Linux Professional Institute Certification Level 1 LPIC-1 (LPIC-1) — Questions 226300

522 questions total · 7pages · All types, answers revealed

Page 3

Page 4 of 7

Page 5
226
MCQmedium

A Linux administrator is managing a server that uses RPM-based package management. They need to find which installed package provides the '/etc/ssh/sshd_config' file. Which command should they use?

A.rpm -qi /etc/ssh/sshd_config
B.rpm -qf /etc/ssh/sshd_config
C.rpm -ql /etc/ssh/sshd_config
D.rpm -qa | grep sshd_config
AnswerB

Queries the package that owns the file.

Why this answer

The correct command is `rpm -qf /etc/ssh/sshd_config`. The `-q` flag queries the RPM database, and `-f` (or `--file`) tells RPM to find which installed package owns the specified file. This is the standard way to map a file back to its originating package in RPM-based systems.

Exam trap

The trap here is that candidates confuse the purpose of RPM query options: `-qi` (package info), `-ql` (file list), and `-qf` (file ownership), and often pick `-ql` thinking it lists files, but fail to realize it requires a package name, not a file path.

How to eliminate wrong answers

Option A is wrong because `rpm -qi` queries package information (like description, version, and architecture) from the RPM database, but it requires a package name as an argument, not a file path; using a file path with `-qi` will fail or produce irrelevant output. Option C is wrong because `rpm -ql` lists all files owned by a specified package; it expects a package name, not a file path, so it cannot be used to find which package owns a given file. Option D is wrong because `rpm -qa | grep sshd_config` lists all installed packages and pipes the output to grep, which would only match if a package name literally contains 'sshd_config' (which is unlikely); it does not query the RPM database's file-to-package mapping and will not reliably find the package that owns the file.

227
MCQmedium

A system administrator notices that the system clock is consistently 5 minutes ahead of the actual time. The NTP service is enabled and running. Which command should the administrator run to force an immediate time synchronization?

A.ntpq -p
B.ntpdate pool.ntp.org
C.systemctl restart ntpd
D.timedatectl set-time ...
AnswerB

ntpdate performs immediate synchronization.

Why this answer

Option C is correct because `ntpdate` forces an immediate synchronization. Option A (ntpq) is for querying NTP status. Option B (timedatectl) sets time zone but not force sync.

Option D (systemctl restart ntpd) restarts the service but does not force immediate update.

228
Multi-Selecteasy

Which TWO commands can be used to view the contents of a compressed file named archive.tar.gz without extracting it to disk?

Select 2 answers
A.gzip -d archive.tar.gz
B.bunzip2 -c archive.tar.gz | tar -t
C.tar -tzf archive.tar.gz
D.gunzip -l archive.tar.gz
E.zcat archive.tar.gz | tar -t
AnswersC, E

Correct: tar -t lists table of contents; -z handles gzip; -f specifies file.

Why this answer

Option C is correct because the `tar -tzf` command lists the contents of a tar archive compressed with gzip without extracting it. The `-t` flag tells tar to list the table of contents, `-z` handles the gzip decompression on the fly, and `-f` specifies the archive file. This is the standard, single-command method for viewing the contents of a `.tar.gz` file without writing any files to disk.

Exam trap

The trap here is that candidates often confuse `gunzip -l` (which shows compression metadata) with listing the actual file contents, or they mistakenly apply bzip2 tools to gzip archives, forgetting that each compression format requires its own specific decompression utility.

229
MCQhard

A script uses 'set -e' and then executes 'grep pattern file'. If the pattern is not found, the script exits. Which of the following modifications would prevent the script from exiting while still allowing detection of the pattern's absence?

A.grep -q pattern file || true
B.set +e; grep pattern file; exit_code=$?; set -e
C.grep pattern file; exit_code=$?
D.grep pattern file | head -1
AnswerB

Temporarily disables exit-on-error, captures exit code, then re-enables.

Why this answer

Option B is correct because it temporarily disables 'set -e' with 'set +e', runs the grep command, captures its exit code in a variable, then re-enables 'set -e'. This allows the script to continue executing after a non-zero exit from grep, while still preserving the exit code for later conditional checks. The other options either fail to preserve the exit code or do not prevent the script from exiting under 'set -e'.

Exam trap

The trap here is that candidates often think '|| true' or piping to another command will both prevent exit and preserve the exit code, but they fail to realize that these constructs either discard the exit code or do not reliably prevent exit under all shell configurations.

How to eliminate wrong answers

Option A is wrong because 'grep -q pattern file || true' prevents the script from exiting (due to the '|| true' ensuring a zero exit status), but it does not capture the exit code of grep, so the absence of the pattern cannot be detected later. Option C is wrong because simply running 'grep pattern file; exit_code=$?' without first disabling 'set -e' will cause the script to exit immediately if grep returns non-zero, so the exit code is never captured. Option D is wrong because 'grep pattern file | head -1' uses a pipe, and under 'set -e' the script will exit if grep fails (since the pipe's exit status is the exit status of the last command, which is head, but the shell's 'set -e' behavior can still cause exit if grep fails in some shells; more importantly, the exit code of grep is lost because only the exit code of the pipeline is available, and head typically succeeds even if grep fails).

230
MCQhard

After running 'ip route show default', a system administrator sees no output. Users on that system can only communicate with hosts on the local subnet. What is the most likely cause?

A.DNS is misconfigured
B.A firewall is blocking all traffic
C.The network interface is down
D.The default gateway is missing
AnswerD

Without a default route, traffic cannot reach external networks.

Why this answer

Option B is correct because the absence of a default route means traffic to destinations outside the local subnet cannot be forwarded. Option A could be an issue but connectivity to local subnet works. Option C is less specific, and Option D would cause no connectivity at all.

231
MCQeasy

Which file defines the APT software repositories used by a Debian-based system?

A./etc/apt/preferences
B./etc/apt/sources.list.d/
C./etc/apt/sources.list
D./etc/apt/apt.conf
AnswerC

This is the main repository definition file.

Why this answer

Option C is correct because `/etc/apt/sources.list` is the primary configuration file that defines the APT software repositories (e.g., Debian mirrors, Ubuntu archives) used by a Debian-based system. APT reads this file to fetch package indexes and install packages from the specified URIs, distributions, and components.

Exam trap

The trap here is that candidates confuse `/etc/apt/sources.list` with `/etc/apt/sources.list.d/`, thinking the directory is the primary definition file, but the exam expects the traditional main file as the correct answer.

How to eliminate wrong answers

Option A is wrong because `/etc/apt/preferences` controls the priority (pin) of packages from different repositories, not the repository definitions themselves. Option B is wrong because `/etc/apt/sources.list.d/` is a directory containing additional repository definition files (with `.list` extension), but the primary file is `/etc/apt/sources.list`; the question asks for the file that defines repositories, and while files in this directory also define repositories, the canonical answer is the main file. Option D is wrong because `/etc/apt/apt.conf` is the main configuration file for APT's behavior (e.g., proxy settings, caching options), not for repository definitions.

232
MCQmedium

An administrator runs 'lsmod' and sees a module with a usage count of 1. What does this indicate?

A.The module is loaded but not used by any process
B.The module is being used by one other module
C.One process is holding a reference to the module
D.The module has one dependency
AnswerC

The usage count indicates the number of active references.

Why this answer

Option C is correct: usage count shows the number of references to the module, often from a process or another module. Option A is false because count >0 means it is used. Option B is not necessarily true; it could be a process.

Option D is incorrect; dependencies are tracked separately.

233
MCQeasy

A system administrator wants to list all files in a directory that have been modified in the last 24 hours. Which command would be most appropriate?

A.ls -l --time=mod
B.find . -mmin 1440
C.ls -lt
D.find . -mtime -1
AnswerD

-mtime -1 finds files modified less than 1 day ago, which is the last 24 hours.

Why this answer

Option D is correct because the `find` command with `-mtime -1` searches for files whose modification time is less than 1 day ago (i.e., within the last 24 hours). The minus sign before the number means 'less than' that many days, so `-mtime -1` matches files modified in the last 24 hours. This is the standard, precise way to list files by modification time in a directory tree.

Exam trap

The trap here is that candidates confuse `-mtime` with `-mmin` and forget that the minus sign in `-mtime -1` is required to mean 'less than', or they mistakenly think `ls -lt` filters by time when it only sorts.

How to eliminate wrong answers

Option A is wrong because `ls -l --time=mod` lists files with their modification time displayed, but it does not filter files by age; it shows all files in the directory. Option B is wrong because `find . -mmin 1440` uses minutes (1440 minutes = 24 hours), but the syntax `-mmin` expects an integer without a sign; `-mmin 1440` matches files modified exactly 1440 minutes ago, not within the last 24 hours (the correct syntax would be `-mmin -1440`). Option C is wrong because `ls -lt` lists files sorted by modification time (newest first), but it does not filter; it shows all files in the directory, regardless of age.

234
Multi-Selecthard

Which THREE conditions will cause the fsck command to automatically run on the root filesystem during boot? (Choose three.)

Select 3 answers
A.The 'fsck.mode=force' kernel parameter was specified.
B.The system was not shut down properly.
C.The root filesystem's superblock indicates an unclean unmount.
D.The root filesystem is read-only.
E.The filesystem has been mounted more than the configured maximum mount count.
AnswersB, C, E

Improper shutdown sets a dirty flag.

Why this answer

Option B is correct because when the system was not shut down properly (e.g., due to a power failure or crash), the root filesystem is marked as 'dirty' in its superblock. During the next boot, fsck detects this condition and automatically runs a filesystem check on the root partition to ensure consistency before mounting it.

Exam trap

The trap here is that candidates may think 'read-only' (Option D) implies a filesystem check is needed, but fsck only triggers based on superblock flags and mount counts, not the current mount mode.

235
MCQmedium

A script running as a daemon should perform clean-up operations when it receives SIGTERM. Which command inside the script sets up this behavior?

A.trap cleanup TERM
B.trap 'cleanup' SIGTERM
C.trap 'cleanup' EXIT
D.trap "cleanup" 9
AnswerB

Sets a trap for SIGTERM to run the cleanup function.

Why this answer

Option A is correct. trap with signal name SIGTERM (or number 15) runs the clean-up function when the signal is received. Options B and C use wrong syntax or signal. Option D uses EXIT, which runs on script exit from any cause.

236
MCQmedium

A server has a partition /dev/sda2 that is almost full. The admin suspects a large file has been deleted but is still held open by a process. Which command can identify such a file?

A.du -sh /
B.find / -size +100M
C.lsof | grep deleted
D.df -h
AnswerC

Shows open files marked as deleted.

Why this answer

The `lsof` command lists open files and their associated processes. When a file is deleted but still held open by a process, `lsof` shows the filename with a '(deleted)' marker in its output. Piping through `grep deleted` filters for exactly those entries, allowing the admin to identify the file and the process keeping it alive, which is the precise scenario described.

Exam trap

The trap here is that candidates often choose `df -h` or `du` because they show disk usage, but they fail to realize that deleted-but-open files are invisible to those tools, while `lsof` directly reveals the hidden space consumption.

How to eliminate wrong answers

Option A is wrong because `du -sh /` calculates disk usage of the entire root filesystem but does not show which files are deleted and still open; it only reports current space consumption. Option B is wrong because `find / -size +100M` locates files larger than 100 MB on disk, but it cannot detect files that have been unlinked (deleted) from the directory tree, as those files no longer have a directory entry to find. Option D is wrong because `df -h` shows overall filesystem disk usage and free space, but it provides no information about individual files or processes holding deleted files open.

237
MCQhard

A Linux system has a software RAID1 array /dev/md0 consisting of /dev/sda1 and /dev/sdb1. After replacing a failed disk, the administrator runs 'mdadm --manage /dev/md0 --add /dev/sdc1', but the array remains degraded. Which command should be used to check the status of the array?

A.mdadm --examine /dev/sdc1
B.mdadm --version
C.mdadm --detail /dev/md0
D.mdadm --query /dev/md0
AnswerC

Correct: shows detailed array status.

Why this answer

The `mdadm --detail /dev/md0` command displays the current state of the RAID array, including its status (e.g., degraded, active), the number of active and failed devices, and the sync/resync progress. Since the array remains degraded after adding a new disk, this command will show whether the new disk has been properly integrated or if there is an underlying issue, such as a missing or failed component.

Exam trap

The trap here is that candidates often confuse `--examine` (which inspects a disk's superblock) with `--detail` (which shows the array's overall state), leading them to choose Option A when they need to check the array's degraded status rather than a single disk's metadata.

How to eliminate wrong answers

Option A is wrong because `mdadm --examine /dev/sdc1` reads the superblock on a specific disk to show its metadata and RAID membership, but it does not report the overall array status or whether the array is still degraded. Option B is wrong because `mdadm --version` only prints the version of the mdadm utility and provides no information about the array's state. Option D is wrong because `mdadm --query /dev/md0` gives a brief summary (e.g., 'is not an md array' or a one-line status) but lacks the detailed device-by-device status and resync progress needed to diagnose why the array remains degraded.

238
MCQmedium

Given a file with lines like 'John:23:Engineer', which awk command prints only the name and department (first and third fields) separated by a space?

A.awk -F: '{print $1,$3}' file
B.awk -F: '{print $1,$2}' file
C.awk -F: '{print $1 $3}' file
D.awk -F: '{print $1 $2}' file
AnswerA

Comma in print outputs space separator.

Why this answer

Option A is correct because the `-F:` flag sets the field separator to colon, and `{print $1,$3}` prints the first and third fields separated by the default output field separator (a space). This matches the requirement to output the name and department from lines like 'John:23:Engineer'.

Exam trap

The trap here is that candidates often confuse the comma (which inserts the OFS) with concatenation (no comma), leading them to pick options like C or D that produce no space between fields, or they misidentify the field numbers and select B instead of A.

How to eliminate wrong answers

Option B is wrong because `{print $1,$2}` prints the first and second fields (name and age), not the name and department. Option C is wrong because `{print $1 $3}` concatenates the first and third fields with no separator, producing output like 'JohnEngineer' instead of 'John Engineer'. Option D is wrong because `{print $1 $2}` concatenates the first and second fields with no separator, outputting 'John23' instead of the required name and department.

239
Multi-Selecteasy

Which THREE package management tools are native to Debian-based Linux distributions? (Choose exactly three.)

Select 3 answers
A.dpkg
B.rpm
C.yum
D.apt
E.apt-get
AnswersA, D, E

Low-level package manager for Debian.

Why this answer

Options A, C, and D are correct. dpkg is the low-level package manager. apt-get and apt are front-ends for APT. Option B is incorrect because rpm is used on Red Hat-based systems. Option E is incorrect because yum is used on Red Hat-based systems.

240
MCQeasy

You are a junior system administrator tasked with adding a new 500GB HDD to a Debian 11 server that will be used for backup storage. The server currently has a 120GB SSD with two partitions: sda1 (boot) and sda2 (root). You have physically installed the HDD and it is recognized as /dev/sdb. You need to partition the disk with a single partition covering the entire disk, format it as ext4, and ensure it is automatically mounted at /backup at boot time. Which sequence of commands should you execute to accomplish this?

A.sudo parted /dev/sdb mklabel gpt && sudo parted /dev/sdb mkpart primary ext4 0% 100% && sudo mkfs.ext4 /dev/sdb1 && echo '/dev/sdb1 /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
B.sudo mkfs.ext4 /dev/sdb1 && echo '/dev/sdb1 /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
C.sudo mkfs.ext4 /dev/sdb && echo '/dev/sdb /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
D.sudo fdisk /dev/sdb (create partition) && sudo mkswap /dev/sdb1 && echo '/dev/sdb1 /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
AnswerA

Properly creates GPT partition table, single partition, formats as ext4, adds fstab entry, and mounts.

Why this answer

Option A is correct because it first creates a GPT partition table on /dev/sdb with parted, then creates a single primary partition spanning the entire disk, formats that partition (not the raw disk) as ext4, adds an fstab entry for automatic mounting at /backup, and finally mounts all filesystems. This sequence ensures the disk is properly partitioned, formatted, and configured for persistent boot-time mounting.

Exam trap

The trap here is that candidates may try to format the raw disk device (e.g., /dev/sdb) instead of a partition (e.g., /dev/sdb1), or skip the partitioning step entirely, leading to an unbootable or improperly configured filesystem.

How to eliminate wrong answers

Option B is wrong because it attempts to run mkfs.ext4 directly on /dev/sdb1 without first creating a partition table or partition on /dev/sdb, so /dev/sdb1 does not exist and the command will fail. Option C is wrong because it formats the raw disk device /dev/sdb with ext4 instead of a partition, which is not a standard practice and will prevent proper partitioning; also, the fstab entry references /dev/sdb, which is the whole disk, not a filesystem. Option D is wrong because it uses mkswap to create a swap filesystem on /dev/sdb1, but the requirement is to format it as ext4 for backup storage, not swap.

241
Multi-Selectmedium

Which THREE of the following are valid systemd targets?

Select 3 answers
A.poweroff.target
B.rescue.target
C.reboot.target
D.halt.target
E.shutdown.target
AnswersA, B, C

Standard target for system poweroff.

Why this answer

Correct: A, B, E. poweroff.target, reboot.target, and rescue.target are standard systemd targets. Option C 'halt.target' is not a valid systemd target (halt is performed via a different mechanism); D 'shutdown.target' is also not standard.

242
MCQeasy

During boot, the kernel must mount the root filesystem. Which of the following is responsible for providing the kernel with the location of the root filesystem?

A.udev
B.initramfs
C.init
D.boot loader
AnswerD

The boot loader passes root= parameter to the kernel.

Why this answer

The boot loader (e.g., GRUB) is responsible for loading the kernel into memory and passing it the location of the root filesystem via kernel command-line parameters such as `root=`. Without this parameter, the kernel would not know which block device or partition to mount as `/`. The boot loader reads configuration files (e.g., `grub.cfg`) that specify this parameter, making it the direct provider of the root filesystem location.

Exam trap

The trap here is that candidates often confuse initramfs as the provider of the root filesystem location, when in fact initramfs is a tool that uses the location provided by the boot loader to mount the real root filesystem.

How to eliminate wrong answers

Option A is wrong because udev is a device manager that runs in userspace after the root filesystem is mounted; it handles device node creation and hotplug events, not kernel boot parameters. Option B is wrong because initramfs is a temporary root filesystem loaded by the boot loader that contains tools and drivers to mount the real root filesystem, but it does not itself provide the location; it relies on the `root=` parameter passed by the boot loader. Option C is wrong because init is the first userspace process (PID 1) started after the root filesystem is mounted; it manages services and system initialization, not the kernel's boot-time root filesystem location.

243
MCQmedium

A system administrator needs to ensure that a bash script continues executing even if any command in the script fails. Which of the following should be used at the beginning of the script?

A.set +e
B.trap 'echo error' ERR
C.unset -e
D.set -e
E.# set +e
AnswerA

Disables exit on error, allowing the script to continue.

Why this answer

Option A is correct because `set +e` disables the 'exit on error' behavior in a bash script, allowing the script to continue executing even if a command returns a non-zero exit status. By default, bash scripts do not exit on error, but if `set -e` is used elsewhere, `set +e` explicitly turns that off to ensure the script continues despite failures.

Exam trap

The trap here is that candidates often confuse `set +e` with `set -e`, or think that a comment like `# set +e` would have any effect, when in fact the `+` sign disables the option and the `-` sign enables it.

How to eliminate wrong answers

Option B is wrong because `trap 'echo error' ERR` sets a trap that executes a command when a command fails, but it does not prevent the script from exiting; the script will still exit after the trap runs unless `set +e` is also used. Option C is wrong because `unset -e` is not a valid bash command; `unset` is used to unset variables or functions, not shell options. Option D is wrong because `set -e` enables 'exit on error', which causes the script to terminate immediately when any command fails, which is the opposite of what is needed.

Option E is wrong because `# set +e` is a comment and has no effect on shell behavior; the `#` makes it a comment line.

244
MCQmedium

A Red Hat system administrator suspects that the files belonging to the 'openssh-server' package have been modified since installation. Which command verifies the integrity of the installed package files?

A.rpm -K openssh-server
B.rpm -qa | grep openssh
C.rpm -q openssh-server
D.rpm -V openssh-server
AnswerD

Verifies installed files against package database.

Why this answer

Option D is correct because rpm -V (verify) compares installed files against package metadata. Option A is incorrect because rpm -q queries package info. Option B is incorrect because rpm -qa lists all packages.

Option C is incorrect because rpm -K checks GPG signature of the package file, not installed files.

245
MCQeasy

The /proc filesystem is described as a virtual filesystem. Which statement best describes its purpose?

A.It contains configuration files for system services.
B.It provides an interface to kernel data structures and processes.
C.It holds binary executables for system administration.
D.It stores temporary files that survive reboots.
AnswerB

/proc is a pseudo-filesystem for kernel and process info.

Why this answer

The /proc filesystem is a virtual filesystem that does not contain actual files on disk but instead provides a runtime interface to kernel data structures, including process information, system memory, CPU details, and hardware configuration. This allows users and system tools (like ps, top, and free) to read kernel state in real time without needing direct kernel memory access.

Exam trap

The trap here is that candidates confuse /proc with a real filesystem for storing configuration or executables, when in fact it is a virtual interface to kernel data structures that contains no persistent files.

How to eliminate wrong answers

Option A is wrong because configuration files for system services are stored in /etc, not in /proc, which is a virtual filesystem with no persistent configuration data. Option C is wrong because binary executables for system administration reside in directories like /bin, /sbin, /usr/bin, or /usr/sbin, while /proc contains no executable binaries. Option D is wrong because temporary files that survive reboots are typically stored in /var/tmp, whereas /proc is a volatile, kernel-generated filesystem that is recreated fresh on every boot and does not persist any data.

246
MCQeasy

A technician is troubleshooting network connectivity. The server's IP is 192.168.1.10/24, and the gateway is 192.168.1.1. The server can ping the gateway but cannot ping 8.8.8.8. Which command is most appropriate to check if the default route is configured?

A.route -n
B.ifconfig eth0
C.ping 192.168.1.1
D.arp -n
AnswerA

Shows routing table.

Why this answer

Option A is correct: `route -n` shows the routing table including default gateway. Option B (ifconfig) shows interface config. Option C (ping) tests connectivity.

Option D (arp) shows MAC address table.

247
MCQeasy

According to the Filesystem Hierarchy Standard (FHS), in which directory should third-party static libraries be installed?

A./lib
B./usr/local/lib
C./opt/lib
D./usr/lib
AnswerD

Third-party libraries that are not part of the base system should go in /usr/lib.

Why this answer

The Filesystem Hierarchy Standard (FHS) specifies that /usr/lib is the correct directory for third-party static libraries that are part of the system's package management. This directory holds libraries that are not dynamically linked and are required by programs in /usr/bin and /usr/sbin, ensuring consistency across the system.

Exam trap

The trap here is that candidates often confuse /usr/local/lib with the correct location for system-managed third-party libraries, mistakenly thinking 'local' implies any locally installed third-party software, when in fact /usr/local is for site-specific, non-package-manager software.

How to eliminate wrong answers

Option A is wrong because /lib is reserved for essential shared libraries and kernel modules required for booting and running core system binaries, not for third-party static libraries. Option B is wrong because /usr/local/lib is intended for locally compiled software and libraries not managed by the system's package manager, not for third-party packages installed via the system. Option C is wrong because /opt/lib is used for libraries that are part of self-contained add-on application packages installed in /opt, not for general third-party static libraries that follow the FHS hierarchy.

248
MCQhard

A system administrator notices that the NTP service on a Linux server is not synchronizing time with external NTP servers. The administrator runs 'ntpq -p' and sees that all servers listed have a 'reach' value of 0. Which of the following is the most likely cause?

A.The system timezone is incorrectly set.
B.The NTP service is configured to use the local clock.
C.A firewall is blocking UDP port 123.
D.The NTP server is using a different NTP version.
AnswerC

Reach 0 indicates no response, common when firewall blocks NTP.

Why this answer

The `reach` value of 0 in `ntpq -p` output indicates that the NTP client has received no responses from any of the configured servers. Since NTP uses UDP port 123 for communication, a firewall blocking this port would prevent the client from sending or receiving NTP packets, resulting in zero reachability. This is the most common cause when all servers show a reach of 0.

Exam trap

The trap here is that candidates may confuse a reach value of 0 with a stratum value of 16 or a synchronization failure due to timezone misconfiguration, but the reach value specifically indicates network-level communication failure, not configuration or version issues.

How to eliminate wrong answers

Option A is wrong because the system timezone setting affects the display of local time, not the synchronization process with NTP servers; NTP works with UTC internally. Option B is wrong because if the NTP service were configured to use the local clock, the `ntpq -p` output would typically show a server entry like `LOCAL(0)` with a reach value greater than 0, not all servers at 0. Option D is wrong because NTP is backward compatible; different NTP versions (v3, v4) can interoperate, and version mismatch would not cause a reach value of 0 for all servers.

249
MCQeasy

A Linux administrator wants to update the local package index from all configured repositories on an Ubuntu system. Which command accomplishes this?

A.dpkg --configure -a
B.apt upgrade
C.apt-get install
D.apt update
AnswerD

This updates the package index.

Why this answer

The `apt update` command (equivalent to `apt-get update`) refreshes the local package index by downloading the latest package lists from all repositories defined in `/etc/apt/sources.list` and `/etc/apt/sources.list.d/`. This is the prerequisite step before any installation or upgrade, ensuring the system knows about the newest available versions and dependencies.

Exam trap

The trap here is confusing `apt update` (which updates the package index) with `apt upgrade` (which upgrades installed packages), a common mix-up that leads candidates to choose the upgrade command instead of the index refresh command.

How to eliminate wrong answers

Option A is wrong because `dpkg --configure -a` is used to finish configuring any packages that were left in an unconfigured state after a partial installation, not to update the package index. Option B is wrong because `apt upgrade` actually installs newer versions of already-installed packages based on the current local index, but it does not refresh that index itself. Option C is wrong because `apt-get install` is used to install or upgrade specific packages, and it does not update the package lists from repositories.

250
MCQhard

Refer to the exhibit. The administrator expects logs to be sent to a remote syslog server at 192.168.1.100 on UDP port 514. However, no logs are being received at the remote server. Which is the most likely issue?

A.The remote syslog server's firewall is blocking incoming UDP port 514.
B.The local7 rule overrides the remote rule.
C.The wildcard *.* does not include kernel messages.
D.The syntax should use @@ for UDP.
AnswerA

Most common issue: remote server not reachable or no listener.

Why this answer

Option C is correct: The syntax `@` indicates UDP by default, but often rsyslog requires TCP with `@@`. However, the real issue is that the remote server may not be listening. Option A is wrong because `*.*` sends all logs.

Option B is wrong because there's no other filter. Option D is less likely.

251
Multi-Selecthard

Which THREE commands can be used to display the UUID of a filesystem on a Linux system without superuser privileges? (Choose three.)

Select 3 answers
A.file -s /dev/sda1
B.blkid
C.dumpe2fs -h
D.findfs UUID=...
E.lsblk -f
AnswersA, B, E

file -s reads filesystem superblock and can display UUID for some filesystems; works without root if device permissions allow.

Why this answer

The `file -s /dev/sda1` command reads the superblock of the specified block device and displays filesystem type information, which typically includes the UUID for filesystems like ext4, XFS, or Btrfs. This works without superuser privileges because it only performs a read-only inspection of the device file's metadata, not requiring any write access or privileged system calls.

Exam trap

The trap here is that candidates often assume `dumpe2fs -h` works without root because it only reads metadata, but Linux requires root for direct block device access unless the device file has world-readable permissions (which is rare), while `blkid` and `lsblk -f` leverage cached data to bypass this restriction.

252
MCQmedium

A system administrator needs to install a package 'foo' which depends on library 'libbar.so.2' that is not currently installed. The administrator runs `apt-get install foo` and receives an error about unmet dependencies. Which of the following is the most appropriate next step?

A.Run `apt-get install -f` to fix broken dependencies.
B.Use `dpkg --force-depends -i foo.deb` to force installation.
C.Run `apt-get update` and retry the installation.
D.Manually download `libbar.so.2` and install it using `dpkg -i`.
AnswerA

This command attempts to correct unmet dependencies.

Why this answer

The command `apt-get install -f` attempts to fix broken dependencies by installing missing packages or removing conflicting ones. It is the correct next step after a failed installation due to unmet dependencies. Option A is incorrect because `apt-get update` only refreshes the package list.

Option C is incorrect because force-installing can break the system. Option D is incorrect because manual installation may not resolve all dependencies.

253
MCQmedium

On a Linux server using systemd and Postfix for email service, an administrator needs to diagnose a delivery failure for a local user. Which command should be used to view the most recent mail-related system journal entries?

A.tail -f /var/log/maillog
B.systemctl status postfix
C.less /var/log/syslog
D.journalctl -u postfix
AnswerD

This command retrieves all journal messages for the postfix unit, ideal for troubleshooting.

Why this answer

Option D is correct because journalctl -u postfix filters the systemd journal to show only Postfix-related logs. Option A checks a traditional log file, Option B is too general, and Option C shows service status only.

254
Multi-Selecteasy

Which TWO commands can be used to obtain information about the CPU architecture of a Linux system?

Select 2 answers
A.uname -m
B.lscpu
C.dmidecode -t processor
D.cat /proc/cpuinfo
E.lspci
AnswersB, D

Displays CPU architecture details including cores, threads, model name, etc.

Why this answer

lscpu displays CPU architecture info from /proc/cpuinfo and sysfs. cat /proc/cpuinfo directly shows CPU details. lspci lists PCI devices, dmidecode shows DMI data (not CPU specifics), uname -m shows machine architecture but not detailed CPU info. Correct are A and B.

255
Multi-Selectmedium

Which TWO commands can be used to display the contents of a compressed file without decompressing it to disk? (Choose two.)

Select 2 answers
A.zcat file.gz
B.gzip -d file.gz
C.tar -xzf file.tar.gz
D.bzcat file.bz2
E.uncompress file.Z
AnswersA, D

Equivalent to gunzip -c; outputs to stdout.

Why this answer

A is correct because `zcat` reads a gzip-compressed file and writes its decompressed content to standard output without saving the decompressed data to disk. This allows you to view the contents of `file.gz` directly in the terminal or pipe it to other commands.

Exam trap

The trap here is that candidates confuse commands that decompress to stdout (like `zcat` and `bzcat`) with commands that decompress to disk (like `gzip -d` or `uncompress`), or they mistakenly think `tar -xzf` only displays the archive contents when it actually extracts them.

256
MCQhard

Refer to the exhibit. An administrator runs 'ntpq -p' and sees the output shown. What is the most likely cause of the '16' stratum and '0.000' delay/offset?

A.The NTP service is not running.
B.The firewall is blocking UDP port 123.
C.The NTP daemon has recently started and has not yet synchronized.
D.The restrict lines are blocking all NTP queries.
AnswerC

The 'iburst' option causes rapid initial polls, but it still takes a few minutes for synchronization. The 0 reach and stratum 16 indicate no synchronization yet.

Why this answer

The '16' stratum and '0.000' delay/offset values in the 'ntpq -p' output indicate that the NTP daemon has not yet synchronized with any time source. When ntpd starts, it initially sets the stratum to 16 (unsynchronized) and shows zero values for delay and offset until it completes the synchronization process. This is a normal transient state that resolves once the daemon successfully contacts and synchronizes with an NTP server.

Exam trap

The trap here is that candidates often assume a stratum of 16 and zero delay/offset indicate a firewall or service failure, but the correct interpretation is that the NTP daemon has just started and has not yet synchronized, which is a normal temporary state.

How to eliminate wrong answers

Option A is wrong because if the NTP service were not running, the 'ntpq -p' command would typically return an error or show no output, not display a stratum of 16 with zero delay/offset. Option B is wrong because a firewall blocking UDP port 123 would prevent any NTP communication, resulting in no reachable servers or persistent '16' stratum, but the zero delay/offset specifically indicates the daemon has not yet attempted or completed synchronization, not that packets are being dropped. Option D is wrong because restrict lines blocking all NTP queries would cause the daemon to fail to contact servers, leading to a persistent unsynchronized state, but the zero delay/offset is a characteristic of a freshly started daemon that has not yet attempted synchronization, not a permanent restriction issue.

257
MCQmedium

Refer to the exhibit. What will be the output when this script is executed?

A.a b\nd e
B.a b c\nd e f
C.a b
D.The script will error because of incorrect read syntax.
AnswerA

Each line prints the first two fields separated by space.

Why this answer

Option C is correct because each line is split into three fields; only field1 and field2 are echoed, resulting in 'a b' and 'd e' on separate lines.

258
MCQhard

A script produces both standard output and error messages. An administrator wants to save the output to 'out.log' and the error messages to 'err.log', but also wants to see both on the terminal. Which command achieves this?

A../script.sh 2>&1 | tee out.log 2>&1 | tee err.log
B../script.sh > >(tee out.log) 2> >(tee err.log)
C../script.sh > out.log 2> err.log
D../script.sh 2>&1 | tee out.log
AnswerB

Uses process substitution to duplicate stdout to terminal and out.log, and stderr to terminal and err.log.

Why this answer

Option B is correct because it uses process substitution to tee each stream to both a file and the terminal. The 2>&1 in other options merges stderr into stdout, which is not desired.

259
MCQhard

After creating a new user with 'useradd john', the user 'john' cannot log in. What is the most likely cause?

A.The home directory does not exist
B.No password has been set for the user
C.The user's shell is not set
D.The user is not in the sudoers file
AnswerB

The 'useradd' command creates the account but does not assign a password; the account is locked initially.

Why this answer

The `useradd` command creates a new user account but does not set a password. Without a password, the system's authentication mechanism (typically PAM) will deny login attempts, as there is no valid password hash in `/etc/shadow`. The user must have a password assigned via `passwd john` before they can authenticate.

Exam trap

The trap here is that candidates assume `useradd` fully provisions an account, overlooking that password assignment is a separate mandatory step, and they may confuse login failure with missing home directory or shell issues.

How to eliminate wrong answers

Option A is wrong because `useradd` by default creates the home directory from `/etc/default/useradd` or `/etc/login.defs` unless explicitly overridden with `-M`; if it did not exist, the user would still be able to log in (though they might get a warning or land in `/`). Option C is wrong because `useradd` assigns a default shell (usually `/bin/sh` or `/bin/bash`) from `/etc/default/useradd`; if the shell is missing or invalid, login might fail, but the default is always set. Option D is wrong because membership in the sudoers file is irrelevant to basic login capability; sudo access is a privilege escalation mechanism, not a prerequisite for authentication.

260
Multi-Selecteasy

Which TWO options in /etc/fstab affect whether a filesystem is mounted at boot? (Choose two.)

Select 2 answers
A.user
B.defaults
C.auto
D.ro
E.noauto
AnswersC, E

auto tells mount -a (boot) to mount the filesystem.

Why this answer

The 'auto' option (C) explicitly tells the system to mount the filesystem automatically at boot time via `mount -a` (as run by systemd or init scripts). Conversely, 'noauto' (E) prevents automatic mounting at boot, requiring manual intervention. Both directly control boot-time behavior in /etc/fstab.

Exam trap

The trap here is that candidates often confuse 'auto' with 'defaults' or think 'ro' affects boot mounting, when in fact only 'auto' and 'noauto' directly control automatic mounting at boot.

261
MCQhard

A disk is partitioned with GPT. The administrator wants to see the partition type GUIDs and partition UUIDs. Which command is most appropriate?

A.blkid /dev/sda
B.lsblk -f /dev/sda
C.fdisk -l /dev/sda
D.gdisk -l /dev/sda
AnswerD

Correct: gdisk -l displays GPT partition details including UUIDs.

Why this answer

Option D is correct because `gdisk -l /dev/sda` is the GPT-specific partitioning tool that displays partition type GUIDs (e.g., EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 for Microsoft basic data) and partition unique GUIDs (UUIDs) for each partition on a GPT disk. Unlike MBR tools, GPT stores these 128-bit identifiers in the partition table headers, and `gdisk` is designed to read and present them directly.

Exam trap

The trap here is that candidates confuse filesystem UUIDs (shown by `blkid` and `lsblk -f`) with partition table GUIDs (type and partition UUIDs), and assume `fdisk -l` is sufficient for GPT details, but `fdisk` omits the GUIDs that `gdisk` specifically exposes.

How to eliminate wrong answers

Option A is wrong because `blkid /dev/sda` shows filesystem UUIDs and type labels (e.g., ext4, swap) from the block device's superblock, not the partition table's type GUIDs or partition UUIDs stored in the GPT header. Option B is wrong because `lsblk -f /dev/sda` also displays filesystem information (UUID, label, FSTYPE) from the filesystem metadata, not the GPT partition type GUIDs or partition UUIDs. Option C is wrong because `fdisk -l /dev/sda` is designed for MBR (DOS) partition tables and, while it can read GPT disks, it does not display partition type GUIDs or partition UUIDs; it shows only partition numbers, start/end sectors, size, and a generic type code (e.g., 'Microsoft basic data') without the GUIDs.

262
MCQhard

A Linux system fails to boot with the error 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. Which of the following is the most likely cause?

A.The root filesystem has a corrupted superblock
B.The initrd file is missing or corrupted
C.The kernel lacks the necessary driver for the storage controller
D.The bootloader configuration points to the wrong partition
AnswerC

Kernel cannot access the root device due to missing storage driver.

Why this answer

The error 'VFS: Unable to mount root fs on unknown-block(0,0)' indicates that the kernel cannot find or access the root filesystem. This typically occurs when the kernel lacks the necessary driver (module) for the storage controller (e.g., SATA, SCSI, NVMe) that the root device is connected to. Without the driver, the kernel cannot communicate with the storage hardware, resulting in the unknown-block(0,0) identifier.

Exam trap

The trap here is that candidates often confuse the 'unknown-block(0,0)' error with a bootloader misconfiguration (Option D) or a corrupted filesystem (Option A), but the key is that the error specifically indicates the kernel cannot identify the block device at all, not that it found the wrong device or that the filesystem is unreadable.

How to eliminate wrong answers

Option A is wrong because a corrupted superblock would produce a different error, such as 'mount: /dev/sda1: can't read superblock' or a filesystem-specific error during mount, not the 'unknown-block(0,0)' kernel panic. Option B is wrong because a missing or corrupted initrd would typically cause a kernel panic with an error like 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)' only if the initrd contains the necessary storage driver; however, the initrd itself is not the root filesystem, and its absence usually leads to a 'No init found' or 'Failed to execute /init' panic, not the specific block device error. Option D is wrong because a bootloader configuration pointing to the wrong partition would result in a different error, such as 'rootfs not found' or a kernel panic with a specific device identifier (e.g., unknown-block(8,1)), not the generic unknown-block(0,0) which indicates the device node itself is unrecognized by the kernel.

263
MCQeasy

A system administrator wants to ensure that the filesystem on /dev/sdb1 is checked for errors every 30 mounts. Which command accomplishes this?

A.fsck -c 30 /dev/sdb1
B.e2fsck -c 30 /dev/sdb1
C.tune2fs -c 30 /dev/sdb1
D.mount -o errors=remount-ro
AnswerC

Sets the mount count threshold to 30.

Why this answer

The `tune2fs` command is used to adjust tunable filesystem parameters on ext2/ext3/ext4 filesystems. The `-c` option sets the maximum mount count between filesystem checks; `tune2fs -c 30 /dev/sdb1` configures the filesystem to trigger an `fsck` check every 30 mounts. This is the correct tool for modifying this persistent setting.

Exam trap

The trap here is confusing the `-c` option of `tune2fs` (set mount count) with the `-c` option of `e2fsck` (bad-block check), leading candidates to mistakenly choose `e2fsck -c 30`.

How to eliminate wrong answers

Option A is wrong because `fsck` is a frontend that runs filesystem checks, not a tool to set mount-count parameters; `fsck -c 30` would attempt to check the filesystem and the `-c` option is not valid for setting mount intervals. Option B is wrong because `e2fsck` is the ext2/ext3/ext4 filesystem checker, and its `-c` option performs a bad-block scan, not a mount-count configuration. Option D is wrong because `mount -o errors=remount-ro` is a mount option that remounts the filesystem as read-only on error, but it does not schedule periodic checks based on mount count.

264
Multi-Selecteasy

Which TWO of the following commands can be used to create a new filesystem on a partition?

Select 2 answers
A.fdisk
B.mkfs.ext4
C.parted
D.fsck
E.mkfs
AnswersB, E

mkfs.ext4 directly creates an ext4 filesystem.

Why this answer

B is correct because `mkfs.ext4` is a specific command that creates an ext4 filesystem on a partition. E is correct because `mkfs` is a generic front-end that can create various filesystem types (e.g., ext4, xfs, btrfs) based on the `-t` option or by invoking filesystem-specific wrappers like `mkfs.ext4`.

Exam trap

The trap here is that candidates confuse partition management tools (fdisk, parted) with filesystem creation tools (mkfs), or mistakenly think fsck can create a filesystem because it interacts with filesystem metadata.

265
MCQmedium

A Linux system has two SATA disks: /dev/sda (250GB) and /dev/sdb (500GB). The administrator wants to create a logical volume group named 'vgdata' using partitions on both disks, then create a 600GB logical volume named 'lvdata' for a database. Which sequence of commands should be used?

A.pvcreate /dev/sdb1 /dev/sdc1; lvcreate -L 600G -n lvdata vgdata; vgcreate vgdata /dev/sdb1 /dev/sdc1
B.pvcreate /dev/sdb /dev/sdc; vgcreate vgdata /dev/sdb /dev/sdc; lvcreate -L 600G -n lvdata vgdata
C.pvcreate /dev/sdb1 /dev/sdc1; vgcreate vgdata /dev/sdb1 /dev/sdc1; lvcreate -L 600G -n lvdata vgdata
D.vgcreate vgdata /dev/sdb1 /dev/sdc1; pvcreate /dev/sdb1 /dev/sdc1; lvcreate -L 600G -n lvdata vgdata
AnswerC

Correct order: pvcreate, vgcreate, lvcreate.

Why this answer

Option C is correct because it follows the proper LVM sequence: first create physical volumes (PVs) on the partitions /dev/sdb1 and /dev/sdc1 using pvcreate, then create the volume group 'vgdata' from those PVs using vgcreate, and finally create the logical volume 'lvdata' with a size of 600GB using lvcreate. This order ensures that the PVs exist before the VG is created, and the VG exists before the LV is created.

Exam trap

The trap here is that candidates may confuse the order of LVM commands (pvcreate, vgcreate, lvcreate) or mistakenly use whole disks instead of partitions, but the question explicitly requires partitions on both disks.

How to eliminate wrong answers

Option A is wrong because it attempts to create a logical volume (lvcreate) before the volume group (vgcreate) exists, which will fail; also, it uses /dev/sdc1 instead of /dev/sdb1 for the second disk, but the question specifies /dev/sdb, not /dev/sdc. Option B is wrong because it uses whole disks (/dev/sdb and /dev/sdc) instead of partitions, which is possible but not the scenario described (the question says 'partitions on both disks'), and it also references /dev/sdc instead of /dev/sdb. Option D is wrong because it attempts to create the volume group (vgcreate) before creating the physical volumes (pvcreate), which will fail as the PVs must exist first.

266
MCQhard

A systemd service unit file must be configured to automatically restart the service if it exits unexpectedly. Which directive should be used?

A.Type=forking
B.Restart=always
C.RemainAfterExit=yes
D.ExecStop=/bin/true
AnswerB

This directs systemd to restart the service automatically after it stops, regardless of exit status.

Why this answer

The `Restart=always` directive in a systemd service unit file instructs systemd to automatically restart the service regardless of the exit status, including unexpected crashes or terminations. This ensures high availability by restarting the process whenever it exits, unless explicitly stopped by systemctl. Other directives like `Type=forking` or `RemainAfterExit=yes` do not control restart behavior.

Exam trap

The trap here is that candidates confuse `Restart=always` with `Type=forking` or `RemainAfterExit=yes`, mistakenly thinking these directives handle automatic restarts, when in fact they address process forking or service state after exit.

How to eliminate wrong answers

Option A is wrong because `Type=forking` defines the service's startup behavior (expecting the process to fork and the parent to exit), not its restart policy. Option C is wrong because `RemainAfterExit=yes` tells systemd to consider the service as active even after the main process exits, but it does not trigger automatic restarts. Option D is wrong because `ExecStop=/bin/true` specifies a command to run when stopping the service, not a condition for automatic restart.

267
Multi-Selecthard

Which THREE of the following statements are true about the /etc/shadow file?

Select 3 answers
A.It contains the encrypted passwords in the second field, replacing the 'x' in /etc/passwd
B.It can contain password expiration information
C.It is readable only by the root user
D.The second field contains the encrypted password
E.It is world-readable to allow any user to verify passwords
AnswersB, C, D

Fields like last change, min/max days, warning period are in shadow.

Why this answer

The /etc/shadow file stores password expiration information, such as the last password change date, minimum and maximum password age, warning period, and inactivity period. This data is used by the system to enforce password aging policies, making option B correct.

Exam trap

The trap here is that candidates often confuse the purpose of /etc/shadow with /etc/passwd, mistakenly thinking the second field of /etc/shadow contains a placeholder like 'x' instead of the actual encrypted password hash.

268
MCQhard

A system has multiple CPUs but only one is being used. Which file under /sys/ can be checked to verify CPU online status?

A./sys/devices/system/cpu/online
B./proc/cpuinfo
C./sys/class/cpu
D./sys/devices/system/cpu/cpu0/online
AnswerD

Contains a 1 if online, 0 if offline for CPU0.

Why this answer

Option A is correct: each CPU has its own 'online' file. Option B is a summary of online CPUs, but the individual file gives per-CPU status. Option C is /proc/cpuinfo which shows overall info but not online status dynamically.

Option D does not exist.

269
MCQmedium

A shell script uses the variable expansion ${var:-default} to set a default value for an environment variable. The script prints unexpected output when the variable is set to an empty string. Which expansion should be used to ensure the default is only used when the variable is unset, not when it is empty?

A.${var:-default}
B.${var-default}
C.${var:?default}
D.${var:=default}
AnswerB

Only applies when var is unset.

Why this answer

Option B is correct: ${var-default} expands to default only if var is unset, while ${var:-default} also expands to default if var is empty. Option A is wrong because it also handles empty. Option C assigns the default to the variable.

Option D prints an error and exits.

270
MCQeasy

A system administrator needs to install the latest version of a package named 'webapp' from a third-party repository that has been added to the system. Which command should be used to update the package list and install the package in one step?

A.apt-get update && apt-get install webapp
B.apt-get upgrade webapp
C.dpkg -i webapp.deb
D.apt-cache search webapp && apt-get install webapp
AnswerA

Updates package list and installs the package.

Why this answer

Option A is correct because it first runs `apt-get update` to refresh the local package index from all configured repositories (including the third-party one), then uses `&&` to conditionally execute `apt-get install webapp` only if the update succeeds. This ensures the latest version available from the third-party repository is fetched and installed in a single command sequence.

Exam trap

The trap here is that candidates may think `apt-get upgrade` can install new packages, but it strictly upgrades existing packages and never installs new ones, while `apt-get install` alone does not refresh the package list, so the latest version from a newly added repository might not be available.

How to eliminate wrong answers

Option B is wrong because `apt-get upgrade` only upgrades already installed packages to their latest versions from the configured repositories; it does not install a new package that is not already present on the system. Option C is wrong because `dpkg -i webapp.deb` installs a local `.deb` file directly, bypassing repository metadata and dependency resolution, and it does not update the package list from a third-party repository. Option D is wrong because `apt-cache search webapp` only searches the local package cache for packages matching the name; it does not update the package list, and the `&&` would attempt `apt-get install webapp` even if the search fails or the cache is outdated.

271
Multi-Selecthard

Which THREE signals are commonly used to terminate a process with the kill command?

Select 3 answers
A.SIGSTOP
B.SIGKILL
C.SIGINT
D.SIGHUP
E.SIGTERM
AnswersB, D, E

Forces immediate termination; cannot be caught or ignored.

Why this answer

SIGKILL (signal 9) is one of the three signals commonly used to terminate a process with the kill command because it forcefully kills the process without allowing it to clean up or ignore the signal. SIGTERM (signal 15) is the default signal sent by kill, requesting graceful termination. SIGHUP (signal 1) is traditionally used to hang up a terminal line but is also commonly used to reload configuration files or terminate processes in daemon management.

Exam trap

The trap here is that candidates often confuse SIGSTOP with SIGKILL or SIGTERM, or mistakenly include SIGINT as a common kill command signal, when in fact SIGINT is more associated with terminal interrupts rather than direct process termination via kill.

272
MCQmedium

Refer to the exhibit. An administrator attempts to remount /mnt as read-only but receives the error shown. What is the most likely cause?

A.The /mnt directory is not a mount point
B.The /mnt directory is not empty
C.The /mnt directory does not exist
D.The filesystem is already mounted read-only
AnswerA

The error explicitly says 'mount point not mounted', meaning nothing is mounted there.

Why this answer

The error 'mount: /mnt is not a mount point' indicates that the administrator attempted to use the `remount` option on a directory that is not currently a mount point. The `mount -o remount` command only works on directories where a filesystem is already mounted; it modifies the mount options of an existing mount, not a regular directory. Since /mnt is not a mount point, the kernel rejects the operation with this specific error.

Exam trap

The trap here is that candidates confuse the `remount` option (which modifies an existing mount) with the `mount` command (which creates a new mount), leading them to think the error is about directory emptiness or existence rather than the mount point status.

How to eliminate wrong answers

Option B is wrong because a non-empty directory can still be a mount point; the error message specifically says 'not a mount point', not 'not empty'. Option C is wrong because if /mnt did not exist, the error would be 'mount: /mnt: No such file or directory', not 'not a mount point'. Option D is wrong because if the filesystem were already mounted read-only, the `remount` command would succeed (it would just be a no-op) or produce a different error like 'mount: /mnt: cannot remount ...' but not 'not a mount point'.

273
MCQmedium

A system administrator needs to create a new Logical Volume (LV) in an existing LVM setup. Which sequence of commands is correct?

A.vgcreate, pvcreate, lvcreate
B.pvcreate, vgcreate, lvcreate
C.pvcreate, lvcreate, vgcreate
D.lvcreate, vgcreate, pvcreate
AnswerB

Correct order: PV first, then VG, then LV.

Why this answer

Correct: A. The proper order is: pvcreate (create Physical Volume), vgcreate (create Volume Group), lvcreate (create Logical Volume). Options B, C, D are incorrect because they either start with LV or miss steps.

274
MCQhard

You are a Linux administrator for a large e-commerce company. The company's application server runs Ubuntu 22.04 and uses a Btrfs filesystem for the /srv/app partition to take advantage of snapshots and compression. During a routine maintenance window, you create a snapshot of the /srv/app subvolume using 'btrfs subvolume snapshot /srv/app /srv/app_snapshot'. Later, you need to roll back to the snapshot because of a failed application update. You attempt to delete the original subvolume with 'btrfs subvolume delete /srv/app', but the command fails with the error: 'ERROR: cannot delete '/srv/app': Device or resource busy'. You check that no processes are using the directory with lsof, and it shows no open files. The /srv/app subvolume is the default subvolume and is mounted via fstab with the option 'subvol=/' (the root of the Btrfs filesystem). What is the most likely reason for the deletion failure, and how should you proceed?

A.The subvolume is read-only; change it to read-write with 'btrfs property set -f /srv/app ro false'.
B.You cannot delete the subvolume because it is the default subvolume; you must first delete the snapshot and then recreate the original.
C.The Btrfs kernel module has a readahead lock on the subvolume; wait for it to expire or reboot.
D.The subvolume is the default subvolume (ID 5) and cannot be deleted while it is the mounted root; use 'btrfs subvolume set-default <new_subvol_id> /srv/app', then unmount and remount with the new default subvolume, then delete the old subvolume.
AnswerD

The default subvolume is special and cannot be deleted while it is the mounted root. Changing the default allows deletion after remount.

Why this answer

The error occurs because the subvolume at /srv/app is the default subvolume (ID 5) of the Btrfs filesystem, and it is currently mounted as the root of the filesystem via the 'subvol=/' mount option. A default subvolume cannot be deleted while it is mounted because the kernel treats it as the top-level volume. To delete it, you must first set a different subvolume as the default using 'btrfs subvolume set-default', then unmount and remount the filesystem with the new default, after which the original subvolume can be safely deleted.

Exam trap

The trap here is that candidates assume the 'Device or resource busy' error always means a process is using the directory, but in Btrfs it can also indicate that the subvolume is the mounted default, which requires changing the default before deletion.

How to eliminate wrong answers

Option A is wrong because the error is not about read-only status; the subvolume is writable by default, and a read-only subvolume would produce a different error message. Option B is wrong because you can delete the default subvolume after changing the default to another subvolume; deleting the snapshot first is unnecessary and does not address the root cause. Option C is wrong because there is no such thing as a 'readahead lock' on a Btrfs subvolume; the error is due to the subvolume being the mounted default, not a kernel lock.

275
MCQeasy

A Linux technician receives a report that a USB flash drive inserted into a system is not automatically detected. Which command should the technician use to verify if the device is recognized by the kernel?

A.fdisk -l
B.lsusb
C.blkid
D.dmesg | tail
AnswerD

dmesg output includes kernel messages; tail shows the latest entries, including USB detection.

Why this answer

The `dmesg | tail` command displays kernel ring buffer messages, which include real-time hardware detection events such as USB device insertion. When a USB flash drive is plugged in, the kernel logs messages about device recognition, driver binding, and assigned device nodes (e.g., /dev/sdb). This makes it the most direct way to verify if the kernel has detected the device.

Exam trap

The trap here is that candidates assume `lsusb` or `fdisk -l` are sufficient for kernel-level detection, but `lsusb` only confirms USB enumeration, not block device assignment, and `fdisk -l` requires prior kernel recognition.

How to eliminate wrong answers

Option A is wrong because `fdisk -l` lists partition tables on block devices that are already recognized by the kernel, but it does not show kernel detection events; if the device is not recognized, `fdisk -l` will not list it. Option B is wrong because `lsusb` only lists USB buses and devices at the USB protocol level, but it does not confirm whether the kernel has assigned a block device node or loaded the appropriate storage driver. Option C is wrong because `blkid` displays block device attributes (like UUID and filesystem type) for devices that are already present in the /dev directory; it cannot detect a device that the kernel has not yet recognized.

276
MCQhard

When troubleshooting a problem with a Debian package installation, an administrator wants to see which version of a package would be installed from the configured repositories. Which command displays the candidate version?

A.dpkg -l package
B.apt-show-versions package
C.apt-get -s install package
D.apt-cache policy package
AnswerD

Shows candidate version and priority.

Why this answer

The `apt-cache policy package` command displays the package's priority, the installed version (if any), and the candidate version (the version that would be installed by default from the configured repositories). This makes it the correct tool for determining which version will be installed from the repositories.

Exam trap

The trap here is that candidates often confuse `apt-get -s install` (a simulation) with the dedicated `apt-cache policy` command for querying the candidate version, or they mistakenly think `dpkg -l` or `apt-show-versions` provide repository-level candidate information.

How to eliminate wrong answers

Option A is wrong because `dpkg -l package` lists the status and version of an installed package, but it does not query repositories or show the candidate version from repositories. Option B is wrong because `apt-show-versions package` shows available and installed versions, but it is not the standard command for displaying the candidate version; `apt-cache policy` is the authoritative tool. Option C is wrong because `apt-get -s install package` performs a dry-run simulation of installation, which can show what would be installed, but it is not the dedicated command for viewing the candidate version; `apt-cache policy` is more direct and standard for this purpose.

277
MCQmedium

A Yellowdog Updater Modified (YUM) transaction that included several package installations and upgrades completed successfully, but a recent change caused a service to break. The administrator wants to revert the entire transaction using its transaction ID. Which command should be used?

A.yum history redo 123
B.yum remove <packages>
C.yum history rollback 123
D.yum history undo 123
AnswerD

Undoes transaction with ID 123.

Why this answer

Option A is correct because yum history undo ID reverts a specific transaction. Option B is incorrect because yum history redo repeats the transaction. Option C is incorrect because yum history rollback reverts to a point, but not a single transaction.

Option D is incorrect because yum remove is not transaction-based.

278
Multi-Selecteasy

Which TWO commands can be used to display information about block devices such as disks and partitions? (Choose exactly two.)

Select 2 answers
A.blkid
B.lsblk
C.df
D.fdisk -l
E.mount
AnswersA, B

Correct: blkid shows block device attributes.

Why this answer

`blkid` (block ID) locates and prints attributes of block devices, such as UUID, filesystem type, and LABEL, by reading the device's superblock. `lsblk` lists all block devices (e.g., disks, partitions) in a tree-like format, showing their major/minor numbers, size, and mount points, by reading sysfs and udev databases. Both commands are specifically designed to display information about block devices.

Exam trap

The trap here is that candidates often confuse `df` (filesystem disk usage) or `mount` (mounted filesystems) with commands that display raw block device information, not realizing that block device commands like blkid and lsblk work on unmounted devices and show attributes like UUIDs and partition tables.

279
MCQeasy

A system administrator needs to schedule a recurring maintenance task that runs every Monday at 3 AM. Which crontab entry is correct?

A.3 0 * * 1 /script.sh
B.0 3 * * 0 /script.sh
C.0 3 * * 7 /script.sh
D.0 3 * * 1 /script.sh
AnswerD

Correct: runs at 3:00 AM on Monday.

Why this answer

Option D is correct because the crontab syntax is minute, hour, day of month, month, day of week. Setting minute=0, hour=3, day of week=1 runs the script at 3:00 AM every Monday (day 1 represents Monday in cron).

Exam trap

The trap here is confusing the day-of-week numbering (Monday=1 vs Sunday=0/7) and mixing minute and hour fields, leading candidates to select entries that run at the wrong time or on the wrong day.

How to eliminate wrong answers

Option A is wrong because it sets minute=3 and hour=0, which would run at 12:03 AM, not 3 AM. Option B is wrong because it sets day of week=0, which represents Sunday, not Monday. Option C is wrong because it sets day of week=7, which is not a valid day in standard cron (valid range is 0-6 or 1-7 depending on implementation, but 7 is ambiguous and not universally accepted; the correct Monday value is 1).

280
MCQmedium

A zombie process appears in the process list. The parent process has PID 1234. Which command will most likely remove the zombie?

A.kill -9 1234
B.kill -9 <zombie_pid>
C.wait <zombie_pid>
D.reboot
AnswerA

Killing the parent process (PID 1234) causes the zombie to be adopted by init and then reaped.

Why this answer

A zombie process is a child process that has terminated but whose exit status has not been read by its parent. The zombie cannot be killed directly because it is already dead; it only remains in the process table until the parent calls wait(). Sending SIGKILL (kill -9) to the parent process (PID 1234) causes the parent to terminate, and the zombie child is then adopted by init (PID 1), which automatically reaps it by calling wait().

Exam trap

The trap here is that candidates mistakenly think they can kill the zombie itself with kill -9, not realizing that a zombie is already dead and the only way to remove it is to force its parent to reap it or terminate the parent.

How to eliminate wrong answers

Option B is wrong because kill -9 on the zombie PID has no effect; the zombie is already dead and cannot be signaled. Option C is wrong because wait is a system call used by the parent, not a command that can be run from the shell to reap a zombie belonging to another process. Option D is wrong because rebooting is an extreme and unnecessary measure; it would remove the zombie but also disrupt all running processes and is not the standard or recommended solution.

281
MCQmedium

Refer to the exhibit. A system administrator notices that remote SSH connections are being blocked from all IP addresses except 10.0.0.5. Which configuration change would allow SSH from any IP?

A.Add a new rule to accept SSH from any source to the beginning of the chain.
B.Change the INPUT chain policy to ACCEPT.
C.Delete the first rule.
D.Move the second rule to be the first rule.
AnswerA

Correct: Adding an ACCEPT rule for SSH from any source before the DROP rule will allow all SSH traffic, as the packet will be accepted before reaching the DROP rule.

Why this answer

The exhibit shows an iptables INPUT chain with a default policy of DROP. Rule 1 accepts SSH from 10.0.0.5 only. Rule 2 drops all SSH traffic.

To allow SSH from any IP, a new rule must be added before the DROP rule to ACCEPT SSH from any source. Changing the default policy to ACCEPT would still be overridden by the explicit DROP rule. Moving the second rule to first would drop all SSH.

Deleting the first rule would remove the only ACCEPT, leaving only the DROP rule, so still blocked.

282
MCQmedium

A systems administrator is responsible for a Linux server that runs a custom application. The application writes logs to /var/log/app.log and rotates them using logrotate. Recently, the server ran out of disk space because log files were not being rotated. The administrator checks the logrotate configuration file /etc/logrotate.d/app and finds: /var/log/app.log { weekly rotate 4 compress missingok notifempty } The administrator manually runs 'logrotate -f /etc/logrotate.d/app' and the log rotates successfully. However, the next day, the log is not rotated again. The administrator checks the cron job for logrotate and finds that /etc/cron.daily/logrotate exists and runs logrotate /etc/logrotate.conf. The administrator checks /etc/logrotate.conf and sees that it includes /etc/logrotate.d/*. What is the most likely reason the log is not rotating automatically?

A.The 'weekly' directive is misspelled.
B.The 'notifempty' directive is misspelled; it should be 'notifempty'.
C.The /etc/logrotate.d/ directory is not included by logrotate.conf.
D.The 'missingok' directive prevents rotation if the log file is missing, but the file exists.
AnswerB

The correct directive is 'notifempty', not 'notifempty'.

Why this answer

Option B is correct because the 'notifempty' directive is misspelled as 'notifempty' (it should be 'notifempty'). Logrotate silently ignores unknown directives, so the misspelled directive has no effect. Without the correct 'notifempty' directive, logrotate will skip rotation if the log file is empty, which can prevent rotation from occurring automatically even though the manual forced rotation with -f succeeds.

Exam trap

The trap here is that candidates assume a forced rotation with -f works the same as automatic rotation, but -f overrides conditions like empty files, whereas automatic rotation respects the 'notifempty' directive (or its absence).

How to eliminate wrong answers

Option A is wrong because 'weekly' is correctly spelled and is a valid logrotate directive. Option B is wrong because the misspelling 'notifempty' is not recognized by logrotate, causing it to be ignored; the correct directive is 'notifempty'. Option C is wrong because the administrator confirmed that /etc/logrotate.conf includes /etc/logrotate.d/*, so the directory is included.

Option D is wrong because 'missingok' does not prevent rotation if the file exists; it only suppresses errors if the log file is missing.

283
MCQhard

According to FHS, which directory should NOT be mounted on a networked filesystem (e.g., NFS) because it contains host-specific configuration files?

A./home
B./var
C./etc
D./opt
AnswerC

Correct: /etc must be local to each host due to unique configuration.

Why this answer

The Filesystem Hierarchy Standard (FHS) specifies that /etc contains host-specific configuration files that must be local to each machine. Mounting /etc over a network filesystem like NFS would cause all clients to share the same configuration, breaking system identity, network settings, and security policies. This violates the FHS requirement that /etc be a local filesystem.

Exam trap

The trap here is that candidates may think /var or /home are the correct answers because they contain user data or logs, but the FHS specifically singles out /etc as the directory that must remain local due to its host-specific configuration files.

How to eliminate wrong answers

Option A is wrong because /home is designed to be shared across networked systems via NFS, allowing user home directories to be accessed from any client. Option B is wrong because /var contains variable data such as logs and spools that can be shared or local, but it is not specifically prohibited from NFS mounting by the FHS. Option D is wrong because /opt is for add-on software packages and can be shared over NFS if the software is identical across hosts, though it is not host-specific like /etc.

284
MCQhard

Refer to the exhibit. A Linux system fails to boot with a kernel panic. The dmesg output shows the disk is detected and partitions are recognized. Which of the following is the most likely cause of the kernel panic?

A.The root filesystem cannot be mounted because the root= kernel parameter points to a non-existent or incorrect device.
B.The kernel module for the SATA controller is missing from the initramfs.
C.The SATA controller is not supported by the kernel.
D.The disk has bad sectors causing read errors during boot.
AnswerA

The kernel detects the disk and partitions but then panics, likely because it cannot mount the root filesystem, often due to an incorrect root= parameter.

Why this answer

A is correct because the kernel panic occurs after the disk and partitions are detected, indicating the kernel can see the hardware but cannot mount the root filesystem. The most common cause is an incorrect or missing `root=` kernel parameter in the bootloader configuration (e.g., GRUB), which specifies the root device (e.g., `/dev/sda1` or `UUID=...`). If this parameter points to a non-existent or wrong partition, the kernel cannot pivot to the root filesystem, leading to a panic.

Exam trap

The trap here is that candidates see the disk is detected and assume hardware is fine, then incorrectly blame the SATA controller or initramfs, missing the subtle point that the kernel panic occurs specifically because the root filesystem cannot be mounted due to a misconfigured `root=` parameter.

How to eliminate wrong answers

Option B is wrong because if the SATA controller module were missing from the initramfs, the disk would not be detected at all, but the dmesg output shows the disk is detected and partitions are recognized. Option C is wrong because the SATA controller is clearly supported by the kernel, as the disk is detected and partitions are recognized, contradicting a lack of support. Option D is wrong because bad sectors causing read errors would typically produce I/O errors or filesystem corruption messages, not a kernel panic at the stage where the root filesystem cannot be mounted; the panic occurs before any filesystem read attempts.

285
MCQmedium

Based on the dpkg -l output in the exhibit, what does the 'rc' status indicate for the apache2 package?

A.The package was removed but configuration files remain.
B.The package is unpacked but not configured.
C.The package is installed and configured.
D.The package is completely purged.
AnswerA

'rc' = removed, config files remain.

Why this answer

Option B is correct. The 'rc' status means the package is removed but configuration files remain. Option A is incorrect because 'ii' indicates installed and ok.

Option C is incorrect because 'un' indicates unknown. Option D is incorrect because 'pu' would indicate purged.

286
Matchingmedium

Match each Linux command to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Search text using patterns

Change file permissions

Report snapshot of current processes

Archive files

Stream editor for filtering and transforming text

Why these pairings

Essential command-line utilities.

287
MCQhard

An ext4 filesystem is experiencing performance degradation due to very frequent small writes. Which tune2fs option can help by reserving a percentage of blocks for the root user to prevent fragmentation?

A.-i 0
B.-g root
C.-c 0
D.-m 0
AnswerD

-m sets reserved block percentage; setting to 0 frees space for all users but may increase fragmentation.

Why this answer

Option D is correct because the `-m 0` option in tune2fs sets the reserved blocks percentage to 0, which prevents the filesystem from reserving a percentage of blocks exclusively for the root user. This reduces fragmentation from frequent small writes by allowing all blocks to be used for data, avoiding the scenario where small files are scattered across reserved and unreserved areas. The reserved blocks are typically 5% by default, and setting it to 0 can improve performance for high-write workloads.

Exam trap

The trap here is that candidates often confuse `-m 0` with disabling filesystem checks (options A or C) or think `-g root` is a valid way to reserve blocks for root, when in fact `-m` directly controls the reserved block percentage and is the correct tool for this purpose.

How to eliminate wrong answers

Option A is wrong because `-i 0` disables the filesystem check interval (i.e., maximum time between checks), which does not affect block reservation or fragmentation from small writes. Option B is wrong because `-g root` is not a valid tune2fs option; the `-g` option is used to specify a group for reserved blocks, but it requires a group ID or name, and 'root' is not a valid group specification in this context. Option C is wrong because `-c 0` sets the maximum mount count between filesystem checks to 0, disabling checks based on mount count, which has no impact on block reservation or fragmentation.

288
Multi-Selectmedium

Which THREE directories are required to be directly under the root filesystem (/) according to the Filesystem Hierarchy Standard? (Choose exactly three.)

Select 3 answers
A./lib
B./var
C./sbin
D./bin
E./home
AnswersA, C, D

Correct: /lib is required for shared libraries and kernel modules.

Why this answer

According to the Filesystem Hierarchy Standard (FHS), the directories /bin, /lib, and /sbin are required to be directly under the root filesystem. /bin contains essential user command binaries needed for system booting and repair, /lib contains shared libraries and kernel modules required by binaries in /bin and /sbin, and /sbin contains essential system administration binaries for booting and recovery. These directories must be present on the root partition to ensure the system can boot and run in single-user mode.

Exam trap

The trap here is that candidates often confuse 'required' directories with 'recommended' ones, mistakenly selecting /var or /home because they are common, while the FHS only mandates /bin, /lib, and /sbin as essential for booting.

289
MCQeasy

Refer to the exhibit. What is the file permission in numeric mode for /etc/crontab?

A.644
B.600
C.444
D.755
AnswerA

rw-r--r-- corresponds to 644.

Why this answer

The /etc/crontab file is a system-wide configuration file for cron jobs. It must be readable by all users to allow cron to read the scheduled tasks, but only writable by root to prevent unauthorized modifications. The standard permission is 644 (owner read/write, group read, others read).

Exam trap

The trap here is that candidates often confuse the permissions for /etc/crontab with those for user crontab files (which are stored in /var/spool/cron/ and typically have 600 permissions) or mistakenly think that execute permission is needed for configuration files.

How to eliminate wrong answers

Option B (600) is wrong because it would make the file readable only by root, preventing the cron daemon from reading the file when it runs as a non-root user. Option C (444) is wrong because it removes write permission for the owner (root), making it impossible to edit the crontab file without changing permissions first. Option D (755) is wrong because it grants execute permission to all users, which is unnecessary and a security risk for a text configuration file.

290
MCQhard

A system has multiple APT repositories configured. The administrator needs to ensure that for a specific package, the version from a particular repository is always preferred over others, regardless of version number. Which configuration would achieve this?

A.Editing /etc/apt/sources.list and setting the release in sources.list
B.Using apt-mark hold on the package after installing from desired repository
C.Creating a file in /etc/apt/preferences.d/ with a high Pin-Priority for that package and origin
D.Adding the repository and using apt-get install -t release package
AnswerC

APT pinning allows persistent preference.

Why this answer

Option C is correct because APT pinning using /etc/apt/preferences with a Pin-Priority higher than 1000 forces that version. Option A is incorrect because apt-get install -t only selects a target release temporarily. Option B is incorrect because apt-cache policy shows candidate versions but does not configure pinning.

Option D is incorrect because apt-mark hold only prevents upgrades, not selection.

291
MCQhard

A script uses a here-document to pass multi-line input to a command. Which here-document syntax will prevent variable expansion inside the document?

A.<< EOF
B.<<- EOF
C.<< "EOF"
D.<< 'EOF'
AnswerD

Quoting the delimiter prevents expansion.

Why this answer

Option D is correct because single-quoting the delimiter (e.g., `<< 'EOF'`) prevents the shell from performing variable expansion and command substitution within the here-document. The shell treats the quoted delimiter literally, so all content between the start and end markers is passed verbatim to the command.

Exam trap

The trap here is that candidates mistakenly think double quotes (`<< "EOF"`) also prevent expansion, but in fact double quotes are removed by the shell and do not inhibit expansion, while single quotes (`<< 'EOF'`) are the correct syntax to disable all expansions.

How to eliminate wrong answers

Option A is wrong because `<< EOF` (unquoted delimiter) allows variable expansion and command substitution inside the here-document. Option B is wrong because `<<- EOF` only strips leading tabs from the here-document content but still permits expansion. Option C is wrong because `<< "EOF"` is equivalent to `<< EOF` (double quotes are stripped by the shell), so expansion still occurs.

292
MCQhard

Refer to the exhibit. The 'mount -a' command fails for the NFS mount. What is the most likely cause?

A.The local mount point /mnt/nfs does not exist.
B.The filesystem type 'nfs' is not supported by the kernel.
C.The NFS server is not exporting the directory or is unreachable.
D.The 'defaults' option is missing for the NFS entry.
AnswerC

The error 'can't read superblock' typically indicates a problem connecting to the NFS server or the export.

Why this answer

The NFS server (192.168.1.100) is not reachable or the export is not available, causing the superblock read failure. The '_netdev' option indicates network filesystem, but it still fails if the network is not ready or server is down.

293
MCQhard

A system administrator wants to ensure that the syslog service starts automatically on boot and is running immediately without a reboot. Which command sequence should be used?

A.systemctl start syslog && systemctl enable syslog
B.systemctl start --enable syslog
C.systemctl enable syslog && systemctl start syslog
D.systemctl enable --now syslog
AnswerD

The --now flag enables and starts the service in one step.

Why this answer

Option D is correct because `systemctl enable --now syslog` combines enabling the service to start automatically on boot and starting it immediately in a single command. The `--now` flag triggers an immediate start after enabling, fulfilling both requirements without needing a reboot.

Exam trap

The trap here is that candidates may think they need to use two separate commands (enable and start) in a specific order, but the `--now` flag is a single-command shortcut that systemd provides, and LPI often tests this to see if you know the combined option exists.

How to eliminate wrong answers

Option A is wrong because it starts the service before enabling it; while this works, it is less efficient than using `--now`, and the order is not the issue—the command sequence is valid but not the best practice. Option B is wrong because `systemctl start --enable` is not a valid syntax; `--enable` is not a flag for `start`, and this command would fail. Option C is wrong because it enables the service first and then starts it, which is functionally correct but less efficient than using `--now`; however, the question asks for the command sequence that should be used, and `systemctl enable --now` is the idiomatic, single-command solution.

294
MCQmedium

Refer to the exhibit. What will be the default permissions of a newly created file using the touch command?

A.-rw-r--r--
B.-rw-rw-rw-
C.-rwxr-xr-x
D.-rw-rw-r--
AnswerA

Correct: 666 - 022 = 644, giving owner read/write, group read, others read.

Why this answer

Default base permissions for a file are 666 (rw-rw-rw-). Subtracting the umask 022 gives 644 (rw-r--r--), which corresponds to option B.

295
MCQhard

A system administrator needs to perform incremental backups of a large directory /data. The backup strategy requires a full backup every Sunday and incremental backups on weekdays. Which tar command satisfies this requirement using the --listed-incremental option?

A.Full: tar -czvf /backup/full.tar.gz /data; Incremental: tar -czvf /backup/incr.tar.gz --after-date '1 day ago' /data
B.Full: tar -cvf /backup/full.tar /data; Incremental: tar -cvf /backup/incr.tar -N 'last Sunday' /data
C.Full: tar -cvf /backup/full.tar --newer /data; Incremental: tar -cvf /backup/incr.tar --newer /backup/full.tar /data
D.Full: tar -cvf /backup/full.tar -g /var/backup/snapshot /data; Incremental: tar -cvf /backup/incr.tar -g /var/backup/snapshot /data
AnswerD

This uses the same snapshot file to track changes; the first run creates a full backup snapshot, subsequent runs create incremental backups.

Why this answer

Option D is correct because the `--listed-incremental` (or `-g`) option in tar creates and uses a snapshot file to track changes between backups. By specifying the same snapshot file for both the full and incremental backups, tar automatically records which files have changed since the last full backup, enabling proper incremental backups without relying on timestamps or file modification times.

Exam trap

The trap here is that candidates often confuse timestamp-based options like `--newer` or `-N` with the snapshot-based `--listed-incremental` mechanism, assuming any time-based filter can achieve incremental backups, but only `-g` provides the metadata tracking needed for proper incremental archives.

How to eliminate wrong answers

Option A is wrong because `--after-date` is not a valid tar option; the correct option for time-based filtering is `--newer` or `-N`, and using a relative time like '1 day ago' does not integrate with the `--listed-incremental` mechanism for reliable incremental backups. Option B is wrong because `-N 'last Sunday'` uses a timestamp-based filter that does not create a snapshot file, so subsequent incremental backups would not correctly track changes relative to the full backup; also, the full backup command lacks the `-g` option needed for incremental tracking. Option C is wrong because `--newer` compares file modification times against a file's timestamp, not against a snapshot; using `--newer /backup/full.tar` would include any file modified after the full archive was created, but it does not handle deletions or renames and is not the intended use of `--listed-incremental`.

296
MCQmedium

An administrator needs to downgrade a package from version 2.0 to version 1.9. Which apt-get command can be used to perform this action?

A.`apt-get downgrade package=1.9`
B.`apt-get upgrade package=1.9`
C.`apt-get dist-upgrade package=1.9`
D.`apt-get install package=1.9`
AnswerD

Specifies the version to install, enabling downgrade.

Why this answer

`apt-get install package=version` allows installing a specific version, enabling downgrade. `apt-get downgrade` is not a valid command. `apt-get upgrade` only upgrades. `apt-get dist-upgrade` also handles dependencies but cannot downgrade a package easily.

297
MCQeasy

A small business runs a web application on a Linux server that uses Apache to serve dynamic content via PHP-FPM. The server currently uses the default Apache configuration, but the administrator wants to improve security by limiting access to the server's administrative interface (located at /admin) to only the local network (192.168.1.0/24). The administrative interface is accessed via a separate VirtualHost on port 443. The administrator has created a new VirtualHost configuration file for the admin site. However, after reloading Apache, users from outside the local network can still access the /admin page. The administrator has verified that the VirtualHost is being parsed and that mod_authz_core is enabled. Which of the following actions would most likely resolve the issue?

A.Add the following inside the <VirtualHost> block for the admin site: <Directory /var/www/admin> Require ip 192.168.1.0/24 </Directory>
B.Add the following to the server's iptables: iptables -A INPUT -p tcp --dport 443 -s 192.168.1.0/24 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j DROP
C.Add the following inside the <VirtualHost> block: <Location /admin> Require valid-user AuthType Basic AuthUserFile /etc/httpd/.htpasswd </Location>
D.Set the DocumentRoot of the default VirtualHost to /var/www/admin.
AnswerA

This restricts directory access to the local subnet.

Why this answer

Option A is correct: The <Directory> block with Require ip restricts access to the /admin directory. Option B adds authentication but not IP restriction. Option C adds SSL but doesn't restrict.

Option D might allow all. The issue is likely missing IP restriction directives inside the VirtualHost.

298
Multi-Selecthard

Which THREE statements are true about the sed command?

Select 3 answers
A.sed 's/old/new/g' file.txt permanently changes the file.
B.sed -i 's/foo/bar/g' file.txt replaces all occurrences of foo with bar in the file.
C.sed uses extended regular expressions by default.
D.sed '/^#/d' file.txt deletes lines that start with #.
E.sed -n '3,5p' file.txt prints lines 3 to 5 of file.txt.
AnswersB, D, E

-i makes in-place changes.

Why this answer

Option B is correct because the `-i` flag in sed enables in-place editing, directly modifying the file rather than just outputting changes to stdout. The substitution command `'s/foo/bar/g'` replaces all occurrences of `foo` with `bar` globally on each line, and with `-i`, the changes are written back to the file.

Exam trap

The trap here is that candidates often assume sed always modifies files in place, forgetting that without `-i`, sed only outputs to stdout, and that sed defaults to basic regular expressions, not extended ones.

299
MCQmedium

A system administrator is configuring a Linux server to act as a router. The server has two network interfaces: eth0 (192.168.1.1/24) and eth1 (10.0.0.1/24). Which of the following commands enables IP forwarding on this server?

A.route add default gw 10.0.0.1
B.sysctl -w net.ipv4.ip_forward=1
C.echo 1 > /proc/sys/net/ipv4/ip_forward
D.sysctl -w net.ipv4.ip_forward=1
AnswerD

Correctly enables IP forwarding.

Why this answer

Option D is correct because the `sysctl -w net.ipv4.ip_forward=1` command immediately enables IP forwarding at runtime by writing the value 1 to the kernel parameter `net.ipv4.ip_forward`. This is the standard and recommended method for enabling packet forwarding between interfaces on a Linux router, allowing traffic to be routed between the 192.168.1.0/24 and 10.0.0.0/24 networks.

Exam trap

The trap here is that candidates may confuse setting a default gateway (Option A) with enabling IP forwarding, or they may think that writing directly to `/proc/sys` (Option C) is incorrect because of case sensitivity or persistence concerns, but the real trick is that both Options B and D are identical commands, and the exam expects you to recognize that only one is listed as correct, so you must choose the one that matches the exact syntax shown in the answer choices.

How to eliminate wrong answers

Option A is wrong because `route add default gw 10.0.0.1` sets a default gateway for outbound traffic, not IP forwarding; it does not enable the kernel to forward packets between interfaces. Option B is wrong because `sysctl -w net.ipv4.ip_forward=1` is syntactically identical to Option D but is listed as a separate option; however, in the context of this question, Option B is actually the same command and would also be correct, but the question designates Option D as the correct answer, so Option B is considered a duplicate and not the intended choice. Option C is wrong because `echo 1 > /proc/sys/net/ipv4/ip_forward` is a valid method to enable IP forwarding, but it requires root privileges and the path is case-sensitive; the correct path is `/proc/sys/net/ipv4/ip_forward` (lowercase), and while it works, it is less preferred than `sysctl` because it does not persist across reboots and is not the standard LPIC-1 recommended command.

300
MCQhard

An administrator is troubleshooting a DNS issue. The command 'dig @8.8.8.8 example.com' returns a response, but 'host example.com' returns 'Host not found'. Which of the following is the most likely cause?

A.The network interface is down.
B.The /etc/hosts file is corrupt.
C.The DNS server at 8.8.8.8 is not responding.
D.The /etc/resolv.conf file is misconfigured.
AnswerD

'host' uses local resolver, which may have wrong DNS servers.

Why this answer

The command 'dig @8.8.8.8 example.com' succeeds, proving that the DNS server at 8.8.8.8 is reachable and functional, and that network connectivity is fine. However, 'host example.com' fails because it uses the system's default resolver, which reads /etc/resolv.conf to determine which DNS server to query. If /etc/resolv.conf is misconfigured (e.g., missing or incorrect nameserver entries), the resolver cannot reach a valid DNS server, resulting in 'Host not found'.

Exam trap

The trap here is that candidates see a successful 'dig' and assume DNS is fully working, not realizing that 'dig' with an explicit server bypasses the local resolver configuration, while 'host' relies on /etc/resolv.conf.

How to eliminate wrong answers

Option A is wrong because if the network interface were down, 'dig @8.8.8.8' would also fail (no route to host). Option B is wrong because the /etc/hosts file is used for local hostname resolution before DNS; a corrupt file could cause incorrect mappings but would not cause a 'Host not found' error when the DNS query itself fails—the resolver would still attempt DNS. Option C is wrong because the 'dig @8.8.8.8' command succeeded, directly proving that 8.8.8.8 is responding.

Page 3

Page 4 of 7

Page 5

All pages