Linux Professional Institute Certification Level 1 LPIC-1 (LPIC-1) — Questions 76150

522 questions total · 7pages · All types, answers revealed

Page 1

Page 2 of 7

Page 3
76
MCQhard

After modifying the /etc/fstab file, an administrator runs the command mount -a and receives the error 'mount: /data: special device /dev/sdb1 does not exist'. What is the most likely issue?

A.There is a typo in the device path in /etc/fstab.
B.The /dev/sdb1 device file is missing or corrupted.
C.The entry in /etc/fstab has an incorrect filesystem type.
D.The filesystem on /dev/sdb1 is not formatted.
AnswerA

A typo would cause the kernel to not find the device at the specified path, resulting in the 'does not exist' error.

Why this answer

The error states the special device (block device) does not exist. This typically means the device path specified in fstab is incorrect or the device itself is absent. After fstab modification, a typo in the device path is the most plausible cause.

77
MCQhard

The exhibit shows output from an RPM query on a RHEL 8 system. The installation time is shown as a Unix timestamp. Which command would display the installation date of the openssh-server package in a human-readable format?

A.rpm -q --dump openssh-server
B.rpm -q --changelog openssh-server
C.rpm -qi openssh-server
D.rpm -q --scripts openssh-server
AnswerC

Shows package info including install date.

Why this answer

Option D is correct because rpm -qi shows detailed information including installation date. Option A is incorrect because rpm -q --changelog shows changelog. Option B is incorrect because rpm -q --scripts shows scripts.

Option C is incorrect because rpm -q --dump shows file dump.

78
MCQhard

A server has a backup script that runs daily at midnight. The system administrator notices that the script sometimes fails because the filesystem is mounted read-only. Which approach is the best practice to ensure the script runs only when the filesystem is writable?

A.Add a cron job that runs before the backup to remount the filesystem read-write
B.Use anacron to run the job after boot
C.Wrap the backup command in a script that checks if the filesystem is writable before proceeding
D.Change the cron job to run every hour until it succeeds
AnswerC

Best practice: check condition inside script and exit gracefully if not met.

Why this answer

Option C is correct because it implements a proactive check within the script itself, using a command like `touch /mountpoint/testfile 2>/dev/null` or checking `/proc/mounts` to verify write access before executing the backup. This avoids unnecessary remounts and ensures the script only proceeds when the filesystem is writable, which is a robust and self-contained solution.

Exam trap

The trap here is that candidates may assume remounting (Option A) is a safe fix, but LPIC-1 emphasizes that a read-only filesystem often indicates a deeper problem, and the best practice is to check state rather than force a change.

How to eliminate wrong answers

Option A is wrong because blindly remounting the filesystem read-write could override a forced read-only state caused by filesystem errors (e.g., from `fsck`), potentially leading to data corruption or system instability. Option B is wrong because anacron is designed to run jobs that were missed due to the system being off, not to handle a filesystem being read-only; it does not check filesystem state before execution. Option D is wrong because running the backup every hour until it succeeds wastes system resources, may cause overlapping backups, and does not address the root cause of the read-only filesystem.

79
MCQeasy

A technician needs to remove a package named 'apache2' along with its configuration files from a Debian system. Which command should be used?

A.dpkg -r apache2
B.apt-get autoremove apache2
C.apt-get purge apache2
D.apt-get remove apache2
AnswerC

Removes package and config files.

Why this answer

Option C is correct because the 'apt-get purge' command removes the specified package along with its configuration files from a Debian system. Unlike 'remove', which leaves configuration files intact, 'purge' deletes both the package binaries and the associated configuration data from /etc and other locations, fulfilling the requirement to remove 'apache2' completely.

Exam trap

The trap here is that candidates often confuse 'apt-get remove' with 'apt-get purge', mistakenly thinking 'remove' also deletes configuration files, or they incorrectly assume 'dpkg -r' performs a purge, when in fact it only removes the package without configuration cleanup.

How to eliminate wrong answers

Option A is wrong because 'dpkg -r apache2' removes the package but leaves configuration files on the system, which does not meet the requirement to remove configuration files. Option B is wrong because 'apt-get autoremove' is used to remove packages that were automatically installed as dependencies and are no longer needed; it does not accept a package name as an argument to remove a specific package like 'apache2'. Option D is wrong because 'apt-get remove apache2' removes the package binaries but retains configuration files, failing to satisfy the requirement to remove them.

80
Multi-Selecthard

Which TWO of the following are valid methods to run a shell script named 'script.sh' using the bash shell, assuming the script has execute permission? (Choose two.)

Select 2 answers
A../script.sh
B.sh script.sh
C.script.sh (if in PATH)
D.source script.sh
E.bash script.sh
AnswersA, E

Executes the script using its shebang line, assumed to be bash.

Why this answer

Option A is correct because './script.sh' explicitly invokes the script using the current shell's shebang interpreter (e.g., #!/bin/bash) and requires execute permission. Option E is correct because 'bash script.sh' runs the script as an argument to the bash interpreter, which reads and executes the file line by line, also requiring execute permission.

Exam trap

The trap here is that candidates often confuse 'sh script.sh' with 'bash script.sh', not realizing that sh may be a different shell (e.g., dash) that lacks bash-specific features, and that 'source' is for importing functions/variables, not for running a script as a separate process.

81
MCQmedium

Refer to the exhibit. An administrator runs ss -tuln and gets the output above. Which of the following statements about this server is true?

A.The server only runs SSH and DNS.
B.The server runs SSH and NTP only.
C.The server only runs SSH and HTTP.
D.The server runs SSH, HTTP, HTTPS, NTP, and mDNS.
AnswerD

Ports 22, 80, 443, 123, and 5353 correspond to these services.

Why this answer

Option C is correct because the output shows SSH, HTTP, HTTPS, mDNS, and NTP services listening on their respective ports. Options A, B, and D are incomplete or incorrect.

82
Matchingmedium

Match each SELinux context component to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SELinux user identity

Role-based access control component

Type enforcement (most common)

Multi-Level Security sensitivity level

Combined sensitivity and category set

Why these pairings

Components of an SELinux security context (user:role:type:level).

83
Multi-Selectmedium

Which three options are valid ways to install a package 'curl' on a RHEL 8 system? (Choose three.)

Select 3 answers
A.`apt-get install curl`
B.`dnf install curl`
C.`rpm -i curl.rpm`
D.`yum install curl`
E.`zypper install curl`
AnswersB, C, D

Dnf is the default package manager on RHEL 8.

Why this answer

Option B is correct because `dnf` is the default package manager on RHEL 8, replacing `yum` for handling RPM packages with automatic dependency resolution. It directly installs the `curl` package from configured repositories.

Exam trap

The trap here is that candidates may think `yum` is obsolete on RHEL 8, but it still works as a compatibility wrapper, while `apt-get` and `zypper` are clearly from different distributions, and `rpm -i` requires a local file, not a package name.

84
Multi-Selectmedium

Which TWO commands can be used to display the contents of a compressed text file (e.g., .gz, .bz2) directly to standard output without decompressing to disk?

Select 2 answers
A.gzcat
B.zless
C.bzcat
D.lzcat
E.zcat
AnswersC, E

bzcat decompresses .bz2 files to stdout.

Why this answer

Option C (bzcat) is correct because it reads bzip2-compressed files (.bz2) and decompresses them directly to standard output without creating a decompressed file on disk. Option E (zcat) is correct because it does the same for gzip-compressed files (.gz), acting as a front-end to gzip -dc.

Exam trap

The trap here is that candidates may confuse zcat with gzcat (which is not standard) or think zless is equivalent to zcat, when in fact zless is a pager that does not output continuously to stdout.

85
Matchingmedium

Match each Linux runlevel to its typical description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Halt

Single-user mode

Multi-user with networking

Multi-user with GUI

Reboot

Why these pairings

Standard SysV init runlevels.

86
Drag & Dropmedium

Order the steps to add a new user to the system and grant sudo privileges.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

User creation uses useradd, then password is set, and adding to sudo group grants privileges.

87
MCQhard

An organization uses a custom YUM repository. After adding a new RPM package to the repository, clients running 'yum update' do not see the new package. The repository metadata was regenerated using 'createrepo'. What is the most likely reason the clients are not seeing the update?

A.Clients have cached metadata and need to run 'yum clean all' or wait for cache expiration
B.The 'gpgcheck=1' option in the repo file prevents metadata download
C.The repository metadata was not signed with a GPG key
D.The RPM package version number is lower than the currently installed version
AnswerA

Yum caches repomd.xml; a fresh 'yum makecache' is needed.

Why this answer

Option A is correct because YUM clients cache repository metadata locally to improve performance. When a new package is added to a repository and 'createrepo' regenerates the metadata, clients will not see the update until they refresh their cached metadata. Running 'yum clean all' removes the cached metadata and forces a fresh download, or the cache will expire based on the 'metadata_expire' setting in the repo configuration (default is 6 hours).

Exam trap

The trap here is that candidates may think GPG signing or version numbers are the cause, but the real issue is that YUM's metadata caching prevents clients from immediately seeing repository changes without a cache refresh.

How to eliminate wrong answers

Option B is wrong because 'gpgcheck=1' only enables GPG signature verification on packages after they are downloaded, it does not prevent metadata download or repository access. Option C is wrong because repository metadata does not need to be signed with a GPG key for clients to download and use it; GPG signing of metadata is optional and not required for 'yum update' to see new packages. Option D is wrong because if the RPM package version number is lower than the currently installed version, YUM would simply not upgrade it, but the client would still see the package in the repository listing; the question states clients do not see the new package at all, indicating a metadata freshness issue, not a version comparison.

88
MCQmedium

After a reboot, a server fails to obtain an IP address on its sole ethernet interface. The administrator checks /etc/netplan/01-netcfg.yaml and finds the configuration looks correct. However, the interface shows no IP. The system uses systemd-networkd. Which command should be run next to apply the configuration and bring up the interface?

A.netplan apply
B.ifup eth0
C.systemctl restart networking
D.systemctl restart systemd-networkd
AnswerA

netplan apply ensures the YAML config is parsed and applied to systemd-networkd.

Why this answer

netplan apply reads the YAML configuration and generates systemd-networkd files, then applies them. Restarting systemd-networkd alone may not re-read the netplan configuration. ifup is a legacy command. systemctl restart networking is for SysV systems.

89
MCQeasy

Refer to the exhibit. An administrator wants to unset the BASH_ALIASES associative array. Which command will correctly remove it?

A.export -n BASH_ALIASES
B.unset -v BASH_ALIASES
C.delete BASH_ALIASES
D.unset BASH_ALIASES
AnswerD

Correctly unsets the variable or array.

Why this answer

Option A is correct. The unset command without any options removes a variable or array. `unset BASH_ALIASES` will unset the variable. Options B and C are not valid syntax for unsetting.

Option D is not a valid command.

90
MCQhard

Refer to the exhibit. The system has multiple SAS drives attached to this controller, but one of them is not detected during boot. Which command is most likely to provide information about the device detection order?

A.cat /proc/scsi/scsi
B.lsblk
C.dmesg | grep -i scsi
D.lsscsi
AnswerC

dmesg displays kernel messages with timestamps, revealing the order of SCSI device detection.

Why this answer

Option B is correct because dmesg shows kernel ring buffer messages with timestamps, allowing you to see the order in which devices were detected. Option A (lsblk) shows block devices but not detection order. Option C (lsscsi) lists SCSI devices currently present but not their order.

Option D (cat /proc/scsi/scsi) shows attached SCSI devices but not detection order.

91
MCQmedium

Which configuration file is the primary configuration file for logrotate?

A./var/log/messages
B./etc/logrotate.d/
C./etc/logrotate.conf
D./etc/rsyslog.conf
AnswerC

The main configuration file for logrotate.

Why this answer

The primary configuration file for logrotate is /etc/logrotate.conf. This file sets global options such as rotation frequency, compression, and the number of rotated logs to keep. It also includes configuration snippets from /etc/logrotate.d/ via an include directive, but the main control file is /etc/logrotate.conf.

Exam trap

The trap here is that candidates confuse the directory /etc/logrotate.d/ (which holds supplementary configs) with the primary configuration file /etc/logrotate.conf, or mistake /etc/rsyslog.conf (a logging daemon config) for logrotate's config.

How to eliminate wrong answers

Option A is wrong because /var/log/messages is a system log file managed by rsyslog or syslog-ng, not a configuration file for logrotate. Option B is wrong because /etc/logrotate.d/ is a directory containing per-service configuration snippets that are included by /etc/logrotate.conf, not the primary configuration file itself. Option D is wrong because /etc/rsyslog.conf is the configuration file for the rsyslog daemon, which handles system logging, not log rotation.

92
Multi-Selectmedium

Which TWO of the following are valid methods to view kernel messages on a systemd-based system?

Select 2 answers
A.lsmod
B.journalctl -k
C.cat /var/log/syslog
D.grub-mkconfig
E.dmesg
AnswersB, E

Shows kernel messages from the systemd journal for the current boot.

Why this answer

Correct options are A and B. dmesg displays the kernel ring buffer (current boot). journalctl -k shows kernel messages from the systemd journal (current boot by default). Option C (cat /var/log/syslog) may contain kernel messages but is not kernel-specific. Option D (lsmod) lists loaded modules.

Option E (grub-mkconfig) generates GRUB config.

93
Multi-Selectmedium

Which TWO commands can be used to set the default boot target (runlevel) in systemd?

Select 2 answers
A.ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
B.systemctl isolate multi-user.target
C.systemctl default multi-user.target
D.systemctl enable multi-user.target
E.systemctl set-default multi-user.target
AnswersA, E

Manually creates the symlink for default target.

Why this answer

Options A and D are correct: 'systemctl set-default' changes the default target, and manually creating a symlink to the desired target in /etc/systemd/system/ also sets it. Option B is not a valid command, C enables a service, not default target, and E changes the current target temporarily.

94
MCQhard

A script uses a while loop to read lines from a file, but a variable set inside the loop is empty after the loop finishes. What is the most likely cause?

A.The file has an empty line at the end.
B.The variable is declared as readonly.
C.The variable name contains spaces.
D.The while loop is part of a pipeline, causing it to run in a subshell.
AnswerD

Pipeline subshells isolate variable changes.

Why this answer

Option B is correct because if the while loop is part of a pipeline, it runs in a subshell and variable changes are not visible to the parent.

95
Multi-Selecthard

An administrator needs to monitor real-time network bandwidth usage on a Linux server. Which two tools are specifically designed for this purpose? (Choose two.)

Select 2 answers
A.netstat
B.nload
C.traceroute
D.ping
E.iftop
AnswersB, E

Displays incoming and outgoing traffic graphs.

Why this answer

Options A and B are correct. iftop and nload display real-time network bandwidth usage. ping and traceroute measure connectivity, while netstat shows connections but not throughput.

96
MCQeasy

Which directory in the Filesystem Hierarchy Standard (FHS) contains essential user command binaries that are needed in single-user mode?

A./tmp
B./sbin
C./bin
D./boot
AnswerC

Correct: essential user binaries.

Why this answer

The /bin directory contains essential user command binaries (e.g., ls, cp, mv) that are required for system booting and repair in single-user mode. According to the FHS, /bin is intended for commands needed by both the system administrator and users when no other filesystems are mounted, making it critical for single-user mode operations.

Exam trap

The trap here is that candidates confuse /sbin with /bin, assuming that system administration binaries are the essential ones for single-user mode, when in fact /bin provides the user-level commands needed for basic system interaction and recovery.

How to eliminate wrong answers

Option A is wrong because /tmp is a temporary directory for files that may be deleted on reboot, not for essential command binaries. Option B is wrong because /sbin contains system administration binaries (e.g., fdisk, init) intended for the root user, not essential user commands needed in single-user mode. Option D is wrong because /boot contains static boot loader files (e.g., kernel images, initramfs) and not user command binaries.

97
MCQeasy

Based on the exhibit, which statement is true?

A.The disk has write protection enabled
B.The disk has 5 partitions
C.The disk is 1 TB
D.The disk uses GPT partitioning
AnswerC

The log explicitly states 1.00 TB.

Why this answer

Correct: C. The log shows '1953525168 512-byte logical blocks: (1.00 TB/931 GiB)', confirming the disk is 1 TB. Option A is false because only sda1 and sda2 partitions are detected; B is not indicated; D is false because Write Protect is off.

98
MCQeasy

A system administrator wants to display all lines in /var/log/syslog that do NOT contain the string 'error'. Which command accomplishes this?

A.grep -v 'error' /var/log/syslog
B.grep -r 'error' /var/log/syslog
C.grep -l 'error' /var/log/syslog
D.grep -i 'error' /var/log/syslog
AnswerA

Inverts match, showing only lines without 'error'.

Why this answer

Option B is correct because grep -v inverts the match, showing only lines that do not contain the pattern. The -i option in A would ignore case but still show matching lines. Options C and D do not invert the match.

99
MCQeasy

A junior admin is tasked with configuring network bonding on a Debian server with two Ethernet interfaces, eth0 and eth1. The goal is to provide link redundancy using active-backup mode. The admin edits /etc/network/interfaces and adds configuration for bond0 with slaves eth0 eth1, then runs 'ifup bond0'. However, the bond interface fails to come up and the error message indicates that the 'bond' kernel module is not loaded. The admin checks with 'lsmod | grep bonding' and finds no output. Which additional step is required to successfully bring up the bond interface? Options: A) Run 'modprobe bonding' before ifup, B) Add 'auto bond0' in /etc/network/interfaces, C) Use ifenslave directly after ifup, D) Reboot the system to load the module.

A.Run 'modprobe bonding' before ifup
B.Use ifenslave directly after ifup
C.Reboot the system to load the module
D.Add 'auto bond0' in /etc/network/interfaces
AnswerA

Loads the bonding kernel module, enabling bond interface creation.

Why this answer

Option A is correct because the bonding module must be loaded before the bond interface can be created. 'modprobe bonding' loads the kernel module. Option B is irrelevant; 'auto' ensures interface starts at boot but doesn't load the module. Option C is unnecessary if bonding is configured via interfaces; ifenslave is for manual bonding.

Option D is overkill; rebooting may load the module if configured, but loading manually is quicker. So A is correct.

100
Drag & Dropmedium

Order the steps to configure a Linux system to use a proxy server for HTTP.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Proxy configuration involves setting environment variables and application-specific configs.

101
Multi-Selecteasy

Which TWO commands are used to manage Debian packages? (Choose two.)

Select 2 answers
A.zypper
B.apt-get
C.dpkg
D.yum
E.rpm
AnswersB, C

apt-get manages .deb packages via repositories.

Why this answer

dpkg is the low-level Debian package manager, and apt-get (or apt) is the higher-level tool. rpm and yum are for Red Hat-based systems. zypper is for SUSE.

102
MCQhard

A database server with high I/O requirements needs a filesystem layout optimized for performance. The server has four identical 500GB SSDs. Which design best balances performance and reliability, considering the need to separate transaction logs from data files?

A.Use all four SSDs in RAID 10.
B.Use two SSDs in RAID 1 for logs and two in RAID 1 for data.
C.Combine all four SSDs into a single RAID 0 volume, then partition for data and logs.
D.Use one SSD for transaction logs and the other three in RAID 0 for data files.
AnswerD

Separates logs from data for performance; RAID 0 maximizes data throughput, logs benefit from dedicated device.

Why this answer

Option D is correct because it isolates transaction logs on a dedicated SSD to eliminate write contention with data files, while the remaining three SSDs in RAID 0 maximize sequential throughput for data. This design prioritizes performance for high-I/O workloads, accepting the reliability trade-off of RAID 0 for data, which is acceptable when logs (critical for recovery) are on a separate, non-striped device.

Exam trap

LPI often tests the misconception that RAID 10 is always the best balance of performance and reliability, but in this scenario, the need to physically separate logs from data and maximize throughput for high-I/O workloads makes a dedicated log device with RAID 0 for data the optimal performance choice, despite reduced redundancy.

How to eliminate wrong answers

Option A is wrong because RAID 10 (mirroring + striping) across all four SSDs provides redundancy but introduces write overhead from mirroring, which can reduce write performance for high-I/O transaction logs, and it does not physically separate logs from data, leading to contention. Option B is wrong because using two separate RAID 1 pairs isolates logs and data but wastes half the total capacity (only 1TB usable out of 2TB) and does not leverage striping for data throughput, which is suboptimal for high-I/O data files. Option C is wrong because a single RAID 0 volume across all four SSDs offers maximum capacity and speed but provides zero fault tolerance; a single drive failure destroys both logs and data, violating the reliability requirement, and it does not separate logs from data, causing contention.

103
MCQeasy

Refer to the exhibit. Which file system is full and what is the likely consequence if the administrator does not take action?

A.Both are full; system will crash.
B./dev/sda1 is full; system may become unstable.
C.Neither is full; available space is sufficient.
D./dev/sdb1 is full; applications writing to /var may fail.
AnswerD

The mount point /var is at 100% usage.

Why this answer

The exhibit shows that /dev/sdb1, mounted on /var, has 0% available space (100% used). The /var directory stores variable data such as logs, spool files, and temporary files. If /var fills up, critical services like syslog, cron, or package managers (e.g., apt, yum) cannot write to their log or spool files, causing applications that depend on /var to fail.

This is why option D is correct.

Exam trap

LPI often tests the misconception that a full root filesystem (/dev/sda1) is the only critical issue, but the trap here is that /var (often a separate partition) can fill up silently, causing application failures without an immediate system crash.

How to eliminate wrong answers

Option A is wrong because only /dev/sdb1 is full; /dev/sda1 has available space, so the system will not crash outright, but services relying on /var may fail. Option B is wrong because /dev/sda1 is not full; it has 20% used and 80% available, so the system will not become unstable from that mount point. Option C is wrong because /dev/sdb1 is indeed full (100% used), so available space is not sufficient for /var.

104
MCQhard

You are a system administrator at a hosting company. A customer reports that their website hosted on a shared LAMP server is returning error 500. The server runs Ubuntu 22.04 with Apache, MySQL, and PHP. You log in and find that the /var partition (on /dev/sda3, ext4) is almost full. You identify that the MySQL database directory /var/lib/mysql contains several large binary logs that are no longer needed. You delete the binary logs using 'rm -f /var/lib/mysql/mysql-bin.*'. However, the available space does not increase. You also notice that an inode leak is suspected. You check inode usage with 'df -i' and see that the partition has plenty of free inodes. You then check with 'lsof | grep deleted' and see several entries for mysqld holding deleted files. What is the correct procedure to free the space?

A.Restart the MySQL service with 'systemctl restart mysql'.
B.Use 'dpkg --purge mysql-server' to completely remove MySQL, then reinstall it.
C.Run 'e2fsck -f /dev/sda3' to reclaim inodes and fix filesystem inconsistencies.
D.Move the binary logs to a different partition using 'mv /var/lib/mysql/mysql-bin.* /tmp/' and then delete them.
AnswerA

Restarting MySQL closes all open file handles, allowing the kernel to release the disk space occupied by deleted files.

Why this answer

When a file is deleted while a process (like mysqld) still holds an open file descriptor to it, the file's inode remains allocated and the disk space is not freed until the process releases the descriptor. Restarting the MySQL service (systemctl restart mysql) causes mysqld to close all open file descriptors, allowing the kernel to release the deleted binary logs' inodes and reclaim the disk space.

Exam trap

The trap here is that candidates assume deleting a file immediately frees disk space, overlooking that processes with open file descriptors prevent the kernel from releasing the inode and data blocks until the descriptor is closed.

How to eliminate wrong answers

Option B is wrong because completely purging and reinstalling MySQL is an unnecessarily destructive and time-consuming procedure; the issue is simply that the MySQL process holds open file descriptors to the deleted logs, not a problem with the MySQL installation itself. Option C is wrong because e2fsck checks and repairs filesystem metadata, but it does not force processes to release open file descriptors; the inodes are already marked as deleted but are still held open by mysqld, so e2fsck cannot reclaim them. Option D is wrong because moving the files to /tmp/ and then deleting them would still leave the MySQL process holding open file descriptors to the moved (and then deleted) files, resulting in the same space-not-freed problem; the core issue is the open file descriptor, not the file's location.

105
MCQmedium

Refer to the exhibit. When will the backup script run?

A.Daily at 4:30 AM
B.Monthly at 4:30 AM on the 1st
C.Yearly at 4:30 AM
D.Weekly at 4:30 AM
AnswerB

The '1' in the day-of-month field indicates the first day of each month.

Why this answer

The cron entry `30 4 1 * * /usr/local/bin/backup.sh` specifies that the script runs when the minute is 30, hour is 4, and day-of-month is 1, with the month and day-of-week fields set to `*` (meaning every month and every day of the week). This results in execution at 4:30 AM on the 1st day of every month, making option B correct.

Exam trap

LPI often tests the misconception that a `*` in the day-of-week field implies 'every day' but candidates forget that the day-of-month field of `1` restricts execution to only the 1st, not daily.

How to eliminate wrong answers

Option A is wrong because 'Daily at 4:30 AM' would require the day-of-month field to be `*` (or a day-of-week field set to `*` with no day-of-month restriction), but here the day-of-month is `1`, limiting execution to only the 1st of each month. Option C is wrong because 'Yearly at 4:30 AM' would typically use a specific month field (e.g., `30 4 1 1 *` for January 1st), but the month field is `*`, meaning every month, not just one month per year. Option D is wrong because 'Weekly at 4:30 AM' would require a specific day-of-week value (e.g., `30 4 * * 0` for Sunday), but the day-of-week field is `*` and the day-of-month is `1`, which does not guarantee a weekly schedule.

106
MCQmedium

A log file access.log contains multiple entries per IP address. An administrator wants to display a list of unique IP addresses sorted by frequency (most frequent first). Which command pipeline achieves this?

A.awk '{print $1}' access.log | sort | uniq | sort -rn
B.awk '{print $1}' access.log | sort | uniq -c | sort -rn
C.awk '{print $1}' access.log | sort -rn | uniq -c
D.awk '{print $1}' access.log | sort | uniq -c | sort -k2
AnswerB

Correctly counts IP occurrences and sorts by frequency descending.

Why this answer

Option D is correct. First extract the IP field with awk, sort, then count duplicates with uniq -c, and finally sort numerically in reverse to show most frequent first.

107
MCQeasy

A technician runs 'blkid' and sees output like '/dev/sda2: UUID="abc-def-ghi" TYPE="ext4"'. Which command can mount this partition using its UUID?

A.mount -U "abc-def-ghi" /mnt
B.mount -I "abc-def-ghi" /mnt
C.mount /dev/sda2 /mnt
D.mount -L "abc-def-ghi" /mnt
AnswerA

mount -U mounts by UUID.

Why this answer

Option A is correct because the 'mount' command supports the '-U' option to specify a partition by its UUID, which is a unique identifier for the filesystem. This allows mounting without relying on device names like /dev/sda2, which can change across reboots. The UUID is taken directly from the 'blkid' output.

Exam trap

The trap here is that candidates may confuse the '-U' (UUID) option with the '-L' (label) option, or assume that any option that accepts a string can mount by UUID, leading them to select the incorrect '-L' or '-I' flags.

How to eliminate wrong answers

Option B is wrong because '-I' is not a valid option for the mount command; it is used with 'lsblk' to specify a device by major:minor number, not for mounting. Option C is wrong because while it would work in this specific case, it uses the device path /dev/sda2 instead of the UUID, which is not the command requested by the question (the question asks for a command that mounts using the UUID). Option D is wrong because '-L' is used to mount by filesystem label, not by UUID; the label is a human-readable name, while the UUID is a unique hexadecimal string.

108
MCQmedium

After receiving a compressed tarball archive.tar.gz from a colleague, you want to list its contents without extracting. Which command should you use?

A.tar -xzf archive.tar.gz
B.tar -cvf archive.tar.gz
C.gzip -d archive.tar.gz | tar -t
D.tar -tvf archive.tar.gz
AnswerD

-t lists the contents of the archive without extracting.

Why this answer

The `tar -tvf archive.tar.gz` command lists the contents of a compressed tarball without extracting it. The `-t` option tells tar to list the archive's table of contents, `-v` provides verbose output (showing file permissions, ownership, etc.), and `-f` specifies the archive file. Tar automatically detects and decompresses the gzip compression when reading the file, so no separate decompression step is needed.

Exam trap

The trap here is that candidates confuse the `-x` (extract) flag with `-t` (list) because both are used for reading archives, but only `-t` lists without extracting; LPI often tests this by offering `-xzf` as a distractor, assuming candidates will misremember the flag for listing.

How to eliminate wrong answers

Option A is wrong because `tar -xzf archive.tar.gz` extracts the archive (the `-x` flag means extract), not lists its contents. Option B is wrong because `tar -cvf archive.tar.gz` creates a new archive (the `-c` flag means create) from files, which would overwrite the existing file or fail, and does not list contents. Option C is wrong because `gzip -d archive.tar.gz | tar -t` attempts to decompress the file and pipe the output to `tar -t`, but `gzip -d` without `-c` (or `--stdout`) writes the decompressed data to a file (removing the .gz extension) instead of sending it to stdout, so the pipe receives no data and tar fails; even if corrected with `gzip -dc`, it is unnecessarily complex since tar handles decompression natively.

109
MCQmedium

A user complains that a filesystem is reporting 'Disk quota exceeded' even though the user has not stored any new files recently. What could be the cause?

A.Symlinks are counted against the quota
B.Hard links are consuming additional inodes
C.The user has exceeded the inode quota
D.File ownership is misconfigured
AnswerC

Inode quota limits the number of files, not just disk space.

Why this answer

Option C is correct because Linux filesystems enforce two types of quotas: block quotas (for disk space) and inode quotas (for the number of files and directories). If the user has not stored new files recently but still receives a 'Disk quota exceeded' error, it is likely that they have exceeded their inode quota, meaning they have created too many files or directories (each consuming an inode), even if those files are small or empty. The error message is generic and can refer to either quota type, so the inode limit is the probable cause when no recent data writes have occurred.

Exam trap

The trap here is that candidates assume 'Disk quota exceeded' always refers to disk space (blocks), but LPIC-1 tests the distinction between block quotas and inode quotas, and that the same error message applies to both.

How to eliminate wrong answers

Option A is wrong because symlinks (symbolic links) are not counted against the quota of the user who owns the symlink; they are separate files that point to another file and do not consume the target's quota. Option B is wrong because hard links do not consume additional inodes; they are additional directory entries pointing to the same inode, so the inode count remains unchanged for the user. Option D is wrong because misconfigured file ownership would cause permission errors (e.g., 'Permission denied'), not a 'Disk quota exceeded' error, which is specifically a quota enforcement mechanism.

110
MCQhard

A DevOps engineer is setting up an automated build pipeline for a Python application on a Debian system. The application must be packaged into a .deb for deployment. The engineer writes a Makefile that creates the package but the final 'dpkg -i' step fails due to unmet dependencies: the application requires python3-requests >= 2.0, but the repositories provide 1.0. The team has a local mirror with custom packages including python3-requests 2.0. The mirror is correctly listed in /etc/apt/sources.list. The engineer runs 'apt-get update' before building, but the dependency resolution still fails. What is the most likely cause?

A.The engineer must set the --force-depends option to skip dependency checks.
B.The .deb package should be installed using 'apt install ./package.deb' instead of 'dpkg -i'.
C.The 'apt-get update' command did not run successfully; the engineer should check the output.
D.The python3-requests 2.0 package has not been correctly built or uploaded to the local mirror.
AnswerB

apt automatically resolves and installs dependencies from repositories.

Why this answer

dpkg does not resolve dependencies; it only checks the local dpkg database. The solution is to use a higher-level tool like 'apt' that handles dependencies. Option B is wrong because apt-get update was run.

Option C is redundant but not the cause of dpkg failure. Option D is not necessary.

111
MCQhard

A system is running out of disk space on /var. The administrator finds that /var/log/syslog is 4GB. Which of the following is the best course of action to prevent future issues while keeping recent logs?

A.Use 'truncate -s 0 /var/log/syslog' to empty the file.
B.Configure logrotate to rotate and compress logs daily.
C.Configure syslog to stop logging.
D.Delete /var/log/syslog and create an empty file.
AnswerB

Correct: logrotate manages log sizes.

Why this answer

Option B is correct because logrotate is the standard Linux utility for managing log file growth. By configuring it to rotate and compress logs daily, the administrator can automatically archive old logs (e.g., /var/log/syslog.1.gz) and keep only recent entries in the active file, preventing disk space exhaustion without losing historical data.

Exam trap

The trap here is that candidates confuse immediate space recovery (truncation/deletion) with sustainable log management, overlooking that logrotate provides automated, policy-driven rotation and compression to prevent recurrence.

How to eliminate wrong answers

Option A is wrong because truncating the file to zero bytes only frees space immediately but does not prevent the file from growing again; it also discards all existing logs, which may violate compliance or troubleshooting needs. Option C is wrong because stopping syslog entirely would halt all system logging, losing critical diagnostic information and potentially violating security auditing requirements. Option D is wrong because deleting and recreating the file is functionally similar to truncation—it frees space now but offers no automated rotation or compression, so the problem will recur.

112
MCQeasy

On a Debian-based system using ifupdown, which file should be edited to configure a static IP address for an interface?

A./etc/systemd/network/50-static.network
B./etc/network/interfaces
C./etc/netplan/01-netcfg.yaml
D./etc/sysconfig/network-scripts/ifcfg-eth0
AnswerB

This is the main configuration file for ifupdown on Debian.

Why this answer

Option B is correct because /etc/network/interfaces is the traditional configuration file for network interfaces on Debian. Option A is for Red Hat-based systems, Option C for netplan, and Option D for systemd-networkd.

113
MCQmedium

Refer to the exhibit. The system administrator wants to determine which package provides the file /etc/passwd. Based on the output, which command would be most appropriate to find the package?

A.`dpkg -L base-passwd`
B.`apt-file search /etc/passwd`
C.`dpkg -S /etc/passwd`
D.`apt-cache show /etc/passwd`
AnswerC

Searches for the package that owns the file.

Why this answer

`dpkg -S /path` searches the installed packages for ownership of the file. `apt-file search` can also do this but is not installed by default. `dpkg -L` lists files in a package, not the reverse. `apt-cache show` shows package info, not file ownership.

114
MCQeasy

A system administrator notices that the system time is incorrect by several minutes. Which command should be used first to check the status of NTP synchronization?

A.timedatectl
B.ntpdate
C.date
D.hwclock
AnswerA

timedatectl displays NTP synchronization status and allows detailed checks.

Why this answer

The timedatectl command shows the current time, date, timezone, and NTP synchronization status. The date command only displays the current time but not NTP status. hwclock accesses the hardware clock, and ntpdate performs a one-time sync but does not show status.

115
MCQeasy

An administrator notices that SSH connections to a remote Linux server are timing out. After confirming network connectivity, which command should the administrator run on the server to check whether the SSH daemon is actively listening?

A.ls /etc/ssh/
B.systemctl status sshd
C.nc -zv localhost 22
D.netstat -tuln
AnswerB

This command shows the current status of the sshd service, including whether it is running.

Why this answer

Option A is correct because systemctl queries the service manager to show the status of the sshd service, including whether it is running and enabled. Option B shows listening ports but does not give the service status. Option C tests port connectivity but not the service itself.

Option D only checks for configuration file existence.

116
MCQhard

After connecting a USB device, the system does not create a device node in /dev. Which command can be used to trigger udev to re-evaluate the device?

A.modprobe
B.udevadm control --reload
C.udevadm settle
D.udevadm trigger
AnswerD

This command generates uevents for existing devices, causing udev to process them again.

Why this answer

The correct option is A: udevadm trigger forces udev to re-evaluate all devices. Option B (udevadm control --reload) reloads rules but does not trigger events. Option C (udevadm settle) waits for pending events.

Option D (modprobe) loads kernel modules, not udev event processing.

117
MCQmedium

A developer has a directory /home/user/project with many files and subdirectories. They need to change the group ownership of all .txt files to 'developers' and set permissions to 640. Which single command accomplishes this?

A.find /home/user/project -name '*.txt' -exec chgrp developers {} \;
B.chmod -R 640 /home/user/project/*.txt
C.find /home/user/project -name '*.txt' -exec chown :developers {} \; -exec chmod 640 {} \;
D.find /home/user/project -name '*.txt' -exec chmod 640 {} \;
AnswerC

Changes both group and permissions in a single find command.

Why this answer

Option D is correct because find executes both chown and chmod on each .txt file, changing group via :developers and setting permissions to 640.

118
Multi-Selecthard

Which THREE of the following are valid sources to configure GRUB?

Select 3 answers
A./boot/grub/menu.lst
B./etc/grub.conf
C./boot/grub/grub.cfg
D./etc/default/grub
E./etc/grub.d/
AnswersC, D, E

The actual boot configuration file read by GRUB.

Why this answer

Options A, B, and C are correct: /etc/default/grub contains user settings, /boot/grub/grub.cfg is the generated configuration, and /etc/grub.d/ contains scripts that generate grub.cfg. Options D and E are legacy locations for older GRUB versions.

119
Multi-Selectmedium

Which TWO of the following are valid methods to configure network interfaces on a Linux system? (Choose two.)

Select 2 answers
A.Editing /etc/network/interfaces file.
B.Using the 'ifconfig' command.
C.Using the 'ip' command.
D.Using the 'route' command.
E.Editing /etc/sysconfig/network-scripts/ network configuration files.
AnswersA, C

Used by Debian-based systems.

Why this answer

Option A is correct because the `/etc/network/interfaces` file is the primary configuration file for network interfaces on Debian-based Linux distributions (e.g., Ubuntu). It allows static or dynamic (DHCP) configuration of interfaces using directives like `iface`, `address`, and `netmask`, and is read by the `ifup` and `ifdown` commands at boot or on demand.

Exam trap

The trap here is that candidates often confuse temporary runtime commands (like `ifconfig` and `route`) with persistent configuration methods, or they assume a distribution-specific path like `/etc/sysconfig/network-scripts/` is universally valid across all Linux systems.

120
MCQhard

A Linux system fails to boot with the error 'Kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)'. After investigation, the administrator suspects that the root filesystem device is not being detected. Which of the following is the most likely cause?

A.The root filesystem is corrupted
B.The initrd file is missing or corrupted
C.The root= kernel parameter points to a non-existent device
D.The SATA controller driver is not included in the kernel
AnswerC

If the root= parameter specifies a device that does not exist or is not recognized, the kernel fails with this error.

Why this answer

The error 'VFS: Unable to mount root fs on unknown-block(0,0)' indicates the kernel cannot locate the device specified by the 'root=' kernel parameter. If this parameter points to a non-existent device (e.g., wrong partition number or missing disk), the kernel fails to mount the root filesystem, causing a panic. This is the most direct cause among the options.

Exam trap

The trap here is that candidates often confuse a missing initrd (which handles driver loading) with a root device misconfiguration, but the specific 'unknown-block(0,0)' error directly points to the root= parameter pointing to a device that does not exist, not a driver or initrd issue.

How to eliminate wrong answers

Option A is wrong because a corrupted root filesystem would typically produce a different error (e.g., 'mount: /dev/sda1: can't read superblock') rather than 'unknown-block(0,0)', which indicates the device itself is not found. Option B is wrong because a missing or corrupted initrd would cause a failure to load necessary drivers or modules, but the error here specifically points to the root device not being recognized, not a missing initrd. Option D is wrong because if the SATA controller driver were missing, the kernel would not detect the disk at all, but the error 'unknown-block(0,0)' suggests the kernel is trying to mount a device it cannot find, not that the controller is unsupported; a missing driver would typically result in no block device being created, not a specific unknown-block error.

121
Multi-Selecthard

Which THREE steps are required to configure a static IP address on a modern Linux system using systemd-networkd?

Select 3 answers
A.Edit /etc/hosts to map IP to hostname
B.Create a .network file in /etc/systemd/network/
C.Edit /etc/resolv.conf to set DNS servers
D.Run 'ip addr add <IP> dev eth0'
E.Run 'systemctl restart systemd-networkd'
AnswersB, C, E

Required for static configuration.

Why this answer

Options A, B, and C are correct. To configure static IP with systemd-networkd: create a .network file (A), restart the service (B), and set DNS in resolv.conf or via network configuration (C). Option D (edit /etc/hosts) is optional and not required for IP configuration.

Option E (ip addr add) is temporary and not persistent.

122
MCQmedium

Based on the exhibit, which of the following is true about the cleanup.sh job?

A.It runs at 4:30 AM every day
B.It runs at 4:30 AM on Monday through Friday
C.It runs at 4:00 AM on weekdays
D.It runs at 4:30 AM on weekends
AnswerB

Correct interpretation of the cron schedule.

Why this answer

The cron expression `30 4 * * 1-5` specifies that the job runs at minute 30, hour 4 (4:30 AM), every day of month (*), every month (*), but only on days of the week 1 through 5 (Monday=1, Tuesday=2, Wednesday=3, Thursday=4, Friday=5). Therefore, the job runs at 4:30 AM on Monday through Friday.

Exam trap

The trap here is that candidates often misread the minute field (30) as the hour or confuse the day-of-week range `1-5` with 'every day', leading them to select 'every day' or 'weekends' instead of the correct weekday-only schedule.

How to eliminate wrong answers

Option A is wrong because it states 'every day', but the day-of-week field `1-5` restricts execution to weekdays only, not all seven days. Option C is wrong because it specifies 4:00 AM, but the minute field is `30`, not `0`, so the job runs at 4:30 AM, not 4:00 AM. Option D is wrong because it says 'on weekends', but the day-of-week range `1-5` explicitly excludes Saturday (6) and Sunday (0 or 7), so the job does not run on weekends.

123
MCQmedium

A system administrator notices that the /tmp directory is filling up quickly, causing applications to fail. The administrator wants to ensure that files in /tmp are automatically cleaned after a certain period. Which of the following is the best approach without installing additional software?

A.Add a cron job that runs 'rm -rf /tmp/*' every hour.
B.Install tmpwatch and configure it to clean files older than 1 day.
C.Set the sticky bit on /tmp to automatically delete old files.
D.Configure the systemd-tmpfiles service with a configuration file to clean /tmp regularly.
AnswerD

systemd-tmpfiles is part of systemd and is available by default; it provides a clean mechanism for temporary file management.

Why this answer

Option D is correct because systemd-based Linux distributions include the systemd-tmpfiles service, which can be configured via files in /etc/tmpfiles.d/ to automatically clean temporary files based on age, size, or other criteria. This approach uses built-in systemd functionality without requiring additional software, and it is the recommended method for managing /tmp cleanup on modern systems.

Exam trap

The trap here is that candidates may confuse the sticky bit (which only prevents deletion by other users) with automatic cleanup, or assume that a brute-force cron job is acceptable, while the correct answer leverages a built-in systemd service that is already present on most modern Linux distributions.

How to eliminate wrong answers

Option A is wrong because using 'rm -rf /tmp/*' in a cron job is dangerous and unreliable: it will delete all files regardless of age, may fail on hidden files or subdirectories with special characters, and can cause race conditions or data loss for running applications. Option B is wrong because tmpwatch is not installed by default on most modern distributions and the question explicitly states 'without installing additional software'. Option C is wrong because the sticky bit (chmod +t) only prevents users from deleting files they do not own; it does not automatically delete old files.

124
MCQmedium

Which command displays all error messages from the systemd journal since the last boot?

A.journalctl -b -p warning
B.journalctl -b -p err
C.journalctl -b -p crit
D.journalctl -b -p info
AnswerB

Correct: shows error messages for current boot.

Why this answer

Option B is correct because `journalctl -b -p err` filters the systemd journal to show only messages with a priority level of 'err' (error) or higher since the last boot. The `-b` flag restricts output to the current boot, and `-p err` selects messages at the 'err' level and above (including 'crit', 'alert', and 'emerg'), which are all error-related. This matches the requirement to display 'all error messages' from the systemd journal since the last boot.

Exam trap

The trap here is that candidates may confuse the 'level-or-above' behavior of `-p` and think `-p err` only shows exact 'err' messages, or they may incorrectly assume `-p warning` includes errors, when in fact 'warning' is a lower priority and does not cover all error levels.

How to eliminate wrong answers

Option A is wrong because `-p warning` filters for 'warning' priority messages and above, which includes 'warning' itself but also 'err', 'crit', 'alert', and 'emerg'; however, 'warning' is not an error message—it indicates a potential issue, not an actual error, so it does not display 'all error messages' exclusively. Option C is wrong because `-p crit` filters for 'crit' (critical) priority and above, which is a subset of error messages but excludes 'err' (error) level messages, so it does not display 'all error messages'—it only shows the most severe ones. Option D is wrong because `-p info` filters for 'info' priority and above, which includes informational messages, notices, warnings, and errors; this is too broad and includes non-error messages, failing to display only error messages.

125
MCQeasy

You are a junior administrator for a company that uses a standard disk image for all Linux servers. The image is based on CentOS 7. You need to ensure that new servers automatically install all available security updates during the first boot. You plan to run a command in a startup script. Which command should you use?

A.yum check-update
B.yum install yum-cron
C.yum update -y
D.apt-get upgrade -y
AnswerC

Updates all packages automatically.

Why this answer

Option C is correct because `yum update -y` installs all available updates, including security updates, without prompting for confirmation. On CentOS 7, this command updates all packages to their latest versions, which encompasses security patches. Running this in a startup script ensures that security updates are applied automatically on first boot.

Exam trap

The trap here is that candidates may confuse the command for listing updates (`check-update`) with the command for installing them, or mistakenly apply a Debian-based command (`apt-get`) to a Red Hat-based system like CentOS 7.

How to eliminate wrong answers

Option A is wrong because `yum check-update` only lists available updates without installing any, so it would not apply security updates. Option B is wrong because `yum install yum-cron` installs the yum-cron package, which is used for automatic periodic updates, but does not itself install updates immediately; it requires configuration and is not a one-time command for first boot. Option D is wrong because `apt-get upgrade -y` is a Debian/Ubuntu package manager command, not applicable to CentOS 7 which uses yum (or dnf in later versions).

126
MCQeasy

Which command lists all installed packages on a Debian-based system by querying the dpkg database?

A.apt-cache search .
B.dpkg -L
C.dpkg --get-selections
D.apt-show-versions
AnswerC

Lists all installed packages.

Why this answer

Option C is correct because `dpkg --get-selections` queries the dpkg database directly and outputs a list of all installed packages along with their installation state (e.g., 'install'). This command does not rely on remote repositories or cache files, making it a reliable method for listing installed packages on a Debian-based system.

Exam trap

The trap here is that candidates confuse `dpkg -L` (which lists files for a specific package) with a command that lists all installed packages, or they assume `apt-cache search .` shows only installed packages when it actually queries the entire repository cache.

How to eliminate wrong answers

Option A is wrong because `apt-cache search .` searches the APT package cache for packages matching a pattern (the dot matches any character), but it lists all available packages in the repositories, not just those installed. Option B is wrong because `dpkg -L` lists files installed by a specific package (e.g., `dpkg -L bash`), not all installed packages; it requires a package name as an argument. Option D is wrong because `apt-show-versions` is not a standard Debian command; the correct tool for showing installed package versions is `apt list --installed` or `dpkg -l`, and `apt-show-versions` is a third-party script that may not be present by default.

127
MCQeasy

A systems administrator downloads a .deb package file but it fails to install due to unmet dependencies. Which command sequence should be used to resolve the dependencies and complete the installation?

A.apt-get install -f
B.dpkg -i package.deb; apt-get install -f
C.dpkg --configure -a
D.apt-get upgrade
AnswerB

dpkg -i installs the package; apt-get install -f resolves dependencies.

Why this answer

Option A is correct because dpkg -i installs the package and then apt-get install -f fixes broken dependencies. Option B is incorrect because dpkg --configure -a only configures partially installed packages but does not fetch missing dependencies. Option C is incorrect because apt-get install -f alone does not install the .deb.

Option D is incorrect because apt-get upgrade upgrades packages but does not fix missing dependencies.

128
Multi-Selecteasy

Which three files are essential for network configuration and name resolution on a typical Linux system? (Choose three.)

Select 3 answers
A./etc/network/interfaces
B./etc/hosts
C./etc/sysctl.conf
D./etc/nsswitch.conf
E./etc/resolv.conf
AnswersB, D, E

Maps hostnames to IP addresses locally.

Why this answer

Options A, B, and C are correct. /etc/hosts contains static hostname mappings, /etc/resolv.conf specifies DNS servers, and /etc/nsswitch.conf defines the order of name resolution sources. /etc/network/interfaces is distribution-specific, and /etc/sysctl.conf is for kernel parameters, not essential for basic network configuration.

129
MCQhard

A system administrator needs to blacklist the kernel module 'pcspkr' to disable the PC speaker. Which is the correct method?

A.Add 'blacklist pcspkr' to /etc/modprobe.d/blacklist.conf
B.Add 'load pcspkr' to /etc/modules
C.Add 'install pcspkr /bin/true' to /etc/modprobe.d/blacklist.conf
D.Remove the module from /lib/modules/$(uname -r)/kernel/drivers
AnswerA

The blacklist directive in modprobe configuration prevents the module from loading.

Why this answer

The correct option is B: Add 'blacklist pcspkr' to a file in /etc/modprobe.d/. Option A removes the module file, which is excessive and may break dependencies. Option C adds a dummy install command, but the 'blacklist' directive is the standard method.

Option D loads the module, not blacklist it.

130
MCQmedium

Refer to the exhibit. The system administrator notices the /var/log partition is nearly full. The syslog file is 2GB. Which command will safely reduce the size of this log file without stopping the logging daemon?

A.cp /dev/null /var/log/syslog
B.rm /var/log/syslog && touch /var/log/syslog
C.> /var/log/syslog
D.mv /var/log/syslog /var/log/syslog.old
AnswerC

Truncating the file to zero length is safe; the file descriptor remains valid.

Why this answer

The 'logrotate' utility can be used to rotate logs, but the simplest safe method is to truncate the file using '> /var/log/syslog' or 'truncate -s 0 /var/log/syslog'. Copying or deleting may cause issues with the running process.

131
MCQmedium

Refer to the exhibit. An application uses this JSON policy to control execution of commands. If a user tries to run /usr/bin/passwd, what will happen?

A.Denied because the deny rule is more specific.
B.Allowed because the allow rule matches.
C.The policy is invalid due to conflicting rules.
D.The path pattern does not match.
AnswerA

The deny rule explicitly blocks /usr/bin/passwd, so execution is denied.

Why this answer

Option B is correct. The policy defines an allow rule for /usr/bin/* and a specific deny rule for /usr/bin/passwd. Typically, deny rules override allow rules when both match, so the execution is denied.

132
MCQhard

During boot, a Linux system displays 'Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. Which of the following is the most likely cause?

A.The root filesystem is corrupted and needs fsck.
B.The kernel lacks the necessary driver for the storage controller.
C.The root= parameter in the boot loader points to a non-existent device.
D.The initrd is missing or corrupted.
AnswerB

Missing driver prevents accessing the root filesystem.

Why this answer

The error 'unknown-block(0,0)' indicates the kernel cannot find a device to mount as root. This typically occurs when the kernel lacks the driver for the storage controller (e.g., SATA, NVMe, SCSI host adapter) needed to access the root filesystem. Without the driver, the kernel cannot enumerate the block device, even if the root= parameter is correct and the filesystem is intact.

Exam trap

The trap here is that candidates often confuse 'unknown-block(0,0)' with a missing root= parameter or a corrupted filesystem, but the error specifically indicates the kernel cannot find the block device at all, which is almost always a missing storage driver.

How to eliminate wrong answers

Option A is wrong because a corrupted root filesystem would produce a different error, such as 'mount: /dev/sda1: can't read superblock' or a kernel panic with a filesystem-specific error, not 'unknown-block(0,0)'. Option C is wrong because if root= pointed to a non-existent device, the kernel would still attempt to mount it and fail with a 'mount: special device does not exist' or 'no such device' message, not the generic 'unknown-block(0,0)' which indicates the device node was never created. Option D is wrong because a missing or corrupted initrd typically causes a different panic like 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)' only if the initrd itself contains the necessary storage driver; however, the error here is specifically about the root device not being found, which can occur even with a valid initrd if the initrd lacks the correct driver or the root= parameter is misconfigured, but the most common and direct cause is a missing storage controller driver in the kernel or initrd.

133
MCQeasy

An administrator wants to run a shell script every day at 2:00 AM. Which command should be used to edit the user's personal crontab?

A.crontab -l
B.crontab -e
C.at 2:00 AM
D.vi /var/spool/cron/crontabs/username
AnswerB

Opens the personal crontab in the default editor for modifications.

Why this answer

The correct command to edit a user's personal crontab is `crontab -e`. This invokes the default text editor (as defined by the EDITOR or VISUAL environment variable) on the user's crontab file, ensuring proper syntax validation and locking to prevent concurrent edits. It is the standard and recommended way to modify cron jobs for the current user.

Exam trap

The trap here is that candidates may think they can directly edit the crontab file in `/var/spool/cron/` with `vi`, but the LPIC-1 exam expects you to know that only the `crontab` command should be used to safely modify user crontabs to avoid syntax errors and file corruption.

How to eliminate wrong answers

Option A is wrong because `crontab -l` lists the current user's crontab entries to standard output, it does not open an editor for modifications. Option C is wrong because `at 2:00 AM` is used for scheduling a one-time job at a specific time, not for recurring daily execution at 2:00 AM; `at` does not edit crontab files. Option D is wrong because directly editing the file `/var/spool/cron/crontabs/username` (or `/var/spool/cron/username` on some systems) bypasses the `crontab` command's syntax checking and locking mechanisms, which can lead to corruption or invalid entries; the `crontab` command should always be used to safely modify these files.

134
MCQeasy

Which file is used by GRUB to load the kernel at boot time?

A./etc/grub.d/
B./etc/default/grub
C./boot/vmlinuz
D./boot/grub/grub.cfg
AnswerD

This is the generated configuration file used by GRUB at boot.

Why this answer

Option A is the actual configuration file that GRUB reads. Option B contains default settings, C is the kernel image, D are scripts that generate the config.

135
MCQeasy

An administrator added a new APT repository to sources.list. Which command must be run to make the system aware of the packages from that repository?

A.apt-get upgrade
B.apt upgrade
C.apt-cache search
D.apt update
AnswerD

apt update synchronizes the package index files from sources.

Why this answer

The 'apt update' (or 'apt-get update') command refreshes the package index. 'apt upgrade' and 'apt-get upgrade' upgrade installed packages. 'apt-cache' is used for querying the package cache.

136
MCQmedium

Refer to the exhibit. Which file has a special permission that allows a user to execute the file with the privileges of the file owner?

A./usr/bin/myapp
B./tmp/shared
C./usr/bin/su
D.None of the above
AnswerC

Has setuid bit (rws).

Why this answer

The /usr/bin/su command has the SUID (Set User ID) special permission set (typically mode 4755). This allows any user who executes the file to run it with the effective user ID of the file owner (root), enabling privilege escalation to perform administrative tasks. The SUID bit is represented by an 's' in the owner's execute position when viewed with ls -l.

Exam trap

The trap here is that candidates often confuse the SUID permission with the SGID or sticky bit, or assume that any executable file in /usr/bin has special permissions, when in fact only specific system binaries like su, sudo, and passwd are configured with SUID for security reasons.

How to eliminate wrong answers

Option A is wrong because /usr/bin/myapp is a generic application file that does not inherently have the SUID permission set; without the SUID bit, it executes with the privileges of the user who runs it, not the file owner. Option B is wrong because /tmp/shared is a directory (or a regular file without SUID), and directories use the SGID or sticky bit for different purposes (e.g., group inheritance or preventing file deletion by non-owners), not for executing with the file owner's privileges. Option D is wrong because /usr/bin/su does have the special permission described, so 'None of the above' is incorrect.

137
MCQmedium

An administrator needs to copy a directory hierarchy from one server to another over SSH, preserving permissions, ownership, and timestamps. Which command is most appropriate?

A.cp -a /source /mnt/remote
B.tar cf - /source | ssh user@dest "tar xf - -C /target"
C.scp -rp /source user@dest:/target
D.rsync -avz /source user@dest:/target
AnswerB

Preserves all metadata and works over SSH.

Why this answer

Option B is correct because it uses `tar` to create an archive of the source directory, pipes it over SSH, and extracts it on the remote server with `tar xf - -C /target`. This method preserves all file metadata (permissions, ownership, timestamps) because `tar` captures and restores these attributes by default, and the pipe over SSH transfers the raw archive without any transformation. Unlike `scp` or `rsync` (without root privileges), this approach can preserve ownership even when the user is not root, as long as the remote `tar` runs with appropriate privileges.

Exam trap

The trap here is that candidates often choose `rsync -avz` (Option D) because it is commonly used for backups, but they overlook that preserving ownership over SSH requires root privileges and the `--numeric-ids` flag, which is not specified in the option, making `tar` the more reliable choice for this specific requirement.

How to eliminate wrong answers

Option A is wrong because `cp -a /source /mnt/remote` assumes the remote directory is mounted locally (e.g., via NFS or SSHFS), not over SSH directly; it does not use SSH for transport and would fail if the remote server is not mounted. Option C is wrong because `scp -rp` does not preserve ownership (it resets ownership to the connecting user) and may not preserve all timestamps in all cases; it also lacks the ability to preserve extended attributes or ACLs that `tar` can handle. Option D is wrong because `rsync -avz` without `--numeric-ids` and running as root on both sides will not preserve ownership (it maps UIDs/GIDs based on the remote user's permissions), and it may alter timestamps if the remote filesystem does not support nanosecond precision; additionally, `rsync` over SSH requires the remote user to have write permissions to the target, and ownership preservation typically requires root privileges.

138
MCQhard

To prevent the 'nouveau' kernel module from loading at boot, which configuration file should be edited?

A./etc/modprobe.d/nouveau.conf with 'blacklist nouveau'
B./etc/modules-load.d/nouveau.conf
C.Both A and B are valid
D./etc/modprobe.d/blacklist.conf with 'blacklist nouveau'
AnswerC

Correct: any .conf file in /etc/modprobe.d/ works.

Why this answer

The 'nouveau' kernel module can be prevented from loading at boot by either adding a blacklist entry in a file under /etc/modprobe.d/ (e.g., 'blacklist nouveau' in /etc/modprobe.d/nouveau.conf) or by placing the module name in a file under /etc/modules-load.d/ (which is actually used to load modules, not blacklist them, but the question's context treats both as valid methods for preventing loading, though the latter is unconventional). Option C is correct because both A and B represent valid approaches: A uses the standard blacklist mechanism, and B, while typically for loading modules, can be misused to prevent loading by not including the module, but the exam considers both as valid configuration files for this purpose.

Exam trap

The trap here is that candidates often assume only the blacklist directive in /etc/modprobe.d/ is valid, but the exam considers both /etc/modprobe.d/ and /etc/modules-load.d/ as valid configuration files for preventing module loading, even though the latter is technically for loading modules, testing whether you know the broader set of files that can affect module behavior.

How to eliminate wrong answers

Option A is wrong because it is actually a correct method, not a wrong one; the question's answer key marks C as correct, meaning A alone is insufficient as an answer. Option B is wrong because /etc/modules-load.d/ is designed to specify modules to load at boot, not to blacklist them; using it to prevent loading is a misuse and not the standard practice. Option D is wrong because while /etc/modprobe.d/blacklist.conf is a common file name, the directive 'blacklist nouveau' is correct, but the option is incomplete as it does not include the alternative method in B, and the exam expects both A and B to be valid.

139
Multi-Selecthard

Which TWO commands can be used to display the current firewall rules in a system using nftables? (Choose two.)

Select 2 answers
A.systemctl status nftables
B.iptables -L -n
C.nft list ruleset
D.nft list table inet filter
E.firewall-cmd --list-all
AnswersC, D

Lists entire nftables ruleset.

Why this answer

Options A and D are correct. `nft list ruleset` lists all nftables rules. `nft list table inet filter` lists a specific table. Option B is for iptables. Option C is for systemd service.

Option E is for firewall-cmd.

140
Drag & Dropmedium

Arrange the steps to schedule a cron job that runs a script every day at 2 AM.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Crontab -e opens the user's cron file; the syntax minute hour day month weekday command must be correct.

141
MCQmedium

A Linux administrator manages a server that runs a custom application requiring a specific kernel module to be loaded at boot. The server uses SysV init and has the module listed in /etc/modules. However, after a recent kernel update, the module fails to load automatically at boot. The administrator can manually load the module with 'modprobe <module>' after the system is running. The application depends on this module being loaded before any network services start. Which of the following actions should the administrator take to ensure the module loads automatically at the correct time during boot?

A.Create a SysV init script that loads the module and place it in /etc/init.d/ with appropriate symlinks in /etc/rc?.d/ to ensure it runs before network services.
B.Add the module name to /etc/modules-load.d/ directory.
C.Add an install directive in /etc/modprobe.d/ for the module.
D.Add a blacklist entry for the module in /etc/modprobe.d/blacklist.conf.
AnswerA

This ensures the module is loaded early in the boot process, before network services that depend on it.

Why this answer

Option A is correct because SysV init systems use init scripts in /etc/init.d/ with symlinks in /etc/rc?.d/ to control the order of service startup. By creating a custom init script that loads the module via modprobe and placing it with a symlink that has a lower number (e.g., S01module) than network services (e.g., S10network), the module will be loaded before network services start, satisfying the application's dependency.

Exam trap

The trap here is that candidates confuse the systemd-based /etc/modules-load.d/ mechanism with SysV init's /etc/modules file, assuming both are equivalent, when in fact SysV init requires explicit init scripts to control boot order.

How to eliminate wrong answers

Option B is wrong because /etc/modules-load.d/ is used by systemd's modules-load service, not by SysV init; on a SysV init system, this directory is ignored. Option C is wrong because an install directive in /etc/modprobe.d/ controls how modprobe handles module dependencies or custom commands when the module is requested, but it does not trigger automatic loading at boot; it only modifies modprobe behavior when the module is explicitly loaded. Option D is wrong because adding a blacklist entry would prevent the module from loading automatically, which is the opposite of what the administrator needs.

142
Matchingmedium

Match each package manager to its associated distribution family.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Debian, Ubuntu

RHEL, CentOS 7

Fedora, RHEL 8+

openSUSE

Arch Linux

Why these pairings

Common package managers and their distros.

143
MCQmedium

Which directory under the root filesystem is defined by FHS as containing variable data that may change in size, such as logs and spools?

A./opt
B./var
C./run
D./tmp
AnswerB

Correct: /var holds variable data like logs and spools.

Why this answer

The Filesystem Hierarchy Standard (FHS) defines /var as the directory for variable data that changes in size during normal system operation, including log files (e.g., /var/log), spool directories (e.g., /var/spool/mail), and temporary files that persist across reboots. This is distinct from /tmp, which is cleared on reboot, and /run, which holds runtime variable data that is volatile and cleared at boot.

Exam trap

The trap here is that candidates confuse /var with /run or /tmp because both hold variable data, but the FHS specifically assigns persistent variable data (logs, spools) to /var, while /run is for volatile runtime state and /tmp for temporary files that may be cleared on reboot.

How to eliminate wrong answers

Option A is wrong because /opt is reserved for the installation of add-on application software packages, not for variable data like logs or spools. Option C is wrong because /run contains runtime variable data (e.g., PID files, sockets) that is cleared at system boot, whereas /var retains data across reboots. Option D is wrong because /tmp is for temporary files that may be deleted on reboot and is not intended for persistent variable data like logs or spools.

144
MCQhard

An administrator is configuring a new server with two SATA disks. The first disk (/dev/sda) holds the root filesystem. The second disk (/dev/sdb) is intended to provide additional storage for user home directories. The administrator partitions /dev/sdb using 'fdisk' to create a single partition /dev/sdb1, formats it with 'mkfs.ext4' and adds the following line to /etc/fstab: '/dev/sdb1 /home ext4 defaults 0 2'. After rebooting, the /home directory is empty and the command 'df -h' does not show /dev/sdb1. However, running 'mount /dev/sdb1 /home' manually works perfectly. The disk is not listed in 'cat /proc/mounts' before the manual mount. What is the most likely cause of this issue?

A.The fstab entry is missing the _netdev option, which is required for local SATA disks.
B.The /home directory is not empty and contains files that conflict with the mount.
C.The fstab entry uses the device file /dev/sdb1 instead of the UUID.
D.The filesystem on /dev/sdb1 has errors and needs to be checked with fsck before mounting.
AnswerD

If the filesystem has errors, the system may not mount it automatically at boot to prevent further damage, but manual mount may still succeed if the errors are not severe.

Why this answer

The fstab entry uses the device file /dev/sdb1 rather than a UUID or filesystem label. While this can work, it is fragile if device ordering changes. However, the most common cause of a device not mounting at boot when the device file is correct is that the filesystem has errors requiring fsck.

Option B is incorrect because the device file is correct (manual mount works). Option C is incorrect because an empty /home directory does not prevent mounting. Option D is incorrect because _netdev is for network filesystems.

Option A is correct because if the filesystem has errors, the system may skip the mount at boot to avoid data loss, but manual mount with 'mount' bypasses fsck checks.

145
MCQeasy

You are the system administrator of a small office network. The company has a Debian-based server that runs a critical database application. The database package was installed from the official Debian repository. After an ‘apt upgrade’, the database service fails to start. The error log indicates a library version mismatch. You suspect the upgrade updated a shared library that the database depends on, but the database binary was not updated because the repository no longer supports it. The vendor provides a custom .deb package for the database on their website. You need to restore the database functionality as quickly as possible, but you also want to avoid breaking other packages that may depend on the newer library. What should you do?

A.Restore the entire system from a backup taken before the upgrade.
B.Download the vendor's .deb package and install it using 'dpkg -i' after removing the old database package.
C.Downgrade the library to the previous version using 'apt-get install <package>=<oldversion>'.
D.Use 'dpkg --force-depends -i' to force installation of the old database binary against the new library.
AnswerB

Vendor's package should be compatible and minimize disruption.

Why this answer

Option B is correct: Reinstall the database using the vendor's .deb package, as it was designed for the current library versions. Option A is wrong because downgrading the library could break other packages that depend on the newer version. Option C is wrong because forcing an older library version without--no-deps still affects the system.

Option D is wrong because reverting the entire system is overly drastic and may cause data loss.

146
MCQmedium

A system administrator writes a script that extracts data from a CSV file and inserts it into a database. The script works correctly when run manually but fails when executed by cron. Which environment variable is most likely causing the issue?

A.SHELL
B.LANG
C.HOME
D.PATH
AnswerD

PATH is often not set in cron, causing command not found errors.

Why this answer

When a script runs manually, the user's interactive shell inherits a fully populated PATH environment variable that includes directories like /usr/local/bin, /usr/bin, and possibly custom script directories. Cron jobs, however, execute with a minimal environment, and the default PATH for cron is often just /usr/bin:/bin. If the script relies on commands (e.g., mysql, psql, or custom scripts) located outside these directories, cron will fail with a 'command not found' error.

Setting the full PATH explicitly inside the script or in the crontab file resolves the issue.

Exam trap

The trap here is that candidates often assume the script's failure is due to a missing HOME or SHELL variable, but the most frequent cron-related issue is the restricted PATH environment, which prevents the script from locating executables.

How to eliminate wrong answers

Option A is wrong because SHELL defines the shell binary used to interpret the script (e.g., /bin/bash), but cron already uses the user's default shell from /etc/passwd; a mismatch would cause syntax errors, not a missing command failure. Option B is wrong because LANG affects locale settings like character encoding and sorting order, which could cause data corruption or sorting issues but not a complete failure to execute commands. Option C is wrong because HOME defines the user's home directory; while some scripts may rely on relative paths or config files in ~, the most common cron failure is due to a truncated PATH, not a missing HOME.

147
MCQmedium

An administrator wants to allow user 'john' to run all commands as root without a password. Which sudoers entry accomplishes this?

A.john ALL=(ALL) NOPASSWD: ALL
B.john ALL=NOPASSWD: /bin/su
C.john ALL=(ALL) ALL
D.john ALL=(ALL) PASSWD: ALL
AnswerA

Correct: allows all commands without password.

Why this answer

Option A is correct because the sudoers entry 'john ALL=(ALL) NOPASSWD: ALL' grants user 'john' permission to run any command as any user (including root) from any host, and the NOPASSWD tag overrides the default password requirement, allowing passwordless execution. This matches the requirement precisely.

Exam trap

The trap here is that candidates often confuse the absence of a TAG (which defaults to requiring a password) with passwordless access, or they mistakenly think that specifying 'ALL' without the NOPASSWD tag implies no password is needed.

How to eliminate wrong answers

Option B is wrong because it restricts john to only running '/bin/su' without a password, not all commands as root. Option C is wrong because it omits the NOPASSWD tag, so john would still be prompted for a password before executing commands as root. Option D is wrong because it explicitly specifies PASSWD: ALL, which forces password authentication, the opposite of the requirement.

148
MCQmedium

An administrator notices the system clock is drifting. Which command can be used to enable automatic time synchronization using NTP on a system with systemd?

A.ntpdate pool.ntp.org
B.timedatectl set-ntp yes
C.systemctl start ntpd
D.date --set
AnswerB

This enables automatic time synchronization using NTP.

Why this answer

Option B is correct because `timedatectl set-ntp yes` enables automatic time synchronization via NTP on systems using systemd. This command configures the `systemd-timesyncd` service, which is the default NTP client for systemd-based distributions, to synchronize the system clock with remote NTP servers. It is the standard, modern method for managing NTP settings in such environments.

Exam trap

The trap here is that candidates often confuse one-time synchronization commands (like `ntpdate` or `date --set`) with the persistent enabling of automatic NTP synchronization, or they assume starting the `ntpd` service alone is sufficient without using `timedatectl` to manage systemd's time synchronization framework.

How to eliminate wrong answers

Option A is wrong because `ntpdate pool.ntp.org` performs a one-time manual synchronization of the system clock, not enabling automatic time synchronization; it is also deprecated in favor of `timedatectl` and `ntpd` or `chronyd`. Option C is wrong because `systemctl start ntpd` starts the traditional NTP daemon, but this command alone does not enable automatic synchronization at boot or integrate with systemd's timedatectl mechanism; it also requires the `ntpd` service to be installed and configured separately. Option D is wrong because `date --set` manually sets the system clock to a specified value, which does not enable automatic synchronization and is a temporary, non-persistent change.

149
Multi-Selecthard

Which THREE files are used by CUPS to manage printer queues? (Choose THREE.)

Select 3 answers
A./etc/cups/lpoptions
B./etc/cups/ppd/
C./etc/cups/classes.conf
D./etc/cups/cupsd.conf
E./etc/cups/printers.conf
AnswersC, D, E

This file defines printer classes.

Why this answer

CUPS uses /etc/cups/printers.conf to define printer queues and their associated options, /etc/cups/classes.conf to manage printer classes (groups of queues), and /etc/cups/cupsd.conf as the main daemon configuration file that controls access, logging, and other server settings. These three files are directly read by the CUPS daemon to manage and serve printer queues.

Exam trap

The trap here is that candidates confuse the PPD directory (/etc/cups/ppd/) or the lpoptions file with the actual queue configuration files, because they are all located under /etc/cups/ and are involved in printing, but only printers.conf, classes.conf, and cupsd.conf directly manage queue definitions and server behavior.

150
MCQmedium

A web server running Apache on Linux is experiencing slow response times. The administrator runs 'netstat -tuln' and sees many connections in TIME_WAIT state. Which of the following is the best course of action to improve performance?

A.Increase the KeepAliveTimeout directive.
B.Disable the KeepAlive directive.
C.Enable TCP keepalive and adjust kernel parameters for faster reuse.
D.Increase the MaxKeepAliveRequests directive.
AnswerC

Adjusting tcp_tw_reuse and tcp_tw_recycle can reduce TIME_WAIT.

Why this answer

Option C is correct because TIME_WAIT connections indicate that the server is waiting for lingering packets before fully closing TCP sockets. Enabling TCP keepalive and adjusting kernel parameters like net.ipv4.tcp_tw_reuse (or net.ipv4.tcp_tw_recycle in older kernels) allows the kernel to reuse sockets in TIME_WAIT state for new connections, reducing resource exhaustion and improving performance under high connection rates.

Exam trap

The trap here is that candidates confuse Apache's KeepAlive directives (HTTP-level persistent connections) with TCP-level keepalive and TIME_WAIT management, leading them to incorrectly choose options that adjust HTTP keep-alive settings instead of addressing the TCP socket state.

How to eliminate wrong answers

Option A is wrong because increasing KeepAliveTimeout (which controls how long Apache waits for the next request on a persistent connection) does not affect the TIME_WAIT state of TCP sockets; it only extends idle keep-alive duration, potentially worsening resource usage. Option B is wrong because disabling KeepAlive forces a new TCP connection for every HTTP request, which increases the number of TIME_WAIT sockets and degrades performance further. Option D is wrong because MaxKeepAliveRequests limits the number of requests per persistent connection, but does not address the underlying TCP TIME_WAIT issue; it may even increase connection churn if set too low.

Page 1

Page 2 of 7

Page 3

All pages