Linux Professional Institute Certification Level 1 LPIC-1 (LPIC-1) — Questions 151225

522 questions total · 7pages · All types, answers revealed

Page 2

Page 3 of 7

Page 4
151
MCQhard

A developer needs to ensure a bash script exits immediately if any command fails, and also prints each command before executing it. Which set of shell options should be used at the beginning of the script?

A.set -ex
B.set -e
C.set -vx
D.set -ux
AnswerA

-e exits on error, -x prints commands.

Why this answer

Option A is correct because `set -ex` combines two essential shell options: `-e` (errexit) causes the script to exit immediately if any command returns a non-zero exit status, and `-x` (xtrace) prints each command (after expansion) to stderr before executing it. This is the standard way to achieve both behaviors in a single line, as required by the question.

Exam trap

The trap here is that candidates often confuse `-v` (verbose, which prints input lines as read) with `-x` (xtrace, which prints commands before execution), or forget that `-e` is required for exit-on-error, leading them to pick `set -vx` or `set -ux` instead of the correct `set -ex`.

How to eliminate wrong answers

Option B is wrong because `set -e` only enables exit-on-error but does not print commands before execution, missing the requirement to print each command. Option C is wrong because `set -vx` enables verbose mode (`-v`, which prints shell input lines as they are read) and xtrace (`-x`), but verbose mode does not print commands before execution in the same way as `-x`; the question specifically asks for printing each command before executing it, which is `-x`'s behavior, and `-v` is redundant or incorrect for this purpose. Option D is wrong because `set -ux` enables nounset (`-u`, which treats unset variables as an error) and xtrace (`-x`), but does not enable exit-on-error (`-e`), so the script will not exit immediately if a command fails.

152
Multi-Selectmedium

Which THREE directories under the root filesystem are typically used for variable data that changes frequently during system operation, according to FHS?

Select 3 answers
A./usr
B./var
C./run
D./tmp
E./opt
AnswersB, C, D

/var is for variable data such as logs, mail spools, etc.

Why this answer

The Filesystem Hierarchy Standard (FHS) designates /var for variable data that changes in size and content during normal system operation, such as logs (/var/log), spool files (/var/spool), and databases (/var/lib). /run holds runtime variable data describing the system since boot, while /tmp is for temporary files that may be deleted on reboot. Together, these three directories are the standard locations for frequently changing data under the root filesystem.

Exam trap

The trap here is that candidates often confuse /usr with /var because /usr contains some subdirectories like /usr/local/var in older systems, but the FHS explicitly separates read-only /usr from writable /var, and /usr is not intended for frequently changing data.

153
Multi-Selecthard

Which THREE locations are used to configure package repositories on a typical Linux system? (Choose three.)

Select 3 answers
A./etc/zypp/repos.d/
B./etc/apt.conf.d/
C./etc/yum.repos.d/
D./etc/pacman.d/
E./etc/apt/sources.list
AnswersA, C, E

Repository directory for Zypper.

Why this answer

/etc/apt/sources.list is for APT (Debian/Ubuntu). /etc/yum.repos.d/ is a directory for YUM/DNF repository files (Red Hat). /etc/zypp/repos.d/ is for Zypper (SUSE). /etc/apt.conf.d/ is for APT configuration, not repositories. /etc/pacman.d/ is for Arch Linux (not in LPIC scope).

154
MCQmedium

A system is not logging messages to /var/log/syslog. Which command should an administrator use first to diagnose the issue?

A.tail -f /var/log/syslog
B.logger test
C.ps aux | grep syslog
D.systemctl status rsyslog
AnswerD

Checks the status of the rsyslog service to see if it is active and running.

Why this answer

Option D is correct because the first step in diagnosing why messages are not appearing in /var/log/syslog is to verify that the rsyslog service is running and active. The 'systemctl status rsyslog' command shows the current service state, recent logs, and any errors that might prevent logging. Without confirming the service status, other diagnostic steps may be misleading.

Exam trap

The trap here is that candidates often jump to testing the logging pipeline (with 'logger') or checking for a process by name, instead of first verifying the service status with systemctl, which is the systematic and most efficient diagnostic step.

How to eliminate wrong answers

Option A is wrong because 'tail -f /var/log/syslog' only monitors the log file for new entries; if no messages are being written, it will simply hang and provide no diagnostic information about why logging has stopped. Option B is wrong because 'logger test' sends a test message to the syslog system, but if the service is not running or misconfigured, the message will not be logged and the command gives no feedback about the underlying issue. Option C is wrong because 'ps aux | grep syslog' only checks for a process named 'syslog' in the process list, but modern systems use rsyslog or syslog-ng, and this command may miss the actual daemon or show unrelated processes, failing to reveal service status or configuration errors.

155
Multi-Selecthard

Which TWO files are used to configure kernel boot parameters in GRUB?

Select 2 answers
A./sys/kernel/cmdline
B./etc/default/grub
C./etc/grub.d/
D./proc/cmdline
E./boot/grub/grub.cfg
AnswersB, E

Main configuration file for GRUB 2.

Why this answer

Correct: A and B. /etc/default/grub is the configuration file for GRUB 2; /boot/grub/grub.cfg is the generated boot menu file. Option C /proc/cmdline shows current parameters but is not config; D /sys/kernel/cmdline is not a config; E /etc/grub.d/ contains scripts that generate grub.cfg, but not directly.

156
MCQmedium

A Linux system has two network interfaces: eth0 and eth1. The administrator wants to bond them for increased throughput. Which kernel module is required for bonding?

A.aggregation
B.bonding
C.team
D.bond
AnswerB

The bonding kernel module provides network interface bonding.

Why this answer

The bonding driver in Linux allows multiple network interfaces to be aggregated into a single logical interface for increased throughput or redundancy. The correct kernel module is named 'bonding' (loaded via modprobe bonding or compiled into the kernel), which implements the IEEE 802.3ad Link Aggregation standard and other bonding modes. Option B is correct because 'bonding' is the exact module name used in the Linux kernel.

Exam trap

The trap here is that candidates confuse the interface name (bond0) with the kernel module name (bonding), or think 'team' is a synonym for bonding, when in fact they are separate technologies with different kernel modules.

How to eliminate wrong answers

Option A is wrong because 'aggregation' is a generic term for combining links, not a specific Linux kernel module; the actual module is 'bonding'. Option C is wrong because 'team' refers to the libteam project, which is a separate user-space-based teaming solution that uses the 'team' kernel module, not the standard bonding driver. Option D is wrong because 'bond' is a common abbreviation but not the exact kernel module name; the module is loaded as 'bonding' (e.g., modprobe bonding), and the resulting interface is named bond0, bond1, etc.

157
Multi-Selectmedium

Which THREE commands are used to manage systemd services? (Choose THREE.)

Select 3 answers
A.systemctl status
B.systemctl start
C.systemctl enable
D.chkconfig --add
E.service start
AnswersA, B, C

Correct: shows the status of a systemd service.

Why this answer

The `systemctl` command is the primary tool for managing systemd services on Linux systems. `systemctl status` displays the current state of a service, including whether it is active, enabled, and recent log entries. `systemctl start` immediately activates a service by sending it a start signal via systemd's D-Bus interface. `systemctl enable` creates symbolic links in the filesystem (e.g., in `/etc/systemd/system/multi-user.target.wants/`) to ensure the service starts automatically at boot.

Exam trap

The trap here is that candidates confuse legacy SysV init commands like `chkconfig` and `service` with systemd's `systemctl`, expecting them to be interchangeable, but LPIC-1 tests the modern systemd toolset explicitly.

158
Multi-Selecthard

A system administrator is troubleshooting a package dependency issue on a Debian system. Which three commands can be used to display dependency information for a package? (Choose three.)

Select 3 answers
A.`dpkg --info curl.deb`
B.`apt show curl`
C.`apt-cache depends curl`
D.`dpkg -s curl`
E.`apt-get check`
AnswersB, C, D

Displays package details including dependencies.

Why this answer

`apt-cache depends` shows dependencies of a package. `apt show` displays package info including dependencies. `dpkg -s` shows package status including dependencies. `apt-get check` only verifies the system for broken dependencies, not for a specific package. `dpkg --info` shows info from a .deb file, not the installed database.

159
Multi-Selecthard

Which THREE are valid fields in a GRUB 2 configuration file (grub.cfg) generated by update-grub? (Choose three.)

Select 3 answers
A.set root
B.password
C.chainloader
D.linux
E.menuentry
AnswersA, D, E

This sets the device for the kernel and initrd.

Why this answer

A is correct because 'set root' is a valid GRUB 2 command used in grub.cfg to specify the root device (e.g., 'set root=(hd0,msdos1)') from which GRUB loads kernel and initrd images. This directive is automatically generated by update-grub based on the system's partition layout.

Exam trap

The trap here is that candidates confuse GRUB Legacy syntax (like 'password' or 'chainloader' being common in manual entries) with the auto-generated GRUB 2 configuration, which only includes 'set root', 'linux', and 'menuentry' as core directives produced by update-grub.

160
Drag & Dropmedium

Arrange the steps to troubleshoot a service that fails to start.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Troubleshooting starts with checking status and logs, then examining config files, fixing, and restarting.

161
Multi-Selectmedium

Which TWO of the following commands can be used to list all installed packages on a Debian-based system?

Select 2 answers
A.apt-get check
B.apt list --installed
C.apt-cache showpkg
D.dpkg -l
E.dpkg --get-selections
AnswersB, D

Lists installed packages.

Why this answer

Option B is correct because `apt list --installed` is a modern APT command that lists all installed packages on Debian-based systems. Option D is correct because `dpkg -l` displays the status and names of all packages known to dpkg, including those installed, effectively listing installed packages.

Exam trap

The trap here is that candidates often confuse `dpkg --get-selections` with a command that lists only installed packages, when in fact it lists all packages with their selection state (including those marked for removal), requiring additional filtering to isolate installed ones.

162
MCQmedium

Based on the exhibit, what does the 'rc' status for the package 'apache2-bin' indicate?

A.The package is unpacked but not yet configured
B.The package has been completely purged
C.The package is installed and configured
D.The package has been removed but configuration files remain
AnswerD

'rc' means removed but config files left.

Why this answer

In Debian-based package management (dpkg/APT), the 'rc' status code means the package was marked for removal ('r') but its configuration files were left behind ('c'). This occurs when using 'apt-get remove' or 'dpkg -r' without the --purge option, leaving residual config files in /etc or other locations.

Exam trap

The trap here is that candidates confuse 'rc' with a fully removed or purged state, not realizing that 'c' specifically indicates residual configuration files remain on the filesystem.

How to eliminate wrong answers

Option A is wrong because 'unpacked but not yet configured' is represented by status 'iU' (installed/unpacked) or 'U' (unpacked), not 'rc'. Option B is wrong because a completely purged package shows status 'pn' (purged/not installed) or no entry at all, not 'rc'. Option C is wrong because an installed and configured package shows status 'ii' (installed/installed), not 'rc'.

163
MCQmedium

The system administrator wants to use the entire sdb disk as a single partition. Which command will partition sdb with a single partition occupying the whole disk?

A.fdisk /dev/sdb, then create a new primary partition accepting all defaults
B.dd if=/dev/zero of=/dev/sdb bs=1M count=1
C.mkfs.ext4 /dev/sdb
D.parted /dev/sdb mklabel gpt && parted /dev/sdb mkpart primary 0% 100%
AnswerD

Correctly creates a GPT label and a partition spanning the entire disk.

Why this answer

Correct: B. The parted command 'mklabel gpt' creates a GPT partition label, then 'mkpart primary 0% 100%' creates a partition that uses the entire disk. Option A requires multiple steps; C zeroes the first MB; D attempts to create a filesystem directly on the disk without a partition.

164
MCQhard

An administrator ran 'dnf update' and a critical application broke. The administrator wants to undo the last transaction and return to previous state. Which command should be used?

A.dnf undo last
B.dnf rollback
C.yum rollback
D.dnf history undo last
AnswerD

Correct: undoes the last transaction.

Why this answer

The correct command is 'dnf history undo last' because DNF maintains a transaction history that can be reverted. The 'undo' subcommand reverses the specified transaction (in this case, the last one) by applying the inverse operations, restoring packages to their previous state. This is the standard way to roll back a DNF transaction without affecting unrelated changes.

Exam trap

The trap here is that candidates confuse 'undo' with 'rollback' or assume DNF uses the same syntax as YUM, leading them to pick 'dnf rollback' or 'yum rollback' instead of the correct 'dnf history undo last'.

How to eliminate wrong answers

Option A is wrong because 'dnf undo last' is not a valid DNF command; DNF requires the 'history' subcommand before 'undo'. Option B is wrong because 'dnf rollback' does not exist; DNF uses 'history undo' or 'history rollback' (the latter reverts to a specific transaction ID, not the last one). Option C is wrong because 'yum rollback' is a legacy YUM command that is not available in DNF; DNF replaced YUM and uses 'dnf history' for transaction management.

165
MCQmedium

Refer to the exhibit. The administrator is unable to SSH into the server (TCP port 22) from a remote host. The iptables rules are as shown. What is the most likely cause?

A.The default policy is ACCEPT, so SSH should be accepted.
B.The second rule drops all incoming traffic, including SSH.
C.The SSH service is not running.
D.The first rule only allows loopback, not SSH.
AnswerB

The DROP rule matches all traffic not yet matched.

Why this answer

Option A is correct: the last rule drops all incoming traffic, and there is no rule allowing SSH. Option B is wrong because the default policy is ACCEPT, but the DROP rule supersedes. Option C is wrong because the loopback rule allows lo only.

Option D is wrong because the policy is ACCEPT but the explicit DROP rule catches all.

166
Multi-Selecteasy

According to the Filesystem Hierarchy Standard (FHS), which TWO directories are intended for variable data that persists across system reboots? (Choose two.)

Select 2 answers
A./run
B./opt
C./var
D./usr/local
E./tmp
AnswersA, C

/run holds runtime variable data that persists during a session, but is considered variable data per FHS.

Why this answer

/var is the primary directory for variable data such as logs, databases, and spools. /run is used for runtime variable data that must persist only during a session, but FHS specifies it for variable data as well. /opt is for add-on software, /tmp is for temporary files (may be cleared on reboot), and /usr/local is for locally installed software, not variable data.

167
MCQeasy

According to the Filesystem Hierarchy Standard (FHS), which directory contains essential system binaries required during boot?

A./usr/bin
B./usr/local/bin
C./sbin
D./bin
AnswerC

Correct: /sbin holds system binaries needed for booting and system repair.

Why this answer

According to the Filesystem Hierarchy Standard (FHS), /sbin contains essential system binaries required for booting, repairing, and recovering the system. These binaries are critical before /usr is mounted, such as fsck, init, and route. While /bin also contains essential binaries, the FHS specifically designates /sbin for system administration binaries needed during boot.

Exam trap

The trap here is that candidates confuse /bin with /sbin, assuming both contain essential boot binaries, but the FHS specifically assigns system administration binaries to /sbin, and /bin is often a symlink to /usr/bin on modern systems, making it non-essential during early boot.

How to eliminate wrong answers

Option A is wrong because /usr/bin contains non-essential user binaries that are not required during boot; it is typically mounted later in the boot process. Option B is wrong because /usr/local/bin contains locally installed software binaries, which are not part of the essential boot set and are also mounted after /usr. Option D is wrong because although /bin historically held essential binaries, the FHS now specifies that /bin may be a symbolic link to /usr/bin on many modern systems, and the essential system administration binaries are specifically placed in /sbin.

168
MCQeasy

An administrator needs to find all files in the /var/log directory that have been modified in the last 24 hours. Which command should be used?

A.find /var/log -ctime 0
B.find /var/log -mtime 0
C.find /var/log -atime 0
D.find /var/log -mmin 1440
AnswerB

mtime 0 matches files modified within the last 24 hours.

Why this answer

Option B is correct because the `find` command with `-mtime 0` searches for files whose data modification time is within the last 24 hours. The `-mtime` option uses a 24-hour period, and a value of 0 means modified less than 24 hours ago, which matches the requirement to find files modified in the last 24 hours in /var/log.

Exam trap

The trap here is that candidates confuse `-ctime` (inode change time) with `-mtime` (modification time), or mistakenly think `-atime` (access time) is relevant for modification, leading them to pick options that do not match the requirement for content modification.

How to eliminate wrong answers

Option A is wrong because `-ctime 0` checks the inode change time (ctime), which includes metadata changes like permission or ownership changes, not file content modification; this can return files that were not modified in terms of content. Option C is wrong because `-atime 0` checks the access time (atime), which is updated when a file is read, not when it is modified; this would include files that were simply accessed, not modified. Option D is wrong because `-mmin 1440` checks for files modified within the last 1440 minutes (exactly 24 hours), but the question asks for files modified in the last 24 hours, and `-mmin` uses a precise minute count, which is technically correct but less standard for this requirement; however, the primary issue is that the question expects `-mtime 0` as the standard approach, and `-mmin 1440` could miss files modified exactly 1440 minutes ago due to integer rounding behavior in `-mtime` vs `-mmin`.

169
Multi-Selecteasy

Which TWO commands can be used to display the current runlevel of a SysV init system?

Select 2 answers
A.init 3
B.who -r
C.telinit
D.runlevel
E.systemctl get-default
AnswersB, D

The 'who -r' command displays the current runlevel and process since last boot.

Why this answer

The `who -r` command displays the current runlevel and the time it was last changed, making it a valid way to check the runlevel in a SysV init system. The `runlevel` command directly outputs the previous and current runlevel, which is the standard tool for this purpose.

Exam trap

The trap here is that candidates confuse commands that change runlevels (like `init` or `telinit`) with those that display them, or mistakenly apply systemd commands like `systemctl get-default` to SysV init systems.

170
Multi-Selecteasy

Which TWO commands can be used to view all running processes on a Linux system? (Choose TWO.)

Select 2 answers
A.jobs
B.ls /proc
C.pstree
D.top
E.ps aux
AnswersD, E

Correct: interactive process viewer showing all running processes.

Why this answer

Option D, `top`, is correct because it provides a real-time, interactive view of all running processes, including their PID, CPU and memory usage, and other dynamic metrics. Option E, `ps aux`, is correct because it displays a static snapshot of all processes on the system using the BSD-style syntax, where `a` shows all users, `u` provides user-oriented output, and `x` includes processes without a controlling terminal.

Exam trap

The trap here is that candidates often confuse `jobs` (which only shows shell background jobs) with a system-wide process listing, or they think `ls /proc` alone is sufficient to view processes, when in fact it only lists directory names and requires additional commands to extract meaningful process data.

171
MCQmedium

An administrator wants to add a kernel parameter 'quiet splash' to the default boot entry. Which file should be edited?

A./etc/default/grub
B./etc/grub.d/00_header
C./etc/grub.conf
D./boot/grub/grub.cfg
AnswerA

This is the configuration file where kernel parameters are set and then applied by running update-grub.

Why this answer

The correct option is B: /etc/default/grub contains the GRUB_CMDLINE_LINUX_DEFAULT variable where parameters like 'quiet splash' are added. Option A (/boot/grub/grub.cfg) is auto-generated and should not be edited directly. Option C (/etc/grub.d/00_header) is a script.

Option D (/etc/grub.conf) is used by older GRUB legacy.

172
MCQmedium

A system administrator notices that a server with an ext4 filesystem fails to boot after editing /etc/fstab. The error message indicates that the root filesystem cannot be mounted. Which of the following is the most likely cause?

A.The root filesystem is mounted read-only.
B.The swap partition entry is missing.
C.The UUID or device name for the root filesystem is incorrect.
D.The filesystem type is specified as 'auto' instead of 'ext4'.
AnswerC

An incorrect UUID or device path in /etc/fstab prevents the kernel from mounting the root filesystem.

Why this answer

Option C is correct because if the UUID or device name for the root filesystem in /etc/fstab is incorrect, the kernel cannot locate the root device during boot, resulting in a mount failure. The init process reads /etc/fstab to mount the root filesystem, and any mismatch—such as a typo in the UUID or a stale device path—will cause the system to drop into emergency mode.

Exam trap

The trap here is that candidates may think 'auto' is invalid for the root filesystem or that a missing swap entry is critical, but the core issue is always the correct identification of the root device in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because mounting the root filesystem read-only is a common recovery technique (e.g., via kernel boot parameter 'ro') and does not prevent mounting; it actually helps avoid corruption. Option B is wrong because a missing swap partition entry does not affect the mounting of the root filesystem; swap is optional and only used for virtual memory. Option D is wrong because specifying 'auto' as the filesystem type tells the system to auto-detect the type (e.g., via blkid), which is valid and often recommended for flexibility; it would not cause a mount failure for ext4.

173
MCQhard

An admin needs to create a new filesystem on /dev/sdc1 with a 256-byte inode size and a 1:512 block to inode ratio for a mail server expected to store millions of small files. Which mkfs command best meets these requirements?

A.mkfs.ext4 -I 256 -i 512 /dev/sdc1
B.mkfs.ext4 -b 4096 -I 256 /dev/sdc1
C.mkfs.xfs -i maxpct=50 /dev/sdc1
D.mkfs.btrfs -s 4k /dev/sdc1
AnswerA

Correctly sets inode size and bytes-per-inode.

Why this answer

Option A is correct because the `-I 256` flag sets the inode size to 256 bytes, and the `-i 512` flag sets the bytes-per-inode ratio to 512, meaning one inode is created for every 512 bytes of filesystem space. This yields a 1:512 block-to-inode ratio (assuming a 4096-byte block size, each block would have 8 inodes), which is ideal for a mail server storing millions of small files, as it provides a very high inode density to avoid running out of inodes.

Exam trap

The trap here is that candidates often confuse the `-I` (inode size) flag with the `-i` (bytes-per-inode) flag, or assume that setting a large block size (`-b 4096`) alone is sufficient to handle many small files, when in fact the inode ratio is the critical parameter for inode count.

How to eliminate wrong answers

Option B is wrong because while it sets the inode size to 256 bytes with `-I 256`, it does not specify the bytes-per-inode ratio; the `-b 4096` flag only sets the block size to 4096 bytes, leaving the inode ratio at the default (typically 16384 bytes per inode), which would create far too few inodes for millions of small files. Option C is wrong because `mkfs.xfs` does not support a direct bytes-per-inode ratio flag like `-i`; the `-i maxpct=50` option limits the maximum percentage of filesystem space used for inodes, but XFS is not designed for extremely high inode counts and cannot match the fine-grained control of ext4's `-i` parameter. Option D is wrong because `mkfs.btrfs` with `-s 4k` sets the sector size to 4KB, not the inode size or inode ratio; Btrfs dynamically allocates inodes and does not allow manual tuning of inode density, making it unsuitable for the specific requirement of a 1:512 block-to-inode ratio.

174
Drag & Dropmedium

Arrange the steps to configure a static IP address on a Linux system using the command line.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static IP configuration requires editing the appropriate config file, then restarting networking to apply changes.

175
Multi-Selecteasy

Which TWO tools can be used to query DNS records? (Choose two.)

Select 2 answers
A.nslookup
B.ss
C.dig
D.ping
E.traceroute
AnswersA, C

Name server lookup, queries DNS.

Why this answer

Options B and D are correct. `dig` and `nslookup` are DNS query tools. Option A (ping) tests connectivity. Option C (traceroute) traces route.

Option E (ss) shows sockets.

176
MCQmedium

The system administrator wants to add a new swap partition on /dev/sdb2. After creating the partition, which command should be used to initialize it as swap?

A.mkfs.ext4 /dev/sdb2
B.fsck /dev/sdb2
C.mkswap /dev/sdb2
D.swapon /dev/sdb2
AnswerC

mkswap sets up a Linux swap area.

Why this answer

The correct option is A: mkswap initializes a partition as swap space. Option B (swapon) activates an existing swap partition. Option C (mkfs.ext4) creates an ext4 filesystem, not swap.

Option D (fsck) checks filesystems.

177
MCQmedium

During system startup, GRUB 2 displays a prompt. Which command should be typed at the GRUB prompt to boot the currently selected entry normally?

A.normal
B.linux
C.initrd
D.boot
AnswerD

This command boots the already loaded kernel image.

Why this answer

At the GRUB 2 prompt, the 'boot' command instructs GRUB to load the operating system using the currently configured kernel, initrd, and root device settings. This is the standard way to proceed with normal booting after any manual adjustments or when the menu is not displayed. Without 'boot', GRUB remains at the prompt and does not transfer control to the kernel.

Exam trap

The trap here is that candidates confuse the 'boot' command with the 'linux' or 'initrd' commands, thinking those alone start the boot process, when in fact they only load components and must be followed by 'boot' to execute the actual boot.

How to eliminate wrong answers

Option A is wrong because 'normal' is not a valid GRUB 2 command; it is a GRUB Legacy command that was used to load the normal module, but in GRUB 2 the equivalent functionality is handled by the 'normal' module being loaded automatically or via 'insmod normal'. Option B is wrong because 'linux' is used to specify the kernel image path and boot parameters, not to boot the entry; it must be followed by 'boot' to actually start the kernel. Option C is wrong because 'initrd' loads an initial ramdisk image into memory, but it does not initiate the boot process; it is a preparatory command that must be followed by 'boot'.

178
MCQeasy

A user reports that a cron job is not executing. The cron job is defined in /etc/crontab. The administrator checks the system logs and finds no errors. Which command should the administrator use to verify that the cron daemon is running?

A.pgrep cron
B.systemctl status cron
C.crontab -l
D.ps aux | grep cron
AnswerA

Returns PID if cron is running, gives no output if not.

Why this answer

Option A is correct because `pgrep cron` searches the process table for processes named 'cron' and returns the PID(s) if running. This is a quick, reliable way to verify the cron daemon is active without parsing full process lists or relying on systemd-specific commands.

Exam trap

The trap here is that candidates may choose `systemctl status cron` assuming all Linux systems use systemd, or `ps aux | grep cron` without realizing it can produce false matches, while `pgrep cron` is the most portable and precise command for checking if a process is running.

How to eliminate wrong answers

Option B is wrong because `systemctl status cron` is a systemd command; on many Linux distributions (e.g., older SysVinit systems or minimal containers), systemd may not be the init system, and the cron service might be managed differently, so this command could fail or return misleading results. Option C is wrong because `crontab -l` lists the current user's personal crontab entries, not the system crontab (/etc/crontab), and it does not check whether the cron daemon is running. Option D is wrong because `ps aux | grep cron` can show false positives (e.g., the grep process itself matching 'cron') and is less direct than `pgrep`, which matches exact process names.

179
Multi-Selectmedium

Which two commands can be used to send a test email from the command line to verify SMTP functionality? (Choose two.)

Select 2 answers
A.telnet localhost 25
B.mutt -s test user@example.com
C.mail -s test user@example.com
D.echo 'test' | sendmail user@example.com
E.sendmail -bv user@example.com
AnswersC, D

The mail command reads input and sends an email.

Why this answer

Options A and D are correct. The 'mail' command can send emails, and echoing text into sendmail also sends an email. Option B (sendmail -bv) only verifies the address, Option C (telnet) tests SMTP but does not deliver a complete email, and Option E (mutt) requires configuration.

180
MCQeasy

Which sed command will replace the first occurrence of 'foo' with 'bar' on each line of a file?

A.sed 's/foo/bar/g' file
B.sed 's/foo/bar/0' file
C.sed 's/foo/bar/2' file
D.sed 's/foo/bar/' file
AnswerD

Default replaces first occurrence per line.

Why this answer

Option D is correct because the default behavior of the `s` (substitute) command in sed is to replace only the first occurrence of the pattern on each line. Without a numeric flag, `sed 's/foo/bar/' file` replaces the first 'foo' on each line with 'bar'. The `g` flag would replace all occurrences, not just the first.

Exam trap

The trap here is that candidates often confuse the default behavior of sed's substitute command, assuming it replaces all occurrences unless told otherwise, and thus incorrectly choose the `g` flag option.

How to eliminate wrong answers

Option A is wrong because the `g` flag causes sed to replace all occurrences of 'foo' with 'bar' on each line, not just the first. Option B is wrong because sed does not support a `0` flag for the substitute command; the numeric flag must be a positive integer, and `0` is invalid or ignored. Option C is wrong because the `2` flag replaces the second occurrence of 'foo' on each line, not the first.

181
MCQeasy

An administrator wants to list all lines in a log file that do NOT contain the word 'ERROR'. Which command should be used?

A.grep -i 'ERROR' logfile
B.grep -w 'ERROR' logfile
C.grep -v 'ERROR' logfile
D.grep 'ERROR' logfile
AnswerC

The -v option inverts the match.

Why this answer

Option C is correct because the -v option in grep inverts the match, showing lines that do not contain ERROR. Option A shows lines containing ERROR. Option B is also -v? Wait, we moved correct to C.

182
MCQeasy

A user reports that running '/usr/local/bin/myapp' from the command line results in 'bash: /usr/local/bin/myapp: No such file or directory'. The exhibit shows the file exists and is a valid executable. What is the most likely cause of the error?

A.The script interpreter specified in the shebang is missing.
B.The library libc.so.6 is missing.
C.The dynamic linker /lib64/ld-linux-x86-64.so.2 is missing or corrupted.
D.The file does not have execute permission for the user.
AnswerC

The binary uses this interpreter; if missing, loading fails.

Why this answer

When a dynamically linked executable exists and is valid but fails with 'No such file or directory', the most common cause is that the dynamic linker (e.g., /lib64/ld-linux-x86-64.so.2) is missing or corrupted. Bash reports this error because the kernel's execve() syscall cannot find the interpreter specified in the ELF's PT_INTERP segment, not because the executable itself is absent. This is a classic symptom distinct from a missing library, which would produce 'error while loading shared libraries'.

Exam trap

The trap here is that candidates confuse the 'No such file or directory' error for the executable itself with a missing library or permission issue, but the error actually refers to the dynamic linker that the executable depends on, not the executable file.

How to eliminate wrong answers

Option A is wrong because a missing script interpreter (e.g., /usr/bin/python) would produce a different error like 'bad interpreter: No such file or directory' or 'command not found', not the generic 'No such file or directory' for the executable path itself. Option B is wrong because a missing library such as libc.so.6 would cause a runtime error like 'error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory', not the initial 'No such file or directory' for the executable. Option D is wrong because missing execute permission would produce 'Permission denied', not 'No such file or directory'.

183
MCQhard

A Linux system's hostname resolution does not consult /etc/hosts before querying DNS. Which file controls the order of name resolution services?

A./etc/nsswitch.conf
B./etc/host.conf
C./etc/resolv.conf
D./etc/dnsmasq.conf
AnswerA

This file controls the order of sources for name resolution, such as files (hosts) and DNS.

Why this answer

Option D is correct because /etc/nsswitch.conf defines the order of name resolution sources (e.g., files, dns). Options A configures DNS servers, B is legacy, and C is for a DNS proxy.

184
MCQeasy

An administrator needs to check the system's load averages without displaying any process information. Which command should be used?

A.w
B.top
C.ps
D.uptime
AnswerD

Correctly displays load averages with minimal output.

Why this answer

The `uptime` command displays the current time, how long the system has been running, the number of logged-in users, and the system load averages for the past 1, 5, and 15 minutes. It does not show any process-level information, making it the correct choice for checking load averages alone.

Exam trap

The trap here is that candidates often confuse `uptime` with `w` or `top` because both also display load averages, but the question explicitly requires no process information, which `w` and `top` include.

How to eliminate wrong answers

Option A is wrong because `w` displays load averages but also shows detailed information about currently logged-in users and their processes. Option B is wrong because `top` provides a real-time, dynamic view of running processes along with load averages, which is more than what the question asks for. Option C is wrong because `ps` reports a snapshot of current processes and does not display system load averages at all.

185
MCQhard

A systems administrator maintains a Linux web server running Apache HTTP Server (version 2.4) with three virtual hosts. The server logs are stored in /var/log/httpd/ and are rotated using logrotate, which is configured with the default settings that came with the Apache package. The administrator has noticed that after the nightly log rotation, the main access log file (access_log) is empty, while the rotated log files (e.g., access_log.1, access_log.2) contain the previous day's data. Furthermore, new HTTP requests are being logged into the most recent rotated file (access_log.1) instead of the current access_log file. The administrator has verified that the logrotate cron job runs successfully, and that the log files are owned by the root user with read/write permissions for the root group. No errors appear in the system logs. The Apache service continues to run and serve web pages. Which of the following actions should the administrator take to ensure that Apache writes new log entries to the current access_log file after rotation?

A.Modify the Apache configuration to set the 'RotateLogs' directive and restart the service.
B.Add a postrotate script to the logrotate configuration that sends a USR1 or HUP signal to the Apache process to cause it to reopen the log files.
C.Change the logrotate frequency to 'weekly' so that the log is not rotated as often.
D.Set the 'copytruncate' directive in the logrotate configuration to copy the log file and truncate the original, so Apache can continue writing without interruption.
AnswerB

This is the standard method: after rotation, Apache needs to be signaled to reopen the log files to write to the new file.

Why this answer

The correct answer is A. After log rotation, Apache continues writing to the old inode unless signaled to reopen. A postrotate script sending USR1 or HUP is the standard solution.

Option B (copytruncate) is alternative but less reliable; options C and D are ineffective.

186
MCQeasy

You are a system administrator for a small company running a web server on Ubuntu 20.04 LTS. The web server application was installed using apt from the official repositories. Recently, a critical security patch was released for the web server package. You run 'apt update' and 'apt upgrade' but the package is not upgraded. You check the package status with 'apt-cache policy <package>' and see that the installed version is 2.4.41-4ubuntu3.6, and the candidate version is the same. The latest patched version in the repository is 2.4.41-4ubuntu3.7. You verify that the system has internet connectivity and that the repository URLs in /etc/apt/sources.list are correct. What is the most likely reason the upgrade is not being offered?

A.Add the universe repository to sources.list and run 'apt update'.
B.Run 'apt-mark unhold <package>' and then 'apt upgrade'.
C.Use 'apt dist-upgrade' instead of 'apt upgrade'.
D.Run 'apt install <package>' which will force the upgrade.
AnswerB

If the package is held, it will not be upgraded. Unholding allows the upgrade.

Why this answer

The most likely reason is that the package has been placed on hold using 'apt-mark hold', which prevents it from being upgraded even when a newer version is available in the repository. Running 'apt-mark unhold <package>' removes this hold, allowing 'apt upgrade' to proceed normally.

Exam trap

The trap here is that candidates may assume the issue is with repository configuration or command syntax, when in fact the package hold mechanism is a subtle but common administrative action that directly prevents upgrades.

How to eliminate wrong answers

Option A is wrong because the universe repository is not relevant; the web server package is in the main repository, and adding universe would not provide the patched version. Option C is wrong because 'apt dist-upgrade' handles dependency changes but does not bypass package holds; if the package is held, dist-upgrade will also skip it. Option D is wrong because 'apt install <package>' will upgrade the package even if it is held, but this is not the most likely reason the upgrade is not being offered; the question asks for the most likely cause, and a hold is a common administrative action that prevents upgrade, whereas force-installing bypasses the hold without addressing the underlying issue.

187
MCQmedium

A technician is troubleshooting a system that fails to boot with the error 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. What is the most likely cause?

A.The init binary is missing or corrupted.
B.The root filesystem is corrupted and needs fsck.
C.The kernel lacks the necessary driver for the storage controller.
D.The boot loader is not installed correctly.
AnswerC

Kernel cannot access the root device due to missing storage driver.

Why this answer

The error 'VFS: Unable to mount root fs on unknown-block(0,0)' indicates that the kernel cannot locate or access the root filesystem. This typically occurs because the kernel lacks the necessary driver (module) for the storage controller (e.g., SATA, SCSI, NVMe) that the root device is connected to, so it cannot read the partition table or mount the root filesystem.

Exam trap

The trap here is that candidates often confuse a root filesystem corruption error with a missing storage driver error, because both can prevent booting, but the specific 'unknown-block(0,0)' message uniquely points to the kernel's inability to identify the block device, not a filesystem issue.

How to eliminate wrong answers

Option A is wrong because a missing or corrupted init binary would cause a different error, such as 'Kernel panic - not syncing: No init found' or 'Failed to execute /sbin/init', not a VFS mount failure on unknown-block(0,0). Option B is wrong because a corrupted root filesystem would typically produce filesystem-specific errors (e.g., 'EXT4-fs error') or a kernel panic with a different message, not the unknown-block(0,0) error which indicates the device itself is unrecognized. Option D is wrong because an incorrectly installed boot loader would prevent the kernel from being loaded at all (e.g., 'Missing operating system' or 'GRUB error'), not cause the kernel to fail mounting the root filesystem after it has already started executing.

188
MCQmedium

Refer to the exhibit. A user runs 'python --version' and gets 'Python 3.9.1'. Which command would run Python 2 instead?

A.python --version2
B.python2
C.python3
D.python2 --version
AnswerB

python2 is a separate executable and will run Python 2.

189
MCQhard

A company's server administrator needs to replace an existing DNS server (192.168.1.10) with a new one (192.168.1.20). Which file must be updated on all DHCP clients to ensure they use the new DNS server?

A./etc/dhcp/dhcpd.conf
B./etc/resolv.conf
C./etc/nsswitch.conf
D./etc/hosts
AnswerA

DHCP server config; update DNS options and restart DHCP.

Why this answer

Option B is correct because the DHCP server configuration (/etc/dhcp/dhcpd.conf) contains the DNS servers to be offered to clients. Updating that file and restarting the DHCP service will push the new DNS to clients. Option A is wrong because it is the client's local DNS config, but it should be managed by DHCP.

Option C is wrong because it is often overwritten by DHCP. Option D is wrong because it is for hostname resolution, not DNS server specification.

190
Multi-Selecteasy

Which TWO commands are used to install packages on a Debian-based system? (Choose two.)

Select 2 answers
A.pacman -S
B.apt-get install
C.dpkg -i
D.rpm -i
E.yum install
AnswersB, C

This installs packages from repositories.

Why this answer

B is correct because `apt-get install` is the standard command-line tool for installing packages from Debian repositories, handling dependencies automatically. C is correct because `dpkg -i` installs a local `.deb` package file directly, though it does not resolve dependencies.

Exam trap

The trap here is that candidates often confuse package managers across distributions, mistakenly associating `rpm` or `yum` with Debian systems due to superficial familiarity with Linux package management.

191
MCQhard

A directory contains files with spaces and special characters in their names. An administrator wants to delete all files older than 30 days using find and xargs. Which command is safe?

A.find /path -type f -mtime +30 -delete
B.find /path -type f -mtime +30 -exec rm {} \;
C.find /path -type f -mtime +30 | xargs rm
D.find /path -type f -mtime +30 -print0 | xargs -0 rm
AnswerD

Uses null delimiter to safely handle any filename.

Why this answer

Option B is correct because -print0 and xargs -0 handle special characters by using null delimiters. Option A is unsafe due to word splitting. Options C and D do not use xargs.

192
MCQmedium

A Linux system has a 500GB SSD. The administrator wants to partition it to support a web server with the following requirements: root (/) 20GB, swap 4GB, /var 50GB, /home 100GB, and the remaining for /srv. Which partitioning strategy is best practice according to the FHS and performance considerations?

A.Use a single partition for root, but create separate partitions for /tmp, /var, /home, and /srv.
B.Create a single LVM volume group with logical volumes for each mount point.
C.Create separate partitions for root, swap, /var, /home, and /srv.
D.Allocate one large partition for root and use bind mounts for /var, /home, and /srv.
AnswerC

Separate partitions provide isolation, prevent one oversize from affecting others, and allow different mount options per filesystem.

Why this answer

Option C is correct because creating separate partitions for root, swap, /var, /home, and /srv aligns with best practices for the Filesystem Hierarchy Standard (FHS) and performance isolation. This approach prevents one filesystem from exhausting space needed by another (e.g., runaway logs in /var cannot fill /home) and allows independent mount options (e.g., noexec on /home) and filesystem tuning for each mount point.

Exam trap

The trap here is that candidates often choose LVM (Option B) thinking it is always best practice for flexibility, but the question explicitly asks for best practice according to the FHS and performance considerations — for a fixed-size single disk with known requirements, simple partitions are simpler, faster, and more aligned with FHS separation principles than LVM's added abstraction layer.

How to eliminate wrong answers

Option A is wrong because it omits a separate swap partition (required for virtual memory) and includes /tmp, which is not requested; the FHS does not mandate separate /tmp for a web server, and the requirement specifies swap, not /tmp. Option B is wrong because while LVM offers flexibility, the question asks for 'best practice according to the FHS and performance considerations' — LVM adds complexity and potential performance overhead (e.g., metadata I/O, lack of direct block alignment) compared to simple partitions for a fixed-size, single-disk scenario; the FHS does not require LVM. Option D is wrong because bind mounts do not provide independent filesystem boundaries; all data resides on the root partition, so a full root filesystem would still affect /var, /home, and /srv, defeating the purpose of isolation and risking system instability.

193
MCQhard

An administrator reviews the above DHCP server logs. Based on the output, which statement is correct about the DHCP transaction?

A.The client sent a DHCPINFORM to renew its existing lease.
B.The DHCP server is configured to assign IP addresses from a pool that includes 192.168.1.100.
C.The client successfully obtained the IP address 192.168.1.100.
D.The DHCP server rejected the client's request because the DHCPREQUEST was not broadcast.
AnswerC

DHCPACK confirms the lease assignment.

Why this answer

The DHCP server logs show a successful four-way handshake: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. The final DHCPACK from the server confirms that the client has been granted the IP address 192.168.1.100, making option C correct.

Exam trap

The trap here is that candidates may confuse the DHCPREQUEST broadcast requirement with a rejection, or incorrectly assume that a DHCPINFORM is used for lease renewal, when in fact DHCPINFORM is only for stateless configuration requests.

How to eliminate wrong answers

Option A is wrong because a DHCPINFORM is used by a client that already has an IP address to request additional configuration parameters (like DNS servers), not to renew a lease; lease renewal uses DHCPREQUEST (unicast). Option B is wrong because the logs only show that 192.168.1.100 was offered and acknowledged; they do not indicate whether this address comes from a pool that includes 192.168.1.100 — the server could be configured with a static reservation or a different pool. Option D is wrong because the DHCPREQUEST in a typical renewal or selection phase is sent as a broadcast (with the 'broadcast' flag set) to ensure all DHCP servers on the subnet receive it; the server did not reject the request, as evidenced by the DHCPACK.

194
MCQeasy

Refer to the exhibit. A system administrator runs 'ip route show default' and gets this output. What does it indicate?

A.The DNS server is 192.168.1.1.
B.The default route points to gateway 192.168.1.1 on interface eth0.
C.The system has no internet access.
D.The IP address of the system is 192.168.1.1.
AnswerB

That is exactly what the output means.

Why this answer

Option B is correct because the output shows the default gateway is 192.168.1.1 reachable via interface eth0. Option A incorrectly interprets as DNS, Option C is false because connectivity may exist, Option D is wrong because the IP address is on eth0 but not shown as the device's own IP.

195
MCQmedium

A Linux administrator is troubleshooting a package dependency issue. When attempting to install package 'foo', the package manager reports a missing dependency 'libbar.so.2'. Which of the following is the most appropriate next step?

A.Run 'ldconfig' to update the library cache
B.Reinstall the 'foo' package using 'rpm -i --force foo.rpm'
C.Run 'rpm -q --whatrequires libbar.so.2'
D.Use 'apt-file search libbar.so.2' or 'dnf provides libbar.so.2' to find the package that contains the file
AnswerD

Identifies the package providing the missing library.

Why this answer

The error indicates that the file 'libbar.so.2' is missing from the system. The most appropriate next step is to identify which package provides this file, so that it can be installed to satisfy the dependency. On Debian-based systems, 'apt-file search' queries the package repository metadata to find the package containing a specific file; on Red Hat-based systems, 'dnf provides' performs the same function.

This targeted search is the correct first troubleshooting step before any installation or library cache update.

Exam trap

The trap here is that candidates may confuse 'ldconfig' (which only updates the cache for already-installed libraries) with a tool that can resolve missing dependencies, or they may think that forcing installation with '--force' is an acceptable workaround, when in fact it bypasses safety checks and can lead to system instability.

How to eliminate wrong answers

Option A is wrong because 'ldconfig' updates the runtime linker cache for shared libraries that are already installed; it cannot install missing libraries or resolve a missing file dependency. Option B is wrong because using 'rpm -i --force' forces installation of the package even if dependencies are missing, which can leave the system in a broken or inconsistent state and is not a proper resolution. Option C is wrong because 'rpm -q --whatrequires libbar.so.2' queries which installed packages depend on that file, but the file is not present on the system, so the command will return nothing useful and does not help locate the missing provider.

196
MCQmedium

An administrator wants to prevent a specific user, 'john', from being able to schedule cron jobs. Which file should the administrator modify?

A./var/spool/cron/crontabs
B./etc/cron.allow
C./etc/crontab
D./etc/cron.deny
AnswerD

Add 'john' to this file to prevent him from using cron.

Why this answer

The /etc/cron.deny file lists users who are explicitly denied access to schedule cron jobs. If this file exists and the user 'john' is listed in it, he will be prevented from using crontab. This is the standard mechanism for restricting cron access when /etc/cron.allow does not exist.

Exam trap

The trap here is that candidates confuse /etc/cron.allow with /etc/cron.deny, thinking that modifying the allow file is the only way to control access, but the question specifically asks for a file to prevent a user, which is the deny file.

How to eliminate wrong answers

Option A is wrong because /var/spool/cron/crontabs is a directory containing individual user crontab files, not a configuration file for access control. Option B is wrong because /etc/cron.allow is used to explicitly allow users to schedule cron jobs; modifying it would not prevent 'john' unless he is removed from it, but the question asks for a file to prevent him, and /etc/cron.deny is the direct method. Option C is wrong because /etc/crontab is the system-wide cron table for scheduled tasks, not a user access control file.

197
MCQeasy

Which directory contains information about hardware devices in a hierarchical structure, such as PCI devices and USB devices?

A./sys
B./dev
C./etc
D./proc
AnswerA

/sys (sysfs) provides detailed device hierarchy and attributes.

Why this answer

/sys is the sysfs filesystem that exposes information about devices and drivers in a hierarchical manner.

198
Multi-Selectmedium

Which TWO of the following are true about the 'source' command in bash?

Select 2 answers
A.It executes a script in a subshell.
B.It is only available in bash and not in POSIX sh.
C.It can be abbreviated as '.' (dot).
D.It executes a script in the current shell.
E.It requires the script to have execute permission.
AnswersC, D

The dot is a synonym for source.

Why this answer

Option C is correct because the 'source' command can be abbreviated as a single dot ('.') in bash and other POSIX-compliant shells. This dot notation is a standard feature defined by POSIX, and both forms execute the script in the current shell environment, not a subshell.

Exam trap

The trap here is that candidates often confuse 'source' with executing a script directly (which requires execute permission and runs in a subshell), or mistakenly think the dot abbreviation is a bash-only feature, when it is actually defined by POSIX.

199
MCQhard

A mail server using Postfix is rejecting emails from a partner domain. The administrator checks the maillog and sees 'relay access denied'. Which Postfix configuration parameter is most likely misconfigured?

A.mydestination
B.inet_interfaces
C.relayhost
D.mynetworks
AnswerD

mynetworks specifies IP ranges allowed to relay.

Why this answer

Option A is correct: `mynetworks` defines which clients can relay through the server. Option B (mydestination) defines local domains. Option C (relayhost) is for outbound relay.

Option D (inet_interfaces) controls which interfaces to listen on.

200
Multi-Selecthard

Which TWO of the following are true about the /proc filesystem?

Select 2 answers
A.It is formatted with the ext4 filesystem.
B.It is a network filesystem.
C.It is a pseudo-filesystem that contains runtime system information.
D.It is used to store persistent configuration data.
E.It is typically mounted at boot time.
AnswersC, E

Correct: /proc is virtual.

Why this answer

Option C is correct because the /proc filesystem is a pseudo-filesystem that does not exist on disk; it is created by the kernel at runtime to expose system and process information (e.g., /proc/cpuinfo, /proc/meminfo). It provides a mechanism for user-space programs to query kernel data structures without making system calls directly.

Exam trap

The trap here is that candidates often confuse /proc with a real filesystem stored on disk, leading them to select Option A, or they mistake its runtime nature for persistent storage (Option D), when in fact /proc is a volatile kernel interface that is mounted automatically at boot (Option E).

201
MCQeasy

The administrator wants the sshd service to start automatically at boot. Which command should be used?

A.systemctl start sshd.service
B.systemctl daemon-reload
C.systemctl set-default multi-user.target
D.systemctl enable sshd.service
AnswerD

Enables the service to start automatically at boot.

Why this answer

The correct option is B: systemctl enable sshd.service creates symlinks to start the service at boot. Option A (systemctl start) starts the service now but does not enable boot start. Option C (systemctl set-default multi-user.target) changes default target, unrelated.

Option D (systemctl daemon-reload) reloads systemd configuration.

202
MCQeasy

A system administrator needs to check if a filesystem has any errors without actually performing a repair. Which command should be used?

A.fsck -y /dev/sdb1
B.fsck -N /dev/sdb1
C.fsck -n /dev/sdb1
D.e2fsck -p /dev/sdb1
AnswerC

fsck -n performs a non-interactive, read-only check.

Why this answer

The `-n` option with `fsck` performs a read-only check, displaying any filesystem errors without making any modifications or repairs. This is the correct choice for a non-destructive check that only reports issues.

Exam trap

The trap here is confusing `-N` (which only shows what would be checked without actually scanning) with `-n` (which performs a read-only scan), leading candidates to mistakenly choose the dry-run option instead of the actual read-only check.

How to eliminate wrong answers

Option A is wrong because `fsck -y` automatically answers 'yes' to all repair prompts, which would attempt to fix errors, not just check for them. Option B is wrong because `fsck -N` only shows what would be done (a dry-run) without actually checking the filesystem for errors. Option D is wrong because `e2fsck -p` automatically repairs filesystem issues without prompting, which performs repairs rather than just checking.

203
MCQmedium

Which command can be used to check whether a specific kernel module is currently loaded?

A.modinfo <module>
B.lsmod | grep <module>
C.depmod -a
D.insmod <module>
AnswerB

lsmod lists loaded modules; grep filters.

Why this answer

Correct: B. The command 'lsmod | grep <module>' lists loaded modules and filters for the desired module. Option A (modinfo) shows information about a module but not whether it's loaded; C (insmod) loads a module; D (depmod) generates module dependencies.

204
Multi-Selectmedium

Which THREE steps are required to configure a network interface with a static IP address using the ip command (assuming interface eth0)? (Choose three.)

Select 3 answers
A.ifconfig eth0 192.168.1.10 netmask 255.255.255.0
B.ip route add default via 192.168.1.1
C.ip addr add 192.168.1.10/24 dev eth0
D.ip link set eth0 up
E.echo 'nameserver 8.8.8.8' > /etc/resolv.conf
AnswersB, C, D

Adds default gateway.

Why this answer

Options B, C, D are correct. You need to add IP, bring interface up, and add default route. Option A is not needed if using ip; ifconfig is deprecated.

Option E is for DNS, which is not part of ip command.

205
Multi-Selectmedium

Which TWO commands can display the UUID of block devices?

Select 2 answers
A.blkid
B.lsblk -f
C.df -T
D.fdisk -l
E.parted /dev/sda print
AnswersA, B

blkid displays block device attributes including UUID.

Why this answer

Correct: A and B. 'blkid' shows UUID of all block devices; 'lsblk -f' also shows UUID. Option C 'fdisk -l' does not show UUID; D 'parted' show partition table but not UUID; E 'df -T' shows filesystem type but not UUID.

206
MCQhard

A medium-sized company runs a web server on Linux with two 1TB disks in a software RAID1 (mdadm) configuration for the root filesystem and /var. Recently, the /var partition is reporting low disk space. The administrator discovers that old log files are consuming space but should be rotated. However, the logrotate service is not running. After starting logrotate, it fails to rotate some logs because of missing directories. Additionally, the administrator wants to add a third disk (500GB SSD) for additional storage and mount it under /srv/webdata. The disk is new and not partitioned. The server uses systemd and the current /etc/fstab uses UUIDs. What is the correct sequence of steps to add the new disk and ensure it is mounted automatically at boot?

A.Format the disk with ext4, add an entry to /etc/fstab using the device path /dev/sdc with the nofail option, then mount -a.
B.Partition the disk with fdisk, create an ext4 filesystem, create the mount point, mount the filesystem, obtain the UUID, add an entry to /etc/fstab using the UUID, and run mount -a to verify.
C.Add the disk to the existing RAID1 array to expand it, then grow the filesystem to use the new space.
D.Initialize the disk as an LVM physical volume, extend the existing volume group, create a logical volume, format it, mount it, and add to /etc/fstab.
AnswerB

This is the correct, standard procedure.

Why this answer

Option B is correct because it follows the standard procedure for adding a new disk to a Linux system: partition the disk (even if only one partition is needed), create a filesystem, create a mount point, mount it, obtain the UUID (e.g., via blkid), add an entry to /etc/fstab using the UUID for reliable boot-time mounting, and verify with mount -a. This ensures the disk is mounted automatically at boot, independent of device name changes, and aligns with systemd's expectation of UUID-based fstab entries.

Exam trap

The trap here is that candidates may think they can skip partitioning (Option A) or assume LVM is always better (Option D), but the LPIC-1 exam expects the standard, safe procedure of partitioning, formatting, and using UUIDs in fstab for a new disk.

How to eliminate wrong answers

Option A is wrong because it skips partitioning (a new disk must be partitioned before creating a filesystem, even if using the whole disk), uses the device path /dev/sdc instead of a UUID (which can change on reboot, especially with multiple disks), and the nofail option is unnecessary and not a substitute for proper fstab configuration. Option C is wrong because adding the disk to the existing RAID1 array would expand the array but not create a separate mount point under /srv/webdata; it would also require resyncing and growing the filesystem, which is not the stated goal of adding a third disk for additional storage. Option D is wrong because while LVM is a valid approach, the question does not mention LVM being in use, and the current setup uses software RAID1 and UUID-based fstab; introducing LVM would require additional steps (creating a volume group, logical volume) that are not part of the standard simple disk addition procedure, and the correct answer must match the simplest and most direct method described in the scenario.

207
MCQhard

An administrator runs the command 'find / -name "*.conf" 2>/dev/null | head -n 10' and notices that the command returns very quickly. Which statement best describes what happened?

A.It scans the entire filesystem but stops after sending the first 10 lines to head due to a broken pipe.
B.It lists 10 .conf files only from the current directory because the path is /.
C.It lists all .conf files in the filesystem because head only affects output, not find.
D.It lists only the first 10 .conf files found in the filesystem.
AnswerA

Find continues until it tries to write after head closes, then stops.

Why this answer

Option A is correct because the `find` command starts scanning the entire filesystem from root (`/`), but its output is piped to `head -n 10`, which reads only the first 10 lines and then closes the pipe. When `head` closes the pipe, `find` receives a SIGPIPE signal (broken pipe) and terminates early, so the command returns very quickly without scanning the entire filesystem.

Exam trap

The trap here is that candidates often think `head` simply filters output after the command finishes, not realizing that pipe-induced SIGPIPE causes the upstream command to terminate early, which is why the command returns quickly.

How to eliminate wrong answers

Option B is wrong because the path `/` specifies the root directory, not the current directory; `find /` starts the search from the root of the filesystem, not from the current working directory. Option C is wrong because `head` does affect the `find` command via the pipe: when `head` exits after reading 10 lines, it closes the pipe, causing `find` to receive a broken pipe signal and stop. Option D is wrong because it implies `find` completes its full scan and then `head` selects the first 10 lines, but in reality `find` stops early due to the broken pipe, which is why the command returns quickly.

208
MCQhard

A server runs systemd-resolved and uses a VPN. DNS queries fail intermittently. The administrator checks /etc/resolv.conf and finds it is a symlink to /run/systemd/resolve/stub-resolv.conf. Which command should be used to view the effective DNS servers and debug the issue?

A.cat /etc/resolv.conf
B.resolvectl status
C.systemctl restart systemd-resolved
D.dig @localhost
AnswerB

resolvectl status shows per-link DNS servers and overall resolver configuration.

Why this answer

resolvectl status displays the DNS servers for each link, including VPN interfaces, and shows the current resolver configuration. cat /etc/resolv.conf only shows the stub file, not the actual upstream servers. dig @localhost uses the stub resolver. Restarting systemd-resolved may not fix misconfiguration.

209
MCQmedium

You work for a hosting company that manages hundreds of CentOS 7 servers. Each server runs a standard set of monitoring tools. Your team needs to deploy a custom monitoring agent that is only available as source code (tarball). The agent must be installed on all servers from a central repository. You have set up an internal YUM repository with the compiled RPMs of the agent. On a test server, you run 'yum install custom-agent', but it fails with a message that the package is not found. You verify the package is present in the repository directory and that the createrepo command has been run. Which step is most likely missing?

A.The GPG key for the repository is not imported.
B.The package architecture does not match (e.g., x86_64 package on i386).
C.The .repo file references the wrong baseurl hostname.
D.The repository is not being served via HTTP or FTP; it is only available as a local file path.
AnswerD

YUM expects an HTTP/HTTPS/FTP URL unless using file:/// but baseurl often omitted.

Why this answer

The repository metadata must be available via HTTP or FTP. Option B is the common cause: the repository is not served by a web server. Option A is irrelevant because repo files are independent of hostname.

Option C is not needed if the repo is local to the server. Option D could be a secondary issue but the primary is serving.

210
MCQeasy

Which command displays information about currently loaded kernel modules?

A.insmod
B.modinfo
C.lsmod
D.modprobe -l
AnswerC

Lsmod shows currently loaded kernel modules from /proc/modules.

Why this answer

The correct option is B: lsmod lists loaded modules. Option A (modprobe -l) lists available modules, not loaded. Option C (modinfo) shows information about a specific module.

Option D (insmod) loads a module.

211
MCQeasy

Which of the following directories is NOT defined in the Filesystem Hierarchy Standard (FHS)?

A./run
B./proc
C./net
D./media
E./sys
AnswerC

/net is not defined in the FHS.

Why this answer

The /net directory is not defined in the Filesystem Hierarchy Standard (FHS). The FHS specifies standard directory locations like /run, /proc, /media, and /sys, but /net is not a required or standard directory; it may appear in some systems as a mount point for network filesystems but is not part of the FHS specification.

Exam trap

The trap here is that candidates may assume /net is a standard FHS directory because it appears in some distributions for network mounts, but the FHS does not define it, and the exam expects knowledge of the official standard directories.

How to eliminate wrong answers

Option A is wrong because /run is defined in FHS as a tmpfs directory for storing volatile runtime data since FHS 3.0. Option B is wrong because /proc is defined in FHS as a virtual filesystem providing process and kernel information. Option D is wrong because /media is defined in FHS as the mount point for removable media devices.

Option E is wrong because /sys is defined in FHS as a virtual filesystem for kernel and device information (sysfs).

212
MCQmedium

Refer to the exhibit. The system has a single disk with three partitions. Which partition contains the root filesystem?

A.sda
B.sda1
C.sda2
D.sda3
AnswerD

sda3 is mounted at / (root).

Why this answer

The root filesystem is mounted from the partition that contains the / (root) directory. In Linux, partitions are numbered starting from 1 (e.g., sda1, sda2, sda3). The device sda itself refers to the entire disk, not a partition.

Since the system has three partitions and the correct answer is sda3, partition sda3 must be the one designated as the root filesystem, typically identified by the mount point '/' in /etc/fstab or by the kernel boot parameter root=.

Exam trap

The trap here is that candidates often confuse the entire disk device (sda) with a partition (sda1, sda2, sda3), or assume the root filesystem is always on the first partition (sda1), ignoring that it can be on any numbered partition based on system design.

How to eliminate wrong answers

Option A is wrong because sda refers to the entire disk device, not a partition; the root filesystem must reside on a partition, not the raw disk. Option B is wrong because sda1 is a partition, but it is typically used for /boot or swap, not the root filesystem, unless explicitly configured; the question indicates sda3 is correct, so sda1 is not the root. Option C is wrong because sda2 is a partition, but it is often used for swap or extended partitions, and the correct answer is sda3, meaning sda2 does not contain the root filesystem in this scenario.

213
MCQmedium

An administrator is migrating a legacy service from a SysV init system to a systemd unit. The service is a long-running daemon that forks once. The admin writes a unit file of Type=forking, sets PIDFile correctly, and enables the service. On the next reboot, the service starts but systemd reports that the service entered 'failed' state shortly after start, even though the process is running. The log shows: 'PID file /var/run/myservice.pid not readable (yet?) after start.' What is the most likely cause? Options: A) The service does not write its PID file quickly enough, B) The PIDFile path is wrong, C) The unit file should use Type=simple instead, D) The service needs a TimeoutStartSec increase.

A.The PIDFile path is wrong
B.The service does not write its PID file quickly enough
C.The service needs a TimeoutStartSec increase
D.The unit file should use Type=simple instead
AnswerB

Systemd expects the PID file shortly after the forking process exits; a delay causes failure.

Why this answer

Option A is correct: systemd waits for the PID file to appear after the forking process exits. If the daemon writes the PID file after a delay, systemd may time out. Option B is unlikely because the error mentions the file not readable, not missing.

Option C (simple) would not expect a PID file but would track the main process directly. Option D may help but the core issue is timing of PID file creation. Usually, increasing TimeoutStartSec is a workaround; the real fix is ensuring the daemon writes PID file early.

So A is most direct.

214
MCQmedium

Refer to the exhibit. What can be concluded about the cron daemon based on this systemctl output?

A.It is stopped.
B.It is enabled but not currently running.
C.It has failed recently.
D.It is running and will start automatically at system boot.
AnswerD

The output shows 'active (running)' and 'enabled', meaning it is currently running and configured to start at boot.

Why this answer

The systemctl output shows 'Loaded: loaded' and 'Active: active (running)' for the cron daemon, which indicates it is currently running. Additionally, the 'enabled' status in the 'Loaded' line means the service is configured to start automatically at system boot. Therefore, option D is correct.

Exam trap

The trap here is that candidates may confuse 'enabled' (start at boot) with 'active' (currently running), leading them to select option B when the service is actually running, or they may misinterpret the absence of explicit 'failed' text as meaning the service is stopped.

How to eliminate wrong answers

Option A is wrong because 'Active: active (running)' explicitly shows the cron daemon is running, not stopped. Option B is wrong because while the service is enabled, it is also currently running, not just enabled but not running. Option C is wrong because there is no indication of a failure; the status shows 'active (running)' with no mention of 'failed' or recent crash logs in the output.

215
Multi-Selecteasy

Which TWO of the following are valid ways to capture the output of a command into a variable in Bash?

Select 2 answers
A.var=`command`
B.var={command}
C.var=$(command)
D.var|command
E.var=command
AnswersA, C

Backticks are an older syntax for command substitution, but still valid.

Why this answer

The correct answers are A and B. $(...) and backticks are both valid command substitution syntax. Options C, D, and E are not valid.

216
MCQeasy

Which directory contains the kernel modules for the currently running kernel?

A./boot
B./etc/modprobe.d
C./usr/src
D./lib/modules/$(uname -r)
AnswerD

Standard location for kernel modules.

Why this answer

Option B is correct: the modules are stored under /lib/modules/ with the kernel version. Option A contains kernel images, C source code, D module configuration.

217
MCQmedium

A system administrator needs to ensure a custom script runs every time the system boots. Where should the script be placed for execution during the boot process on a standard Linux system?

A./etc/cron.d/
B./etc/init.d/
C./etc/cron.hourly/
D./etc/rc.local
AnswerD

This file is executed at the end of the boot process and is suitable for custom startup scripts.

Why this answer

Option D is correct because /etc/rc.local is a legacy system initialization script that is executed at the end of the boot process on many Linux distributions using SysV init or systemd (with a compatibility unit). Placing a custom script inside /etc/rc.local ensures it runs once per boot, after all other init scripts have completed, making it a straightforward method for executing custom commands or scripts at system startup.

Exam trap

The trap here is that candidates often confuse cron directories (like /etc/cron.d/ or /etc/cron.hourly/) with boot-time execution, because both involve running scripts, but cron is strictly time-based and unrelated to the boot sequence.

How to eliminate wrong answers

Option A is wrong because /etc/cron.d/ is used for cron job scheduling, not for boot-time execution; cron jobs run at specified times or intervals, not during system boot. Option B is wrong because /etc/init.d/ contains SysV init scripts that are managed by the init system (e.g., via update-rc.d or systemctl), and simply placing a script there does not automatically register it for execution at boot; it must be properly linked or enabled. Option C is wrong because /etc/cron.hourly/ is a directory for cron jobs that run every hour, not at boot time; it is part of the cron system, not the boot process.

218
MCQhard

An administrator needs to ensure that a specific kernel module is loaded automatically at boot. Which file should be used to permanently load the module?

A./etc/modprobe.d/modules.conf
B./etc/sysconfig/modules
C./etc/modules
D./etc/conf.modules
AnswerC

Modules listed in /etc/modules are loaded at boot.

Why this answer

Option C is correct because on modern Linux systems using a standard init system, the file /etc/modules (or /etc/modules-load.d/*.conf on systemd-based distributions) is read at boot to load specified kernel modules automatically. This file lists module names one per line, and the kernel's module loading mechanism processes it early in the boot sequence to ensure the module is available before services that depend on it start.

Exam trap

The trap here is that candidates confuse the configuration file for module options (/etc/modprobe.d/*.conf) with the file that lists modules to load at boot (/etc/modules), or they mistakenly recall the obsolete /etc/conf.modules from older Linux distributions.

How to eliminate wrong answers

Option A is wrong because /etc/modprobe.d/modules.conf is not a standard file; the correct directory is /etc/modprobe.d/ where files like *.conf are used for modprobe configuration (e.g., aliases, options, blacklists), not for specifying modules to load at boot. Option B is wrong because /etc/sysconfig/modules is not a standard path; on Red Hat-based systems, /etc/sysconfig/modules/ is a directory for custom module-loading scripts, but the primary mechanism for permanent module loading is /etc/modules or /etc/modules-load.d/. Option D is wrong because /etc/conf.modules is an obsolete file from older kernel versions (pre-2.6) and is not used by modern modprobe or systemd; it has been replaced by /etc/modprobe.d/ and /etc/modules.

219
MCQeasy

A technician needs to output only the kernel release number. Which command should be used?

A.cat /proc/version
B.uname -r
C.dmesg | head -1
D.lsmod
AnswerB

uname -r outputs the exact kernel release number.

Why this answer

The `uname -r` command specifically prints the kernel release number (e.g., '5.10.0-28-amd64') by querying the `utsname` system call. This is the standard, portable way to retrieve only the kernel release string without additional system information.

Exam trap

The trap here is that candidates confuse `/proc/version` (which shows the full version string) with a command that outputs only the release number, or they assume `dmesg` output is consistent across all systems.

How to eliminate wrong answers

Option A is wrong because `cat /proc/version` outputs the full version string including the kernel release, compiler version, and build timestamp, not just the release number. Option C is wrong because `dmesg | head -1` shows the first line of the kernel ring buffer, which typically includes the kernel version and build info but is not guaranteed to be just the release number and may vary by system or boot. Option D is wrong because `lsmod` lists loaded kernel modules, not the kernel release number.

220
MCQhard

A user can successfully ping a web server but cannot access the website via a browser. Which is the most likely cause?

A.Incorrect subnet mask
B.Web service (e.g., Apache) not running
C.Firewall blocking HTTP ports
D.DNS resolution failure
AnswerB

If the web service is down, ping will still work because the network layer is functional, but HTTP requests will fail.

Why this answer

B is correct because the user can successfully ping the web server, confirming that the server is reachable at the network layer (ICMP). However, the inability to access the website via a browser indicates that the application layer service handling HTTP/HTTPS requests is not running. If the web service (e.g., Apache, Nginx) is stopped or crashed, the server will not respond to TCP port 80 or 443, even though basic connectivity exists.

Exam trap

The trap here is that candidates often assume a successful ping implies full application-layer functionality, but LPIC-1 tests the understanding that ICMP and TCP are separate protocols, and a web service must be explicitly running to serve HTTP content.

How to eliminate wrong answers

Option A is wrong because an incorrect subnet mask would prevent the user from reaching the server at all, making ping fail; since ping succeeds, the subnet mask is correctly configured. Option C is wrong because a firewall blocking HTTP ports would typically block the browser request but not necessarily ICMP echo requests, but the question states ping succeeds, so a firewall blocking only HTTP could be possible; however, the most likely cause is the web service not running, as firewalls are often configured to allow ICMP and HTTP separately, and a stopped service is a more common issue. Option D is wrong because DNS resolution failure would prevent the browser from resolving the domain name to an IP address, but the user can ping the server, which implies they are using an IP address or DNS is working; if DNS were failing, ping would also fail unless using an IP directly.

221
MCQmedium

A system administrator notices that the system's syslog messages are not being written to /var/log/messages. The rsyslog service is running. The administrator wants to check the configuration syntax of rsyslog. Which command should be used?

A.rsyslogd -d
B.rsyslogd -f
C.rsyslogd -N
D.rsyslogd -v
AnswerC

-N performs a syntax check on the configuration file.

Why this answer

The correct command is `rsyslogd -N` because the `-N` option performs a configuration syntax check without starting or restarting the rsyslog daemon. This allows the administrator to validate the rsyslog configuration file for errors before applying changes, ensuring that syslog messages will be written correctly to /var/log/messages.

Exam trap

The trap here is that candidates may confuse `-N` with `-d` (debug mode) or `-f` (config file path), assuming that running the daemon with a verbose flag or specifying a file will reveal syntax errors, whereas only `-N` performs a dedicated syntax check without executing the daemon.

How to eliminate wrong answers

Option A is wrong because `rsyslogd -d` runs rsyslogd in debug mode, which outputs verbose debugging information to the terminal but does not specifically check configuration syntax. Option B is wrong because `rsyslogd -f` specifies an alternative configuration file to use, not a syntax check; it would load and use that file, potentially causing issues if the syntax is invalid. Option D is wrong because `rsyslogd -v` displays the version information of rsyslogd and does not perform any configuration validation.

222
MCQmedium

A server with a udev rule fails to consistently assign a persistent network interface name. What is the most likely cause?

A.The rule uses an incorrect operator.
B.The BIOS device name is configured incorrectly.
C.The kernel module for the NIC is not loaded.
D.The network interface's MAC address is not unique or changes.
AnswerD

If the MAC address changes, a rule matching by MAC will fail.

Why this answer

Persistent network interface names in Linux rely on udev rules that match attributes like MAC address. If the MAC address is not unique (e.g., due to a virtual machine or cloned NIC) or changes (e.g., after hardware replacement or driver update), the rule will fail to consistently identify the interface, causing the name assignment to be unpredictable.

Exam trap

The trap here is that candidates assume udev rules always work if the syntax is correct, overlooking that dynamic or non-unique MAC addresses undermine the stability of the matching attribute.

How to eliminate wrong answers

Option A is wrong because an incorrect operator (e.g., using '==' instead of '!=') would cause a syntax error or mis-match, but the question describes inconsistent assignment, not a complete failure; the rule still runs but the matching attribute is unreliable. Option B is wrong because BIOS device names (like 'eno1') are a naming scheme, not a cause of udev rule failure; incorrect BIOS configuration might affect the name format but does not prevent consistent assignment if the rule uses a stable attribute. Option C is wrong because if the kernel module for the NIC were not loaded, the interface would not appear at all, leading to a persistent failure rather than inconsistent naming.

223
MCQeasy

An administrator needs to identify the device file for the first SATA SSD in a server. Which device file should they use?

A./dev/hda
B./dev/sdb
C./dev/nvme0n1
D./dev/sda
AnswerD

Correct: SATA SSDs are typically /dev/sda (first disk).

Why this answer

The first SATA SSD in a Linux system is typically assigned the device file /dev/sda. SATA drives use the SCSI subsystem via the libata driver, which names them /dev/sdX, with 'a' representing the first detected drive. This is the standard naming convention for SATA SSDs in modern Linux kernels.

Exam trap

The trap here is that candidates often confuse SATA with PATA (IDE) and choose /dev/hda, or mistakenly think SATA SSDs use NVMe naming like /dev/nvme0n1, not realizing that SATA drives are mapped to the SCSI subsystem as /dev/sdX.

How to eliminate wrong answers

Option A is wrong because /dev/hda is used for PATA (IDE) drives, not SATA SSDs; SATA drives are handled by the SCSI subsystem and named /dev/sdX. Option B is wrong because /dev/sdb would be the second SATA drive (or second SCSI device), not the first. Option C is wrong because /dev/nvme0n1 is used for NVMe SSDs, which connect via PCIe and use a different naming scheme (nvme0n1 for the first namespace of the first NVMe controller), not for SATA SSDs.

224
Multi-Selectmedium

Which THREE directories are commonly used for mounting removable media in Linux?

Select 3 answers
A./mnt
B./mount
C./cdrom
D./dev
E./media
AnswersA, C, E

A common general-purpose mount point, often used for temporary mounts.

Why this answer

A is correct because /mnt is a standard directory defined by the Filesystem Hierarchy Standard (FHS) for temporarily mounting filesystems, including removable media like USB drives or external hard disks. It provides a generic mount point that system administrators can use for manual mounts, though it is less commonly used for automatic mounting compared to /media.

Exam trap

The trap here is that candidates may confuse /dev (the device directory) with a mount point, or assume /mount is a valid FHS directory, when in fact only /mnt and /media are correct for mounting removable media.

225
MCQhard

A system administrator is responsible for a production Debian 10 (buster) server that hosts a critical web application. The application requires the package 'libssl1.1' version 1.1.1 or higher, but the official Debian 10 repository only provides version 1.1.0. The administrator has already attempted to install the newer version from Debian 11 (bullseye) sources, but this caused dependency conflicts with the existing libc6 version. The server cannot be upgraded to Debian 11 due to application compatibility. The administrator needs to resolve this situation without breaking the existing system or introducing unofficial packages. Which of the following is the most appropriate course of action?

A.Add the Debian Backports repository for buster and install libssl1.1 from there.
B.Upgrade the entire system to Debian 11 using a rolling upgrade.
C.Use dpkg --force-depends to force the installation of libssl1.1 from Debian 11.
D.Download the libssl1.1 source package from Debian 11 and compile it on the buster system with custom flags.
AnswerA

Backports are specifically designed to provide newer versions of packages that are compatible with the stable release. This is the recommended way to get updated software without upgrading the entire distribution.

Why this answer

Option A is correct because Debian Backports provides newer versions of select packages (like libssl1.1) that are recompiled against the stable release's libraries (e.g., libc6 from buster), avoiding dependency conflicts. This allows the administrator to obtain libssl1.1 version 1.1.1 or higher without upgrading the entire system or introducing unofficial packages, maintaining system stability and security.

Exam trap

The trap here is that candidates may think compiling from source (Option D) is a safe workaround, but they overlook that the compiled binary will still depend on the older libc6 and may introduce subtle runtime issues, while the backports repository is the official, supported method for this exact scenario.

How to eliminate wrong answers

Option B is wrong because upgrading the entire system to Debian 11 would break application compatibility, as stated in the scenario, and is not a targeted fix for the libssl1.1 requirement. Option C is wrong because using dpkg --force-depends bypasses dependency checks, which can lead to a broken system with unresolved dependencies, runtime crashes, and security vulnerabilities. Option D is wrong because compiling libssl1.1 from Debian 11 source on buster would still link against the older libc6, potentially causing the same dependency conflicts and introducing untested binaries that may not integrate properly with the package manager.

Page 2

Page 3 of 7

Page 4

All pages