CCNA Essential Commands Questions

24 of 99 questions · Page 2/2 · Essential Commands · Answers revealed

76
MCQmedium

To check the disk usage of the /var/log directory in a human-readable format, which command is appropriate?

A.du -sh /var/log
B.ls -lh /var/log
C.df -h /var/log
D.fdisk -l /var/log
AnswerA

du -sh gives a summary of the total disk usage for the specified directory.

Why this answer

The `du -sh /var/log` command is correct because `du` (disk usage) estimates file and directory space usage, and the `-s` option summarizes the total for the specified directory, while `-h` prints sizes in human-readable format (e.g., K, M, G). This directly answers the requirement to check disk usage of the /var/log directory in a human-readable form.

Exam trap

The trap here is that candidates confuse `du` (directory usage) with `df` (filesystem usage), or mistakenly think `ls -lh` shows total directory size, when in fact `ls` only lists individual file sizes without summing subdirectory contents.

How to eliminate wrong answers

Option B is wrong because `ls -lh /var/log` lists the contents of the directory with file sizes, not the total disk usage of the directory itself; it does not aggregate space used by subdirectories. Option C is wrong because `df -h /var/log` reports the free and used space on the filesystem that contains /var/log, not the disk usage of the directory itself. Option D is wrong because `fdisk -l /var/log` is used to manipulate or display partition tables on block devices, not to check disk usage of a directory; it would fail on a regular file or directory.

77
MCQhard

An administrator runs 'ls -la' and sees the following entry for a file: 'lrwxrwxrwx 1 root root 24 Jan 10 12:00 link -> /etc/passwd'. If the target file /etc/passwd is deleted, what happens to the link file?

A.The link becomes a hard link to the deleted file's inode
B.The link becomes a broken symbolic link
C.The link becomes a regular file with the same content
D.The link is automatically deleted
AnswerB

The symlink still exists but points to a non-existent target, making it broken.

Why this answer

The entry 'lrwxrwxrwx' indicates a symbolic link (symlink), which stores a path to the target file rather than sharing its inode. When the target /etc/passwd is deleted, the symlink still exists but points to a non-existent path, making it a broken (dangling) symlink. Accessing it will result in a 'No such file or directory' error.

Exam trap

The trap here is that candidates confuse symbolic links with hard links, assuming the link would become a regular file or automatically delete, when in fact a symlink simply becomes broken and persists until manually removed.

How to eliminate wrong answers

Option A is wrong because a symbolic link does not share the target's inode; only hard links do, and deleting the target does not convert a symlink into a hard link. Option C is wrong because a symbolic link is not a regular file and does not contain the target's content; it only stores a path string, and deleting the target does not copy content into the link. Option D is wrong because symbolic links are not automatically deleted when their target is removed; they persist as broken links until explicitly removed.

78
MCQhard

An administrator wants to print the last field of each line from a CSV file 'data.csv' (comma-separated). Which awk command accomplishes this?

A.awk -F, '{print $NF}' data.csv
B.cut -d, -f2 data.csv
C.cut -d, -f1 data.csv
D.awk '{print $NF}' data.csv
AnswerA

Correctly sets comma as field separator.

Why this answer

Option A is correct because `awk -F, '{print $NF}' data.csv` sets the field separator to a comma with `-F,`, and `$NF` references the last field (NF is the number of fields, so $NF is the value of the last field). This prints the final column of each line in a CSV file.

Exam trap

The trap here is that candidates often forget to specify the field separator with `-F,` in awk, or they confuse `cut` options (like `-f2` for a specific field instead of `$NF` for the last field), leading them to pick a command that prints a fixed column rather than the last column dynamically.

How to eliminate wrong answers

Option B is wrong because `cut -d, -f2` prints the second field, not the last field. Option C is wrong because `cut -d, -f1` prints the first field, not the last field. Option D is wrong because `awk '{print $NF}'` uses the default field separator (whitespace), not a comma, so it will not correctly parse CSV fields and will likely print the last whitespace-separated token instead of the last comma-separated field.

79
Multi-Selecthard

An administrator wants to find all files larger than 100MB in the /home directory. Which three commands or command sequences achieve this? (Choose three.)

Select 3 answers
A.find /home -type f -size +100M
B.find /home -type f -size +100000000c
C.find /home -type f -size +100MB
D.find /home -type f -size +102400k
E.find /home -type f -size 100M
AnswersA, B, D

Finds files larger than 100 megabytes.

Why this answer

Option A is correct because the `find` command with `-size +100M` matches files larger than 100 megabytes. The `M` suffix is a standard size specifier in GNU find, where `+` means 'greater than' and `M` means mebibytes (1024*1024 bytes). This directly fulfills the requirement to find files larger than 100MB in /home.

Exam trap

The trap here is that candidates confuse the valid `M` suffix with the invalid `MB` suffix, or forget that `+` is required for 'greater than' and mistakenly select the exact-match option.

80
Multi-Selectmedium

Which TWO commands can be used to view the last 10 lines of a file and also follow new lines as they are written?

Select 2 answers
A.tail -f -n 10
B.cat -n
C.tail -n 10
D.head -n 10
E.less +F
AnswersA, E

Shows last 10 lines and follows.

Why this answer

Option A is correct because `tail -f -n 10` displays the last 10 lines of a file and then follows new lines as they are appended, using the `-f` (follow) flag. This is the standard way to monitor a log file in real time while initially showing the most recent 10 lines.

Exam trap

Linux Foundation often tests the distinction between `tail -n 10` (static view) and `tail -f -n 10` (dynamic follow), and candidates may overlook the `-f` flag or confuse `head` with `tail`.

81
Multi-Selecthard

Which THREE of the following commands can be used to search for a string in multiple files and display the matching lines?

Select 3 answers
A.find /path -name '*.txt' -type f
B.ack 'pattern' /path
C.grep -r 'pattern' /path
D.rg 'pattern' /path
E.sort /path/file
AnswersB, C, D

Similar to grep, recursive.

Why this answer

Option B is correct because `ack` is a Perl-based grep replacement that recursively searches for a pattern in files under a given path, displaying matching lines by default. It is designed for source code and text files, making it a valid tool for this task.

Exam trap

The trap here is that candidates may confuse file-location commands like `find` with content-search commands, or assume that `sort` can filter lines based on a pattern, when it only reorders lines.

82
MCQeasy

Refer to the exhibit. The /data directory needs to be resized to 15GB. What is the first step?

A.Unmount the filesystem.
B.Resize the partition using fdisk.
C.Create a new partition and copy data.
D.Resize the filesystem using resize2fs.
AnswerA

Unmounting is necessary before any resize operation.

Why this answer

The first step to resize a filesystem is to unmount it, because most filesystem resizing tools (such as resize2fs for ext4) require the filesystem to be unmounted to safely modify the underlying block device without risking data corruption. Attempting to resize a mounted filesystem can lead to inconsistent metadata and data loss. Unmounting ensures no processes are actively writing to the filesystem during the resize operation.

Exam trap

Linux Foundation often tests the misconception that you can resize the filesystem first with resize2fs while it is still mounted, but the correct sequence always begins with unmounting to ensure data integrity.

How to eliminate wrong answers

Option B is wrong because resizing the partition using fdisk is a later step that must be performed after unmounting the filesystem, and fdisk operates on the partition table, not the filesystem itself. Option C is wrong because creating a new partition and copying data is an unnecessarily complex and risky approach that is not required when the existing partition can be resized. Option D is wrong because resize2fs cannot be safely run on a mounted filesystem (unless the filesystem supports online resizing, which is not assumed here), and the question asks for the first step, which must be unmounting before any resizing tool is used.

83
Multi-Selecthard

Which TWO commands can be used to change the ownership of a file to a specific user and group? (Select two.)

Select 2 answers
A.chown alice:staff file.txt
B.chmod 755 file.txt
C.chgrp staff file.txt
D.usermod -G staff alice
E.passwd alice
AnswersA, C

Changes user to alice and group to staff.

Why this answer

Option A is correct because the `chown` command with the syntax `chown alice:staff file.txt` directly changes both the user owner to `alice` and the group owner to `staff` in a single operation. This is the standard and most direct method for changing file ownership in Linux.

Exam trap

The trap here is that candidates often confuse `chmod` (permissions) with `chown` (ownership), or think that modifying a user's group membership with `usermod` will automatically change file ownership, which it does not.

84
MCQhard

A database administrator wants to compress a large directory of log files for archival. The administrator uses the command: tar -cvf logs.tar.gz logs/. The command completes successfully but the resulting archive is only 10 MB while the original directory is 100 MB. What is the most likely reason?

A.The 'tar' command used relative paths and missed some files.
B.The logs directory contains many small files, causing high tar overhead.
C.The 'z' flag was omitted, so the archive is not compressed.
D.The log files are already compressed individually.
AnswerC

Without the -z option, tar creates an uncompressed archive; the .gz extension is misleading.

Why this answer

Option C is correct because the command `tar -cvf logs.tar.gz logs/` does not include the `-z` flag, which is required to invoke gzip compression. Without `-z`, `tar` creates an uncompressed archive, and the `.gz` extension is misleading—the file is actually a plain tar archive. The resulting 10 MB size is simply the tarred version of the logs directory, not a compressed one, which explains why it is much smaller than the original 100 MB of uncompressed files.

Exam trap

The trap here is that candidates see the `.tar.gz` extension and assume compression is automatically applied, but the `-z` flag must be explicitly provided; Linux Foundation often tests this exact nuance to catch those who overlook the flag syntax.

How to eliminate wrong answers

Option A is wrong because `tar` with the `-c` flag archives the entire directory tree; relative paths do not cause files to be missed unless the path is incorrect, and the command completed successfully with no errors. Option B is wrong because many small files would increase tar overhead (metadata), making the archive larger, not smaller—this would not reduce the size from 100 MB to 10 MB. Option D is wrong because if the log files were already compressed individually, the tar archive would still be roughly the same size as the original (since compression is already applied), not 90% smaller; the dramatic size reduction indicates the archive is uncompressed and simply lacks the original file data overhead.

85
MCQeasy

A system administrator needs to find all files in /var/log that have been modified in the last 7 days. Which command accomplishes this?

A.find /var/log -mtime +7
B.find /var/log -mtime 7
C.find /var/log -mtime -7
D.find /var/log -atime -7
AnswerC

Correctly lists files modified less than 7 days ago.

Why this answer

Option C is correct because the `-mtime -7` option in the `find` command matches files whose content was modified less than 7 days ago (i.e., within the last 7 days). The minus sign before the number indicates 'less than' or 'within the last N days', which is exactly what the system administrator needs to find files modified in the last 7 days.

Exam trap

The trap here is confusing the meaning of the `+` and `-` prefixes with `-mtime`; candidates often mistakenly think `+7` means 'within the last 7 days' when it actually means 'older than 7 days'.

How to eliminate wrong answers

Option A is wrong because `-mtime +7` matches files modified more than 7 days ago (i.e., older than 7 days), which is the opposite of what is required. Option B is wrong because `-mtime 7` matches files modified exactly 7 days ago (i.e., between 6 and 7 days ago), not within the last 7 days. Option D is wrong because `-atime -7` matches files accessed (read) in the last 7 days, not modified; the `-atime` flag checks access time, not modification time.

86
MCQeasy

A user reports that they cannot run a script because it says 'Permission denied'. The script is owned by root and has permissions -rw-r--r--. Which command would allow the user to execute the script?

A.chmod u+s script
B.chmod +x script
C.chmod -w script
D.chown user:user script
AnswerB

Adds execute permission to all classes (a+x).

Why this answer

The script has permissions `-rw-r--r--`, meaning the owner (root) has read/write, but no execute bit is set for any user. Option B (`chmod +x script`) adds the execute permission for all users (owner, group, others), which allows the user to run the script. Without the execute bit, the kernel will refuse to execve() the file, returning EACCES.

Exam trap

The trap here is that candidates may confuse ownership or SUID with the fundamental requirement of the execute bit, thinking that changing the owner or setting the setuid bit will allow execution, when in fact the kernel strictly requires the 'x' bit to be set for the file to be run as a program.

How to eliminate wrong answers

Option A is wrong because `chmod u+s` sets the setuid bit (SUID), which only affects the effective user ID during execution, but does not grant execute permission; the file still lacks the execute bit, so the script cannot be run. Option C is wrong because `chmod -w` removes write permission, which does not solve the missing execute permission; the user already cannot write to the file, and this change would only further restrict access. Option D is wrong because `chown user:user script` changes ownership to the user, which would give the user owner permissions (read/write), but the file still lacks the execute bit; ownership alone does not enable execution.

87
MCQmedium

A DevOps engineer is writing a continuous integration pipeline that runs a script to deploy an application. The script is stored in a Git repository and is executed on a build server. The script works locally on the engineer's workstation, but when executed on the build server, it fails with '/bin/sh: line 12: somecommand: command not found'. The 'somecommand' is a standard Linux tool that is installed on the build server. The build server uses a minimal Docker container. Which of the following is the most likely cause and solution?

A.The PATH environment variable is not set correctly in the non-interactive shell. Use the full path to 'somecommand' or set PATH explicitly in the script.
B.The script does not have execute permissions. Add 'chmod +x' before running the script.
C.The script requires root privileges. Use 'sudo' to run the script.
D.The script is using a different shell than the build server's default. Change the shebang to '#!/bin/sh'.
AnswerA

Non-interactive shells often have a restricted PATH; using an absolute path or setting PATH resolves the issue.

Why this answer

The error 'command not found' despite the tool being installed indicates that the shell cannot locate the executable. In a non-interactive shell (like those used in CI/CD pipelines or minimal Docker containers), the PATH environment variable is often not set or is minimal. The fix is to either use the absolute path to the command or explicitly set PATH in the script to include the directory containing the command.

Exam trap

The trap here is that candidates often confuse 'command not found' with missing permissions or wrong shell, but the real issue is the missing or incomplete PATH in non-interactive shells, a classic pitfall in containerized or automated environments.

How to eliminate wrong answers

Option B is wrong because the error message 'command not found' is not related to file execute permissions; a missing execute permission would produce 'Permission denied', not 'command not found'. Option C is wrong because the error is about command resolution, not about insufficient privileges; if root were needed, the error would typically be 'Permission denied' or a different system call failure. Option D is wrong because the error message explicitly shows '/bin/sh' is being used, and the shebang '#!/bin/sh' would not change the fact that the command is not found; the issue is PATH, not the shell interpreter.

88
MCQmedium

A technician needs to display the contents of a compressed file named archive.tar.gz without extracting it. Which command should be used?

A.tar -tf archive.tar
B.tar -xzf archive.tar.gz
C.zcat archive.tar.gz | tar -t
D.zcat archive.tar.gz
AnswerC

Decompresses and pipes to tar -t to list contents.

Why this answer

Option C is correct because it uses `zcat` to decompress the `.gz` layer on the fly and pipes the resulting uncompressed tar archive into `tar -t`, which lists the contents without extracting. This allows viewing the file listing without first decompressing to disk, satisfying the requirement to display contents without extraction.

Exam trap

The trap here is that candidates may confuse `tar -tf` (which works only on uncompressed tar files) with `tar -ztf` (which handles gzip), or they may mistakenly think `zcat` alone produces a readable listing, when it actually outputs raw binary tar data.

How to eliminate wrong answers

Option A is wrong because `tar -tf archive.tar` expects an uncompressed tar file, but the file is `archive.tar.gz` (gzip-compressed), so it will fail or produce garbage. Option B is wrong because `tar -xzf archive.tar.gz` extracts the archive, which violates the requirement to not extract it. Option D is wrong because `zcat archive.tar.gz` only decompresses the gzip layer to stdout, producing raw tar data (binary) rather than a human-readable file listing.

89
MCQmedium

A user with uid 1000 tries to read /etc/shadow and gets 'Permission denied'. The user is not in the shadow group. Which of the following actions would allow the user to read the file without changing the file's group or permissions?

A.Set an ACL using setfacl to grant user1 read access
B.Use chmod o+r /etc/shadow as root
C.Add user1 to the shadow group using usermod -aG shadow user1
D.Change the file owner to user1 using chown
AnswerC

Correct: adding to shadow group gives read access via group permission.

Why this answer

Option C is correct because adding user1 to the shadow group grants group-level read access to /etc/shadow without altering the file's permissions or group ownership. The file is typically owned by root:shadow with permissions 640 (rw-r-----), so members of the shadow group can read it. The usermod -aG command appends the user to the supplementary group, preserving existing group memberships.

Exam trap

The trap here is that candidates often assume ACLs (setfacl) are not a 'permission change' and select option A, but ACLs are indeed a form of permission modification and violate the constraint, while group membership addition is a user attribute change, not a file attribute change.

How to eliminate wrong answers

Option A is wrong because setting an ACL with setfacl changes the file's access control list, which is a form of permission modification, and the question explicitly forbids changing the file's group or permissions. Option B is wrong because chmod o+r /etc/shadow changes the file's permissions (adds world-read), which violates the constraint of not changing permissions. Option D is wrong because changing the file owner to user1 with chown modifies the file's ownership, which is also prohibited by the question's conditions.

90
MCQhard

An administrator needs to find the process ID of the cron daemon. Which combination of commands is most effective?

A.top -p $(pgrep cron)
B.pgrep cron
C.pidof cron
D.ps -C cron -o pid=
AnswerC

Returns the exact PID of the cron daemon.

Why this answer

Option C is correct because `pidof cron` directly returns the numeric process ID(s) of the cron daemon by searching the process name in the `/proc` filesystem. It is the most straightforward command for this specific task, as it outputs only the PID without additional formatting or filtering.

Exam trap

The trap here is that candidates often choose `pgrep cron` (option B) because it seems simple, but they overlook that `pgrep` uses regex matching by default and may return multiple or incorrect PIDs, whereas `pidof` is designed for exact binary name matching.

How to eliminate wrong answers

Option A is wrong because `top -p $(pgrep cron)` launches an interactive process viewer that continuously refreshes, which is overkill and not the most effective way to simply find a PID. Option B is wrong because `pgrep cron` may return multiple PIDs if multiple processes match the name 'cron', and it does not guarantee the daemon's PID without additional filtering (e.g., `-x` for exact match). Option D is wrong because `ps -C cron -o pid=` is valid but less direct than `pidof cron`; it requires parsing output and may include processes with 'cron' in the command name that are not the daemon.

91
Multi-Selectmedium

Which THREE commands can be used to view the contents of a file?

Select 3 answers
A.grep
B.find
C.cat
D.head
E.less
AnswersC, D, E

Concatenates and displays file contents.

Why this answer

The `cat` command (option C) is a standard Unix utility that reads files sequentially and outputs their contents to the standard output. It is one of the most basic and direct ways to view the entire content of a file in the terminal.

Exam trap

The trap here is that candidates may confuse `grep` (which can display matching lines) with a file-viewing command, or think `find` can show file contents because it locates files, but neither is designed for that purpose.

92
MCQeasy

A system administrator needs to find all files in /var/log that have been modified in the last 7 days. Which command accomplishes this?

A.find /var/log -type f -atime -7
B.find /var/log -type f -ctime -7
C.find /var/log -type f -mtime +7
D.find /var/log -type f -mtime -7
AnswerD

Correct: -mtime -7 means modified less than 7 days ago.

Why this answer

Option D is correct because the `find` command with `-mtime -7` searches for files whose modification time (content change) is less than 7 days ago, which matches the requirement of 'modified in the last 7 days'. The `-type f` restricts the search to regular files, and `/var/log` is the target directory.

Exam trap

The trap here is confusing `-mtime` (modification time) with `-ctime` (inode change time) or `-atime` (access time), as candidates often mistakenly think 'changed' refers to content modification rather than metadata changes.

How to eliminate wrong answers

Option A is wrong because `-atime -7` searches for files accessed (read) in the last 7 days, not modified; this tests access time, not content change. Option B is wrong because `-ctime -7` searches for files whose metadata (inode change) was modified in the last 7 days, such as permissions or ownership changes, not file content modification. Option C is wrong because `-mtime +7` finds files modified more than 7 days ago (older than 7 days), which is the opposite of the requirement.

93
MCQeasy

A system administrator notices that '/var/log/syslog' has grown very large and is consuming significant disk space. The administrator wants to identify the largest log files in the '/var/log' directory hierarchy. Which command should the administrator use?

A.find /var/log -size +100M -exec ls -lh {} \;
B.du -ah /var/log | sort -hr | head -10
C.df -h /var/log
D.ls -lhS /var/log
AnswerB

Correctly lists and sorts all files and directories by size.

Why this answer

Option B is correct because `du -ah /var/log` calculates the disk usage of all files and directories in `/var/log` in human-readable format, then `sort -hr` sorts them by size in descending order, and `head -10` shows the top 10 largest entries. This directly identifies the largest log files in the hierarchy, which is exactly what the administrator needs.

Exam trap

The trap here is that candidates often choose `ls -lhS /var/log` (option D) because it sorts by size, but they overlook that it does not recurse into subdirectories, missing large files in subfolders like `/var/log/apache2/` or `/var/log/journal/`.

How to eliminate wrong answers

Option A is wrong because `find /var/log -size +100M` only finds files larger than 100 MB, missing any large files under that threshold, and it does not sort or limit results, so it may not show the largest files overall. Option C is wrong because `df -h /var/log` shows the total disk usage and available space of the filesystem containing `/var/log`, not the sizes of individual files or directories. Option D is wrong because `ls -lhS /var/log` lists only the immediate contents of `/var/log` sorted by size, but it does not recurse into subdirectories, so it misses large files deeper in the hierarchy.

94
MCQmedium

A script needs to search for lines containing 'ERROR' in /var/log/syslog and count them. Which command pipeline achieves this?

A.wc -l /var/log/syslog
B.grep ERROR /var/log/syslog | wc -c
C.grep ERROR /var/log/syslog | wc -l
D.grep -c ERROR /var/log/syslog
AnswerC

Filters ERROR lines and counts them.

Why this answer

Option C is correct because it uses `grep` to filter lines containing 'ERROR' from `/var/log/syslog` and pipes the output to `wc -l`, which counts the number of lines. This pipeline accurately counts the lines that match the pattern, which is the required task.

Exam trap

The trap here is that candidates may choose `grep -c` (option D) because it achieves the same result, but the question specifically requires a pipeline, and Linux Foundation often tests the literal interpretation of 'command pipeline' to catch those who overlook the wording.

How to eliminate wrong answers

Option A is wrong because `wc -l /var/log/syslog` counts all lines in the file, not just those containing 'ERROR'. Option B is wrong because `wc -c` counts bytes (characters) in the matched lines, not the number of lines. Option D is wrong because `grep -c ERROR /var/log/syslog` does count matching lines, but the question explicitly asks for a command pipeline (using `|`), and this is a single command; while it achieves the same result, it does not match the 'pipeline' requirement.

95
MCQeasy

An administrator needs to compress a directory named 'project' into a tarball with maximum compression using gzip. Which command is appropriate?

A.tar -cjvf archive.tar.bz2 project
B.tar -czvf archive.tar.gz project
C.tar -cJvf archive.tar.xz project
D.tar -cvf archive.tar project
AnswerB

Creates a gzip-compressed tarball.

Why this answer

Option B is correct because the `-z` flag tells tar to compress the archive using gzip, and the `-c` flag creates a new archive. The `-v` flag provides verbose output, and `-f` specifies the archive filename. The `.tar.gz` extension is the conventional extension for a gzip-compressed tarball, and gzip offers maximum compression among the commonly used Unix compression tools (though it is slower than gzip's default level, the question implies using gzip itself, not a different algorithm).

Exam trap

The trap here is that candidates often confuse the compression flags (`-z` for gzip, `-j` for bzip2, `-J` for xz) and may pick option A or C thinking they provide 'maximum compression' without realizing the question specifically requires gzip, not just any compression.

How to eliminate wrong answers

Option A is wrong because the `-j` flag compresses with bzip2, not gzip, and the `.tar.bz2` extension indicates bzip2 compression, which is not what the question asks for. Option C is wrong because the `-J` flag compresses with xz, not gzip, and the `.tar.xz` extension indicates xz compression, which is a different algorithm. Option D is wrong because it creates an uncompressed tarball (no compression flag), resulting in a `.tar` file, which does not satisfy the requirement for gzip compression.

96
MCQmedium

A developer accidentally deleted a critical file /var/log/app.log. The system administrator knows that the file was recently backed up using a cron job that runs 'tar -czf /backup/logs.tar.gz /var/log/'. Which command should the administrator use to restore the file from the backup without extracting the entire archive?

A.tar -xf /backup/logs.tar.gz var/log/app.log
B.tar -tf /backup/logs.tar.gz | grep app.log
C.tar -xzf /backup/logs.tar.gz --to-stdout var/log/app.log > /var/log/app.log
D.cp /backup/logs.tar.gz:/var/log/app.log /var/log/app.log
AnswerC

Correctly extracts the single file to stdout and redirects to restore it.

Why this answer

Option C is correct because `tar -xzf` extracts the specified file (`var/log/app.log`) from the compressed archive and `--to-stdout` sends its content to standard output, which is then redirected to recreate the file at `/var/log/app.log`. This restores the single file without extracting the entire archive, matching the requirement precisely.

Exam trap

The trap here is that candidates may assume `tar -xf` works with `.tar.gz` files without the `-z` flag, or that `cp` can directly reference files inside a tar archive using a colon syntax, which is not supported by the standard `cp` command.

How to eliminate wrong answers

Option A is wrong because `tar -xf` does not automatically handle gzip compression; the archive is `.tar.gz`, so the `-z` flag is needed to decompress on the fly. Without `-z`, tar will fail to read the compressed archive. Option B is wrong because `tar -tf` only lists the contents of the archive; it does not extract any files, so it cannot restore the file.

Option D is wrong because `cp` does not support the syntax `archive:path`; that is a feature of `rsync` or certain network filesystems, not a standard `cp` operation, and it will result in an error.

97
MCQeasy

A junior administrator needs to display the first 10 lines of a file named 'data.csv'. Which command should they use?

A.head data.csv
B.less data.csv
C.tail data.csv
D.cat data.csv
AnswerA

Correctly displays first 10 lines.

Why this answer

The `head` command is specifically designed to display the first 10 lines of a file by default. Running `head data.csv` will output the first 10 lines of the CSV file, making it the correct choice for this task.

Exam trap

The trap here is that candidates may confuse `head` with `tail` or `less`, thinking any command that displays file content can be used, but the exam specifically tests knowledge of the default behavior of each command for displaying the first lines of a file.

How to eliminate wrong answers

Option B is wrong because `less` is a pager that displays the file interactively, starting from the first line but requiring user input to scroll, and does not automatically show only the first 10 lines. Option C is wrong because `tail` displays the last 10 lines of a file by default, not the first 10 lines. Option D is wrong because `cat` outputs the entire file contents to the terminal, which is inefficient and does not limit output to the first 10 lines.

98
MCQmedium

A user reports that a script fails with 'Permission denied' when executed. The script has permissions -rw-r--r-- and is owned by the user. Which command should the user run to make the script executable for the owner only?

A.chmod u+s script.sh
B.chmod u+x script.sh
C.chown :users script.sh
D.chmod +x script.sh
AnswerB

Adds execute permission for the owner only.

Why this answer

Option B is correct because the script currently has permissions `-rw-r--r--`, meaning the owner has read and write but not execute permission. The `chmod u+x` command adds the execute permission for the owner only, which is exactly what the user needs to run the script without affecting group or others.

Exam trap

The trap here is that candidates may confuse the setuid bit (`u+s`) with the execute bit (`u+x`), or assume that `chmod +x` is equivalent to `chmod u+x`, when in fact the former grants execute to all users, which is not what the question asks.

How to eliminate wrong answers

Option A is wrong because `chmod u+s` sets the setuid bit, which allows the script to run with the owner's privileges when executed, but does not add execute permission; the script would still fail with 'Permission denied' if the execute bit is missing. Option C is wrong because `chown :users script.sh` changes the group ownership to 'users', which does not grant execute permission to the owner or anyone else. Option D is wrong because `chmod +x` adds execute permission for all three categories (owner, group, others), which is broader than the requirement to make it executable for the owner only.

99
Drag & Dropmedium

Order the steps to mount an ext4 filesystem from an external USB drive automatically at boot.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Using UUID in fstab ensures persistent mounting; testing with mount -a verifies no errors.

← PreviousPage 2 of 2 · 99 questions total

Ready to test yourself?

Try a timed practice session using only Essential Commands questions.