Linux Foundation Certified System Administrator LFCS (LFCS) — Questions 226300

513 questions total · 7pages · All types, answers revealed

Page 3

Page 4 of 7

Page 5
226
MCQmedium

A cron job runs a script that outputs to stdout. The administrator wants to capture both stdout and stderr to a file named job.log, while also seeing output on the terminal. Which command achieves this?

A.script 2>&1 | tee job.log
B../script | tee job.log 2>&1
C../script > job.log 2>&1
D../script 2>&1 | tee job.log
AnswerD

Redirects stderr to stdout and pipes to tee for file and terminal output.

Why this answer

Option D is correct because it uses `2>&1` to redirect stderr to stdout, then pipes the combined stream to `tee job.log`, which writes to the file and also displays output on the terminal. This ensures both stdout and stderr are captured in `job.log` and visible on the screen.

Exam trap

The trap here is that candidates often place `2>&1` after the pipe (as in option B), mistakenly thinking it redirects the script's stderr, when in fact it only affects the command receiving the pipe (e.g., `tee`), leaving the script's stderr uncaptured.

How to eliminate wrong answers

Option A is wrong because `script` is a command that records terminal sessions, not the script to be executed; it would try to run `script` with `2>&1` and pipe its output to `tee`, which does not execute the intended script. Option B is wrong because the `2>&1` appears after the pipe, so it redirects stderr of `tee` (not the script) to stdout, failing to capture the script's stderr in the file or terminal. Option C is wrong because `./script > job.log 2>&1` redirects both stdout and stderr to the file but does not display output on the terminal, violating the requirement to see output on the terminal.

227
Multi-Selectmedium

Which three RAID levels are commonly supported in Linux software RAID? (Choose three.)

Select 3 answers
A.RAID 0
B.RAID 1
C.RAID 5
D.RAID 4
E.RAID 6
AnswersA, B, C

Striping without redundancy.

Why this answer

RAID 0 (striping) is supported in Linux software RAID via the md (multiple device) subsystem, providing improved performance by distributing data across multiple disks without redundancy. It is a standard RAID level implemented in the Linux kernel's md driver.

Exam trap

The trap here is that candidates often assume RAID 6 is one of the three most common levels because it is widely used, but the LFCS exam specifically tests knowledge that RAID 0, 1, and 5 are the three traditionally and most commonly supported levels in Linux software RAID, with RAID 6 being an extension rather than a core level.

228
MCQhard

A developer reports that a web application's logs are not being written to /var/log/myapp.log. The service runs as user 'myapp' and the log directory /var/log/myapp/ has permissions 755 owned by root. What is the most likely cause?

A.AppArmor is denying access.
B.SELinux is blocking the write.
C.The service is logging to systemd-journald instead of a file.
D.The service user 'myapp' does not have write permission to the log directory.
AnswerD

The directory is owned by root with 755, so only root can write; myapp needs write permission.

Why this answer

Option D is correct because the /var/log/myapp/ directory has permissions 755, which grants read and execute access to the 'others' category but not write. Since the service runs as user 'myapp', which is not the owner (root) and not in the root group, it falls under 'others' and thus lacks write permission. Without write permission on the directory, the service cannot create or write to /var/log/myapp.log, even if the file itself might have different permissions.

Exam trap

The trap here is that candidates may focus on file permissions of the log file itself rather than the directory permissions, or incorrectly assume that SELinux or AppArmor is the default cause for permission denials without evidence of their enforcement.

How to eliminate wrong answers

Option A is wrong because AppArmor is a Linux security module that uses profiles to restrict program capabilities, but there is no indication that AppArmor is enabled or that a profile is blocking the write; the issue is purely a filesystem permission problem. Option B is wrong because SELinux is a mandatory access control system that enforces security policies via contexts, but the question does not mention SELinux being enabled or any denial audit messages; the permissions 755 on the directory are the direct cause. Option C is wrong because while systemd-journald can capture logs, the developer explicitly states logs are not being written to /var/log/myapp.log, and the service configuration likely targets that file; the issue is not about the logging destination but the inability to write due to permissions.

229
MCQeasy

Which command displays the amount of free and used memory in the system?

A.free -h
B.df -h
C.ps aux
D.netstat -i
AnswerA

free displays memory usage.

Why this answer

The `free -h` command displays the total, used, and free physical memory (RAM) and swap space in a human-readable format (e.g., GiB, MiB). The `-h` flag converts raw byte counts into appropriate units, making it the correct tool for checking memory usage.

Exam trap

The trap here is that candidates confuse `df` (disk free) with `free` (memory free) due to similar names, or assume `ps aux` shows total memory usage when it only shows per-process values.

How to eliminate wrong answers

Option B is wrong because `df -h` reports disk filesystem usage (mounted partitions), not memory. Option C is wrong because `ps aux` lists running processes and their resource usage (CPU, memory per process), not the system-wide free and used memory totals. Option D is wrong because `netstat -i` displays network interface statistics (packets, errors, collisions), not memory information.

230
MCQmedium

Refer to the exhibit. The service unit file has Restart=on-failure, but systemctl show displays Restart=no. What is the most likely reason?

A.The User=backup directive overrides Restart.
B.The unit file was edited but systemctl daemon-reload was not run.
C.The unit is not enabled.
D.The Restart directive is only valid for Type=simple.
AnswerB

Without daemon-reload, systemctl show displays the previously loaded configuration.

Why this answer

The most likely reason is that the unit file was edited but `systemctl daemon-reload` was not executed. When a service unit file is modified, systemd does not automatically reload the configuration; it continues to use the cached version until `systemctl daemon-reload` is run. This explains why `systemctl show` displays `Restart=no` despite the file containing `Restart=on-failure`.

Exam trap

Linux Foundation often tests the distinction between editing a unit file and reloading the daemon, trapping candidates who assume changes take effect immediately without running `systemctl daemon-reload`.

How to eliminate wrong answers

Option A is wrong because the `User=` directive does not override the `Restart=` directive; `User=` specifies the user under which the service runs, while `Restart=` controls the restart policy, and they are independent settings. Option C is wrong because whether a unit is enabled (i.e., configured to start at boot) has no effect on the current runtime restart policy shown by `systemctl show`; `Restart=` is applied regardless of enablement status. Option D is wrong because the `Restart=` directive is valid for all service types, including `Type=simple`; there is no restriction that limits it to specific types.

231
MCQmedium

A system administrator is troubleshooting a performance issue. They need to identify which process is consuming the most CPU time over the last 24 hours. Which command should be used?

A.ps aux --sort=-%cpu
B.sar -u -f /var/log/sa/sa$(date +%d)
C.top -b -n1
D.uptime
AnswerB

Reads historical CPU usage from sysstat data file.

Why this answer

Option B is correct because the `sar -u -f /var/log/sa/sa$(date +%d)` command reads historical CPU usage data from the system activity report (SAR) file for the current day. The `-u` flag reports CPU utilization, and the `-f` flag specifies the file, allowing the administrator to analyze CPU time trends over the last 24 hours, which is essential for identifying the process consuming the most CPU time over that period.

Exam trap

The trap here is that candidates often choose `ps aux --sort=-%cpu` or `top` because they are familiar with real-time process monitoring, but the question explicitly asks for data 'over the last 24 hours,' which requires historical log analysis, not a current snapshot.

How to eliminate wrong answers

Option A is wrong because `ps aux --sort=-%cpu` shows only a snapshot of current processes sorted by CPU usage at the moment the command runs, not historical data over the last 24 hours. Option C is wrong because `top -b -n1` runs a single batch-mode snapshot of current processes, again providing only real-time CPU usage, not historical trends. Option D is wrong because `uptime` displays system load averages for the last 1, 5, and 15 minutes, not per-process CPU time or historical data over 24 hours.

232
Drag & Dropmedium

Order the steps to create a new partition on a disk using fdisk.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

fdisk interactive commands: n, then specify type/number, then sectors, then w.

233
MCQmedium

A network administrator needs to block all incoming SSH traffic (port 22) from the 192.168.2.0/24 subnet. Which iptables command accomplishes this?

A.iptables -A INPUT -d 192.168.2.0/24 -p tcp --dport 22 -j DROP
B.iptables -A OUTPUT -d 192.168.2.0/24 -p tcp --sport 22 -j DROP
C.iptables -A INPUT -s 192.168.2.0/24 -j DROP
D.iptables -A INPUT -s 192.168.2.0/24 -p tcp --dport 22 -j DROP
AnswerD

This drops incoming TCP packets from the subnet to port 22.

Why this answer

Option D is correct because it appends a rule to the INPUT chain that matches packets originating from the 192.168.2.0/24 subnet (-s 192.168.2.0/24) using TCP protocol with destination port 22 (--dport 22), and then drops them (-j DROP). This precisely blocks all incoming SSH traffic from that subnet while leaving other traffic unaffected.

Exam trap

The trap here is that candidates often confuse the -s and -d flags, or mistakenly apply the rule to the OUTPUT chain, thinking they need to block outgoing responses rather than incoming connection attempts.

How to eliminate wrong answers

Option A is wrong because it uses -d (destination) instead of -s (source), which would match packets destined to the 192.168.2.0/24 subnet, not packets coming from it. Option B is wrong because it adds a rule to the OUTPUT chain with --sport 22, which would block outgoing SSH responses from the local machine, not incoming SSH connections. Option C is wrong because it drops all traffic from the 192.168.2.0/24 subnet regardless of protocol or port, which is overly broad and would block legitimate traffic such as DNS or HTTP from that subnet.

234
MCQmedium

An administrator is unable to SSH into the server from a remote host at 192.168.1.100. Based on the exhibited iptables rules, what is the most likely reason?

A.The SSH rule only allows connections from 10.0.1.0/24, and 192.168.1.100 is not in that subnet
B.SSH is not allowed from any source
C.The INPUT chain policy is ACCEPT, so SSH should be allowed
D.The DROP rule for SSH is not matching because of packet count zero
AnswerA

The second rule allows SSH only from 10.0.1.0/24, and the third rule drops all other SSH.

Why this answer

Option A is correct because the exhibited iptables rules show an SSH rule that explicitly accepts incoming TCP traffic on port 22 only from the source subnet 10.0.1.0/24. The remote host at 192.168.1.100 is not within that subnet, so the SSH rule does not match, and the packet will fall through to the next rule or the default policy. Since no other rule permits SSH from 192.168.1.100, the connection is implicitly dropped or rejected, preventing SSH access.

Exam trap

The trap here is that candidates see the INPUT chain policy is ACCEPT and assume all traffic is allowed, overlooking that a more specific rule (like the SSH rule with a source restriction) can prevent traffic from non-matching sources, effectively overriding the default policy for that service.

How to eliminate wrong answers

Option B is wrong because the iptables rules do allow SSH from the specific subnet 10.0.1.0/24, so SSH is not disallowed from all sources. Option C is wrong because while the INPUT chain policy is ACCEPT, the packet must first match a rule; if a rule explicitly restricts SSH to a specific subnet, packets from other sources are not accepted by that rule and will be evaluated by subsequent rules or the default policy, which in this case does not permit the connection. Option D is wrong because a packet count of zero on a DROP rule simply indicates that no packets have matched that rule yet; it does not mean the rule is inactive or not matching—the rule will still match and drop packets that meet its criteria, and the zero count is irrelevant to whether SSH is allowed from 192.168.1.100.

235
MCQmedium

A user must change their password at next login per security policy. The admin wants to expire the password immediately. Which command accomplishes this?

A.passwd -f username
B.usermod -p '' username
C.chage -M 90 username
D.chage -d 0 username
AnswerD

Sets last password change date to 0, forcing change on next login.

Why this answer

Option B is correct because chage -d 0 sets the last password change date to the epoch, forcing a password change on next login.

236
MCQeasy

A system administrator needs to mount an ext4 filesystem with the options 'noatime' and 'errors=remount-ro'. Which mount command is correct?

A.mount -o noatime,errors=remount /dev/sda1 /mnt
B.mount -o noatime -o errors=remount-ro /dev/sda1 /mnt
C.mount -o atime=no,errors=remount-ro /dev/sda1 /mnt
D.mount -o noatime,errors=remount-ro /dev/sda1 /mnt
AnswerD

Comma-separated options in one -o is correct.

Why this answer

Option D is correct because the `mount -o noatime,errors=remount-ro /dev/sda1 /mnt` command uses a single `-o` flag with a comma-separated list of mount options, which is the proper syntax for specifying multiple options. The `noatime` option disables updating the access time on reads, and `errors=remount-ro` tells the kernel to remount the filesystem as read-only if an I/O error is encountered, both of which are valid ext4 mount options.

Exam trap

The trap here is that candidates may incorrectly use multiple `-o` flags (as in option B) or mistype the `errors` option (as in option A), confusing the `remount-ro` syntax with the unrelated `remount` command, or they may assume `atime=no` is a valid alternative to `noatime` (as in option C).

How to eliminate wrong answers

Option A is wrong because it specifies `errors=remount` instead of `errors=remount-ro`; the correct option requires the `-ro` suffix to indicate remount as read-only. Option B is wrong because it uses two separate `-o` flags (`-o noatime -o errors=remount-ro`), which is invalid syntax; the mount command accepts only one `-o` option, and multiple options must be comma-separated within a single `-o` argument. Option C is wrong because `atime=no` is not a valid mount option; the correct syntax to disable access time updates is `noatime` (or `relatime` for relative updates), not `atime=no`.

237
MCQmedium

A service that was once enabled is now failing to start. The administrator wants to immediately disable it to prevent boot delays. Which command sequence is correct?

A.systemctl disable service ; systemctl stop service
B.systemctl stop service && systemctl disable service
C.systemctl disable --now service
D.systemctl mask service
AnswerC

Stops and disables immediately.

Why this answer

Option C is correct because `systemctl disable --now service` both stops the service immediately and disables it from starting at boot in a single atomic command. This is the most efficient way to prevent boot delays caused by a failing service, as it combines the stop and disable actions without relying on shell operators that could fail if the first command exits with a non-zero status.

Exam trap

The trap here is that candidates often choose Option B because they think stopping the service first is safer, but they overlook that the `&&` operator will skip the disable if the stop fails, leaving the service enabled and potentially causing boot delays, whereas `systemctl disable --now` handles both actions reliably regardless of the stop command's exit status.

How to eliminate wrong answers

Option A is wrong because it uses a semicolon to run `systemctl disable service` before `systemctl stop service`, which means the disable command runs even if the stop command fails, but more critically, the order is reversed: disabling a running service does not stop it, so the service remains running until the stop command executes, and if the stop command fails, the service stays enabled. Option B is wrong because `systemctl stop service && systemctl disable service` uses a logical AND operator, so if the stop command fails (e.g., because the service is already stopped or fails to stop), the disable command never runs, leaving the service enabled and potentially causing boot delays. Option D is wrong because `systemctl mask service` creates a symlink to /dev/null that prevents the service from being started manually or by dependencies, but it does not stop a currently running service, so it does not address the immediate need to stop the failing service and prevent boot delays.

238
MCQmedium

A junior admin runs 'ls -l' and sees permissions '-rwxrwxr-x' on a file. What is the octal representation?

A.755
B.770
C.775
D.777
AnswerC

rwxrwxr-x = 775.

Why this answer

The permissions '-rwxrwxr-x' break down as: owner (rwx = 4+2+1 = 7), group (rwx = 4+2+1 = 7), others (r-x = 4+0+1 = 5). This gives the octal value 775. Option C is correct because it matches this calculation exactly.

Exam trap

The trap here is that candidates often misread the last three characters 'r-x' as 'rwx' or 'r--', leading them to choose 777 or 755 instead of correctly calculating 775.

How to eliminate wrong answers

Option A (755) is wrong because it represents owner rwx (7), group r-x (5), others r-x (5), which would require group permissions to be r-x, not rwx. Option B (770) is wrong because it represents owner rwx (7), group rwx (7), others --- (0), which would deny all permissions to others, but the file shows r-x for others. Option D (777) is wrong because it represents owner rwx (7), group rwx (7), others rwx (7), which would give write permission to others, but the file shows r-x (no write) for others.

239
MCQeasy

A system administrator is managing a web application running as a systemd service on a new Linux server. The application requires a specific environment variable, DATABASE_URL, to be set before starting. The administrator has created a custom service unit file at /etc/systemd/system/webapp.service with the following content: [Unit] Description=Web Application Service [Service] ExecStart=/usr/local/bin/webapp Restart=on-failure The administrator prefers to keep configuration separate from the unit file for easier updates. The service fails to start. Upon investigation, the administrator notices that the DATABASE_URL variable is not being passed to the process. What is the most appropriate course of action to ensure the environment variable is correctly set?

A.Add an Environment directive in the [Service] section: Environment=DATABASE_URL=value
B.Add EnvironmentFile=/etc/webapp.env in the [Service] section and place the variable in that file
C.Export the DATABASE_URL variable in the shell before running systemctl start webapp
D.Modify the ExecStart line to: ExecStart=/usr/bin/env DATABASE_URL=value /usr/local/bin/webapp
AnswerB

Keeps configuration separate, easy to update.

Why this answer

Option D is correct. Using EnvironmentFile allows the administrator to keep the variable in a separate file, which can be updated without modifying the unit file. Option A modifies ExecStart, which is not standard.

Option B hardcodes the variable in the unit file, reducing flexibility. Option C only sets the variable in the current shell session and does not persist for the service.

240
MCQhard

An administrator is troubleshooting intermittent connectivity issues. Running 'ping -c 100 -i 0.2 10.0.0.1' shows about 5% packet loss. What is the primary purpose of the '-i 0.2' option?

A.It sets the TTL to 0.2
B.It sets the timeout to 0.2 seconds
C.It sets the packet size to 0.2 bytes
D.It sets the interval between pings to 0.2 seconds
AnswerD

This speeds up the test to detect intermittent loss.

Why this answer

The '-i 0.2' option in the ping command sets the interval between sending ICMP Echo Request packets to 0.2 seconds. This allows the administrator to send pings more frequently than the default (typically 1 second), which helps in detecting intermittent connectivity issues over a shorter test duration. By sending 100 packets at a 0.2-second interval, the test completes in about 20 seconds, making it practical for troubleshooting transient packet loss.

Exam trap

The trap here is that candidates confuse '-i' with timeout or TTL options, mistakenly thinking it controls how long to wait for a reply rather than the spacing between packet transmissions.

How to eliminate wrong answers

Option A is wrong because '-i' does not set the TTL (Time to Live); TTL is set with the '-t' option in ping. Option B is wrong because '-i' controls the interval between packets, not the timeout; the timeout for waiting for a reply is set with '-W' (or '-w' for a deadline). Option C is wrong because '-i' does not affect packet size; packet size is set with '-s' (e.g., '-s 1472' for a specific payload size).

241
MCQhard

You are managing a multi-user Linux server used by a development team. The server has a shared directory /data/projects where each project has a subdirectory owned by a project lead. The requirement is that all members of the 'devteam' group need to be able to create files in any project subdirectory, but only the project lead (owner) should be able to delete files. Currently, members of devteam are unable to create files in /data/projects. You check permissions: /data/projects has drwxrwxr-x root:devteam. Each project subdirectory, e.g., /data/projects/proj1, has drwx------ lead1:devteam. The lead1 user is in devteam. What is the most likely reason that devteam members cannot create files in proj1, and what is the correct solution?

A.The devteam group does not include all members; add each user to the devteam group.
B.The parent directory /data/projects lacks execute permission for devteam; add execute permission to /data/projects.
C.The sticky bit is not set; set the sticky bit on proj1 to allow only owners to delete files.
D.The proj1 directory lacks group write and execute permissions; use chmod g+rwx proj1 and chmod g+s proj1 to allow group members to create files and ensure new files inherit group.
AnswerD

drwx------ means only owner has access; adding group rwx gives devteam access; SGID ensures new files belong to devteam.

Why this answer

Option D is correct because the project subdirectory /data/projects/proj1 has permissions drwx------ (700), which means only the owner (lead1) has read, write, and execute access. The devteam group lacks both write and execute permissions, preventing group members from creating files. The solution is to add group write and execute permissions (chmod g+rwx proj1) and set the setgid bit (chmod g+s proj1) so that new files inherit the group ownership, ensuring all devteam members can create files while only the owner can delete them.

Exam trap

The trap here is that candidates may focus on the sticky bit (Option C) because it relates to deletion control, but they overlook that the primary issue is the lack of group write and execute permissions on the subdirectory, which prevents file creation entirely.

How to eliminate wrong answers

Option A is wrong because the problem states that the devteam group already includes all members (lead1 is in devteam), and the issue is not group membership but missing permissions on the subdirectory. Option B is wrong because /data/projects already has drwxrwxr-x permissions, which include execute for the group (the 'x' in 'rwx' for the group), so the parent directory does not lack execute permission. Option C is wrong because the sticky bit prevents users from deleting files they do not own, but the requirement is that only the project lead (owner) should be able to delete files; however, the immediate problem is that group members cannot create files at all due to missing group write and execute permissions, not deletion control.

242
MCQeasy

Refer to the exhibit. Which mount options are set for the root filesystem?

A.defaults,noatime
B.defaults
C.errors=remount-ro
D.noauto,user
AnswerA

The root filesystem has defaults and noatime options.

Why this answer

Option A is correct because the root filesystem's options field shows 'defaults,noatime'. Option B shows 'defaults' only, which is for /home. Option C shows 'noauto,user' for the CD-ROM.

Option D is not present in the fstab.

243
MCQhard

The backup script fails to run as user 'backup' with sudo. What is the issue?

A.The script has a restrictive umask.
B.The script does not have execute permission for the 'backup' user.
C.The script is not owned by 'backup'.
D.The 'backup' user is not in the sudoers file.
AnswerB

Only root has execute permission.

Why this answer

Option B is correct because for a script to be executed via sudo, the user (backup) must have execute permission on the script file. Even if sudo is configured to allow the user to run the script, the operating system enforces file permission checks at execution time. Without the execute bit set for the backup user (or for others, depending on the sudo runas context), the kernel will refuse to execve() the script, resulting in a 'Permission denied' error.

Exam trap

The trap here is that candidates often assume sudo bypasses all file permission checks, but in reality, sudo only bypasses the permission to run the command as another user—the kernel still enforces file execute permissions on the target script.

How to eliminate wrong answers

Option A is wrong because a restrictive umask affects the default permissions of newly created files, not the ability to execute an existing script via sudo. Option C is wrong because file ownership is irrelevant for execution via sudo; sudo runs commands with elevated privileges and does not require the target user to own the script. Option D is wrong because the question states the script fails to run as user 'backup' with sudo, implying sudo is being invoked; if the user were not in the sudoers file, sudo would not even attempt to run the script, and the error would be about sudo privileges, not script execution.

244
MCQhard

A service unit has the directive 'ExecStartPre=/bin/true' and 'ExecStart=/usr/bin/myapp'. What is the effect of ExecStartPre?

A.It sets an environment variable.
B.It runs a post-start script.
C.It runs a pre-start script; if it fails, the service still starts.
D.It runs a pre-start script; if it fails, the service is not started.
AnswerD

ExecStartPre must exit with code 0 for the service to start.

Why this answer

ExecStartPre is a systemd directive that specifies a command to run before the main ExecStart command. If the ExecStartPre command fails (returns a non-zero exit code), systemd will not proceed to start the service, unless the '-' prefix is used to ignore failure. Here, /bin/true always succeeds (exit code 0), so it does not block the service, but the directive itself is designed to enforce a pre-start check.

Exam trap

The trap here is that candidates may confuse ExecStartPre with ExecStartPost or assume that a pre-start script failure is non-fatal, but systemd strictly enforces that a failed ExecStartPre prevents the service from starting unless explicitly configured otherwise.

How to eliminate wrong answers

Option A is wrong because ExecStartPre does not set environment variables; that is the role of Environment or EnvironmentFile directives. Option B is wrong because ExecStartPre runs before the main process, not after; ExecStartPost is the directive for post-start scripts. Option C is wrong because it states the service still starts if ExecStartPre fails; by default, systemd treats a failed ExecStartPre as a fatal error and does not start the service, unless the command is prefixed with '-' to allow failure.

245
MCQmedium

A developer was removed from the 'developers' group but still needs to run commands that require membership in that group. The user has logged out and back in, but the issue persists. What is the most likely cause?

A.The user did not explicitly start a new login shell after group removal.
B.The user's primary group is different from the 'developers' group.
C.The user is using 'newgrp developers' but is no longer a member.
D.The 'id' command shows the old group because the user's shell is still running.
AnswerA

Group membership changes require a new login session; logging out and back in should suffice, but if the user only logged out of the desktop and the session manager cached credentials, it might not refresh. The most likely cause is that the user's current shell environment still has cached group membership from the previous session.

Why this answer

When a user is removed from a supplementary group, the group membership is cached in the user's current login session. Even after logging out and back in, if the user does not explicitly start a new login shell (e.g., by using `su -` or `login`), the old group membership persists because the session's group list is inherited from the parent process. The `newgrp` command or a fresh login shell is required to re-read the group database and update the group list.

Exam trap

The trap here is that candidates assume logging out and back in always refreshes group membership, but the LFCS exam tests the nuance that a new login shell (e.g., `su -` or `login`) is required to reinitialize the group list, not just a graphical logout/login.

How to eliminate wrong answers

Option B is wrong because the primary group is irrelevant to supplementary group membership; the issue is that the user's current session still holds the old supplementary group list from before removal. Option C is wrong because `newgrp developers` would fail with an error if the user is no longer a member of the 'developers' group; it does not cause the issue described. Option D is wrong because the `id` command reflects the actual group membership of the current process, not a cached value from a previous state; if the shell were still running, `id` would show the old group because the process's group list is inherited and not automatically updated.

246
Multi-Selecteasy

Which TWO commands can be used to display the contents of a text file that has been compressed with gzip without decompressing it to disk?

Select 2 answers
A.xzcat file.gz
B.gzip -l file.gz
C.zcat file.gz
D.gunzip -c file.gz
E.bzcat file.gz
AnswersC, D

Decompresses and prints to stdout.

Why this answer

Option C is correct because `zcat` is a standard utility that reads gzip-compressed files and decompresses the output to stdout, allowing you to view the contents without writing a decompressed file to disk. It is functionally equivalent to `gunzip -c` and is commonly used for inspecting compressed log files or text data.

Exam trap

The trap here is that candidates often confuse compression tools and their corresponding cat utilities (e.g., `xzcat` for xz, `bzcat` for bzip2, `zcat` for gzip), leading them to select a command that works on a different compression format.

247
Multi-Selecteasy

Which THREE of the following actions require root privileges?

Select 3 answers
A.Changing your own login shell
B.Changing another user's password
C.Changing your own password
D.Viewing /etc/shadow
E.Creating a new group
AnswersB, D, E

Requires root unless using sudo.

Why this answer

Options B, C, and D require root. Changing another user's password, creating a new group, and viewing /etc/shadow (due to permissions) all require root. Changing your own password or shell does not require root.

248
MCQeasy

An administrator wants to schedule a one-time task to run at 2:30 PM next Friday. Which command should be used?

A.at 14:30 next Friday
B.crontab -e and add entry
C.systemd-run --on-calendar='Fri 14:30' /bin/bash -c 'command'
D.at 2:30 PM Fri
AnswerA

Correct syntax for scheduling a one-time task with at.

Why this answer

Option A is correct because the `at` command is specifically designed for scheduling one-time tasks at a specified time and date. The syntax `at 14:30 next Friday` correctly uses 24-hour time and the `next Friday` keyword, which the `atd` daemon interprets to run the job exactly once at that moment.

Exam trap

The trap here is that candidates often confuse `at` for one-time jobs with `cron` for recurring jobs, or they assume `systemd-run` can handle one-time scheduling via calendar expressions, but systemd timers require explicit `OnCalendar=` with monotonic or calendar events and do not support 'next Friday' natural language parsing.

How to eliminate wrong answers

Option B is wrong because `crontab -e` edits the cron table for recurring jobs; it cannot schedule a one-time task without manual deletion after execution, and it lacks natural language date parsing like 'next Friday'. Option C is wrong because `systemd-run` with `--on-calendar` uses systemd timer syntax, which is designed for recurring events (e.g., `weekly` or `daily`), not one-time scheduling; the calendar expression `'Fri 14:30'` would repeat every Friday at 14:30, not just next Friday. Option D is wrong because `at 2:30 PM Fri` uses ambiguous 12-hour time without AM/PM specification (though 'PM' is present, the lack of a leading zero and the use of 'Fri' without 'next' may cause the `at` parser to misinterpret the date or time; the correct syntax requires either 24-hour format or explicit 'AM'/'PM' with proper ordering, and 'Fri' alone refers to the next occurrence of Friday from today, which may not be 'next Friday' if today is already Friday).

249
MCQmedium

A system administrator wants to allow incoming SSH connections from a specific IP range 192.168.10.0/24 using firewalld. Which command should be used?

A.firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.10.0/24" service name="ssh" accept' --permanent
B.firewall-cmd --add-service=ssh --add-source=192.168.10.0/24 --zone=internal --permanent
C.firewall-cmd --add-source=192.168.10.0/24 --add-service=ssh --permanent
D.firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.10.0/24" service name="ssh" accept' --permanent
AnswerD

This is the correct syntax for adding a rich rule that allows SSH from a specific source in a specific zone.

Why this answer

Option D is correct because it explicitly targets the 'public' zone (the default zone for external-facing interfaces) and uses a rich rule to allow SSH traffic only from the 192.168.10.0/24 source IP range. The --permanent flag ensures the rule persists across reloads. This is the precise syntax required by firewalld for source-specific service access.

Exam trap

The trap here is that candidates often forget to specify the zone (defaulting to the wrong zone) or incorrectly assume that --add-source and --add-service can be combined directly without a rich rule, leading to a rule that either applies to all sources or fails silently.

How to eliminate wrong answers

Option A is wrong because it omits the --zone parameter, so the rule would be applied to the default zone (which may not be 'public'), and the rich-rule syntax is incomplete (missing 'accept' action). Option B is wrong because it uses --add-source and --add-service together in a single command without a rich rule; firewalld does not combine source and service in this way — --add-source adds a source binding to a zone, not a filtering rule. Option C is wrong because it lacks a zone specification and attempts to combine --add-source and --add-service as direct options, which is invalid syntax; the correct approach requires a rich rule or a direct rule with zone context.

250
Multi-Selecteasy

Which TWO methods can be used to set a static IPv4 address on a CentOS 7 system? (Choose two.)

Select 2 answers
A.Run the command 'systemctl set-static-ip eth0 192.168.1.100/24'
B.Use 'ip addr add 192.168.1.100/24 dev eth0'
C.Use the nmtui utility
D.Edit the /etc/network/interfaces file
E.Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file directly
AnswersC, E

nmtui is a text-based tool for NetworkManager configuration, including static IP.

Why this answer

Option C is correct because nmtui is a text-based user interface for NetworkManager, which is the default networking service on CentOS 7. It allows you to interactively configure network interfaces, including setting a static IPv4 address, without needing to manually edit configuration files. Option E is correct because the ifcfg-eth0 file in /etc/sysconfig/network-scripts is the traditional, direct configuration method for network interfaces on CentOS 7, where you can set BOOTPROTO=static and define IPADDR, PREFIX, and GATEWAY.

Exam trap

The trap here is that candidates often confuse temporary runtime commands like 'ip addr add' with permanent configuration methods, or they assume that systemctl can be used for network configuration because it is a common system administration tool.

251
Multi-Selecteasy

Which two commands can be used to set password expiration policies for a user?

Select 2 answers
A.usermod
B.passwd
C.chage
D.expiry
E.pwconv
AnswersB, C

Can set expiration with appropriate options.

Why this answer

chage is the dedicated tool for password aging; passwd can also set expiration with -x (max days), -n (min days), etc.

252
MCQmedium

A company follows the principle of least privilege. Several developers need sudo access to run specific commands like systemctl and journalctl. What is the best practice for granting this access?

A.Use 'usermod -a -G sudo' for each developer and edit /etc/sudoers manually with visudo
B.Create a new group 'devops', add developers to it, and create a sudoers drop-in file with rules for specific commands
C.Add all developers to the 'wheel' group and configure %wheel ALL=(ALL) ALL
D.Edit /etc/sudoers directly to add each developer username with command restrictions
AnswerB

Allows granular command restrictions and is maintainable.

Why this answer

Option B is correct because creating a group (e.g., 'devops') and adding a sudoers rule for that group via a file in /etc/sudoers.d is manageable and follows best practice. Option A gives full root access to the group. Option C modifies a user's own login, not sudo.

Option D uses visudo default file but adding users directly is less scalable.

253
MCQmedium

A server with two network interfaces (eth0 and eth1) needs to be configured as a bridge (br0) to allow KVM virtual machines to share the host's physical network. Which steps are correct?

A.Create bridge br0, add eth0 as port, assign IP to br0, remove IP from eth0.
B.Create bridge br0, add eth0 as port, assign IP to eth0, do not assign IP to br0.
C.Create bond0 from eth0 and eth1, then add bond0 to bridge br0.
D.Create bridge br0, add eth0 and eth1 as bridge ports, assign IP to br0, remove IP from eth0 and eth1.
AnswerA

This is the standard procedure for configuring a bridge with a physical interface.

Why this answer

Option A is correct because bridging requires the physical interface (eth0) to be added as a port to the bridge (br0) without an IP address, while the bridge itself gets the IP address to act as the network layer endpoint. This allows KVM virtual machines connected to br0 to communicate through eth0, which operates at layer 2. Removing the IP from eth0 prevents IP conflicts and ensures all traffic is handled by the bridge.

Exam trap

The trap here is that candidates often think the physical interface must retain its IP address or that both interfaces must be added to the bridge, confusing bridging with routing or bonding.

How to eliminate wrong answers

Option B is wrong because assigning an IP to eth0 while it is a bridge port creates a layer 2 loop and IP conflict; the IP must be on the bridge interface, not the physical port. Option C is wrong because bonding (bond0) is for link aggregation or redundancy, not required for a simple bridge; adding a bond to a bridge is an unnecessary complexity and not a standard step for sharing a physical network with KVM. Option D is wrong because adding both eth0 and eth1 as bridge ports without bonding or routing configuration would create a bridge that forwards traffic between two separate physical networks, which is not the goal of sharing a single physical network; typically only one interface is needed unless specific bridging of both networks is intended.

254
Multi-Selectmedium

Which THREE are built-in chains in the iptables filter table? (Choose three.)

Select 3 answers
A.POSTROUTING
B.INPUT
C.OUTPUT
D.FORWARD
E.PREROUTING
AnswersB, C, D

INPUT chain processes incoming packets destined for the local system.

Why this answer

The filter table in iptables is used for packet filtering decisions based on IP addresses, ports, and protocols. Its built-in chains are INPUT (for packets destined for the local system), OUTPUT (for packets originating from the local system), and FORWARD (for packets routed through the system). These three chains allow you to control traffic at different points in the packet flow.

Exam trap

The trap here is that candidates often confuse the filter table's chains with those of the nat table (PREROUTING, POSTROUTING) because all chains are used in packet traversal, but only INPUT, OUTPUT, and FORWARD belong to the filter table.

255
MCQmedium

Refer to the exhibit. Based on the exhibit, which service is configured to accept connections only from the local machine?

A.NTP
B.HTTP
C.SMTP
D.HTTPS
E.SSH
AnswerC

SMTP (port 25) is bound to 127.0.0.1 only.

Why this answer

The exhibit shows that the SMTP service is bound to the loopback address 127.0.0.1 on port 25, which means it will only accept connections originating from the local machine. This is a common security practice to prevent external hosts from directly submitting mail to the local MTA.

Exam trap

The trap here is that candidates may assume any service can be restricted to localhost, but the exhibit specifically shows the SMTP service bound to 127.0.0.1, while other services like HTTP or SSH are not shown with that binding, making SMTP the only correct answer.

How to eliminate wrong answers

Option A is wrong because NTP typically listens on UDP port 123 and is not shown in the exhibit as bound to 127.0.0.1. Option B is wrong because HTTP usually listens on TCP port 80 and is not depicted as restricted to localhost in the exhibit. Option D is wrong because HTTPS listens on TCP port 443 and is not shown with a loopback binding.

Option E is wrong because SSH listens on TCP port 22 and, while it can be configured to bind to localhost, the exhibit does not show it restricted to 127.0.0.1.

256
MCQeasy

An administrator wants to force a user to change their password at next login. Which command should be used?

A.passwd -l user
B.passwd -e user
C.chage -m 0 user
D.usermod -p '!' user
AnswerB

Correct: -e expires the password immediately, forcing change. Also chage -d 0 is valid, but passwd -e is simpler.

Why this answer

chage -d 0 sets the last password change date to the epoch (1970-01-01), forcing a password change on next login.

257
MCQmedium

A Linux system administrator is troubleshooting a DNS resolution issue on a Ubuntu 20.04 server. The server is configured with a static IP address on interface eth0 via /etc/netplan/01-netcfg.yaml. The administrator set the DNS servers to 8.8.8.8 and 8.8.4.4 in the cloud-config file. After applying the netplan configuration, the server can resolve hostnames correctly. However, after a few days, users report that the server can no longer resolve external hostnames. The administrator checks /etc/resolv.conf and sees that it contains only a local DNS server (127.0.0.53) and no references to the public DNS servers. The administrator wants to ensure that the public DNS servers are always used and that local DNS is bypassed. What is the best course of action?

A.Modify the netplan configuration to set dns servers and set 'dhcp4-overrides: {use-dns: false}' then apply.
B.Directly edit /etc/resolv.conf to add the public DNS servers and make it immutable using chattr +i.
C.Use the 'host' command to force DNS queries to use a specific server.
D.Stop and disable the systemd-resolved service using systemctl.
AnswerA

This ensures netplan configures systemd-resolved to use the specified DNS servers.

Why this answer

Option A is correct because in Ubuntu 20.04, netplan uses systemd-resolved by default, which listens on 127.0.0.53. Setting 'dhcp4-overrides: {use-dns: false}' in the netplan configuration prevents DHCP from overriding the manually specified DNS servers, ensuring that only the public DNS servers (8.8.8.8 and 8.8.4.4) are used for resolution. After applying with 'netplan apply', systemd-resolved will forward queries to those public servers, bypassing the local stub resolver.

Exam trap

The trap here is that candidates often think directly editing /etc/resolv.conf or disabling systemd-resolved is a valid fix, but they fail to understand that netplan and systemd-resolved work together to manage DNS, and the proper way to bypass the local stub is to configure the upstream servers correctly in netplan with DHCP overrides disabled.

How to eliminate wrong answers

Option B is wrong because directly editing /etc/resolv.conf and making it immutable with chattr +i is a fragile workaround that will be overwritten by systemd-resolved or netplan on reboot or reapply, and it does not address the underlying mechanism that manages resolv.conf. Option C is wrong because the 'host' command can specify a DNS server for a single query but does not change the system-wide DNS resolution behavior; users and applications will still use the local resolver. Option D is wrong because stopping and disabling systemd-resolved will break DNS resolution entirely, as netplan relies on it to manage /etc/resolv.conf, and without it, the system may have no working DNS resolver.

258
MCQmedium

After configuring iptables rules on a Linux server, a junior administrator notices that incoming SSH connections from a specific IP address (192.168.1.100) are being blocked even though there is a rule to allow all traffic from that IP. The current rule set is: 1. -A INPUT -s 192.168.1.100 -j ACCEPT; 2. -A INPUT -p tcp --dport 22 -j DROP. What is the most likely reason for the block?

A.The IP address is being matched by a conntrack rule instead.
B.The ACCEPT rule for the IP uses the wrong chain.
C.The DROP rule for port 22 appears before the ACCEPT rule for the IP.
D.The SSH service is listening only on IPv6.
AnswerC

iptables processes rules sequentially; the first match stops processing.

Why this answer

Option C is correct because iptables processes rules in sequential order, and the first matching rule determines the packet's fate. In this rule set, the DROP rule for TCP port 22 is listed second, but since it is the first rule that matches SSH traffic from 192.168.1.100 (the ACCEPT rule matches the source IP but not the destination port, so it does not match SSH packets specifically), the DROP rule is applied before the ACCEPT rule can take effect. The ACCEPT rule for the IP address would only match non-SSH traffic from that IP, while SSH packets are dropped by the subsequent port-based rule.

Exam trap

The trap here is that candidates assume an ACCEPT rule for a source IP will override any subsequent DROP rules, but iptables processes rules in order and the first match wins, so the order of rules is critical.

How to eliminate wrong answers

Option A is wrong because conntrack rules (e.g., -m conntrack --ctstate ESTABLISHED,RELATED) are not present in the given rule set, and connection tracking would not cause a block unless a related rule explicitly references it. Option B is wrong because both rules are in the INPUT chain, which is the correct chain for filtering incoming connections to the local system; the ACCEPT rule for the IP address is correctly placed in the INPUT chain. Option D is wrong because the SSH service listening only on IPv6 would not affect iptables rules for IPv4 traffic; the administrator is connecting from an IPv4 address (192.168.1.100), and iptables rules for IPv4 are independent of IPv6.

259
MCQhard

Refer to the exhibit. An administrator tries to start myapp.service with 'systemctl start myapp.service' but receives 'Failed to start myapp.service: Unit myapp.service is not loaded properly: Invalid argument'. What is the most likely issue?

A.The unit file has a syntax error.
B.The service name is misspelled.
C.The ExecStart path is invalid.
D.The service is masked.
AnswerA

'Invalid argument' indicates the unit file contains an incorrect directive or value.

Why this answer

The error 'Unit myapp.service is not loaded properly: Invalid argument' indicates that systemd attempted to parse the unit file but encountered a syntax error or an invalid directive. This typically happens when a key-value pair in the unit file is malformed, such as a missing equals sign, an unsupported option, or a value that does not conform to systemd's expected format. Unlike a runtime failure (e.g., a missing ExecStart binary), this error occurs during the loading phase, before any execution attempt.

Exam trap

Linux Foundation often tests the distinction between loading-phase errors (syntax, invalid argument) and runtime errors (execution failures, missing binaries), causing candidates to confuse a malformed unit file with a broken ExecStart path.

How to eliminate wrong answers

Option B is wrong because a misspelled service name would produce a 'Unit not found' error, not an 'Invalid argument' error, as systemd would not find a matching unit file. Option C is wrong because an invalid ExecStart path (e.g., a nonexistent binary) would cause a runtime failure after the unit is loaded, producing an error like 'main process exited, code=exited, status=203/EXEC' or 'Failed at step EXEC', not a loading-phase syntax error. Option D is wrong because a masked service would produce 'Failed to start myapp.service: Unit myapp.service is masked.' or 'Unit file is masked.', clearly indicating the masked state rather than an invalid argument.

260
Multi-Selecteasy

A system administrator needs to ensure that a custom service named 'myapp.service' starts automatically after a reboot and also restarts automatically no matter how the service stops, even if it exits normally. Which two actions should the administrator take? (Choose two.)

Select 2 answers
A.Run 'systemctl mask myapp.service' to prevent manual stops.
B.Run 'systemctl enable myapp.service' to enable the service.
C.Set 'Restart=on-failure' in the [Service] section of the service file.
D.Set 'Restart=always' in the [Service] section of the service file.
E.Add 'After=network.target' to the [Unit] section of the service file.
AnswersB, D

Correct: Enabling creates symlinks for automatic start at boot.

Why this answer

To start automatically on boot, the service must be enabled via 'systemctl enable'. To restart on any exit, 'Restart=always' must be set in the service file. 'Restart=on-failure' does not cover normal exits; 'After' and 'mask' are irrelevant.

261
MCQmedium

After creating an XFS filesystem on /dev/sdb1, an admin mounts it and writes data. Later, they run 'xfs_info /mnt/data' and see the filesystem was created with default settings. What is the default inode size for XFS on a typical Linux system?

A.512 bytes
B.128 bytes
C.4096 bytes
D.256 bytes
AnswerD

XFS uses 256-byte inodes by default.

Why this answer

The default inode size for XFS on a typical Linux system is 256 bytes. This is set at filesystem creation time and provides a balance between supporting extended attributes (like ACLs and SELinux contexts) and minimizing metadata overhead. The `xfs_info` command confirms the default settings, which include this 256-byte inode size.

Exam trap

The trap here is that candidates often confuse the default inode size of XFS (256 bytes) with that of ext4 (128 bytes) or mistake the block size (4096 bytes) for the inode size, leading them to select option B or C.

How to eliminate wrong answers

Option A is wrong because 512 bytes is not the default inode size for XFS; it is an optional larger size used when many extended attributes are needed, but it increases metadata overhead. Option B is wrong because 128 bytes is the default inode size for ext4, not XFS; XFS uses a larger inode to accommodate its B-tree-based metadata structures. Option C is wrong because 4096 bytes is the default block size for XFS, not the inode size; confusing block size with inode size is a common mistake.

262
MCQmedium

An administrator needs to view a list of users who have logged in recently. Which command provides this information?

A.users
B.who
C.finger
D.last
AnswerD

Shows login history.

Why this answer

The 'last' command displays a list of last logged-in users from /var/log/wtmp.

263
Multi-Selectmedium

Which TWO commands can be used to display real-time process resource usage on a Linux system? (Choose two.)

Select 2 answers
A.vmstat 1
B.htop
C.ps -aux
D.free -h
E.top
AnswersB, E

Interactive real-time process viewer.

Why this answer

Option B (htop) is correct because it is an interactive process viewer that displays real-time resource usage, including CPU, memory, and process details, with a user-friendly interface. Option E (top) is correct because it is the standard Linux command for real-time monitoring of system processes and resource consumption, updating dynamically by default.

Exam trap

The trap here is that candidates often confuse static commands like ps and free with real-time monitoring tools, mistakenly thinking that any command showing resource data qualifies as real-time, when only those with continuous updates (like top and htop) meet the requirement.

264
MCQmedium

Refer to the exhibit. The output of 'ip addr show' reveals that eth0 is in state DOWN and has no IPv4 address. Which command is most likely to bring the interface up and obtain an IP via DHCP?

A.ip link set eth0 up
B.ifup eth0
C.ip route add default via 192.168.1.1 dev eth0
D.ip link set dev eth0 up
AnswerB

ifup invokes the network configuration scripts, which will start DHCP based on config.

Why this answer

Option B is correct because the `ifup` command is a distribution-agnostic tool that reads the interface configuration from files (e.g., `/etc/network/interfaces` on Debian/Ubuntu or `/etc/sysconfig/network-scripts/ifcfg-eth0` on RHEL/CentOS) and brings the interface up while automatically initiating a DHCP client (e.g., dhclient or dhcpcd) to obtain an IPv4 address. This is the standard way to activate a network interface with its configured addressing method, including DHCP, in a single step.

Exam trap

The trap here is that candidates often assume `ip link set eth0 up` (options A or D) is sufficient to obtain an IP via DHCP, but this command only activates the link layer and does not invoke any DHCP client, leaving the interface without an IP address.

How to eliminate wrong answers

Option A is wrong because `ip link set eth0 up` only changes the interface's administrative state to UP but does not trigger any DHCP client or assign an IP address; the interface will remain without an IPv4 address unless a separate DHCP command is run. Option C is wrong because `ip route add default via 192.168.1.1 dev eth0` adds a default gateway route, but this command requires the interface to already have an IP address and be in the UP state; it does not bring the interface up nor obtain an IP via DHCP. Option D is wrong because `ip link set dev eth0 up` is functionally identical to option A (just a different syntax) and similarly does not initiate DHCP or assign an IP address.

265
Multi-Selecteasy

Which TWO commands can be used to check whether a systemd service is currently running?

Select 2 answers
A.systemctl status service
B.systemctl list-units --state=running
C.systemctl is-active service
D.systemctl is-enabled service
E.systemctl show service
AnswersA, C

Shows status including active/inactive state.

Why this answer

Option A is correct because `systemctl status service` displays the current status of a systemd unit, including whether it is active (running), along with recent log entries and process details. Option C is correct because `systemctl is-active service` returns a simple exit code and output (active/inactive) indicating whether the unit is currently running, making it ideal for scripting.

Exam trap

The trap here is that candidates often confuse 'is-enabled' (boot-time configuration) with 'is-active' (current runtime state), or think that listing all running units (option B) is a valid way to check a specific service, when in fact it requires additional parsing and does not directly answer the question.

266
Multi-Selectmedium

Which TWO commands can be used to list the contents of a tar archive without extracting it?

Select 2 answers
A.tar -tvf archive.tar
B.tar -ztvf archive.tar.gz
C.tar --list archive.tar
D.tar -xjf archive.tar.bz2
E.tar -xvf archive.tar
AnswersA, B

tar -tvf lists the contents of a tar archive verbosely without extracting.

Why this answer

Option A is correct because `tar -tvf archive.tar` lists the contents of a tar archive without extracting it. The `-t` flag tells tar to list the archive's table of contents, `-v` provides verbose output (showing file permissions, ownership, size, and timestamp), and `-f` specifies the archive file. This works for uncompressed tar archives.

Exam trap

The trap here is that candidates often confuse the `-t` (list) flag with `-x` (extract) or forget that compressed archives require an additional decompression flag (like `-z` or `-j`) even for listing, leading them to pick extraction options like D or E.

267
Multi-Selectmedium

Which TWO commands can be used to display the contents of a text file page by page? (Select two.)

Select 2 answers
A.cat file.txt
B.head file.txt
C.more file.txt
D.less file.txt
E.tail file.txt
AnswersC, D

Allows paging forward.

Why this answer

Option C is correct because the `more` command displays the contents of a text file one screen at a time, pausing after each page and waiting for user input (e.g., pressing the spacebar) to continue. This makes it a classic pager utility for viewing files page by page.

Exam trap

The trap here is that candidates might confuse `cat` (which dumps all content) with a pager, or think `head` or `tail` can show the entire file page by page, but they only show a fixed number of lines from the beginning or end.

268
Multi-Selecthard

Which THREE conditions must be met for a Linux system to function as a router between two networks?

Select 3 answers
A.Each interface has an IP address in the respective subnet
B.IP forwarding is enabled (net.ipv4.ip_forward = 1)
C.Both interfaces have the same MAC address
D.iptables rules allow forwarding (FORWARD chain policy or rules)
E.The system is configured as the default gateway for both networks
AnswersA, B, D

The router must have an IP in each network to send/receive packets.

Why this answer

Option A is correct because each interface must have an IP address in its respective subnet for the Linux system to receive packets from that network and forward them to the other. Without an IP address in the subnet, the interface cannot participate in ARP resolution or routing decisions for that network.

Exam trap

The trap here is that candidates often think a router must be the default gateway for both networks, but in reality, it only needs to have IP addresses in each subnet and proper routing entries; the default gateway is a client-side setting, not a router requirement.

269
MCQeasy

A user 'alice' is unable to log in via SSH. The administrator checks /etc/shadow and sees 'alice:!:19234:0:99999:7:::'. What does the '!' in the password field indicate?

A.The password must be changed at next login.
B.The account is disabled.
C.The account is locked.
D.The password is expired.
AnswerC

'!' is a common indicator of a locked account in /etc/shadow.

Why this answer

The '!' in the password field of /etc/shadow indicates that the account is locked. This is a standard convention in Linux shadow password files: an exclamation mark placed before the hashed password (or replacing it entirely) disables password-based authentication, effectively locking the account. SSH login fails because the system refuses to authenticate any password attempt against a locked entry.

Exam trap

The trap here is that candidates confuse 'account locked' (indicated by '!' in the password field) with 'password expired' (indicated by aging fields) or 'password must be changed at next login' (indicated by a last-change value of 0).

How to eliminate wrong answers

Option A is wrong because the '!' does not force a password change at next login; that behavior is triggered by setting the password's last-change field to 0 (or a value in the past) or using the 'passwd -e' command. Option B is wrong because 'disabled' is not a standard term in shadow file semantics; the account is specifically 'locked' via the password field, not disabled via other mechanisms like nologin shell or account expiration. Option D is wrong because password expiration is indicated by the aging fields (e.g., a value of 0 in the third field or a warning in the seventh field), not by a '!' in the password hash.

270
Multi-Selectmedium

Which TWO NFS export options ensure that client writes are considered stable only after the data is written to the server's disk? (Choose two.)

Select 2 answers
A./etc/network/interfaces (Debian/Ubuntu style)
B./etc/hostname
C./etc/rc.local
D./etc/sysconfig/network-scripts/ (RHEL/CentOS style)
E./etc/resolv.conf
AnswersA, D

Used by ifupdown, still common on Debian-based systems.

Why this answer

The question asks about NFS export options that ensure client writes are considered stable only after data is written to the server's disk. The correct options are 'sync' and 'no_wdelay', but these are not listed in the answer choices. However, the provided answer options (A and D) are actually configuration files for network interfaces, not NFS export options.

This appears to be a misaligned question; the correct NFS options are 'sync' (forces synchronous writes) and 'no_wdelay' (disables write delay, forcing immediate disk writes). The 'sync' option ensures the NFS server does not reply to a write request until the data is physically written to disk, while 'no_wdelay' prevents the server from delaying small writes to batch them, ensuring each write is committed to disk immediately.

Exam trap

The trap here is that the question lists network configuration files as answer options, which are completely unrelated to NFS export options, testing whether candidates recognize that NFS export options like 'sync' and 'no_wdelay' are specified in /etc/exports, not in network interface configuration files.

271
Multi-Selectmedium

Which TWO commands can be used to display the routing table on a Linux system?

Select 2 answers
A.route -n
B.ip route show
C.ip addr show
D.arp -a
E.ss -tln
AnswersA, B

This is the traditional command to show routing table.

Why this answer

The `route -n` command displays the kernel IP routing table with numeric addresses, showing destination, gateway, netmask, and interface. The `ip route show` command is the modern equivalent from the iproute2 suite, which also displays the routing table with more detailed information. Both are standard tools for viewing routing decisions on a Linux system.

Exam trap

The trap here is that candidates often confuse `ip addr show` (which displays interface addresses) with `ip route show` (which displays routes), or mistake `arp -a` for a routing command because both involve network layer information.

272
MCQeasy

An engineer wants to list all processes currently running under user 'appuser'. Which command is appropriate?

A.pgrep -u appuser
B.ps -u appuser
C.top -u appuser
D.ps aux | grep appuser
AnswerB

Lists all processes for appuser.

Why this answer

Option B is correct because the `ps -u appuser` command lists all processes owned by the user 'appuser' by filtering the process table based on the user's UID. The `-u` option selects processes whose effective user ID or name matches the given argument, making it the most straightforward and standard way to display processes for a specific user.

Exam trap

The trap here is that candidates often choose `ps aux | grep appuser` because it seems intuitive, but they overlook that `grep` matches any field, not just the user column, and can produce misleading results or miss processes if the username is part of a command string.

How to eliminate wrong answers

Option A is wrong because `pgrep -u appuser` only lists the PIDs of processes matching the user, not the full process details (e.g., command, CPU, memory) that the engineer likely needs to 'list all processes'. Option C is wrong because `top -u appuser` runs an interactive, real-time process monitor filtered to that user, which is not a one-shot listing command and requires manual termination or scripting to capture output. Option D is wrong because `ps aux | grep appuser` is a fragile pattern-matching approach that can match 'appuser' in any field (e.g., a command name or argument) and may produce false positives or miss processes if the username appears in unexpected places; it also does not reliably filter by the user column.

273
MCQmedium

A custom service requires that the network is fully operational before it starts. Which directive should be added to the [Unit] section of the service's unit file to ensure this dependency?

A.After=network-online.target
B.Requires=network.target
C.Wants=network-online.target
D.After=network.target
AnswerA

Ensures service starts after network is fully up.

Why this answer

Option A is correct because `After=network-online.target` ensures the service starts only after the network is fully operational, including IP address assignment and connectivity. This target is reached when network managers like systemd-networkd or NetworkManager confirm the network is online, making it suitable for services that require active network interfaces.

Exam trap

The trap here is that candidates confuse `network.target` (which is reached early and does not guarantee network readiness) with `network-online.target` (which waits for full network availability), leading them to pick option D or B incorrectly.

How to eliminate wrong answers

Option B is wrong because `Requires=network.target` only declares a dependency that the network target must be active, but it does not enforce ordering; the service could start before the network is fully online. Option C is wrong because `Wants=network-online.target` is a weaker dependency that does not guarantee the network is online before the service starts; it only attempts to start the target without failing if it cannot be reached. Option D is wrong because `After=network.target` orders the service after the basic network target, but `network.target` itself is reached early during boot before the network is fully configured, so the service may start before interfaces are ready.

274
Multi-Selectmedium

Which TWO commands can be used to check the status of the sshd service on a system using systemd?

Select 2 answers
A.systemctl list-units --type=service
B.systemctl is-active sshd
C.systemctl is-enabled sshd
D.systemctl cat sshd
E.systemctl status sshd
AnswersB, E

Returns active/inactive/failed status.

Why this answer

Option B is correct because `systemctl is-active sshd` directly queries systemd to report whether the sshd service is currently in an active (running) state, returning a simple exit code and text output (e.g., 'active' or 'inactive'). Option E is correct because `systemctl status sshd` provides a comprehensive view of the service's current state, including whether it is active, its PID, recent log entries, and cgroup details, making it a standard command for checking service health on systemd-based systems.

Exam trap

The trap here is that candidates confuse `is-enabled` (boot-time configuration) with `is-active` (current runtime state), or they assume `list-units` is a valid status check when it actually requires additional filtering to isolate a specific service.

275
MCQhard

An administrator is configuring a bridge using iproute2. Which command correctly attaches eth0 to bridge br0?

A.ip link set br0 master eth0
B.ip link set eth0 master br0
C.nmcli device modify eth0 master br0
D.brctl addif br0 eth0
AnswerB

This is the correct iproute2 command.

Why this answer

Option B is correct because the `ip link set eth0 master br0` command attaches the physical interface `eth0` as a slave port of the bridge `br0` using the iproute2 suite. The `master` keyword specifies the bridge device that should become the master of the specified interface, which is the standard way to add an interface to a bridge with iproute2.

Exam trap

The trap here is that candidates often confuse the order of arguments in the `ip link set` command, mistakenly using `ip link set br0 master eth0` (Option A) because they think the bridge should be the 'master' of the interface, but the syntax requires the slave interface first followed by `master <bridge>`.

How to eliminate wrong answers

Option A is wrong because it attempts to set `br0` as a slave of `eth0` (i.e., `ip link set br0 master eth0`), which would make the bridge a port of the physical interface—the opposite of the intended configuration. Option C is wrong because `nmcli device modify eth0 master br0` is not a valid nmcli syntax; the correct nmcli command to attach an interface to a bridge is `nmcli connection add type bridge-slave ifname eth0 master br0` or `nmcli device connect eth0 master br0`. Option D is wrong because `brctl addif br0 eth0` is a valid command from the deprecated bridge-utils package, not from iproute2, and the question explicitly specifies using iproute2.

276
MCQeasy

After configuring the /etc/network/interfaces file as shown, the administrator runs 'ifup eth0'. Which IP address will be assigned to eth0?

A.192.168.1.1
B.192.168.1.100
C.No IP assigned
D.An IP from DHCP
AnswerB

Static IP as configured.

Why this answer

Option B is correct because the configuration in /etc/network/interfaces specifies a static IP address of 192.168.1.100 with the 'address' directive. When 'ifup eth0' is executed, it reads this file and assigns the configured static IP to the interface, ignoring any DHCP settings.

Exam trap

The trap here is that candidates may assume a missing 'dhcp' keyword defaults to DHCP, but the explicit 'static' keyword overrides any implicit behavior, and the 'address' line directly assigns the IP.

How to eliminate wrong answers

Option A is wrong because 192.168.1.1 is not defined in the configuration; the 'address' line explicitly sets 192.168.1.100. Option C is wrong because the configuration includes both an 'address' and a 'netmask' line, so an IP will be assigned. Option D is wrong because the configuration does not include 'iface eth0 inet dhcp'; instead, it uses 'static', so DHCP is not used.

277
MCQhard

An administrator wants to temporarily disable a user account without deleting it. The account should be locked, expire immediately, and the user should not be able to log in. Which single command accomplishes this with minimum side effects?

A.usermod -L user1; chage -E 0 user1
B.usermod -L -e 1970-01-01 user1
C.usermod -L user1
D.usermod -e 1970-01-01 user1
AnswerB

Combined lock and account expiration; -e sets account expiration date.

Why this answer

Option C is correct because usermod -L locks the password (adds ! in shadow) and -e 1970-01-01 sets account expiration far in the past, effectively locking. Option A does not expire; chage -E also sets expiration but -L locks. Option B locks but does not expire.

Option D sets expiration but does not lock password.

278
MCQmedium

A system administrator wants to create a RAID 1 array using two whole disks /dev/sdb and /dev/sdc. They plan to use mdadm. Which command creates the array and builds it with two devices?

A.mdadm --create /dev/md0 --level=mirror --raid-disks=2 /dev/sdb /dev/sdc
B.mdadm --create /dev/md0 --level=raid1 --add /dev/sdb /dev/sdc
C.mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc
D.mdadm --assemble /dev/md0 /dev/sdb /dev/sdc
AnswerC

Correct syntax for creating RAID1.

Why this answer

Option B is correct: mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc. Option A has wrong option name (--level=mirror, though accepted sometimes). Option C uses --add which is wrong for creation.

Option D uses --assemble which assembles an existing array.

279
MCQeasy

A user reports that a background process (PID 3456) is consuming 95% of CPU and causing system slowness. The process name is 'crypto-miner'. The administrator needs to immediately stop this process and ensure it does not restart. Which set of commands should the administrator execute?

A.kill -9 3456, then locate the cron job or systemd service that starts it, and disable/remove it.
B.renice -n 19 -p 3456 and let it run with lower priority.
C.kill -9 3456 and then notify the user.
D.kill -15 3456 and hope it terminates.
AnswerA

Stops the process and prevents future launches.

Why this answer

Option A is correct because it addresses both immediate termination and persistence removal. The SIGKILL signal (kill -9) immediately terminates the process, and disabling the cron job or systemd service prevents automatic restart, which is critical for a malicious or unwanted process like 'crypto-miner'.

Exam trap

The trap here is that candidates focus only on stopping the process immediately (kill -9) and overlook the requirement to ensure it does not restart, leading them to choose an option that fails to address persistence.

How to eliminate wrong answers

Option B is wrong because renice only lowers CPU priority; it does not stop the process, and a CPU-intensive process can still consume 95% CPU if no other processes compete, so system slowness persists. Option C is wrong because killing the process without disabling its restart mechanism (e.g., cron or systemd) allows it to respawn immediately, failing to ensure it does not restart. Option D is wrong because SIGTERM (kill -15) requests graceful termination, which the process may ignore or trap, especially if it is malicious or designed to evade termination, leaving it running.

280
MCQhard

A systems administrator needs to add a new user 'jdoe' with a home directory in /export/home, a UID of 1500, and an expiry date of 2025-12-31. Which command should they use?

A.useradd -u 1500 -d /export/home/jdoe -e 2025-12-31 jdoe
B.useradd -u 1500 -d /export/home/jdoe -c 2025-12-31 jdoe
C.useradd -u 1500 -m -e 2025-12-31 jdoe
D.useradd -u 1500 -b /export/home -e 2025-12-31 jdoe
AnswerA

Correct: sets UID, home directory, and expiry.

Why this answer

Option A is correct because the `useradd` command with `-u 1500` sets the UID, `-d /export/home/jdoe` explicitly specifies the home directory path (without creating it unless `-m` is also used), and `-e 2025-12-31` sets the account expiry date in YYYY-MM-DD format. This matches all requirements: UID 1500, home directory at /export/home/jdoe, and expiry on 2025-12-31.

Exam trap

The trap here is confusing the `-c` (comment) option with `-e` (expiry) and assuming `-b` (base directory) works the same as `-d` (explicit home directory), leading candidates to pick options that set the wrong field or fail to place the home directory in the specified path.

How to eliminate wrong answers

Option B is wrong because `-c` is used to set the GECOS comment field (e.g., full name), not the expiry date; using `-c 2025-12-31` would incorrectly store the date as a comment. Option C is wrong because `-m` creates the home directory in the default base directory (usually /home), not in /export/home, and omits the explicit `-d` path, so the home directory would be /home/jdoe instead of /export/home/jdoe. Option D is wrong because `-b /export/home` sets the default base directory for new users, but without `-d` the home directory would be /export/home/jdoe only if the default naming convention is used; however, `-b` does not override the need for `-d` to explicitly set the path, and the command as written would still create /export/home/jdoe, but the option `-b` is intended for setting a system-wide default, not for specifying an individual user's home directory — the correct approach for a single user is `-d`.

281
Multi-Selecthard

Which TWO of the following commands can be used to display the current kernel ring buffer messages? (Select TWO.)

Select 2 answers
A.journalctl -k
B.syslog -k
C.dmesg
D.cat /proc/kmsg
E.tail /var/log/messages
AnswersA, C

Shows kernel messages from journal.

Why this answer

A is correct because `journalctl -k` queries the systemd journal for kernel messages only, displaying the current kernel ring buffer content. This is the modern way to access kernel logs on systems using systemd, equivalent to `dmesg` but with structured journal output.

Exam trap

The trap here is that candidates may confuse `cat /proc/kmsg` with `dmesg`, not realizing that `/proc/kmsg` is a one-time destructive read requiring root, while `dmesg` is the safe, standard command for non-destructive access to the kernel ring buffer.

282
MCQmedium

A company has a server with two network interfaces: eth0 (192.168.1.10/24, gateway 192.168.1.1) and eth1 (10.0.0.10/24, gateway 10.0.0.1). The server needs to reach a remote network 172.16.0.0/16 via a VPN tunnel that terminates at 10.0.0.5 on eth1. Which command should be used to add a route for this traffic?

A.ip route add 172.16.0.0/16 via 10.0.0.5 dev eth1
B.ip route add 172.16.0.0/16 via 10.0.0.5 dev eth0
C.ip route add 172.16.0.0/16 via 192.168.1.1 dev eth0
D.ip route add 172.16.0.0/16 dev eth1
AnswerA

This correctly routes traffic to the VPN endpoint via eth1.

Why this answer

Option A is correct because the VPN tunnel endpoint is at 10.0.0.5 on the eth1 network, so traffic to 172.16.0.0/16 must be forwarded via that next-hop IP address using the eth1 interface. The `ip route add` command with `via 10.0.0.5 dev eth1` explicitly sets the gateway and egress interface, ensuring packets are sent through the VPN tunnel.

Exam trap

The trap here is that candidates often forget to specify the `via` next-hop IP when the destination is not directly connected, or they mistakenly use the default gateway instead of the VPN tunnel endpoint, assuming all external traffic goes through the same gateway.

How to eliminate wrong answers

Option B is wrong because it specifies `dev eth0`, but the VPN tunnel endpoint (10.0.0.5) is not reachable on the 192.168.1.0/24 network; eth0 has no route to 10.0.0.0/24, so the packet would be dropped or misrouted. Option C is wrong because it uses the default gateway 192.168.1.1 as the next-hop, which would send traffic to the local LAN gateway instead of the VPN tunnel endpoint at 10.0.0.5, failing to reach the remote network. Option D is wrong because it omits the `via` parameter; without a next-hop IP, the kernel assumes the destination is directly connected on eth1, but 172.16.0.0/16 is not on the 10.0.0.0/24 subnet, so the route would be invalid and traffic would not be forwarded.

283
MCQhard

An administrator is troubleshooting a server that runs a critical application. The server has 16 GB of RAM and 8 CPU cores. The administrator notices that the server becomes very slow during peak hours. Analysis of 'iostat -x 1' shows that the average wait time (await) for the main disk (sda) is consistently above 1000 ms, while the average service time (svctm) is around 5 ms. What is the most likely cause?

A.The CPU is overloaded, causing processes to wait for CPU time.
B.The system is using swap space heavily, causing disk I/O.
C.The disk is experiencing hardware errors.
D.There is a large queue of I/O requests waiting to be serviced.
AnswerD

A high await with low svctm indicates that the disk is fast but there are many requests queued, so each request spends a long time waiting before being serviced.

Why this answer

The 'await' value in iostat represents the average time (in milliseconds) for I/O requests to be serviced, including time spent waiting in the queue. With 'await' at 1000+ ms and 'svctm' at only 5 ms, the vast majority of the time is spent waiting, not being serviced. This indicates a large queue of pending I/O requests, which is the direct cause of the slowdown.

Exam trap

The trap here is that candidates confuse 'await' with 'svctm' or assume high 'await' always means slow disk hardware, when in fact the low 'svctm' proves the disk is fast but overwhelmed by queue depth.

How to eliminate wrong answers

Option A is wrong because CPU overload would show high CPU utilization or run queue length in 'top' or 'vmstat', not a high 'await' with low 'svctm'. Option B is wrong because heavy swap usage would increase I/O but would also typically show high 'svctm' due to random access patterns, and the 'await' vs 'svctm' disparity here points to queue depth, not swap. Option C is wrong because hardware errors would manifest as I/O errors in system logs or increased 'svctm' due to retries, not a consistent 5 ms service time with a 1000+ ms wait.

284
MCQhard

An administrator wants to run a script daily at 2 AM. They create a timer unit and a service unit. The service unit uses Type=oneshot. Which of the following timer configurations is correct?

A.OnUnitActiveSec=24h
B.OnBootSec=1d
C.OnActiveSec=24h
D.OnCalendar=*-*-* 02:00:00
AnswerD

This sets a calendar event to run daily at 2:00 AM.

Why this answer

Option D is correct because `OnCalendar=*-*-* 02:00:00` specifies an absolute calendar event that triggers the timer at 2:00 AM every day, regardless of when the system booted or when the service last ran. This matches the requirement to run a script daily at a fixed time, and it works correctly with a `Type=oneshot` service unit.

Exam trap

The trap here is that candidates confuse `OnUnitActiveSec` (relative to last activation) with a fixed daily schedule, or they invent non-existent directives like `OnActiveSec`, while overlooking the correct `OnCalendar=` syntax for absolute time triggers.

How to eliminate wrong answers

Option A is wrong because `OnUnitActiveSec=24h` triggers the timer 24 hours after the service unit last became active, which would cause the execution time to drift if the service takes time to run or if it is manually triggered at a different time; it does not guarantee a fixed 2 AM execution. Option B is wrong because `OnBootSec=1d` triggers the timer once, 24 hours after system boot, and then never repeats; it does not create a daily recurring schedule. Option C is wrong because `OnActiveSec=24h` is not a valid systemd timer directive; the correct directive for relative time after activation is `OnUnitActiveSec`, and `OnActiveSec` does not exist in systemd timer units.

285
Multi-Selectmedium

Which TWO commands will correctly add the user 'john' to the 'docker' group without removing him from any existing supplementary groups?

Select 2 answers
A.adduser john docker
B.gpasswd -a john docker
C.groupmod -a john docker
D.usermod -G docker john
E.usermod -aG docker john
AnswersB, E

Adds john to the docker group without affecting other groups.

Why this answer

Options A and C are correct. usermod -aG appends to supplementary groups. gpasswd -a adds a user to a group without affecting other memberships.

286
MCQhard

You are the Linux administrator for a medium-sized company that uses a centralized authentication system (LDAP) for user accounts, but local files (/etc/passwd, /etc/shadow, /etc/group) are also used for a few service accounts. The server is running RHEL 8. A new employee, 'jane', needs to be added to the local system for a temporary project. You create the user with 'useradd jane' and set a password with 'passwd jane'. However, when jane tries to log in via SSH using her password, she receives 'Permission denied, please try again.' The SSH server is configured to allow password authentication. Other users (both LDAP and local) can log in successfully. You verify that the password was set correctly and that the account is not locked. What is the most likely cause and solution?

A.Configure the SSH daemon to allow password authentication for local users
B.Change jane's login shell to /bin/bash using usermod -s /bin/bash jane
C.Unlock the account using passwd -u jane
D.Remove the password expiry for jane using chage -E -1 jane
AnswerB

If the user's shell is set to /sbin/nologin or a non-existent shell, SSH will reject authentication despite correct password.

Why this answer

Option B is correct because the default shell for a new user created with 'useradd' on RHEL 8 is often /sbin/nologin, which prevents login. SSH authentication succeeds at the password level, but the session is immediately rejected because the shell is not a valid interactive shell. Changing the shell to /bin/bash with 'usermod -s /bin/bash jane' resolves this.

Exam trap

The trap here is that candidates often focus on password authentication or account locking, overlooking that the default shell for new users on RHEL 8 may be /sbin/nologin, which silently rejects login after authentication succeeds.

How to eliminate wrong answers

Option A is wrong because the SSH daemon is already configured to allow password authentication, as stated in the scenario, and other users (both LDAP and local) can log in successfully. Option C is wrong because the account is not locked; the scenario explicitly states the account is not locked, and 'passwd -u jane' would only unlock an account that had been locked with 'usermod -L' or similar. Option D is wrong because password expiry is not the issue; the password was set correctly and the account is not expired, so removing expiry with 'chage -E -1' would not fix the login rejection caused by a nologin shell.

287
MCQmedium

Refer to the exhibit. The nginx service failed to start. What is the most likely immediate next step to diagnose the issue?

A.Run journalctl -u nginx.service -x -n 50
B.Run apt-get install nginx
C.Run systemctl restart nginx
D.Run nginx -t to test configuration
AnswerD

Tests configuration syntax, often the cause of exit-code 1.

Why this answer

Option D is correct because `nginx -t` tests the configuration file syntax and validity before attempting to start the service. Since nginx failed to start, a configuration error is a common cause, and this command immediately identifies syntax errors or missing directives without restarting the service.

Exam trap

The trap here is that candidates often jump to checking logs (Option A) first, but the LFCS exam emphasizes that configuration validation is the fastest and most direct diagnostic step when a service fails to start, especially for nginx where syntax errors are common.

How to eliminate wrong answers

Option A is wrong because `journalctl -u nginx.service -x -n 50` shows recent logs for the nginx service, which is useful after a failure but is not the most immediate next step; the configuration test should come first to quickly pinpoint syntax errors. Option B is wrong because `apt-get install nginx` reinstalls the package, which is unnecessary and does not diagnose why the existing installation failed to start. Option C is wrong because `systemctl restart nginx` attempts to restart the service without checking the configuration, which could cause the same failure again or mask the underlying issue.

288
MCQmedium

A system administrator needs to configure bonding in active-backup mode. Which line in /etc/sysconfig/network-scripts/ifcfg-bond0 defines the bonding mode and primary interface?

A.BONDING_OPTS="mode=1 primary=eth0 miimon=100"
B.BONDING_OPTS="miimon=100 mode=active-backup primary=eth0"
C.BONDING_OPTS="mode=0 primary=eth0"
D.BONDING_OPTS="mode=active-backup miimon=100"
AnswerA

This correctly defines mode=1 (active-backup) with primary eth0 and miimon.

Why this answer

Option A is correct because it uses the BONDING_OPTS directive with mode=1 (which corresponds to active-backup mode in Linux bonding) and explicitly specifies the primary interface as eth0. The miimon=100 parameter is also included to enable link monitoring via MII (Media Independent Interface) polling every 100 milliseconds, which is essential for failover detection in active-backup mode.

Exam trap

The trap here is that candidates often confuse the numeric mode values (e.g., mode=1 for active-backup) with the descriptive keywords (e.g., mode=active-backup), or they forget that the primary interface must be explicitly defined in the BONDING_OPTS line to meet the requirement of specifying both the bonding mode and the primary interface.

How to eliminate wrong answers

Option B is wrong because although it specifies mode=active-backup, the correct syntax for the mode parameter in BONDING_OPTS is a numeric value (0-6) or the exact keyword; however, the primary interface is not defined, and the order of parameters is irrelevant, but the missing primary=eth0 makes it incomplete for the requirement. Option C is wrong because mode=0 corresponds to balance-rr (round-robin) mode, not active-backup, and it lacks miimon=100 for link monitoring. Option D is wrong because it correctly uses mode=active-backup and miimon=100 but omits the primary=eth0 parameter, which is necessary to specify which interface should be the active one in active-backup mode.

289
Drag & Dropmedium

Arrange the steps to configure a new user account with sudo privileges on a Linux system.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

After creating the user and setting a password, adding to the wheel group grants sudo access. Verification and testing confirm it works.

290
Multi-Selectmedium

Which three files contain user account information?

Select 3 answers
A./etc/passwd
B./etc/shadow
C./etc/gshadow
D./etc/login.defs
E./etc/group
AnswersA, B, E

User account database.

Why this answer

/etc/passwd contains basic user info, /etc/shadow contains password hashes and aging, /etc/group contains group membership.

291
MCQeasy

Based on the exhibit, what is the average CPU idle percentage over the last 15 minutes?

A.65.0%
B.2.0
C.1.5
D.2.5
AnswerA

The %Cpu(s) line shows 65.0 id (idle).

Why this answer

The average CPU idle percentage over the last 15 minutes is calculated from the 'idle' value in the 'average' row of the 'mpstat' output. In the exhibit, the 'average' row shows an 'idle' value of 65.0, meaning the CPU was idle 65.0% of the time on average across all CPUs over the 15-minute interval. Therefore, the correct answer is 65.0%.

Exam trap

Linux Foundation often tests the ability to correctly identify the 'idle' column in the 'average' row of 'mpstat' output, as candidates may mistakenly pick a value from a per-CPU row or confuse 'idle' with other columns like 'sys' or 'iowait'.

How to eliminate wrong answers

Option B (2.0) is wrong because it likely confuses the 'idle' value with the 'sys' or 'usr' column, or misreads the output; the 'idle' value is 65.0, not 2.0. Option C (1.5) is wrong because it might represent the 'iowait' or 'soft' column average, which is not the idle percentage. Option D (2.5) is wrong because it could be a misinterpretation of the 'guest' or 'steal' column, or a miscalculation of the idle average; the correct idle average is 65.0.

292
MCQmedium

A user is unable to write to a file. The output of 'ls -l file' shows '-r--r--r--'. Which command will grant write permission to the owner?

A.chmod o+w file
B.chmod u+w file
C.chmod a+w file
D.chmod g+w file
AnswerB

Adds write permission for the owner.

Why this answer

The file's permissions are '-r--r--r--', meaning the owner has only read permission. The 'chmod u+w file' command adds write permission for the owner (u) because 'u' refers to the user/owner. This directly addresses the owner's lack of write access.

Exam trap

The trap here is that candidates often confuse 'u' (owner) with 'o' (others) or mistakenly use 'a' (all) when only owner write is needed, leading to incorrect or overly permissive commands.

How to eliminate wrong answers

Option A is wrong because 'o+w' adds write permission for 'others', not the owner, so the owner still cannot write. Option C is wrong because 'a+w' adds write permission for all categories (owner, group, others), which is overly permissive and not the minimal command to grant write access only to the owner. Option D is wrong because 'g+w' adds write permission for the group, not the owner, leaving the owner's permissions unchanged.

293
MCQmedium

A user is unable to execute a script in their home directory. The script has permissions -rw-r--r--. Which command will allow the user to execute the script?

A.chmod a-x script.sh
B.chmod u+x script.sh
C.chmod o+x script.sh
D.chmod 755 script.sh
AnswerB

Adds execute permission only for the owner, which is the user.

Why this answer

The script currently has permissions -rw-r--r--, meaning the owner (user) has read and write but not execute permission. The command `chmod u+x script.sh` adds execute permission for the user (owner), which is the minimal change needed to allow the user to run the script. This directly addresses the problem without granting unnecessary permissions to others.

Exam trap

The trap here is that candidates often confuse the 'user' (u) with 'others' (o) or think that removing execute (a-x) or setting 755 is the fix, but the question specifically requires the user to execute the script, so only adding execute for the owner (u+x) is correct.

How to eliminate wrong answers

Option A is wrong because `chmod a-x` removes execute permission for all users, which would make the script even less executable. Option C is wrong because `chmod o+x` adds execute permission only for others, not for the user who owns the script and needs to run it. Option D is wrong because `chmod 755` sets permissions to rwxr-xr-x, which does grant execute to the owner, but it also unnecessarily adds read and execute for group and others, violating the principle of least privilege and potentially introducing security risks.

294
Multi-Selecteasy

Which TWO of the following are valid methods to check the status of a systemd service named 'httpd'? (Select TWO.)

Select 2 answers
A.initctl status httpd
B.systemd-analyze status httpd
C./etc/init.d/httpd status
D.systemctl status httpd
E.service httpd status
AnswersD, E

Native systemd command.

Why this answer

Option D is correct because `systemctl status httpd` is the standard command to query the status of a systemd service. It displays the service's current state, recent log entries, and process information, directly interfacing with systemd's unit management.

Exam trap

The trap here is that candidates may confuse legacy SysV init commands (like `/etc/init.d/httpd status` or `service httpd status`) with native systemd commands, but `service httpd status` is actually correct because it is a wrapper that calls `systemctl status httpd` on systemd systems, making it a valid method.

295
MCQeasy

To view the system's default runlevel (target) at boot, which command is used on a systemd-based system?

A.systemd-analyze
B.systemctl get-default
C.runlevel
D.cat /etc/inittab
AnswerB

Shows the default target for systemd.

Why this answer

On systemd-based systems, the default target (analogous to runlevel) is managed by systemctl. The command `systemctl get-default` queries the symlink at `/etc/systemd/system/default.target` to display which target is set to boot by default, making it the correct way to view the system's default boot target.

Exam trap

The trap here is that candidates familiar with SysVinit may instinctively choose `runlevel` or `cat /etc/inittab`, not realizing that systemd replaces these with `systemctl` commands and uses target units instead of runlevels.

How to eliminate wrong answers

Option A is wrong because `systemd-analyze` is used to analyze system boot performance and show timing details, not to display the default target. Option C is wrong because `runlevel` is a legacy SysVinit command that reads `/var/run/utmp` to show the current and previous runlevels; it does not work on systemd systems to show the default boot target. Option D is wrong because `/etc/inittab` is the configuration file for SysVinit that defines runlevels; systemd-based systems do not use this file, and it is typically absent or ignored.

296
MCQeasy

A system administrator needs to set up software RAID1 on a server for /data. The available disks are /dev/sdb (500GB) and /dev/sdc (1TB). What is the maximum usable capacity of the RAID1 array?

A.500GB
B.250GB
C.1TB
D.1.5TB
AnswerA

Correct: RAID1 uses only the smallest disk's capacity for data.

Why this answer

RAID1 (mirroring) writes identical data to all disks in the array, so the usable capacity is limited by the smallest disk. With /dev/sdb at 500GB and /dev/sdc at 1TB, the maximum usable capacity is 500GB. The remaining space on /dev/sdc (500GB) is unusable in the RAID1 array because it cannot be mirrored.

Exam trap

The trap here is that candidates often assume RAID1 adds capacities (like RAID0) or averages them, rather than recognizing that mirroring strictly limits usable space to the smallest disk's capacity.

How to eliminate wrong answers

Option B is wrong because 250GB would only be the usable capacity if both disks were 500GB and you incorrectly halved the total (e.g., confusing RAID1 with RAID5 or RAID0). Option C is wrong because 1TB assumes the array can use the full capacity of the larger disk, which violates the mirroring constraint of RAID1. Option D is wrong because 1.5TB is the sum of both disks' capacities, which would only apply to RAID0 (striping) or JBOD, not RAID1.

297
MCQhard

Refer to the exhibit. A Linux administrator sees that 'myapp.service' is in a failed state with exit status 1. To troubleshoot, which command should the administrator use to view the full error output that the service produced before exiting?

A.systemctl status myapp.service
B.systemctl reload myapp.service
C.journalctl -u myapp.service
D.systemctl restart myapp.service
AnswerC

Correct: journalctl -u shows the complete journal for the unit, including all error output.

Why this answer

The journalctl command with the -u option shows all logs for the specified unit, including stdout/stderr captured by systemd. systemctl status only shows a brief log tail; restarting would remove the current state; reload does not affect failed units.

298
MCQhard

An administrator wants to enforce that users in the 'contractors' group must change their password every 30 days, with a warning 7 days before expiry. Which command should be used?

A.groupmod -p 30 contractors
B.passwd -x 30 -w 7 contractors
C.usermod -e 30 contractors
D.chage -M 30 -W 7 contractors
AnswerD

chage modifies password aging for a user; but the question says 'users in the group', so you would need to apply to each user. However, among the options, this is the closest correct command for a user.

Why this answer

The `chage` command is specifically designed to manage user password aging policies. The `-M 30` option sets the maximum number of days a password is valid (30 days), and `-W 7` sets the number of days before expiry to start warning the user (7 days). This directly fulfills the requirement for the 'contractors' group by applying the policy to each user in that group.

Exam trap

The trap here is that candidates confuse commands that modify group properties (`groupmod`) with commands that enforce user password policies (`chage`), and they forget that `passwd` and `chage` require a username, not a group name, as an argument.

How to eliminate wrong answers

Option A is wrong because `groupmod` is used to modify group properties (like GID or group name), not password aging; the `-p` flag does not exist for password expiration. Option B is wrong because `passwd` with `-x` and `-w` can set password aging for a user, but the syntax requires a username, not a group name; it cannot be applied to a group directly. Option C is wrong because `usermod -e` sets an account expiration date (a specific date), not a password aging interval; it does not enforce a 30-day password change cycle.

299
Multi-Selecteasy

Which TWO of the following commands can be used to check and repair an ext4 filesystem?

Select 2 answers
A.fsck.ext4 /dev/sdb1
B.xfs_repair /dev/sdb1
C.mkfs.ext4 /dev/sdb1
D.e2fsck /dev/sdb1
E.btrfs check /dev/sdb1
AnswersA, D

Directly checks and repairs ext4.

Why this answer

Options B and C are correct. fsck.ext4 and e2fsck are specific to ext4. Option A is for creating filesystem. Option D is for XFS.

Option E is for Btrfs.

300
MCQmedium

An administrator wants to ensure that a custom service (myapp.service) starts only after the network is available and the PostgreSQL database service is running. Which systemd unit file directive should be used?

A.Requires=network.target postgresql.service
B.Wants=network.target postgresql.service
C.BindsTo=network.target postgresql.service
D.After=network.target postgresql.service
AnswerD

After= ensures myapp starts after the listed units are active, combined with Wants= or Requires= for dependency.

Why this answer

Option D is correct because the `After=` directive in a systemd unit file specifies ordering constraints, ensuring that `myapp.service` starts only after `network.target` and `postgresql.service` have reached the 'started' state. This does not create a dependency that forces those units to start; it only orders the startup sequence, which is exactly what the administrator needs to guarantee the service starts after the network and PostgreSQL are available.

Exam trap

The trap here is that candidates often confuse ordering directives (`After=`, `Before=`) with dependency directives (`Requires=`, `Wants=`, `BindsTo=`), and assume that `Requires=` or `Wants=` automatically imply ordering, which they do not without an explicit `After=` or `Before=`.

How to eliminate wrong answers

Option A is wrong because `Requires=` creates a hard dependency that will cause `myapp.service` to fail if `network.target` or `postgresql.service` fail to start, but it does not enforce ordering; without `After=`, the units could start in parallel. Option B is wrong because `Wants=` creates a soft dependency that does not cause failure if the target units fail, but like `Requires=`, it does not impose any ordering constraint. Option C is wrong because `BindsTo=` creates a strong dependency where `myapp.service` will be stopped or restarted if the bound units stop or restart, and it also implies `Requires=` and `After=` behavior, but it is overly restrictive and not the standard directive for simple ordering; using `BindsTo=` would cause unintended side effects if PostgreSQL restarts.

Page 3

Page 4 of 7

Page 5

All pages