays last 10 lines.
- D
cat data.csv
Why wrong: Displays entire file.
What is the purpose of the chmod 755 command in this exhibit?
Trap 1: Add execute permission for the owner only
755 adds execute for all, not just owner.
Trap 2: Remove write permission for others
Others already had read-only; 755 does not remove write because they had none.
Trap 3: Set the setuid bit
chmod 755 does not set setuid; that would be 4755.
- A
Add execute permission for the owner only
Why wrong: 755 adds execute for all, not just owner.
- B
Remove write permission for others
Why wrong: Others already had read-only; 755 does not remove write because they had none.
- C
Set the setuid bit
Why wrong: chmod 755 does not set setuid; that would be 4755.
- D
Set permissions to rwxr-xr-x
755 corresponds to rwxr-xr-x.
A system administrator needs to check the current CPU load and memory usage on a Linux server. Which command should be used to display a dynamic, real-time view of running processes and system resource utilization?
Trap 1: uptime
'uptime' shows system load averages and uptime, but not a detailed process view.
Trap 2: ps aux
'ps aux' provides a snapshot of processes, not a dynamic real-time view.
Trap 3: free -h
'free -h' shows memory usage only, not CPU or process details.
- A
uptime
Why wrong: 'uptime' shows system load averages and uptime, but not a detailed process view.
- B
top
'top' displays a dynamic, real-time view of processes and resource usage.
- C
ps aux
Why wrong: 'ps aux' provides a snapshot of processes, not a dynamic real-time view.
- D
free -h
Why wrong: 'free -h' shows memory usage only, not CPU or process details.
Which THREE of the following commands can be used to view the contents of a compressed file named 'file.gz' without permanently decompressing it? (Choose exactly three.)
Trap 1: gzip file.gz
Compresses files.
Trap 2: gunzip file.gz
Decompresses permanently.
- A
gzip file.gz
Why wrong: Compresses files.
- B
zmore file.gz
Correct: displays with more.
- C
gunzip file.gz
Why wrong: Decompresses permanently.
- D
zcat file.gz
Correct: decompresses to stdout.
- E
zless file.gz
Correct: displays with less.
A developer accidentally deleted a critical file /var/log/app.log. The system administrator knows that the file was recently backed up using a cron job that runs 'tar -czf /backup/logs.tar.gz /var/log/'. Which command should the administrator use to restore the file from the backup without extracting the entire archive?
Trap 1: tar -xf /backup/logs.tar.gz var/log/app.log
This extracts all files, not just the single file.
Trap 2: tar -tf /backup/logs.tar.gz | grep app.log
This only lists the file, does not extract it.
Trap 3: cp /backup/logs.tar.gz:/var/log/app.log /var/log/app.log
cp does not work with archives; this syntax is invalid.
- A
tar -xf /backup/logs.tar.gz var/log/app.log
Why wrong: This extracts all files, not just the single file.
- B
tar -tf /backup/logs.tar.gz | grep app.log
Why wrong: This only lists the file, does not extract it.
- C
tar -xzf /backup/logs.tar.gz --to-stdout var/log/app.log > /var/log/app.log
Correctly extracts the single file to stdout and redirects to restore it.
- D
cp /backup/logs.tar.gz:/var/log/app.log /var/log/app.log
Why wrong: cp does not work with archives; this syntax is invalid.
A technician needs to display the contents of a compressed file named archive.tar.gz without extracting it. Which command should be used?
Trap 1: tar -tf archive.tar
Used for uncompressed tar files.
Trap 2: tar -xzf archive.tar.gz
Extracts files, does not just list.
Trap 3: zcat archive.tar.gz
Only decompresses, does not list tar contents.
- A
tar -tf archive.tar
Why wrong: Used for uncompressed tar files.
- B
tar -xzf archive.tar.gz
Why wrong: Extracts files, does not just list.
- C
zcat archive.tar.gz | tar -t
Decompresses and pipes to tar -t to list contents.
- D
zcat archive.tar.gz
Why wrong: Only decompresses, does not list tar contents.
Which TWO commands can be used to create a new empty file?
Trap 1: mkdir file
Creates a directory, not a file.
Trap 2: cat file
Concatenates file content, does not create.
Trap 3: echo 'text' > file
Creates a file with content, not empty.
- A
touch file
Creates an empty file if it does not exist.
- B
mkdir file
Why wrong: Creates a directory, not a file.
- C
cat file
Why wrong: Concatenates file content, does not create.
- D
> file
Shell redirection creates an empty file.
- E
echo 'text' > file
Why wrong: Creates a file with content, not empty.
A system administrator needs to find all files in /home that are owned by user 'alice' and have been modified in the last 7 days. The administrator then wants to compress those files into a single archive named alice_recent.tar.gz. Which of the following commands accomplishes this?
Trap 1: find /home -user alice -mtime -7 -print | cpio -o >…
cpio creates a cpio archive, not a tar.gz file.
Trap 2: tar -czf alice_recent.tar.gz -T <(find /home -user alice -mtime -7)
The syntax -T expects a file, not a process substitution; this may work on some shells but is not portable.
Trap 3: find /home -user alice -mtime -7 | tar -cvf alice_recent.tar.gz
tar -cvf expects file arguments, not stdin; this will create an empty archive or error.
- A
find /home -user alice -mtime -7 -exec tar -rf alice_recent.tar.gz {} +
Correctly appends found files to a tar archive (creates if not exists). Then compress: gzip alice_recent.tar.
- B
find /home -user alice -mtime -7 -print | cpio -o > alice_recent.tar.gz
Why wrong: cpio creates a cpio archive, not a tar.gz file.
- C
tar -czf alice_recent.tar.gz -T <(find /home -user alice -mtime -7)
Why wrong: The syntax -T expects a file, not a process substitution; this may work on some shells but is not portable.
- D
find /home -user alice -mtime -7 | tar -cvf alice_recent.tar.gz
Why wrong: tar -cvf expects file arguments, not stdin; this will create an empty archive or error.
A user reports that a script fails with 'Permission denied' when executed. The script has permissions -rw-r--r-- and is owned by the user. Which command should the user run to make the script executable for the owner only?
Trap 1: chmod u+s script.sh
Sets the setuid bit, not execute.
Trap 2: chown :users script.sh
Changes group ownership, not permissions.
Trap 3: chmod +x script.sh
Adds execute for all users, not just owner.
- A
chmod u+s script.sh
Why wrong: Sets the setuid bit, not execute.
- B
chmod u+x script.sh
Adds execute permission for the owner only.
- C
chown :users script.sh
Why wrong: Changes group ownership, not permissions.
- D
chmod +x script.sh
Why wrong: Adds execute for all users, not just owner.
An administrator wants to ensure that a background process continues running after logout. Which command should be used to start the process?
Trap 1: runproc sleep 100 &
Not a valid command.
Trap 2: sleep 100 &
Runs in background but will be terminated on logout.
Trap 3: sleep 100 & disown
Does remove job from shell's job control, but SIGHUP may still be sent if not handled; nohup is preferred.
- A
nohup sleep 100 &
nohup ignores SIGHUP, so process continues after logout.
- B
runproc sleep 100 &
Why wrong: Not a valid command.
- C
sleep 100 &
Why wrong: Runs in background but will be terminated on logout.
- D
sleep 100 & disown
Why wrong: Does remove job from shell's job control, but SIGHUP may still be sent if not handled; nohup is preferred.
A Linux server experiences a kernel panic during boot. The administrator needs to capture the kernel panic message for debugging. Which of the following methods would allow capturing the panic message?
Trap 1: Add 'quiet' to the kernel boot parameters.
The 'quiet' parameter reduces kernel output, which would hide the panic message, not help capture it.
Trap 2: Configure netconsole to send kernel messages to a remote syslog…
Netconsole can send kernel messages over the network, but it requires network stack to be operational, which may not be available during a panic. Also, it does not prevent the system from rebooting.
Trap 3: Set the kernel parameter 'console=ttyS0' to redirect output to a…
This sets the console device but does not prevent the system from rebooting after a panic. The panic message would still be displayed, but if the system reboots quickly, the message may be lost.
- A
Add 'quiet' to the kernel boot parameters.
Why wrong: The 'quiet' parameter reduces kernel output, which would hide the panic message, not help capture it.
- B
Add 'panic=0' to the kernel boot parameters.
Setting panic=0 tells the kernel to wait indefinitely on a panic, allowing the administrator to read the message on the console.
- C
Configure netconsole to send kernel messages to a remote syslog server.
Why wrong: Netconsole can send kernel messages over the network, but it requires network stack to be operational, which may not be available during a panic. Also, it does not prevent the system from rebooting.
- D
Set the kernel parameter 'console=ttyS0' to redirect output to a serial console.
Why wrong: This sets the console device but does not prevent the system from rebooting after a panic. The panic message would still be displayed, but if the system reboots quickly, the message may be lost.
Which TWO commands can be used to display the current runlevel or target of a systemd-based system?
Trap 1: telinit
Used to change runlevel, not query.
Trap 2: init 3
Changes the runlevel to 3, does not display.
Trap 3: systemctl list-units --type=target
Lists all loaded target units, not the current default.
- A
systemctl get-default
Displays the default target.
- B
telinit
Why wrong: Used to change runlevel, not query.
- C
init 3
Why wrong: Changes the runlevel to 3, does not display.
- D
systemctl list-units --type=target
Why wrong: Lists all loaded target units, not the current default.
- E
runlevel
Displays previous and current runlevel.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.