Linux Foundation Certified System Administrator LFCS (LFCS) — Questions 451513

513 questions total · 7pages · All types, answers revealed

Page 6

Page 7 of 7

451
MCQeasy

A user reports that they cannot run a script because it says 'Permission denied'. The script is owned by root and has permissions -rw-r--r--. Which command would allow the user to execute the script?

A.chmod u+s script
B.chmod +x script
C.chmod -w script
D.chown user:user script
AnswerB

Adds execute permission to all classes (a+x).

Why this answer

The script has permissions `-rw-r--r--`, meaning the owner (root) has read/write, but no execute bit is set for any user. Option B (`chmod +x script`) adds the execute permission for all users (owner, group, others), which allows the user to run the script. Without the execute bit, the kernel will refuse to execve() the file, returning EACCES.

Exam trap

The trap here is that candidates may confuse ownership or SUID with the fundamental requirement of the execute bit, thinking that changing the owner or setting the setuid bit will allow execution, when in fact the kernel strictly requires the 'x' bit to be set for the file to be run as a program.

How to eliminate wrong answers

Option A is wrong because `chmod u+s` sets the setuid bit (SUID), which only affects the effective user ID during execution, but does not grant execute permission; the file still lacks the execute bit, so the script cannot be run. Option C is wrong because `chmod -w` removes write permission, which does not solve the missing execute permission; the user already cannot write to the file, and this change would only further restrict access. Option D is wrong because `chown user:user script` changes ownership to the user, which would give the user owner permissions (read/write), but the file still lacks the execute bit; ownership alone does not enable execution.

452
MCQeasy

An administrator needs to grant a user 'bob' the ability to run all commands as root without a password prompt. Which configuration in /etc/sudoers accomplishes this?

A.bob ALL=(ALL) NOPASSWD: ALL
B.bob ALL=(ALL) PASSWD: ALL
C.bob ALL=(root) NOPASSWD: ALL
D.bob ALL=(ALL) ALL
AnswerA

Grants password-less sudo for all commands.

Why this answer

The line 'bob ALL=(ALL) NOPASSWD: ALL' in /etc/sudoers gives bob full passwordless sudo access.

453
MCQmedium

A DevOps engineer is writing a continuous integration pipeline that runs a script to deploy an application. The script is stored in a Git repository and is executed on a build server. The script works locally on the engineer's workstation, but when executed on the build server, it fails with '/bin/sh: line 12: somecommand: command not found'. The 'somecommand' is a standard Linux tool that is installed on the build server. The build server uses a minimal Docker container. Which of the following is the most likely cause and solution?

A.The PATH environment variable is not set correctly in the non-interactive shell. Use the full path to 'somecommand' or set PATH explicitly in the script.
B.The script does not have execute permissions. Add 'chmod +x' before running the script.
C.The script requires root privileges. Use 'sudo' to run the script.
D.The script is using a different shell than the build server's default. Change the shebang to '#!/bin/sh'.
AnswerA

Non-interactive shells often have a restricted PATH; using an absolute path or setting PATH resolves the issue.

Why this answer

The error 'command not found' despite the tool being installed indicates that the shell cannot locate the executable. In a non-interactive shell (like those used in CI/CD pipelines or minimal Docker containers), the PATH environment variable is often not set or is minimal. The fix is to either use the absolute path to the command or explicitly set PATH in the script to include the directory containing the command.

Exam trap

The trap here is that candidates often confuse 'command not found' with missing permissions or wrong shell, but the real issue is the missing or incomplete PATH in non-interactive shells, a classic pitfall in containerized or automated environments.

How to eliminate wrong answers

Option B is wrong because the error message 'command not found' is not related to file execute permissions; a missing execute permission would produce 'Permission denied', not 'command not found'. Option C is wrong because the error is about command resolution, not about insufficient privileges; if root were needed, the error would typically be 'Permission denied' or a different system call failure. Option D is wrong because the error message explicitly shows '/bin/sh' is being used, and the shebang '#!/bin/sh' would not change the fact that the command is not found; the issue is PATH, not the shell interpreter.

454
MCQhard

A large e-commerce platform runs on a database server that uses LVM thin provisioning. The thin pool is overcommitted at 200% (pool size 1TB, thin volumes total 2TB). Suddenly, the database reports write errors and performance degrades drastically. The administrator checks the system and finds that the thin pool is completely full. What is the immediate effect on the thin volumes, and what should the administrator do to restore normal operation without data loss?

A.The volumes continue to operate but with severe slowdown; administrator must delete unnecessary snapshots.
B.The volumes become corrupted; administrator must restore from backup.
C.The volumes become read-only; administrator must add more physical storage to the volume group and extend the thin pool.
D.The volumes automatically extend the pool using metadata space; no action needed.
AnswerC

Correct: Thin pool full leads to read-only volumes; extend pool to restore writes.

Why this answer

Option A is correct because when an LVM thin pool is full, writes to thin volumes fail, and the volumes become read-only to prevent corruption. The solution is to add more physical storage to the volume group and extend the thin pool. Option B is incorrect because corruption does not occur immediately; data is safe if volumes go read-only.

Option C describes behavior for snapshots, not primary volumes. Option D is false; thin pools do not auto-extend.

455
MCQmedium

A developer reports that a web application is running out of file descriptors. Which sysctl parameter should be reviewed and potentially increased?

A.fs.nr_open
B.fs.file-max
C.kernel.max_files
D.net.ipv4.tcp_max_syn_backlog
AnswerB

This is the system-wide maximum number of open file descriptors.

Why this answer

The `fs.file-max` sysctl parameter defines the system-wide limit on the number of open file descriptors that the kernel can allocate. When a web application runs out of file descriptors, it is typically because this global limit has been reached, and increasing it allows more concurrent open files, sockets, and other descriptors. This directly resolves the reported exhaustion.

Exam trap

The trap here is that candidates confuse the system-wide limit (`fs.file-max`) with the per-process limit (`fs.nr_open` or `ulimit -n`), leading them to choose `fs.nr_open` when the question explicitly asks about a system-wide exhaustion reported by the developer.

How to eliminate wrong answers

Option A is wrong because `fs.nr_open` sets the per-process hard limit on file descriptors (default 1048576), not the system-wide total, and is rarely the bottleneck for a web application. Option C is wrong because `kernel.max_files` is not a valid sysctl parameter; the correct kernel parameter for file descriptor limits is `fs.file-max`. Option D is wrong because `net.ipv4.tcp_max_syn_backlog` controls the maximum number of half-open TCP connections (SYN backlog) and does not affect file descriptor limits.

456
MCQmedium

A system administrator needs to create a shared group 'projectx' and add existing users 'bob' and 'carol' to it. The users need to collaborate on files in a directory /projectx. What is the correct sequence of commands to set up the group and ensure new files created in /projectx are automatically owned by the group 'projectx'?

A.groupadd projectx; usermod -G projectx bob carol; chmod 2770 /projectx
B.addgroup projectx; adduser bob projectx; adduser carol projectx; chmod u+s /projectx
C.groupadd projectx; usermod -aG projectx bob; usermod -aG projectx carol; chmod g+s /projectx
D.groupadd projectx; usermod -G projectx bob; usermod -G projectx carol; chmod g+s /projectx
AnswerC

Correct commands to add to group and set setgid.

Why this answer

Option B is correct because -aG adds supplemental groups without removing existing ones; g+s sets the setgid bit so new files inherit group. Option A is wrong because -G without -a replaces all groups. Option C is wrong because usermod -G without -a and also passing two users is not valid syntax.

Option D uses invalid commands or options (adduser is distribution-specific and chmod u+s is setuid, not setgid).

457
Multi-Selecteasy

Which TWO commands can display disk space usage of mounted filesystems? (Choose two.)

Select 2 answers
A.parted
B.du
C.fdisk
D.df
E.lsblk
AnswersB, D

du displays disk usage of files/directories.

Why this answer

Option A (df) shows filesystem space usage. Option D (du) shows directory space usage. Option B fdisk is for partition manipulation.

Option C lsblk lists block devices. Option E parted is for partition editing.

458
MCQhard

Which of the following statements is true about this unit?

A.The service will be restarted indefinitely with a 10-second delay between restarts regardless of exit status
B.The service can be started by a timer unit
C.The service will start automatically at boot only if network-online.target is reached
D.The service requires SELinux context
AnswerA

Restart=always triggers on any exit, with RestartSec delay.

Why this answer

Option A is correct because the `Restart=always` directive in a systemd service unit causes the service to be restarted indefinitely regardless of the exit status, and the `RestartSec=10` directive introduces a 10-second delay between each restart attempt. This behavior is defined in the systemd.service(5) man page, where `Restart=always` triggers a restart for any exit reason, including clean exits or signals.

Exam trap

Linux Foundation often tests the misconception that `Restart=always` only applies to non-zero exit codes, when in fact it triggers restarts for any exit status, including successful exits (exit code 0).

How to eliminate wrong answers

Option B is wrong because the question does not provide any evidence of a timer unit (e.g., a `.timer` file) being associated with this service; a timer unit is a separate systemd unit that must be explicitly configured and enabled to start a service on a schedule. Option C is wrong because the service unit does not include `Wants=network-online.target` or `After=network-online.target` in the `[Unit]` section, nor does it specify `Requires=network-online.target`; without such directives, the service is not dependent on network-online.target for boot-time startup. Option D is wrong because SELinux context is not a requirement of systemd service units; SELinux policies may apply to the service's executable or files, but the unit file itself does not require an SELinux context to function.

459
MCQhard

After deleting user 'alice', the system administrator wants to also remove the home directory and mail spool. Which command should be used?

A.userdel -Z alice
B.userdel -r alice
C.userdel -f alice
D.userdel --remove alice
AnswerB

-r removes home directory and mail spool.

Why this answer

Option A is correct because userdel -r removes the home directory and mail spool (if owned by the user).

460
Matchingmedium

Match each Linux boot component to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Boot loader that loads the kernel

Initial RAM filesystem used before root is mounted

Init system and service manager

Core of the operating system

Program that loads the OS into memory

Why these pairings

These components are essential in the Linux boot process.

461
Multi-Selecthard

Which TWO commands should the administrator run to identify and fix the duplicate PV?

Select 2 answers
A.pvscan --cache
B.vgextend vg00 /dev/sdd1
C.vgreduce --removemissing vg00
D.vgimportclone /dev/sdc1
E.pvremove /dev/sdc1
AnswersA, C

Rebuilds LVM cache to refresh PV information and often resolves duplicate entries.

Why this answer

Options A and C are correct. Option A, pvscan --cache, rebuilds the LVM cache to update the view of available PVs and often removes duplicate entries. Option C, vgreduce --removemissing vg00, removes the missing PV from the volume group, which is appropriate after confirming the unknown PV is no longer available.

Option B is wrong because vgimportclone is used to import a cloned volume group, not for removing duplicates. Option D is wrong because pvremove is destructive and would remove the PV metadata from /dev/sdc1, which might still be valid. Option E is wrong because adding a new PV does not resolve the duplicate issue.

462
MCQhard

Given the network interface configuration in the exhibit, which command should be run to apply the configuration without rebooting?

A.systemctl restart network
B.ifup eth0
C.ifconfig eth0 down && ifconfig eth0 up
D.ip link set eth0 up
AnswerB

Brings up the interface with the configuration in ifcfg-eth0.

Why this answer

Option B is correct because the `ifup eth0` command reads the configuration file for the eth0 interface (typically `/etc/sysconfig/network-scripts/ifcfg-eth0` on RHEL/CentOS) and applies the settings (IP address, netmask, gateway, etc.) without requiring a system reboot. This is the standard way to activate a network interface with its configured parameters on Linux systems using the legacy network scripts.

Exam trap

The trap here is that candidates confuse bringing an interface up with applying its configuration, assuming that `ip link set eth0 up` or toggling `ifconfig` will also restore IP settings, when in fact those commands only affect the link state and do not read the persistent configuration file.

How to eliminate wrong answers

Option A is wrong because `systemctl restart network` restarts the entire network service, which can disrupt all active connections and is unnecessary for applying a single interface's configuration; it also may not be available on systems using NetworkManager. Option C is wrong because `ifconfig eth0 down && ifconfig eth0 up` only toggles the interface link state without reading the configuration file, so it will not apply any new settings (e.g., a changed IP address) and may leave the interface with stale parameters. Option D is wrong because `ip link set eth0 up` only brings the interface administratively up at Layer 2, but does not assign any IP address or apply Layer 3 configuration from the interface's config file.

463
MCQmedium

A technician needs to display the contents of a compressed file named archive.tar.gz without extracting it. Which command should be used?

A.tar -tf archive.tar
B.tar -xzf archive.tar.gz
C.zcat archive.tar.gz | tar -t
D.zcat archive.tar.gz
AnswerC

Decompresses and pipes to tar -t to list contents.

Why this answer

Option C is correct because it uses `zcat` to decompress the `.gz` layer on the fly and pipes the resulting uncompressed tar archive into `tar -t`, which lists the contents without extracting. This allows viewing the file listing without first decompressing to disk, satisfying the requirement to display contents without extraction.

Exam trap

The trap here is that candidates may confuse `tar -tf` (which works only on uncompressed tar files) with `tar -ztf` (which handles gzip), or they may mistakenly think `zcat` alone produces a readable listing, when it actually outputs raw binary tar data.

How to eliminate wrong answers

Option A is wrong because `tar -tf archive.tar` expects an uncompressed tar file, but the file is `archive.tar.gz` (gzip-compressed), so it will fail or produce garbage. Option B is wrong because `tar -xzf archive.tar.gz` extracts the archive, which violates the requirement to not extract it. Option D is wrong because `zcat archive.tar.gz` only decompresses the gzip layer to stdout, producing raw tar data (binary) rather than a human-readable file listing.

464
MCQeasy

An administrator wants to see the disk usage of the /var directory in a human-readable format. Which command should be used?

A.du -sh /var
B.df -h /var
C.fdisk -l /var
D.ls -lh /var
AnswerA

Correct command.

Why this answer

The `du -sh /var` command is correct because `du` (disk usage) estimates file and directory space usage, and the `-s` flag summarizes the total for `/var` while `-h` provides human-readable output (e.g., KiB, MiB, GiB). This directly shows the disk space consumed by the `/var` directory and its contents.

Exam trap

The trap here is confusing `du` (directory usage) with `df` (filesystem usage), leading candidates to pick `df -h /var` because it shows space in human-readable format, but it does not measure the directory's own consumption.

How to eliminate wrong answers

Option B is wrong because `df -h /var` shows the free and used space on the filesystem where `/var` is mounted, not the disk usage of the `/var` directory itself. Option C is wrong because `fdisk -l /var` is invalid; `fdisk` operates on block devices (e.g., `/dev/sda`), not directories, and will produce an error. Option D is wrong because `ls -lh /var` lists the contents of `/var` with file sizes, but does not aggregate or summarize the total disk usage of the directory tree.

465
MCQmedium

A Linux system reports 'Out of memory' errors frequently. The administrator checks memory usage with 'free -m' and notices that most memory is used by file cache. Which command can the administrator run to immediately free up the cache without affecting running processes?

A.sysctl vm.drop_caches=1
B.swapoff -a
C.echo 1 > /proc/sys/vm/drop_caches
D.kill -9 $(pidof some_process)
AnswerC

Writing 1 to drop_caches frees pagecache.

Why this answer

Option C is correct because writing 1 to /proc/sys/vm/drop_caches instructs the kernel to free pagecache (file cache) without terminating any processes. This is a safe, non-destructive operation that reclaims memory used for caching disk I/O, which is exactly what the administrator needs when 'free -m' shows most memory consumed by cache.

Exam trap

The trap here is that candidates confuse 'sysctl' with direct procfs writes, or think 'swapoff -a' frees memory, when in fact it only disables swap and does not reclaim file cache.

How to eliminate wrong answers

Option A is wrong because 'sysctl vm.drop_caches=1' is not a valid sysctl command; sysctl uses a 'key=value' syntax but the correct parameter path is 'vm.drop_caches', and the value must be written to the procfs file, not set via sysctl directly (though 'sysctl -w vm.drop_caches=1' would work, the given syntax is incorrect). Option B is wrong because 'swapoff -a' disables all swap devices, which does not free file cache; it may even cause memory pressure if the system relies on swap, and it does not reclaim cached pages. Option D is wrong because 'kill -9' terminates a process, which is unnecessary and disruptive; the goal is to free cache without affecting running processes, and killing a process is the opposite of that requirement.

466
MCQhard

After attempting to log in as user 'alice', the system rejects the password. The admin checks /etc/passwd and sees 'alice:x:1001:1001::/home/alice:/bin/bash'. The /etc/shadow shows 'alice:!!:18200:0:99999:7:::', indicating the account is locked. Which command will unlock the account?

A.passwd -S alice
B.passwd -u alice
C.usermod -U alice
D.chage -d 0 alice
AnswerC

Correctly unlocks the user account password.

Why this answer

Option B is correct because usermod -U unlocks the password. Option A (passwd -u) is available on some systems but not standard across all Linux distributions. Option C sets the password to expire immediately, which does not unlock.

Option D shows password status only.

467
Multi-Selecthard

An administrator is troubleshooting DNS resolution and wants to query the SOA record for a domain. Which three commands can be used? (Choose three.)

Select 3 answers
A.nslookup -type=soa example.com
B.host -t SOA example.com
C.dig example.com SOA
D.nmcli dev show
E.getent hosts example.com
AnswersA, B, C

nslookup can query SOA records.

Why this answer

The `nslookup -type=soa` command queries the DNS for the Start of Authority (SOA) record of a domain. The `-type=soa` flag explicitly sets the query type to SOA, which returns authoritative information about the zone, including the primary name server and administrator email.

Exam trap

The trap here is that candidates may confuse `getent hosts` with DNS lookup tools, not realizing it bypasses DNS resolution and only checks local name resolution sources.

468
MCQmedium

A server has two NICs bonded in mode 1 (active-backup). If the active NIC fails, what occurs?

A.Both NICs continue to pass traffic simultaneously
B.Traffic automatically switches to the backup NIC with minimal interruption
C.The bond interface goes down until an administrator intervenes
D.The system disables the bond and uses a single NIC
AnswerB

Active-backup provides automatic failover.

Why this answer

In bonding mode 1 (active-backup), only one NIC is active at a time while the other remains in standby. When the active NIC fails, the bonding driver automatically fails over to the backup NIC by reassigning the MAC address and IP to the backup interface, typically within a few milliseconds. This ensures minimal interruption to network traffic without requiring manual intervention.

Exam trap

The trap here is that candidates often confuse active-backup (mode 1) with balance-rr (mode 0) or assume that both NICs must be active for redundancy, leading them to incorrectly select Option A.

How to eliminate wrong answers

Option A is wrong because in active-backup mode, only one NIC passes traffic at any given time; both NICs never pass traffic simultaneously. Option C is wrong because the bond interface does not go down; the failover is automatic and does not require administrator intervention. Option D is wrong because the bond interface remains operational and continues to use the backup NIC; the system does not disable the bond or revert to a single un-bonded NIC.

469
MCQeasy

An administrator needs to configure a service to run as a non-root user for security reasons. Which systemd unit file directive accomplishes this?

A.AmbientCapabilities=CAP_NET_BIND_SERVICE
B.DynamicUser=yes
C.User=myuser
D.Group=myuser
AnswerC

User= specifies the username or UID to run the service.

Why this answer

Option C is correct because the `User=` directive in a systemd unit file specifies the user (by name or UID) under which the service process runs. By setting `User=myuser`, the service executes with the privileges of that non-root user, reducing the attack surface and adhering to the principle of least privilege. This is the standard systemd mechanism for dropping root privileges for a service.

Exam trap

The trap here is that candidates often confuse `User=` with `Group=` or assume that `DynamicUser=yes` is the only way to run as a non-root user, missing that `User=` directly specifies a static, named user account.

How to eliminate wrong answers

Option A is wrong because `AmbientCapabilities=CAP_NET_BIND_SERVICE` grants a specific capability (binding to privileged ports below 1024) to the service, but it does not change the user context; the service would still run as root unless a `User=` directive is also used. Option B is wrong because `DynamicUser=yes` creates a transient, ephemeral user and group for the service, but it does not allow you to specify a particular non-root user like 'myuser'; it is intended for services that need isolated, temporary credentials. Option D is wrong because `Group=myuser` sets the group ID for the service but does not change the user; the service would still run as root (or whatever user is set by `User=`) unless `User=` is also specified.

470
MCQeasy

An administrator wants to add user 'bob' to the supplementary group 'docker' without removing bob from any existing groups. Which command accomplishes this?

A.usermod -g docker bob
B.usermod -aG docker bob
C.usermod -G docker bob
D.usermod -G docker bob
AnswerB

-aG appends docker to the list of supplementary groups.

Why this answer

Option B is correct because the `-a` (append) flag combined with `-G` (supplementary groups) ensures user 'bob' is added to the 'docker' group without removing him from any existing supplementary groups. Without `-a`, the `-G` flag replaces the user's current supplementary group list with the specified groups.

Exam trap

The trap here is that candidates often confuse `-g` (primary group) with `-G` (supplementary groups) and overlook the necessity of the `-a` flag to append rather than replace supplementary group memberships.

How to eliminate wrong answers

Option A is wrong because `-g` sets the primary group (GID) for the user, not a supplementary group; this would change bob's primary group to 'docker' and remove him from his current primary group. Option C is wrong because `-G` without `-a` replaces all supplementary groups with the specified group(s), effectively removing bob from any other supplementary groups he belongs to. Option D is wrong for the same reason as C — it is identical to C and lacks the `-a` flag, causing group replacement.

471
Multi-Selecteasy

Which TWO configuration files are commonly used to set DNS resolver settings on a Linux system?

Select 2 answers
A./etc/nsswitch.conf
B./etc/hostname
C./etc/sysconfig/network
D./etc/hosts
E./etc/resolv.conf
AnswersA, E

Controls order of name resolution (e.g., files, dns).

Why this answer

Option A is correct because /etc/nsswitch.conf controls the order of name resolution sources (e.g., files, dns, mdns) via the 'hosts' database line. Option E is correct because /etc/resolv.conf directly specifies the DNS resolver settings, including nameserver IP addresses, search domains, and options, as defined by RFC 1035.

Exam trap

The trap here is that candidates often confuse /etc/hosts with a DNS resolver configuration file, but it is only a static local lookup table, not a resolver setting file.

472
MCQhard

After adding a new disk and creating an ext4 filesystem on /dev/sdc1 with mke2fs, the administrator added an entry to /etc/fstab to mount it at /data. However, after reboot, the filesystem is not mounted. Which of the following is the most likely cause?

A.The filesystem superblock was corrupted.
B.The filesystem was not formatted correctly.
C.The fstab entry uses the device name /dev/sdc1 instead of UUID.
D.The mount point /data does not exist.
AnswerC

Device names can change after reboot; using UUID in fstab prevents this issue.

Why this answer

Option C is correct because when using device names like /dev/sdc1 in /etc/fstab, the kernel may assign a different device name (e.g., /dev/sdb1) after reboot due to asynchronous device discovery, causing the mount to fail. Using the filesystem's UUID (universally unique identifier) ensures persistent identification regardless of device name changes, which is a best practice for ext4 filesystems created with mke2fs.

Exam trap

The trap here is that candidates assume device names like /dev/sdc1 are stable across reboots, but LFCS exams test the understanding that UUIDs or LABELs are required for persistent mounts, especially after adding new disks.

How to eliminate wrong answers

Option A is wrong because superblock corruption would typically cause mount failures with specific I/O errors, not a silent failure to mount after reboot; the administrator would likely see errors during mount or fsck. Option B is wrong because mke2fs is the standard tool for creating ext4 filesystems, and if it completed without errors, the filesystem is correctly formatted; a formatting issue would produce immediate errors during creation or mounting. Option D is wrong because if /data did not exist, the mount command would fail with a 'No such file or directory' error, and the administrator would have noticed this during initial testing or system logs; the question implies the mount point was created.

473
MCQmedium

Existing user 'jdoe' is a member of groups 'users' (primary) and 'staff'. The administrator needs to add 'jdoe' to group 'projectx' while preserving existing supplementary group memberships. Which command achieves this?

A.usermod -g projectx -G projectx jdoe
B.usermod -g projectx jdoe
C.usermod -G projectx jdoe
D.usermod -a -G projectx jdoe
AnswerD

-a appends to current supplementary groups; -G specifies group(s).

Why this answer

Option A is correct because usermod -a -G appends to supplementary groups without removing others. Option B (-G alone) would replace all supplementary groups with only 'projectx', losing 'staff'. Option C and D alter primary group.

474
MCQmedium

A user with uid 1000 tries to read /etc/shadow and gets 'Permission denied'. The user is not in the shadow group. Which of the following actions would allow the user to read the file without changing the file's group or permissions?

A.Set an ACL using setfacl to grant user1 read access
B.Use chmod o+r /etc/shadow as root
C.Add user1 to the shadow group using usermod -aG shadow user1
D.Change the file owner to user1 using chown
AnswerC

Correct: adding to shadow group gives read access via group permission.

Why this answer

Option C is correct because adding user1 to the shadow group grants group-level read access to /etc/shadow without altering the file's permissions or group ownership. The file is typically owned by root:shadow with permissions 640 (rw-r-----), so members of the shadow group can read it. The usermod -aG command appends the user to the supplementary group, preserving existing group memberships.

Exam trap

The trap here is that candidates often assume ACLs (setfacl) are not a 'permission change' and select option A, but ACLs are indeed a form of permission modification and violate the constraint, while group membership addition is a user attribute change, not a file attribute change.

How to eliminate wrong answers

Option A is wrong because setting an ACL with setfacl changes the file's access control list, which is a form of permission modification, and the question explicitly forbids changing the file's group or permissions. Option B is wrong because chmod o+r /etc/shadow changes the file's permissions (adds world-read), which violates the constraint of not changing permissions. Option D is wrong because changing the file owner to user1 with chown modifies the file's ownership, which is also prohibited by the question's conditions.

475
MCQhard

An administrator needs to find the process ID of the cron daemon. Which combination of commands is most effective?

A.top -p $(pgrep cron)
B.pgrep cron
C.pidof cron
D.ps -C cron -o pid=
AnswerC

Returns the exact PID of the cron daemon.

Why this answer

Option C is correct because `pidof cron` directly returns the numeric process ID(s) of the cron daemon by searching the process name in the `/proc` filesystem. It is the most straightforward command for this specific task, as it outputs only the PID without additional formatting or filtering.

Exam trap

The trap here is that candidates often choose `pgrep cron` (option B) because it seems simple, but they overlook that `pgrep` uses regex matching by default and may return multiple or incorrect PIDs, whereas `pidof` is designed for exact binary name matching.

How to eliminate wrong answers

Option A is wrong because `top -p $(pgrep cron)` launches an interactive process viewer that continuously refreshes, which is overkill and not the most effective way to simply find a PID. Option B is wrong because `pgrep cron` may return multiple PIDs if multiple processes match the name 'cron', and it does not guarantee the daemon's PID without additional filtering (e.g., `-x` for exact match). Option D is wrong because `ps -C cron -o pid=` is valid but less direct than `pidof cron`; it requires parsing output and may include processes with 'cron' in the command name that are not the daemon.

476
MCQeasy

A system administrator needs to create a user account for a temporary contractor. The account should have a home directory under /home/contractors, the login shell should be /bin/bash, and the user should be a member of the 'contractors' group. Which command accomplishes this?

A.useradd -m -d /home/contractors/tempuser -s /bin/bash -G contractors tempuser
B.useradd -m -h /home/contractors/tempuser -s /bin/bash -g contractors tempuser
C.useradd -m -d /home/contractors/tempuser -s /bin/bash -p contractors tempuser
D.useradd -m -d /home/contractors/tempuser -s /bin/bash -g contractors tempuser
AnswerD

Correct syntax: -m creates home if missing, -d sets home path, -s sets shell, -g sets primary group.

Why this answer

Option B is correct because useradd -m creates a home directory, -d specifies the home directory path, -s sets the shell, and -g sets the primary group. Option A is wrong because -G sets supplementary groups, not primary. Option C wrongly uses -h for home.

Option D wrongly uses -p for password.

477
Multi-Selectmedium

Which THREE commands can be used to view the contents of a file?

Select 3 answers
A.grep
B.find
C.cat
D.head
E.less
AnswersC, D, E

Concatenates and displays file contents.

Why this answer

The `cat` command (option C) is a standard Unix utility that reads files sequentially and outputs their contents to the standard output. It is one of the most basic and direct ways to view the entire content of a file in the terminal.

Exam trap

The trap here is that candidates may confuse `grep` (which can display matching lines) with a file-viewing command, or think `find` can show file contents because it locates files, but neither is designed for that purpose.

478
Multi-Selecthard

Which THREE files are directly related to user and group management in a Linux system? (Select three.)

Select 3 answers
A./etc/sudoers
B./etc/login.defs
C./etc/group
D./etc/passwd
E./etc/shadow
AnswersC, D, E

Contains group definitions.

Why this answer

The files /etc/passwd, /etc/group, and /etc/shadow are the core local databases for user and group management. /etc/passwd stores user account information (username, UID, GID, home directory, shell), /etc/group stores group definitions (group name, GID, member list), and /etc/shadow stores encrypted password hashes and password aging data. These three files are directly consulted by commands like useradd, usermod, groupadd, and login for authentication and identity management.

Exam trap

The trap here is that candidates may confuse configuration files like /etc/sudoers or /etc/login.defs with the actual user/group database files, but the question specifically asks for files 'directly related to user and group management'—meaning the files that store the user and group records themselves, not files that configure how those records are created or used.

479
MCQeasy

A system administrator needs to find all files in /var/log that have been modified in the last 7 days. Which command accomplishes this?

A.find /var/log -type f -atime -7
B.find /var/log -type f -ctime -7
C.find /var/log -type f -mtime +7
D.find /var/log -type f -mtime -7
AnswerD

Correct: -mtime -7 means modified less than 7 days ago.

Why this answer

Option D is correct because the `find` command with `-mtime -7` searches for files whose modification time (content change) is less than 7 days ago, which matches the requirement of 'modified in the last 7 days'. The `-type f` restricts the search to regular files, and `/var/log` is the target directory.

Exam trap

The trap here is confusing `-mtime` (modification time) with `-ctime` (inode change time) or `-atime` (access time), as candidates often mistakenly think 'changed' refers to content modification rather than metadata changes.

How to eliminate wrong answers

Option A is wrong because `-atime -7` searches for files accessed (read) in the last 7 days, not modified; this tests access time, not content change. Option B is wrong because `-ctime -7` searches for files whose metadata (inode change) was modified in the last 7 days, such as permissions or ownership changes, not file content modification. Option C is wrong because `-mtime +7` finds files modified more than 7 days ago (older than 7 days), which is the opposite of the requirement.

480
Matchingmedium

Match each systemd unit type to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manages a daemon or service

Interprocess communication socket

Schedules and activates other units

Controls mount points

Groups units for synchronization

Why these pairings

These unit types are fundamental to systemd.

481
MCQeasy

A system administrator notices that '/var/log/syslog' has grown very large and is consuming significant disk space. The administrator wants to identify the largest log files in the '/var/log' directory hierarchy. Which command should the administrator use?

A.find /var/log -size +100M -exec ls -lh {} \;
B.du -ah /var/log | sort -hr | head -10
C.df -h /var/log
D.ls -lhS /var/log
AnswerB

Correctly lists and sorts all files and directories by size.

Why this answer

Option B is correct because `du -ah /var/log` calculates the disk usage of all files and directories in `/var/log` in human-readable format, then `sort -hr` sorts them by size in descending order, and `head -10` shows the top 10 largest entries. This directly identifies the largest log files in the hierarchy, which is exactly what the administrator needs.

Exam trap

The trap here is that candidates often choose `ls -lhS /var/log` (option D) because it sorts by size, but they overlook that it does not recurse into subdirectories, missing large files in subfolders like `/var/log/apache2/` or `/var/log/journal/`.

How to eliminate wrong answers

Option A is wrong because `find /var/log -size +100M` only finds files larger than 100 MB, missing any large files under that threshold, and it does not sort or limit results, so it may not show the largest files overall. Option C is wrong because `df -h /var/log` shows the total disk usage and available space of the filesystem containing `/var/log`, not the sizes of individual files or directories. Option D is wrong because `ls -lhS /var/log` lists only the immediate contents of `/var/log` sorted by size, but it does not recurse into subdirectories, so it misses large files deeper in the hierarchy.

482
MCQmedium

An administrator needs to schedule a cron job that runs a script every day at 3:00 AM, but the system is in a different time zone (UTC) than the administrator's local time (EST). The administrator wants the job to run at 3:00 AM local time regardless of system time zone changes. What is the best approach?

A.Change the system time zone to EST and set the cron job to run at 3:00 AM
B.Use the CRON_TZ variable in the crontab file to specify EST and schedule at 3:00 AM
C.Set the TZ environment variable in the crontab file before the job definition
D.Calculate the UTC equivalent (8:00 AM UTC) and schedule the job at that time
AnswerB

CRON_TZ sets the time zone for subsequent cron jobs in the file.

Why this answer

Option B is correct because the CRON_TZ variable, when set in a crontab file, allows you to specify a time zone for the cron daemon to interpret the schedule entries. This ensures the job runs at 3:00 AM EST regardless of the system's default time zone (UTC), and it persists even if the system time zone changes, as cron uses the variable for scheduling.

Exam trap

The trap here is that candidates often confuse the TZ environment variable (which affects the job's runtime environment) with the CRON_TZ variable (which affects cron's scheduling logic), leading them to incorrectly select option C.

How to eliminate wrong answers

Option A is wrong because changing the system time zone to EST would affect all system processes and logs, not just the cron job, and it would not be resilient to future time zone changes. Option C is wrong because setting the TZ environment variable in the crontab file before the job definition does not affect how cron interprets the schedule times; cron uses its own time zone logic, and TZ only affects the environment of the executed job, not the scheduling. Option D is wrong because calculating the UTC equivalent (8:00 AM UTC) would make the job run at 3:00 AM EST only as long as the system time zone remains UTC; if the system time zone changes, the job would no longer run at the desired local time.

483
MCQmedium

A script needs to search for lines containing 'ERROR' in /var/log/syslog and count them. Which command pipeline achieves this?

A.wc -l /var/log/syslog
B.grep ERROR /var/log/syslog | wc -c
C.grep ERROR /var/log/syslog | wc -l
D.grep -c ERROR /var/log/syslog
AnswerC

Filters ERROR lines and counts them.

Why this answer

Option C is correct because it uses `grep` to filter lines containing 'ERROR' from `/var/log/syslog` and pipes the output to `wc -l`, which counts the number of lines. This pipeline accurately counts the lines that match the pattern, which is the required task.

Exam trap

The trap here is that candidates may choose `grep -c` (option D) because it achieves the same result, but the question specifically requires a pipeline, and Linux Foundation often tests the literal interpretation of 'command pipeline' to catch those who overlook the wording.

How to eliminate wrong answers

Option A is wrong because `wc -l /var/log/syslog` counts all lines in the file, not just those containing 'ERROR'. Option B is wrong because `wc -c` counts bytes (characters) in the matched lines, not the number of lines. Option D is wrong because `grep -c ERROR /var/log/syslog` does count matching lines, but the question explicitly asks for a command pipeline (using `|`), and this is a single command; while it achieves the same result, it does not match the 'pipeline' requirement.

484
MCQmedium

A sysadmin is troubleshooting an issue where a software RAID1 array fails to assemble after a reboot. The array was created with mdadm using /dev/sdb1 and /dev/sdc1. The administrator checks /proc/mdstat but the array is not present. They attempt to assemble manually with mdadm --assemble /dev/md0 /dev/sdb1 /dev/sdc1, but it requires a repair. After repair, the array works. To prevent this from happening again, what should the administrator do?

A.Use UUIDs instead of device names in configuration.
B.Set the partition type to 'Linux RAID' on both partitions.
C.Rebuild the initramfs.
D.Add an entry for the array in /etc/mdadm/mdadm.conf.
AnswerD

Correct: This configuration file ensures automatic assembly at boot.

Why this answer

Option B is correct because adding an entry to /etc/mdadm/mdadm.conf (or /etc/mdadm.conf) with the array details allows the system to automatically assemble the array at boot. Option A is good practice but not mandatory for assembly. Options C and D are also good but B directly solves the missing auto-assembly.

485
MCQmedium

A system administrator is troubleshooting a production web server running CentOS 7 that became unresponsive. The server is still pingable, but SSH connections timeout. The admin performs an out-of-band console login. The server appears frozen; typing commands shows no output. The admin is able to trigger a Magic SysRq key sequence (Alt+SysRq+f) to kill the hung processes. After that, the server resumes normal operation. However, the admin wants to understand the root cause. Upon checking 'dmesg', they see repeated messages: 'NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s!' followed by stack traces from a kernel thread. Which action should the admin take to prevent recurrence while maintaining system stability?

A.Replace the power supply unit to ensure stable power.
B.Increase the soft lockup threshold via sysctl to reduce false positives.
C.Add 'nosoftlockup' to the kernel boot parameters.
D.Update the server's BIOS/firmware and check for kernel updates.
AnswerD

Soft lockups often indicate hardware/firmware issues; updates may resolve.

Why this answer

Option D is correct because soft lockup errors on CentOS 7 often indicate kernel bugs or hardware/firmware issues that cause CPUs to stall for extended periods. Updating the BIOS/firmware can resolve underlying hardware timing problems, while kernel updates may include patches for known soft lockup bugs. This approach addresses the root cause without disabling or weakening the watchdog mechanism, preserving system stability.

Exam trap

The trap here is that candidates may think soft lockup errors are false positives or can be safely ignored by increasing thresholds or disabling the watchdog, when in fact they indicate a genuine kernel or hardware issue that requires a proper fix.

How to eliminate wrong answers

Option A is wrong because a failing power supply typically causes random crashes or power-offs, not soft lockup errors in a single CPU core with a stuck kernel thread. Option B is wrong because increasing the soft lockup threshold merely masks the symptom by allowing longer stalls before detection, which can lead to worse system degradation and does not fix the underlying cause. Option C is wrong because adding 'nosoftlockup' disables the NMI watchdog entirely, removing the ability to detect and recover from soft lockups, which compromises system stability and is not a proper fix.

486
Multi-Selecteasy

Which TWO commands can be used to resolve a hostname to an IP address?

Select 2 answers
A.host
B.traceroute
C.ping
D.nslookup
E.ifconfig
AnswersA, D

This is a DNS lookup utility.

Why this answer

The `host` command is a simple DNS lookup utility that queries DNS servers to resolve a hostname to an IP address. It directly performs forward DNS resolution using the system's configured resolvers and returns the A or AAAA record for the given name.

Exam trap

The trap here is that candidates often think `ping` is a valid name resolution tool because it can accept a hostname and display the resolved IP in its output, but `ping` relies on the system resolver and does not perform its own DNS query—it only displays the IP after the system has already resolved it, making it a connectivity test, not a resolution command.

487
Multi-Selecthard

Which THREE factors can cause a system to fail to boot after changing kernel boot parameters in GRUB?

Select 3 answers
A.An incorrect network configuration.
B.A corrupted GRUB configuration file.
C.A missing initrd file path.
D.A misspelled parameter for the kernel.
E.An invalid root filesystem UUID.
AnswersC, D, E

Initrd is required for loading modules.

Why this answer

Option C is correct because the initrd (initial RAM disk) contains essential drivers and modules needed to mount the root filesystem. If the initrd file path in GRUB is missing or incorrect, the kernel cannot load the necessary drivers to access the root partition, causing a boot failure.

Exam trap

The trap here is that candidates often confuse boot-time failures with post-boot configuration issues, mistakenly thinking that network or GRUB config errors can cause a boot failure after kernel parameters are changed, when in fact only kernel-level parameters (initrd, kernel arguments, root device) directly affect the boot process.

488
MCQeasy

To check the details of a failed systemd service unit, including the last log entries, which command is most appropriate?

A.systemctl status service
B.systemctl list-units --failed
C.systemctl is-failed service
D.systemctl show service
AnswerA

Shows current state and last log lines.

Why this answer

`systemctl status service` is the most appropriate command because it displays the current state of the service unit, including whether it is active, failed, or inactive, along with the last several log entries from the journal for that unit. This provides both the failure status and the contextual log output needed to diagnose why the service failed, all in a single command.

Exam trap

The trap here is that candidates often confuse `systemctl is-failed` (which only checks the failure state) with `systemctl status` (which provides both the state and the logs), leading them to choose a command that gives insufficient diagnostic information for the question's requirement of 'including the last log entries'.

How to eliminate wrong answers

Option B is wrong because `systemctl list-units --failed` only lists all failed units without showing the detailed status or log entries for a specific service. Option C is wrong because `systemctl is-failed service` only returns a simple exit code or string ('failed' or 'active') indicating whether the unit is in a failed state, but it does not provide any log entries or detailed failure information. Option D is wrong because `systemctl show service` displays all unit properties (such as environment variables, resource limits, and dependency information) in a structured key-value format, but it does not include the recent log entries needed for troubleshooting a failure.

489
MCQhard

Refer to the exhibit. What is the most likely issue with the Apache web server?

A.The service is not enabled.
B.The main PID is incorrect.
C.The DocumentRoot directory does not exist.
D.The service is not running.
AnswerC

The log shows a warning that the DocumentRoot does not exist.

Why this answer

The most likely issue is that the DocumentRoot directory does not exist. When Apache starts, it checks for the existence of the directory specified by the DocumentRoot directive (e.g., /var/www/html). If this directory is missing, Apache will fail to serve content and may log an error like 'Primary script unknown' or 'Directory index forbidden', even though the service itself is running and enabled.

This is a common misconfiguration after moving or deleting the web root.

Exam trap

Linux Foundation often tests the distinction between a service being 'running' versus being 'functional'—candidates see 'active (running)' and assume everything is fine, missing that a missing DocumentRoot or misconfigured directory can render the web server non-functional despite the process being alive.

How to eliminate wrong answers

Option A is wrong because 'service not enabled' would prevent Apache from starting automatically on boot, but the exhibit shows the service is active (running), so it is already started. Option B is wrong because the main PID being incorrect is not a typical Apache issue; the PID shown in systemctl status is automatically assigned by the system and does not cause a failure to serve content. Option D is wrong because the service is clearly running (active (running) status), so it is not a case of the service not running.

490
Multi-Selecteasy

Which TWO commands can be used to display listening TCP ports on a Linux system?

Select 2 answers
A.ss -tln
B.netstat -tln
C.nmap -sT localhost
D.iptables -L
E.lsof -i TCP
AnswersA, B

ss -tln lists listening TCP ports (t for TCP, l for listening, n for numeric).

Why this answer

The `ss -tln` command displays listening TCP sockets by using the `-t` flag for TCP, `-l` for listening sockets, and `-n` to show numeric addresses and ports without resolving service names. It reads socket information directly from the kernel's netlink interface, making it the modern replacement for netstat on Linux systems.

Exam trap

The trap here is that candidates often assume `lsof -i TCP` shows only listening ports, but without the `-sTCP:LISTEN` filter it displays all TCP sockets, including established connections, making it incorrect for the specific requirement of listing only listening TCP ports.

491
MCQeasy

Refer to the exhibit. Which filesystem is close to full capacity?

A.Both are at 75% or less
B./dev/sda1
C.Neither
D./dev/sdb1
AnswerD

90% used, very close to capacity.

Why this answer

The output of `df -h` shows that /dev/sdb1 has 80% usage (80% capacity), while /dev/sda1 is at 75%. The question asks which filesystem is 'close to full capacity,' and 80% is closer to full than 75%, making D correct. In the LFCS context, 'close to full' typically implies a higher percentage, and 80% exceeds the 75% threshold of the other option.

Exam trap

The trap here is that candidates may misinterpret 'close to full capacity' as any value above 50% or assume both are equally close, but the question specifically tests the ability to compare percentages and identify the higher usage.

How to eliminate wrong answers

Option A is wrong because it states both are at 75% or less, but /dev/sdb1 is at 80%, which is above 75%. Option B is wrong because /dev/sda1 is at 75%, which is not as close to full capacity as /dev/sdb1 at 80%. Option C is wrong because /dev/sdb1 is indeed close to full capacity at 80%, so 'Neither' is incorrect.

492
Multi-Selecthard

An administrator is troubleshooting a server that cannot mount an XFS filesystem on /dev/sdb1. The command mount /dev/sdb1 /data fails with 'wrong fs type, bad option, bad superblock'. Which three commands can help diagnose the issue? (Choose three.)

Select 3 answers
A.dmesg | tail
B.xfs_repair -n /dev/sdb1
C.fsck /dev/sdb1
D.xfs_db -c 'sb' -c 'p' /dev/sdb1
E.blkid /dev/sdb1
AnswersA, B, D

Shows recent kernel logs.

Why this answer

Option A is correct because `dmesg | tail` displays the kernel ring buffer messages, which often contain detailed error information from the XFS driver when a mount fails. This can reveal specific reasons such as a corrupt superblock, wrong filesystem type detection, or missing kernel support, helping to pinpoint the root cause.

Exam trap

The trap here is that candidates often assume `fsck` is a universal filesystem checker, but it is specific to ext family filesystems and should never be used on XFS, where `xfs_repair` is the correct tool.

493
Multi-Selecteasy

Which two commands can be used to create an ext4 filesystem on a Linux block device? (Choose two.)

Select 2 answers
A.fsck.ext4 /dev/sdb1
B.mke2fs -j /dev/sdb1
C.mke2fs -t ext4 /dev/sdb1
D.tune2fs -O extents /dev/sdb1
E.mkfs.ext4 /dev/sdb1
AnswersC, E

Creates ext4 using the -t ext4 option.

Why this answer

Both `mke2fs -t ext4` and `mkfs.ext4` are valid commands to create an ext4 filesystem. `mke2fs` is the underlying tool for creating ext2/ext3/ext4 filesystems, and the `-t ext4` flag explicitly sets the filesystem type to ext4. `mkfs.ext4` is a wrapper script that calls `mke2fs` with the appropriate options for ext4, making it a direct and commonly used alternative.

Exam trap

The trap here is that candidates may confuse `mke2fs -j` (which creates ext3) with a command that creates ext4, or think `tune2fs` can create a filesystem, when it only modifies existing ones.

494
Matchingmedium

Match each Linux filesystem hierarchy standard (FHS) directory to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Host-specific configuration files

Variable data like logs and databases

Secondary hierarchy for user utilities

Virtual filesystem for process and kernel info

Temporary files

Why these pairings

These directories are part of the FHS standard.

495
MCQeasy

Refer to the exhibit. The administrator attempted to create a user 'newuser' but received an error. Which command should be used to check if the user already exists?

A.cat /etc/passwd | grep newuser
B.passwd -S newuser
C.usermod -c newuser
D.userdel -v newuser
AnswerA

Looks for the user in the password file.

Why this answer

The simplest way is to check /etc/passwd; the 'id' command can also verify existence.

496
Multi-Selectmedium

Which TWO commands can be used to display the current runlevel or target of a systemd-based system?

Select 2 answers
A.systemctl get-default
B.telinit
C.init 3
D.systemctl list-units --type=target
E.runlevel
AnswersA, E

Displays the default target.

Why this answer

Option A is correct because `systemctl get-default` directly queries the systemd default target, which is the equivalent of the traditional runlevel in a systemd-based system. This command outputs the target that will be activated at boot, such as `multi-user.target` or `graphical.target`.

Exam trap

The trap here is that candidates may confuse commands that change the runlevel (like `init 3` or `telinit`) with commands that display it, or assume `systemctl list-units --type=target` shows the current target when it actually lists all targets regardless of state.

497
MCQmedium

An administrator wants to ensure that a specific LVM logical volume is automatically resized when the underlying physical volume is extended. Which steps are required?

A.Add the logical volume to the volume group with '--auto-resize' flag.
B.Extend the physical volume, extend the logical volume, and update /etc/fstab with 'auto-resize' option.
C.Mount the filesystem with the 'extend' option to allow automatic resize on PV changes.
D.Extend the physical volume, extend the logical volume, and then run resize2fs (or xfs_growfs) to resize the filesystem.
AnswerD

Filesystem resize is a manual step after LV extension.

Why this answer

Option B is correct: After extending the PV and LV, the filesystem must be resized with resize2fs or xfs_growfs. Option A forgets to resize the filesystem. Option C is wrong because auto-resize is not a mount option.

Option D is wrong because LVM does not auto-resize.

498
MCQeasy

An administrator needs to compress a directory named 'project' into a tarball with maximum compression using gzip. Which command is appropriate?

A.tar -cjvf archive.tar.bz2 project
B.tar -czvf archive.tar.gz project
C.tar -cJvf archive.tar.xz project
D.tar -cvf archive.tar project
AnswerB

Creates a gzip-compressed tarball.

Why this answer

Option B is correct because the `-z` flag tells tar to compress the archive using gzip, and the `-c` flag creates a new archive. The `-v` flag provides verbose output, and `-f` specifies the archive filename. The `.tar.gz` extension is the conventional extension for a gzip-compressed tarball, and gzip offers maximum compression among the commonly used Unix compression tools (though it is slower than gzip's default level, the question implies using gzip itself, not a different algorithm).

Exam trap

The trap here is that candidates often confuse the compression flags (`-z` for gzip, `-j` for bzip2, `-J` for xz) and may pick option A or C thinking they provide 'maximum compression' without realizing the question specifically requires gzip, not just any compression.

How to eliminate wrong answers

Option A is wrong because the `-j` flag compresses with bzip2, not gzip, and the `.tar.bz2` extension indicates bzip2 compression, which is not what the question asks for. Option C is wrong because the `-J` flag compresses with xz, not gzip, and the `.tar.xz` extension indicates xz compression, which is a different algorithm. Option D is wrong because it creates an uncompressed tarball (no compression flag), resulting in a `.tar` file, which does not satisfy the requirement for gzip compression.

499
MCQmedium

A developer accidentally deleted a critical file /var/log/app.log. The system administrator knows that the file was recently backed up using a cron job that runs 'tar -czf /backup/logs.tar.gz /var/log/'. Which command should the administrator use to restore the file from the backup without extracting the entire archive?

A.tar -xf /backup/logs.tar.gz var/log/app.log
B.tar -tf /backup/logs.tar.gz | grep app.log
C.tar -xzf /backup/logs.tar.gz --to-stdout var/log/app.log > /var/log/app.log
D.cp /backup/logs.tar.gz:/var/log/app.log /var/log/app.log
AnswerC

Correctly extracts the single file to stdout and redirects to restore it.

Why this answer

Option C is correct because `tar -xzf` extracts the specified file (`var/log/app.log`) from the compressed archive and `--to-stdout` sends its content to standard output, which is then redirected to recreate the file at `/var/log/app.log`. This restores the single file without extracting the entire archive, matching the requirement precisely.

Exam trap

The trap here is that candidates may assume `tar -xf` works with `.tar.gz` files without the `-z` flag, or that `cp` can directly reference files inside a tar archive using a colon syntax, which is not supported by the standard `cp` command.

How to eliminate wrong answers

Option A is wrong because `tar -xf` does not automatically handle gzip compression; the archive is `.tar.gz`, so the `-z` flag is needed to decompress on the fly. Without `-z`, tar will fail to read the compressed archive. Option B is wrong because `tar -tf` only lists the contents of the archive; it does not extract any files, so it cannot restore the file.

Option D is wrong because `cp` does not support the syntax `archive:path`; that is a feature of `rsync` or certain network filesystems, not a standard `cp` operation, and it will result in an error.

500
MCQmedium

A database server is running out of space in its /var/lib/mysql directory. The system admin wants to add a new 100GB disk to increase storage. Which of the following steps should be performed to mount the new filesystem at /var/lib/mysql without data loss?

A.Add the new disk as an LVM physical volume, extend the volume group, extend the logical volume containing /var/lib/mysql, and then resize the filesystem.
B.Partition the disk, create a filesystem, add an entry in /etc/fstab, and reboot the server.
C.Partition the disk, create a filesystem, mount it directly to /var/lib/mysql, and then move the existing data into place.
D.Partition the disk, create a filesystem, mount it at a temporary mount point, copy existing data from /var/lib/mysql to the new filesystem, unmount /var/lib/mysql (if it's a mount), mount the new filesystem at /var/lib/mysql, and update /etc/fstab.
AnswerD

Correct procedure ensures no data loss.

Why this answer

Option D is correct because it ensures no data loss by first copying existing data to the new filesystem mounted at a temporary point, then unmounting the old mount (if any) and remounting the new filesystem at /var/lib/mysql. This preserves the existing database files and allows the new disk to be used without disrupting the directory structure. The /etc/fstab update ensures the mount persists across reboots.

Exam trap

The trap here is that candidates often choose Option C, thinking they can mount directly and then move data, but they overlook that mounting over a non-empty directory hides existing data, making it impossible to move without unmounting first, which would cause data loss if not done carefully.

How to eliminate wrong answers

Option A is wrong because it assumes /var/lib/mysql is already on an LVM logical volume, but the question does not state that; if it is not, extending LVM would not apply, and even if it were, the steps described (extend LV, resize filesystem) would not involve adding a new disk to the mount point without data migration steps. Option B is wrong because partitioning, creating a filesystem, adding an fstab entry, and rebooting would mount the new disk at /var/lib/mysql only if the directory is empty or the old data is overwritten; it does not include copying existing data, leading to data loss. Option C is wrong because mounting the new filesystem directly to /var/lib/mysql would obscure any existing data in that directory (the old data would become inaccessible until unmounted), and moving data into place after mounting would require unmounting and remounting, risking data loss or corruption.

501
MCQmedium

After editing /etc/sysconfig/network-scripts/ifcfg-eth0, the network service fails to start. Which is the best command to investigate?

A.nmcli device status
B.systemctl status NetworkManager
C.journalctl -u NetworkManager
D.ip link show eth0
AnswerB

This shows the current status and recent errors of the NetworkManager service.

Why this answer

The best command to investigate why the network service fails to start after editing an interface configuration file is `systemctl status NetworkManager`, because it shows the current state, recent log entries, and any error messages from the NetworkManager service. Since NetworkManager is the default network service on modern RHEL/CentOS systems, checking its status directly reveals whether it failed to reload or start, and often includes the specific configuration error.

Exam trap

The trap here is that candidates often pick `journalctl -u NetworkManager` because it shows logs, but the LFCS exam expects you to know that `systemctl status` is the first-line diagnostic tool for service failures, as it provides a quick summary of the service state and recent errors without needing to filter through all logs.

How to eliminate wrong answers

Option A is wrong because `nmcli device status` only displays the current state of network devices (e.g., connected, disconnected) and does not show service-level errors or why the service failed to start. Option C is wrong because `journalctl -u NetworkManager` shows the full log history of the NetworkManager service, which is useful for deeper debugging but is not the best first command; the question asks for the 'best command to investigate' immediately after failure, and `systemctl status` provides a concise summary including the last few log lines and the service state. Option D is wrong because `ip link show eth0` only shows the link-level state of the interface (e.g., UP/DOWN) and does not reveal why the network service failed to start, such as syntax errors in the configuration file.

502
MCQmedium

A user's account needs to be set to expire on a specific date. Which command should the administrator use?

A.usermod -e 2025-01-01 username
B.usermod -c 'expire=2025-01-01' username
C.passwd -x 90 username
D.chage -E 2025-01-01 username
AnswerD

Correct: -E sets expiration date.

Why this answer

Option B is correct: chage -E sets the account expiration date. Option A sets GECOS, not expiration. Option C sets password expiration, not account.

Option D is invalid.

503
MCQeasy

An administrator wants to ensure that a service is listening on TCP port 8080 and accessible from remote hosts. Which command will confirm that the service is listening on the correct interface?

A.iptables -L
B.netstat -i
C.ss -tlnp
D.ip addr
AnswerC

Shows listening TCP sockets with process and address.

Why this answer

Option C is correct because the `ss -tlnp` command displays listening (`-l`) TCP (`-t`) sockets with numeric addresses (`-n`) and the associated process (`-p`), which directly confirms that a service is bound to TCP port 8080 on a specific interface (e.g., 0.0.0.0:8080 or 192.168.1.10:8080). This ensures the service is listening on the correct interface and is reachable from remote hosts.

Exam trap

The trap here is that candidates confuse commands that show network configuration or firewall rules with those that show actual listening sockets, leading them to pick `iptables -L` or `ip addr` instead of `ss -tlnp`.

How to eliminate wrong answers

Option A is wrong because `iptables -L` lists firewall rules, not listening sockets; it cannot confirm whether a service is listening on a specific port or interface. Option B is wrong because `netstat -i` displays interface statistics (packets, errors, etc.), not listening sockets or port bindings. Option D is wrong because `ip addr` shows IP addresses assigned to network interfaces, not the listening state of services or TCP ports.

504
MCQeasy

A junior administrator needs to display the first 10 lines of a file named 'data.csv'. Which command should they use?

A.head data.csv
B.less data.csv
C.tail data.csv
D.cat data.csv
AnswerA

Correctly displays first 10 lines.

Why this answer

The `head` command is specifically designed to display the first 10 lines of a file by default. Running `head data.csv` will output the first 10 lines of the CSV file, making it the correct choice for this task.

Exam trap

The trap here is that candidates may confuse `head` with `tail` or `less`, thinking any command that displays file content can be used, but the exam specifically tests knowledge of the default behavior of each command for displaying the first lines of a file.

How to eliminate wrong answers

Option B is wrong because `less` is a pager that displays the file interactively, starting from the first line but requiring user input to scroll, and does not automatically show only the first 10 lines. Option C is wrong because `tail` displays the last 10 lines of a file by default, not the first 10 lines. Option D is wrong because `cat` outputs the entire file contents to the terminal, which is inefficient and does not limit output to the first 10 lines.

505
MCQeasy

Which command displays the UUID of all filesystems on the system?

A.blkid
B.df -h
C.fdisk -l
D.lsblk -f
AnswerD

lsblk -f displays filesystem type and UUID.

Why this answer

The `lsblk -f` command lists all block devices and includes the filesystem type and UUID for each filesystem, making it the correct choice for displaying UUIDs of all filesystems on the system. The `-f` option specifically adds filesystem information, including UUIDs, to the output.

Exam trap

The trap here is that candidates often confuse `blkid` with `lsblk -f`, but `blkid` may not list all block devices (e.g., it skips devices without a recognized signature), while `lsblk -f` reliably shows all block devices and their filesystem attributes.

How to eliminate wrong answers

Option A is wrong because `blkid` displays UUIDs and filesystem types for block devices, but it only shows devices that have a recognized filesystem or partition table entry, and it does not always list all filesystems (e.g., it may omit devices without a filesystem). Option B is wrong because `df -h` shows disk usage in human-readable format for mounted filesystems, but it does not display UUIDs. Option C is wrong because `fdisk -l` lists partition tables and their sizes, but it does not show filesystem UUIDs.

506
MCQhard

An administrator is investigating why the 'tomcat' service fails to start on a RHEL 8 server. The output of 'systemctl status tomcat' shows: 'Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since ... Process: 4567 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=1/FAILURE)'. The 'journalctl -u tomcat' shows: 'Error: JAVA_HOME is not defined correctly, cannot execute /usr/lib/jvm/java-11-openjdk/bin/java'. The admin checks /opt/tomcat/bin/startup.sh and sees it references JAVA_HOME. The admin verifies that Java 11 is installed at /usr/lib/jvm/java-11-openjdk. Which action should the admin take to fix the service?

A.Edit /opt/tomcat/bin/startup.sh and hardcode JAVA_HOME.
B.Add 'Environment=JAVA_HOME=/usr/lib/jvm/java-11-openjdk' to the [Service] section of /etc/systemd/system/tomcat.service and run 'systemctl daemon-reload && systemctl restart tomcat'.
C.Run the startup script manually with 'bash /opt/tomcat/bin/startup.sh'.
D.Set JAVA_HOME globally using 'export JAVA_HOME=/usr/lib/jvm/java-11-openjdk' in /etc/profile.
AnswerB

Properly passes environment to service.

Why this answer

Option B is correct because systemd services can have environment variables set via the `Environment=` directive in the unit file. Adding `JAVA_HOME=/usr/lib/jvm/java-11-openjdk` to the `[Service]` section ensures the variable is available to the `ExecStart` process. Running `systemctl daemon-reload` reloads the unit definition, and `systemctl restart tomcat` applies the change.

This is the proper method for configuring environment variables for systemd-managed services on RHEL 8.

Exam trap

The trap here is that candidates assume setting environment variables in shell profile files (like `/etc/profile`) will affect systemd services, but systemd does not source these files; the correct method is to use the `Environment=` directive in the unit file.

How to eliminate wrong answers

Option A is wrong because hardcoding `JAVA_HOME` in the startup script is fragile and not the standard approach; it breaks updates or script reuse and does not leverage systemd's environment management. Option C is wrong because manually running the script bypasses systemd's service management, logging, and dependency handling, and does not fix the underlying environment variable issue for the service. Option D is wrong because setting `JAVA_HOME` in `/etc/profile` only affects login shells, not the systemd service environment; systemd services do not source profile files.

507
MCQmedium

A user reports that a script fails with 'Permission denied' when executed. The script has permissions -rw-r--r-- and is owned by the user. Which command should the user run to make the script executable for the owner only?

A.chmod u+s script.sh
B.chmod u+x script.sh
C.chown :users script.sh
D.chmod +x script.sh
AnswerB

Adds execute permission for the owner only.

Why this answer

Option B is correct because the script currently has permissions `-rw-r--r--`, meaning the owner has read and write but not execute permission. The `chmod u+x` command adds the execute permission for the owner only, which is exactly what the user needs to run the script without affecting group or others.

Exam trap

The trap here is that candidates may confuse the setuid bit (`u+s`) with the execute bit (`u+x`), or assume that `chmod +x` is equivalent to `chmod u+x`, when in fact the former grants execute to all users, which is not what the question asks.

How to eliminate wrong answers

Option A is wrong because `chmod u+s` sets the setuid bit, which allows the script to run with the owner's privileges when executed, but does not add execute permission; the script would still fail with 'Permission denied' if the execute bit is missing. Option C is wrong because `chown :users script.sh` changes the group ownership to 'users', which does not grant execute permission to the owner or anyone else. Option D is wrong because `chmod +x` adds execute permission for all three categories (owner, group, others), which is broader than the requirement to make it executable for the owner only.

508
Multi-Selecthard

Which THREE of the following statements about the user private group (UPG) scheme are true?

Select 3 answers
A.It is the default scheme in Red Hat-based distributions.
B.The umask 0027 ensures files created are NOT readable by the group.
C.The primary group of a user is a system group with GID less than 1000.
D.It ensures that new files have a default group of the user's private group.
E.Each user is assigned a unique group with the same name as the username.
AnswersA, D, E

Yes, RHEL, Fedora, CentOS default to UPG.

Why this answer

Options A, D, and E are true. A: each user gets a unique group with same name. D: Red Hat-based distributions use UPG by default.

E: new files get the user's private group as default group. B is false because the primary group is the user's private group, not a system group. C is false because umask 0027 gives group read permission, not denies it.

509
Drag & Dropmedium

Order the steps to mount an ext4 filesystem from an external USB drive automatically at boot.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Using UUID in fstab ensures persistent mounting; testing with mount -a verifies no errors.

510
MCQhard

An administrator receives an alert that the /var/log partition is 95% full. The partition is an LVM logical volume. The volume group has available free extents. Which of the following is the most efficient method to increase the size of the filesystem to 120GB (from current 100GB) without unmounting it?

A.lvextend -L 20G /dev/vg/log; resize2fs /dev/vg/log
B.lvextend -L +20G /dev/vg/log; xfs_growfs /data
C.lvextend -L +20G /dev/vg/log; resize2fs /dev/vg/log
D.lvextend -L 120G /dev/vg/log; resize2fs /dev/vg/log
AnswerC

Correct: adds 20G to current size.

Why this answer

Option C is correct because the partition is an LVM logical volume with an ext4 filesystem (implied by the use of resize2fs). The `lvextend -L +20G` command adds 20GB to the existing 100GB volume, making it 120GB, and `resize2fs /dev/vg/log` resizes the ext4 filesystem online without unmounting. This is the most efficient method as it uses relative sizing and the correct filesystem-specific resize tool.

Exam trap

The trap here is that candidates confuse the absolute size flag `-L 120G` with the relative size flag `-L +20G`, or they incorrectly pair `xfs_growfs` with an ext4 filesystem, assuming all Linux filesystems use the same resize command.

How to eliminate wrong answers

Option A is wrong because `lvextend -L 20G` sets the volume size to exactly 20GB, not adding 20GB to the current 100GB, which would shrink the filesystem and likely cause data loss. Option B is wrong because `xfs_growfs /data` is used for XFS filesystems, but the question implies an ext4 filesystem (resize2fs is the correct tool), and the mount point is /var/log, not /data. Option D is wrong because `lvextend -L 120G` sets the absolute size to 120GB, which is correct in value, but it is less efficient than using relative sizing (+20G) because it requires the administrator to know the exact current size; more importantly, it is not incorrect technically, but the question asks for the 'most efficient method,' and relative sizing avoids potential errors from miscalculating the current size.

511
Multi-Selectmedium

Which THREE steps are required to create a new ext4 filesystem on /dev/sdc1 and ensure it is automatically mounted at /mnt/data at boot? (Choose three.)

Select 3 answers
A.e2label /dev/sdc1 data
B.mkfs.ext4 /dev/sdc1
C.mkdir /mnt/data
D.mount /dev/sdc1 /mnt/data
E.add entry to /etc/fstab for /dev/sdc1
AnswersB, C, E

Creates the ext4 filesystem.

Why this answer

Option A (mkfs.ext4) creates the filesystem. Option C (mkdir) creates the mount point. Option E (add to /etc/fstab) enables automatic mounting at boot.

Option B (e2label) is optional. Option D (mount) is manual and not required for boot-time mounting.

512
MCQhard

Based on the exhibit, what is the most likely cause of the nginx failure and the appropriate first step to resolve it?

A.Restart the nginx service.
B.Check which process is listening on port 80 with 'ss -tlnp' and stop that process.
C.Increase the worker_connections in nginx.conf.
D.Reduce the MaxClients parameter in nginx.conf.
AnswerB

Port 80 is already in use; identify and stop the conflicting process.

Why this answer

Option B is correct because the error 'Address already in use' indicates port 80 is occupied by another process. Checking with 'ss -tlnp' or 'lsof' identifies the offending process. Option A is incorrect as restarting would fail again.

Option C is incorrect because MaxClients is an Apache directive, not nginx. Option D is incorrect because worker_connections affects performance, not binding.

513
MCQeasy

An administrator created a new user 'john' with the default settings, but 'john' cannot log in. The error message indicates an invalid shell. Which command should the administrator use to fix this issue?

A.passwd -s john
B.useradd -s /bin/bash john
C.chsh -s /bin/bash john
D.usermod -s /bin/bash john
AnswerD

usermod modifies an existing user; -s sets the login shell.

Why this answer

The user's shell is likely set to /sbin/nologin or a non-existent shell. usermod -s /bin/bash changes the shell to a valid one.

Page 6

Page 7 of 7

All pages