Linux Professional Institute Certification Level 1 LPIC-1 (LPIC-1) — Questions 301375

522 questions total · 7pages · All types, answers revealed

Page 4

Page 5 of 7

Page 6
301
MCQhard

Based on the exhibit, what will happen if the syslog service is stopped?

A.Apache2 will be stopped because it depends on syslog
B.The system will prompt to restart syslog before stopping
C.Apache2 will be automatically restarted because it requires syslog
D.Apache2 will continue running because the dependency is a soft dependency
AnswerD

By default, listed dependencies are 'Wants', not 'Requires'.

Why this answer

Option D is correct because in Linux, services managed by systemd can have dependencies declared as 'Requires' (hard) or 'Wants' (soft). A soft dependency means that the dependent service (Apache2) does not require the target service (syslog) to be running; it will continue to operate even if syslog is stopped. The exhibit likely shows a 'Wants' directive, which does not enforce a strict ordering or runtime requirement.

Exam trap

The trap here is that candidates confuse 'Wants' (soft dependency) with 'Requires' (hard dependency), assuming any dependency means the dependent service will be stopped or restarted when the target service changes.

How to eliminate wrong answers

Option A is wrong because Apache2 will not be stopped when syslog is stopped; a soft dependency (Wants) does not cause cascading stops. Option B is wrong because systemd does not prompt the user to restart a service before stopping another; it simply proceeds with the stop operation. Option C is wrong because Apache2 will not be automatically restarted when syslog is stopped; soft dependencies do not trigger restarts of dependent units.

302
MCQhard

A Linux server running multiple virtual hosts on Apache suddenly becomes unresponsive to web requests. The administrator finds that the server still responds to ping. Which diagnostic command would best identify whether Apache is accepting connections?

A.ip route show
B.curl -I http://localhost
C.ping -c 4 localhost
D.ss -tlnp | grep :80
AnswerD

Shows if Apache is listening on port 80.

Why this answer

Option C is correct because ss -tlnp shows listening TCP sockets. If port 80 is not listed, Apache is not listening. Option A is wrong because ping tests ICMP, not TCP.

Option B is wrong because it shows the routing table. Option D is wrong because it tests connectivity to a specific host, not the server's own listening state.

303
MCQmedium

An administrator needs to install apache2 version 2.4.41-4ubuntu3.4 from the security repository to ensure the latest security patches. Based on the exhibit, which command should they use?

A.apt-get install apache2/focal-security
B.apt-get install -t focal-security apache2
C.apt-get install apache2 2.4.41-4ubuntu3.4
D.apt-get install apache2=2.4.41-4ubuntu3.4
AnswerD

This command correctly specifies the exact version using the '=' syntax, which apt will install from the appropriate repository (security in this case) because the version is present there.

Why this answer

Option D is correct because the `apt-get install apache2=2.4.41-4ubuntu3.4` command explicitly pins the package to the exact version number, ensuring that the specified version from the security repository is installed. This syntax is the standard way to install a specific package version in APT, overriding the default candidate version.

Exam trap

The trap here is that candidates often confuse the `-t` option (which sets a target release) with the version pinning syntax, or they mistakenly use a space instead of an equals sign when specifying a version, leading to an invalid command.

How to eliminate wrong answers

Option A is wrong because `apache2/focal-security` uses a slash to specify a release or suite, but APT does not support this syntax for pinning a package to a repository; it would be interpreted as a package name with a slash, leading to an error. Option B is wrong because `-t focal-security` sets the target release for all packages, but it does not guarantee the exact version 2.4.41-4ubuntu3.4; it would install the latest version available in that repository, which might not be the specified version. Option C is wrong because `apache2 2.4.41-4ubuntu3.4` (with a space) is invalid syntax; APT requires an equals sign (`=`) to specify a version, and using a space would cause a parsing error.

304
MCQeasy

A Linux system fails to boot after installing a new kernel. Which step should be taken first to recover the system?

A.Edit GRUB configuration at boot to select the old kernel
B.Reinstall the original kernel using a live CD
C.Boot into single-user mode to fix the kernel
D.Use the rescue mode from installation media
AnswerA

At GRUB menu, press 'e' to edit and change the kernel line to the old kernel.

Why this answer

Option D is correct because you can interrupt GRUB at boot by pressing Shift or Esc to access the boot menu, then edit the boot entry to select the previous kernel. Option A is too drastic; B is possible but not first; C is a last resort.

305
MCQmedium

A technician is tasked with installing a package from a third-party repository on a CentOS 7 system. What is the correct first step to add the repository?

A.Run 'yum localinstall' with the repository URL.
B.Create a .repo file in /etc/yum.repos.d/.
C.Edit /etc/yum.conf and add the repository URL.
D.Use 'yum-config-manager --add-repo' without any further steps.
AnswerB

Repository definitions are placed in /etc/yum.repos.d/ as .repo files.

Why this answer

On CentOS 7, third-party repositories are added by placing a .repo file in /etc/yum.repos.d/. This file defines the repository ID, name, baseurl, and GPG check settings. Yum reads all .repo files in this directory at runtime, making it the standard and correct first step for adding a repository.

Exam trap

The trap here is that candidates confuse editing /etc/yum.conf (which is for global yum options, not repository definitions) with the correct method of adding a .repo file, or they assume 'yum localinstall' can add a repository when it only installs a single package.

How to eliminate wrong answers

Option A is wrong because 'yum localinstall' installs a local RPM package, not a repository; it does not add a repository URL. Option C is wrong because /etc/yum.conf is the main configuration file for yum, but it is not designed to hold repository definitions—those belong in separate .repo files under /etc/yum.repos.d/. Option D is wrong because 'yum-config-manager --add-repo' is a valid command on CentOS 7, but it requires the repository URL as an argument (e.g., 'yum-config-manager --add-repo http://example.com/repo.repo') and does not work 'without any further steps'; the option incorrectly implies it can be used without specifying the URL.

306
Multi-Selecthard

Which THREE of the following are valid symbolic mode expressions for the chmod command?

Select 3 answers
A.u+x
B.755
C.a+rwx
D.c+r
E.g-w
AnswersA, C, E

Adds execute permission for the user.

Why this answer

Option A is correct because 'u+x' is a valid symbolic mode expression for chmod, where 'u' stands for the user (owner), '+' adds a permission, and 'x' is the execute permission. This syntax follows the POSIX standard for symbolic modes, allowing precise modification of file permissions without specifying an absolute octal value.

Exam trap

The trap here is that candidates may confuse numeric (octal) modes with symbolic modes, or assume that any single-letter class like 'c' is valid, when only u, g, o, and a are recognized by the chmod command.

307
MCQeasy

Refer to the exhibit. An administrator installed a new command in /opt/bin/ but cannot run it without specifying the full path. What is the likely cause?

A.The command is not in the PATH.
B.The command is an alias that conflicts.
C.The command has no execute permission.
D.The command is a function that overrides.
AnswerA

PATH does not include /opt/bin.

Why this answer

Option B is correct because the PATH does not include /opt/bin, so the command is not found unless full path is given.

308
MCQeasy

Refer to the exhibit. Based on the apt-cache showpkg output, which version of vim would be installed if the administrator runs 'apt-get install vim' without specifying a version?

A.2:8.2.3995-1ubuntu1 from focal-updates
B.2:8.2.3995-1ubuntu2.1 from focal
C.2:8.2.3995-1ubuntu1 from focal
D.2:8.2.3995-1ubuntu2.1 from focal-updates
AnswerD

Newest version available.

Why this answer

Option C is correct. APT installs the highest version number, which is 2:8.2.3995-1ubuntu2.1 from the focal-updates repository. The first listed version is usually the candidate.

Option A is incorrect because it is an older version. Option B is incorrect because it is the older version. Option D is incorrect because it is a different package.

309
MCQhard

A web server runs Apache and generates extensive access logs. To conserve disk space, an administrator sets up a cron job that runs nightly at 2:00 AM. The job executes a shell script located at /usr/local/bin/rotate_logs.sh. The script is intended to find all .log files in /var/log/apache2/ that are older than 7 days, compress them with gzip, and move the compressed files to /var/log/archive/. However, after several days, the administrator notices that the /var/log partition is nearly full and the logs are not being compressed. The cron log shows the job ran at the scheduled time but produced no terminal output (stdout or stderr). The script itself contains no explicit echo statements or error handling. The administrator has root access and wants to diagnose the problem without disrupting the running web server. Which of the following is the most appropriate first step to identify the failure?

A.Run the script manually with 'bash -x /usr/local/bin/rotate_logs.sh' to observe command execution.
B.Use 'ps -ef | grep compress' to check if the cron job spawned any child processes.
C.Check the file permissions of the archive directory with 'ls -ld /var/log/archive'.
D.Review the system logs in /var/log/syslog for any entries related to gzip or the script.
AnswerA

The -x flag shows each command as it runs, exposing any errors.

Why this answer

Option A is correct because running the script with 'bash -x' enables execution tracing, which prints each command and its arguments as they are executed. This will reveal exactly where the script fails—whether due to a missing file, permission error, or incorrect path—without modifying the script or disrupting the running web server. Since the cron job produced no output, the script likely encountered a silent failure, and 'bash -x' is the most direct way to diagnose it.

Exam trap

The trap here is that candidates may jump to checking permissions or system logs because they assume a permission or system-level error, but the most efficient first step is to reproduce the script's execution with tracing enabled to see exactly what commands run and where they fail.

How to eliminate wrong answers

Option B is wrong because 'ps -ef | grep compress' only checks for currently running processes named 'compress'; the cron job has already finished, so no child processes would exist, and this does not help diagnose why the script failed. Option C is wrong because checking permissions of /var/log/archive is a secondary step; the script may fail before even attempting to move files (e.g., due to a missing source directory or incorrect find command), and permissions alone cannot reveal the root cause of a silent failure. Option D is wrong because reviewing system logs like /var/log/syslog may show gzip-related errors only if the script actually ran gzip and logged errors; since the script has no error handling and produced no output, there may be no relevant entries, making this an inefficient first step.

310
MCQmedium

You are a Linux administrator for a company that runs a web server on a system with limited disk space. The web server logs are stored in /var/log/httpd/access_log and grow quickly. The operations team requires that the most recent logs be available for troubleshooting, but logs older than 7 days must be compressed to save space. You decide to implement log rotation using logrotate. The logrotate configuration file for httpd currently contains: /var/log/httpd/*.log { daily rotate 7 compress delaycompress missingok notifempty sharedscripts postrotate /bin/systemctl reload httpd 2>/dev/null || true endscript } After applying this configuration, you notice that log files are being compressed immediately instead of after one rotation. What is the most likely cause and the correct step to fix this?

A.Remove the 'sharedscripts' directive to ensure the postrotate script runs for each log file individually.
B.Change the rotation frequency to 'weekly' so that the most recent week's logs remain uncompressed and older logs are compressed.
C.Remove the 'delaycompress' directive to ensure compression occurs at each rotation.
D.Add the 'copytruncate' directive to avoid moving the log file, allowing the web server to continue writing to the same file.
AnswerB

With weekly rotation, the most recent rotated log (one week old) remains uncompressed due to delaycompress, while older logs are compressed, meeting the requirement of compressing logs older than 7 days.

Why this answer

Option B is correct because the configuration uses 'rotate 7' with 'daily' frequency, meaning seven daily rotations are kept. However, 'delaycompress' delays compression by one rotation, so the most recent rotated log remains uncompressed. With 'daily' rotation, the current log and the most recent rotated log are both uncompressed, which may appear as if compression happens immediately.

Changing to 'weekly' ensures that only the most recent week's logs remain uncompressed, matching the requirement that logs older than 7 days are compressed.

Exam trap

The trap here is that candidates may misinterpret 'delaycompress' as causing immediate compression, when in fact it delays compression by one rotation, and the issue is actually the rotation frequency being too short relative to the retention period.

How to eliminate wrong answers

Option A is wrong because 'sharedscripts' is not related to compression timing; it controls whether the postrotate script runs once for all logs or per log file. Option C is wrong because removing 'delaycompress' would cause compression to occur at each rotation, which is the opposite of the desired behavior (logs older than 7 days should be compressed, not the most recent). Option D is wrong because 'copytruncate' is used when the application cannot be signaled to close and reopen its log file; it does not affect compression timing and would not solve the immediate compression issue.

311
MCQeasy

What is stored in the first sector of a hard disk (Master Boot Record)?

A.The Master Boot Record (boot loader and partition table)
B.The partition table only
C.The Linux kernel
D.The root filesystem
AnswerA

The MBR contains boot loader code and partition table.

Why this answer

Correct: B. The Master Boot Record (MBR) contains the boot loader code and partition table for the disk. Option A is incorrect because the partition table is part of the MBR but not the only element; C and D are stored on filesystems or in the kernel.

312
MCQeasy

On a Fedora system, which command is used to update all installed packages to their latest versions?

A.`dnf upgrade`
B.`dnf check-update`
C.`dnf update all`
D.`dnf install update`
AnswerA

Updates all installed packages to the latest versions.

Why this answer

`dnf upgrade` is the standard command to update all packages on Fedora. `dnf check-update` only checks for updates. `dnf install update` is invalid. `dnf update all` is not a valid syntax.

313
MCQmedium

You are the system administrator for a small business running a Red Hat Enterprise Linux 8 server that hosts a MySQL database and a web server. The server has two physical disks: a 240GB SSD (sda) with partitions sda1 (boot), sda2 (root), sda3 (swap), and a 1TB HDD (sdb) with a single partition sdb1 mounted at /var/lib/mysql. The server has been running for months without issues. However, this morning you receive alerts that the MySQL database is not accepting new connections. You log in and find that the /var filesystem is 100% full. You check the disk usage and see that /var/lib/mysql uses 90% of the space, but there are also large log files in /var/log/httpd. To free up space immediately and restore database service while planning a permanent solution, you decide to compress old log files and move some database archives to a backup server. After compressing several log files with gzip, the available space increases by only a few MB. You then delete some old database backups from /var/lib/mysql/backup, but the space usage shown by df remains unchanged. What is the most likely cause of this behavior?

A.Some processes have open file handles to the deleted files, preventing the space from being released.
B.The disk quota for the mysql user is exceeded, so deletions do not reduce usage.
C.The SSD is not TRIM-enabled, so deleted blocks are not reclaimed.
D.The filesystem was remounted read-only due to errors, so deletions are not permanent.
AnswerA

When a file is deleted but still open, the space is not freed until the file handle is closed. Use lsof to identify the processes.

Why this answer

When a file is deleted but still held open by a running process (e.g., the MySQL daemon or httpd), the filesystem does not release the disk space until all file handles are closed. In this scenario, the large log files in /var/log/httpd were compressed with gzip, but the original uncompressed files may still be open by the web server process, so deleting them (or the old database backups) does not free space until the process is restarted or the handles are released. This explains why df still shows 100% usage despite the deletions.

Exam trap

The trap here is that candidates assume deleting files immediately frees space on disk, overlooking the fact that open file handles by running processes can retain the data blocks until the handles are closed.

How to eliminate wrong answers

Option B is wrong because disk quotas limit the amount of space a user can consume, but they do not prevent freed space from being reflected after deletions; quotas would only block new writes, not hide released space. Option C is wrong because TRIM is an SSD-specific command for garbage collection of unused blocks, which affects performance and wear but does not impact whether deleted files release space on a mounted filesystem; the space release is a filesystem-level operation independent of TRIM. Option D is wrong because a read-only remount would prevent deletions from being written at all, not allow them to appear successful while hiding the space release; the user was able to delete files, so the filesystem is writable.

314
MCQhard

Refer to the exhibit. A system administrator finds this line in /etc/rsyslog.conf. What is the effect of this configuration?

A.Only messages with facility *.info are forwarded.
B.All syslog messages are forwarded via TCP to the server.
C.All syslog messages are forwarded via UDP to the server at 192.168.1.100 on port 514.
D.Only authentication-related messages are forwarded.
AnswerC

General rule with @ for UDP, *.* for all.

Why this answer

Option A is correct because *.* means all facilities and priorities, @ indicates UDP syslog forwarding to the specified server and port. Option B is wrong because it specifies a filter not present. Option C is wrong because @ is UDP, not TCP.

Option D is wrong because it limits to authentication errors.

315
MCQhard

A script needs to remove all trailing whitespace (spaces and tabs) from each line of a file. Which sed command will accomplish this?

A.sed 's/[[:space:]]+$//'
B.sed 's/[ \t]*//g'
C.sed 's/^[ \t]*//'
D.sed 's/[ \t]*$//'
AnswerD

Matches trailing spaces/tabs and replaces with nothing.

Why this answer

Option A is correct: sed 's/[ \t]*$//' uses a regular expression to match zero or more spaces/tabs at the end of line. Option B removes leading whitespace. Option C removes all whitespace globally.

Option D uses + quantifier without -E flag, which is not valid in basic regular expressions.

316
MCQhard

Refer to the exhibit. An administrator runs this command expecting to capture both stdout and stderr into output.txt. However, the file contains only stdout. What is the error?

A.The file already exists and is not writable.
B.The stdout redirection should be 1> instead of >.
C.The 2>&1 should appear after the > output.txt.
D.The command must be run as root.
AnswerC

Proper order is `> output.txt 2>&1`; then both streams go to the file.

Why this answer

Option B is correct. In the command `command 2>&1 > output.txt`, the redirection order causes stderr to be redirected to the current stdout (terminal) before stdout is redirected to the file. Thus only stdout goes to the file, and stderr remains on the terminal.

The correct order is `command > output.txt 2>&1`.

317
MCQhard

A system takes a long time to boot due to a service that fails to start. Which systemd command can be used to identify the service causing the delay?

A.journalctl -u service
B.systemctl status
C.systemd-analyze critical-chain
D.systemd-analyze blame
AnswerD

Lists services with their initialization time, sorted by longest.

Why this answer

Option A is correct: 'systemd-analyze blame' lists services with their startup times, helping identify slow ones. Option D shows critical chain but not individual times. Options B and C show status and logs but not timing.

318
MCQhard

An administrator runs `fsck /dev/sdb1` on an ext4 filesystem that is currently mounted. What is the likely outcome?

A.It will succeed and repair any errors
B.It will automatically remount the filesystem read-only and check
C.It will refuse and exit with a warning
D.It will safely perform a read-only check
AnswerC

fsck detects the filesystem is mounted and aborts to prevent damage.

Why this answer

Running fsck on a mounted ext4 filesystem is unsafe because the kernel may have cached metadata that differs from the on-disk state, leading to false corruption detection or actual data loss. The fsck tool detects the mounted state via /proc/mounts or the kernel's internal mount table and refuses to run, printing a warning and exiting with a non-zero exit code (typically 8). This is a deliberate safety mechanism to prevent filesystem corruption.

Exam trap

The trap here is that candidates may assume fsck can safely perform a read-only check on a mounted filesystem, but the LPIC-1 exam tests the specific rule that fsck refuses to run on any mounted filesystem (except with special options like -f for root in single-user mode) to prevent data corruption.

How to eliminate wrong answers

Option A is wrong because fsck will not succeed or repair errors on a mounted ext4 filesystem; it aborts immediately to avoid corrupting the filesystem. Option B is wrong because fsck does not automatically remount the filesystem read-only; that would require manual intervention (e.g., 'mount -o remount,ro') and is not part of fsck's behavior. Option D is wrong because fsck does not safely perform a read-only check on a mounted ext4 filesystem; even a read-only check can be dangerous if the kernel's cached metadata differs from disk, and fsck explicitly refuses to run on any mounted filesystem (except for root filesystem in some emergency scenarios with special flags).

319
MCQeasy

Which of the following commands will display the default gateway of a Linux system?

A.arp -a
B.netstat -i
C.ip route show
D.ifconfig
AnswerC

Displays routing table including default gateway.

Why this answer

The `ip route show` command displays the kernel routing table, which includes the default gateway as a default route (typically `default via <gateway-IP>`). This is the standard modern tool for viewing routing information on Linux systems.

Exam trap

The trap here is that candidates often confuse `netstat -r` (which does show the routing table) with `netstat -i` (which only shows interface statistics), leading them to incorrectly select option B.

How to eliminate wrong answers

Option A is wrong because `arp -a` displays the ARP cache (IP-to-MAC address mappings), not routing information or the default gateway. Option B is wrong because `netstat -i` shows network interface statistics (packets, errors, etc.), not the routing table or default gateway. Option D is wrong because `ifconfig` displays network interface configuration (IP address, netmask, etc.) but does not show routing information or the default gateway.

320
MCQmedium

An application assumes its data is stored in /opt/app/data, but the /opt filesystem is running out of space. The administrator moves the data to /var/app/data. Which method will allow the application to continue accessing the data at /opt/app/data without modifying the application's configuration?

A.Use ln -s /var/app/data /opt/app/data
B.Edit /etc/fstab to mount /var/app/data at /opt/app/data
C.Use mount --bind /var/app/data /opt/app/data
D.Create a symbolic link /opt/app/data -> /var/app/data
AnswerC

Bind mount makes /var/app/data accessible at /opt/app/data, preserving all file attributes and paths.

Why this answer

Option C is correct because `mount --bind` creates a bind mount that makes the contents of `/var/app/data` appear at `/opt/app/data` without moving or copying files. The application continues to access the data at the original path, and the kernel transparently redirects all filesystem operations to the new location. This avoids modifying the application's configuration or creating a symbolic link that might not be followed by all programs (e.g., those using `chroot` or running with restricted permissions).

Exam trap

The trap here is that candidates often choose symbolic links (options A or D) because they seem simpler, but they overlook that some applications or system services (e.g., those running under `chroot` or with `noexec` restrictions) may not follow symlinks, whereas a bind mount works at the kernel level and is fully transparent.

How to eliminate wrong answers

Option A is wrong because `ln -s /var/app/data /opt/app/data` creates a symbolic link named `/opt/app/data` pointing to `/var/app/data`, but the application expects a directory at `/opt/app/data`, not a symlink; if the application does not follow symlinks (e.g., due to security restrictions or `O_NOFOLLOW`), it will fail. Option B is wrong because editing `/etc/fstab` to mount `/var/app/data` at `/opt/app/data` requires a reboot or manual remount, and the mount point `/opt/app/data` must already exist as an empty directory; this is a persistent solution but not the immediate, non-disruptive method described. Option D is wrong because creating a symbolic link `/opt/app/data -> /var/app/data` is essentially the same as option A and suffers from the same limitations; additionally, the order of arguments is reversed (the link name should be the second argument), and the application may not traverse symlinks in certain contexts.

321
MCQhard

A developer downloads the source code for a kernel module and attempts to compile it using `make`. The compilation fails with an error indicating that the kernel header files are missing. Which package should be installed to provide the necessary headers on a Debian system?

A.`linux-headers-$(uname -r)`
B.`kernel-headers-generic`
C.`build-essential`
D.`linux-kernel-headers`
AnswerA

Provides headers for the running kernel.

Why this answer

The `linux-headers-$(uname -r)` package provides headers for the currently running kernel, which are required for compiling kernel modules. The other options are incorrect: `kernel-headers-generic` is not a Debian package name, `linux-kernel-headers` does not exist, and `build-essential` provides compilers but not kernel headers.

322
MCQhard

Refer to the exhibit. The administrator restarts the sshd service. What is the new main PID after restart?

A.It remains the same.
B.1235
C.1234
D.It will be a new, different PID.
AnswerD

After restart, the service will have a new main PID.

Why this answer

When the sshd service is restarted, the old process is terminated and a new process is spawned, resulting in a new main PID. The PID is a unique identifier assigned by the kernel to each process at creation time, and it is never reused immediately after termination. Therefore, the new main PID will be different from the previous one.

Exam trap

The trap here is that candidates mistakenly think the PID remains the same after a restart, confusing 'restart' with 'reload' (which sends a SIGHUP and keeps the same PID), or they assume the new PID will be the next sequential number like 1235.

How to eliminate wrong answers

Option A is wrong because restarting a service terminates the existing process and starts a new one, so the PID cannot remain the same. Option B is wrong because 1235 is a specific number that would only be correct if the new PID happened to be that value, but there is no guarantee of any specific PID; the kernel assigns PIDs sequentially from available numbers. Option C is wrong because 1234 is the old PID that was terminated, and the new process will receive a different PID, not the same one.

323
Multi-Selecteasy

Which TWO of the following are valid mount options for the ext4 filesystem?

Select 2 answers
A.sync
B.data=journal
C.noatime
D.ro
E.noload
AnswersB, C

Enables journaling of data, valid for ext4.

Why this answer

Option B is correct because 'data=journal' is a valid mount option for ext4 that enables journaling of both metadata and file data, providing the highest level of data integrity by writing all data to the journal before the main filesystem. Option C is correct because 'noatime' is a standard mount option that disables updating the access time (atime) on inodes, reducing disk writes and improving performance.

Exam trap

The trap here is that candidates often confuse generic mount options (like 'sync' or 'ro') with filesystem-specific options, or they misremember 'noload' as a valid ext4 option when it is actually an ext3 option or a misspelling of 'norecovery'.

324
MCQeasy

After plugging in a USB storage device, the system does not automatically mount it. The 'lsusb' command shows the device. What is the first command to check if the kernel detected the block device?

A.lsblk
B.mount
C.dmesg
D.fdisk
AnswerC

dmesg displays kernel ring buffer messages, which include device detection.

Why this answer

The 'dmesg' command displays kernel ring buffer messages, which include hardware detection and driver initialization logs. When a USB storage device is plugged in, the kernel logs the device's recognition, including the assigned block device name (e.g., /dev/sdb). Checking 'dmesg' is the first step to confirm that the kernel has detected the block device, even if it is not automatically mounted.

Exam trap

The trap here is that candidates assume 'lsblk' or 'mount' are the first commands to check, but they only show devices that have already been fully registered or mounted, not the raw kernel detection event that 'dmesg' captures.

How to eliminate wrong answers

Option A is wrong because 'lsblk' lists block devices but relies on the kernel having already registered them; if the device is not automatically mounted, 'lsblk' may not show it if the kernel hasn't detected it yet. Option B is wrong because 'mount' shows currently mounted filesystems, not whether the kernel detected the block device; a device can be detected but not mounted. Option D is wrong because 'fdisk' is a partitioning tool that requires the block device to already be recognized by the kernel; it cannot detect or confirm initial kernel detection.

325
MCQmedium

An organization's DNS server (BIND) is authoritatively serving the example.com zone. The administrator needs to add a mail exchange record for mail.example.com with priority 10. Which resource record should be added to the zone file?

A.example.com. IN MX 10 mail.example.com.
B.mail.example.com. IN A 192.168.1.10
C.mail.example.com. IN CNAME example.com.
D.example.com. IN TXT "v=spf1 mx -all"
AnswerA

MX record defines mail exchange with priority.

Why this answer

Option B is correct: MX record with priority and mail server hostname. Option A is an A record. Option C is a CNAME.

Option D is a TXT record.

326
MCQeasy

Refer to the exhibit. Based on the dpkg output, what is the status of the 'ftp' package?

A.Removed but configuration files remain.
B.Half-configured.
C.Installed and up-to-date.
D.Not installed at all.
AnswerA

The 'rc' status indicates removed with config files.

Why this answer

The 'dpkg' output shows 'rc' in the status field, which stands for 'removed' (the package has been deleted) but 'config-files' remain. This means the package was removed using 'dpkg --purge' or 'apt-get remove' without the '--purge' option, leaving behind configuration files in /etc.

Exam trap

LPI often tests the distinction between 'removed' (package binary gone) and 'purged' (everything gone), where candidates mistakenly think 'rc' means the package is still installed or that config files are automatically removed.

How to eliminate wrong answers

Option B is wrong because 'half-configured' would show 'hc' in the dpkg status, indicating the package was partially configured after unpacking but the configuration script failed. Option C is wrong because 'installed and up-to-date' would show 'ii' (installed and ok) in the status, not 'rc'. Option D is wrong because 'not installed at all' would show 'un' (unknown/not installed) or no entry at all, not the 'rc' status which explicitly indicates the package was once installed and its config files persist.

327
MCQhard

A company is setting up a database server that requires high reliability and support for snapshots. The storage will be on a single large disk. Which filesystem is best suited for this requirement?

A.ext4
B.NTFS
C.XFS
D.btrfs
AnswerD

Btrfs natively supports snapshots, checksums, and self-healing for high reliability.

Why this answer

Btrfs (B-tree filesystem) is best suited for this requirement because it natively supports snapshots, checksumming, and copy-on-write (CoW) for high reliability, all on a single disk. Unlike other Linux filesystems, btrfs provides built-in snapshot and rollback capabilities without requiring an external volume manager, making it ideal for database servers needing consistent point-in-time backups.

Exam trap

The trap here is that candidates often choose XFS for its high performance with large files, but they overlook that XFS lacks native snapshot support, while btrfs is specifically designed for advanced features like snapshots and self-healing on a single disk.

How to eliminate wrong answers

Option A is wrong because ext4 lacks native snapshot support; it relies on external tools like LVM for snapshots, which adds complexity and does not provide filesystem-level checksumming for data integrity. Option B is wrong because NTFS is a Windows filesystem not natively supported on Linux without FUSE or kernel modules, and it is not designed for the Linux environment or LPIC-1 scope. Option C is wrong because XFS does not support snapshots natively; it requires LVM or other volume managers for snapshot functionality, and while it offers high performance for large files, it lacks the integrated snapshot and rollback features of btrfs.

328
MCQmedium

A system administrator wants to compile and install a program from source. After running './configure --prefix=/opt/myapp', the configure script fails with an error about missing 'libssl-dev'. What should the administrator do to resolve this issue?

A.Install the 'libssl-dev' package using the package manager
B.Manually download and place the missing header files in /usr/include
C.Install the 'libssl' runtime library
D.Add the '--disable-ssl' flag to ./configure
AnswerA

Development packages contain headers required by configure.

Why this answer

The configure script requires the development headers and static libraries for OpenSSL to compile software that uses SSL/TLS. The 'libssl-dev' package provides these headers and the .so symlinks needed during compilation. Installing it via the package manager (e.g., apt, yum) is the correct and standard method to satisfy this build dependency.

Exam trap

The trap here is that candidates confuse runtime libraries (libssl) with development libraries (libssl-dev), or think manually copying headers is a valid workaround, when the package manager's -dev package is the intended solution.

How to eliminate wrong answers

Option B is wrong because manually placing header files in /usr/include is fragile, does not resolve library linking dependencies, and bypasses the package manager's dependency tracking. Option C is wrong because 'libssl' runtime library only provides the shared objects for execution, not the headers or static libraries required during compilation. Option D is wrong because adding '--disable-ssl' would disable SSL support entirely, which may break the program's intended functionality or cause other configure checks to fail if SSL is a hard requirement.

329
Multi-Selecteasy

Which TWO commands can be used to create an ext4 filesystem on a partition?

Select 2 answers
A.mkfs.btrfs /dev/sdb1
B.mkfs.ext4 /dev/sdb1
C.mke2fs -t ext4 /dev/sdb1
D.mkfs.msdos /dev/sdb1
E.mkfs.xfs /dev/sdb1
AnswersB, C

Explicitly creates ext4 filesystem.

Why this answer

The `mkfs.ext4` command is a direct front-end for creating an ext4 filesystem, making option B correct. Option C is also correct because `mke2fs -t ext4` explicitly calls the ext2/3/4 filesystem creation tool with the ext4 type, producing an identical ext4 filesystem. Both commands ultimately invoke the same underlying `mke2fs` utility with the appropriate filesystem type.

Exam trap

The trap here is that candidates may think only `mkfs.ext4` is valid, overlooking that `mke2fs -t ext4` is an equivalent command, or they may confuse filesystem-specific mkfs wrappers (like `mkfs.btrfs` or `mkfs.xfs`) as being able to create ext4 filesystems.

330
Multi-Selecteasy

Which TWO commands are commonly used to start, stop, or restart system services on a Linux system that uses systemd as its init system?

Select 2 answers
A.service
B.journalctl
C.chkconfig
D.systemctl
E.init.d
AnswersA, D

service is a legacy wrapper that works with systemd on most distros.

Why this answer

systemctl is the native tool for managing systemd services. The service command still works as a wrapper for backward compatibility. init.d is a directory of scripts, not a command. chkconfig is for SysV init. journalctl is for logs, not service management.

331
MCQeasy

An administrator wants to remove a package 'apache2' but keep its configuration files on the system. Which command should be used?

A.`dpkg --purge apache2`
B.`apt-get purge apache2`
C.`apt-get autoremove apache2`
D.`apt-get remove apache2`
AnswerD

Removes the package but keeps configuration files.

Why this answer

Option D is correct because `apt-get remove apache2` removes the package binaries but leaves the configuration files (under /etc/apache2/) intact. This is the standard behavior of the `remove` subcommand in APT and dpkg, allowing the administrator to reinstall the package later with the same settings.

Exam trap

The trap here is that candidates often confuse `purge` (which removes configs) with `remove` (which keeps configs), or mistakenly think `autoremove` can target a specific package, when it only cleans orphaned dependencies.

How to eliminate wrong answers

Option A is wrong because `dpkg --purge` removes both the package and its configuration files, which contradicts the requirement to keep configs. Option B is wrong because `apt-get purge` also removes configuration files along with the package, just like `dpkg --purge`. Option C is wrong because `apt-get autoremove` is designed to remove packages that were automatically installed as dependencies and are no longer needed; it does not target a specific package like 'apache2' and will not remove it unless it is marked as auto-installed.

332
MCQeasy

Which command creates an ext4 filesystem on /dev/sdb1 without interactive prompts?

A.mkfs -t ext4 /dev/sdb1
B.mke2fs -t ext4 /dev/sdb1
C.mkfs.ext2 /dev/sdb1
D.mkfs.ext4 /dev/sdb1
AnswerD

Correct: mkfs.ext4 creates an ext4 filesystem non-interactively.

Why this answer

Option D is correct because `mkfs.ext4` is a direct frontend to `mke2fs` that creates an ext4 filesystem without interactive prompts. It automatically formats the partition with ext4 defaults, requiring no user confirmation, making it suitable for scripting.

Exam trap

The trap here is that candidates often confuse `mkfs -t ext4` (which may prompt interactively) with `mkfs.ext4` (which is designed for non-interactive use), or they mistakenly think `mkfs.ext2` can create an ext4 filesystem due to the similar naming convention.

How to eliminate wrong answers

Option A is wrong because `mkfs -t ext4 /dev/sdb1` will create an ext4 filesystem but may prompt for confirmation if the device is already formatted or if it detects an existing filesystem, depending on the version and environment; it is not guaranteed to be non-interactive. Option B is wrong because `mke2fs -t ext4 /dev/sdb1` is equivalent to `mkfs.ext4` in functionality, but the command name `mke2fs` is less commonly used and the question specifically asks for the command that creates an ext4 filesystem without interactive prompts; while it works, the standard and expected answer is `mkfs.ext4`. Option C is wrong because `mkfs.ext2 /dev/sdb1` creates an ext2 filesystem, not ext4, and thus does not meet the requirement.

333
MCQhard

A company runs a critical web application on a Linux server (Ubuntu 20.04) with Apache and MySQL. The server has two network interfaces: eth0 (public IP) and eth1 (private IP). Recently, the application has been experiencing intermittent connectivity issues. Users report that the web page sometimes loads slowly or times out. The administrator checks the network configuration and finds the following: eth0 is configured with a static IP 203.0.113.10/24, gateway 203.0.113.1; eth1 is configured with a static IP 10.0.0.10/24, no gateway. The administrator runs 'ip route show' and sees: default via 203.0.113.1 dev eth0, 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.10 metric 100. The administrator also notices that the system's /etc/resolv.conf contains nameserver 8.8.8.8 and nameserver 8.8.4.4. The MySQL server is configured to listen on 127.0.0.1. What is the most likely cause of the intermittent connectivity issues?

A.The private network interface (eth1) is misconfigured, causing traffic to be routed incorrectly.
B.The DNS servers are not reachable, causing delays in name resolution.
C.The public network interface (eth0) is experiencing high latency or packet loss due to ISP issues.
D.The MySQL server is listening on localhost, but should listen on the private IP for better performance.
AnswerC

Intermittent connectivity issues are often caused by problems with the external link.

Why this answer

Option C is correct because the intermittent connectivity issues described (slow page loads and timeouts) are classic symptoms of high latency or packet loss on the public network path. The routing table shows a default gateway via eth0 (203.0.113.1), which is the only path to the internet, and the DNS servers (8.8.8.8, 8.8.4.4) are external, so any degradation on eth0 would directly impact web application responsiveness. The administrator's observation that eth0 is configured with a static IP and gateway, combined with no alternative route, points to ISP-level issues as the most likely cause.

Exam trap

The trap here is that candidates may incorrectly attribute the issue to DNS misconfiguration or interface misrouting, overlooking that the default route via eth0 makes the public interface the single point of failure for internet-bound traffic, and that intermittent symptoms point to network path degradation rather than configuration errors.

How to eliminate wrong answers

Option A is wrong because eth1 is correctly configured with a static IP 10.0.0.10/24 and no gateway, which is appropriate for a private network; the routing table shows a direct route to 10.0.0.0/24 via eth1, and since the default route is via eth0, traffic is not misrouted. Option B is wrong because DNS servers 8.8.8.8 and 8.8.4.4 are public Google DNS servers that are typically reachable; if they were unreachable, the application would fail consistently rather than intermittently, and the issue would manifest as name resolution failures, not slow page loads or timeouts. Option D is wrong because MySQL listening on 127.0.0.1 is standard for local-only access, and the web application (Apache) is on the same server, so connecting via the loopback interface is optimal for performance; listening on the private IP would add unnecessary network overhead and not cause intermittent connectivity.

334
Multi-Selecteasy

An administrator needs to find files that have been modified within the last 24 hours. Which two parameters are valid for the find command to accomplish this? (Choose TWO)

Select 2 answers
A.-mmin 1440
B.-mtime 0
C.-ctime 0
D.-newer file
E.-atime 1
AnswersA, B

Matches files modified within the last 1440 minutes (24 hours).

Why this answer

Option A is correct because `-mmin 1440` matches files whose data modification time is exactly 1440 minutes (24 hours) ago. Option B is correct because `-mtime 0` matches files modified within the last 24 hours (0 days ago). Both parameters target the modification time (`mtime`) and correctly interpret the time range as 'within the last 24 hours'.

Exam trap

The trap here is confusing `-mtime` with `-atime` or `-ctime`, and misunderstanding that `-mtime 0` means 'within the last 24 hours' while `-atime 1` means 'between 24 and 48 hours ago', not 'within the last day'.

335
Multi-Selectmedium

Which THREE directories are required by the Filesystem Hierarchy Standard (FHS) to exist on the root filesystem? (Choose three.)

Select 3 answers
A./proc
B./var
C./srv
D./opt
E./sys
AnswersB, C, D

Required for variable data.

Why this answer

The Filesystem Hierarchy Standard (FHS) mandates that /var, /srv, and /opt must exist on the root filesystem. /var contains variable data such as logs and spools, /srv holds site-specific service data, and /opt is reserved for add-on application software packages. These directories are explicitly listed as required in the FHS specification.

Exam trap

The trap here is that candidates often confuse commonly present virtual filesystems (like /proc and /sys) with FHS-mandated directories, because they appear on almost every Linux system, but the FHS does not require them to exist on the root filesystem.

336
MCQmedium

In a bash script, a variable 'file' is set to '/var/log/syslog'. Which expansion will yield the string '/var/log'?

A.${file##*/}
B.${file%%/*}
C.${file%/*}
D.${file#*/}
AnswerC

Removes the shortest suffix matching /*, yielding /var/log.

Why this answer

Option C is correct because the `${file%/*}` expansion uses the `%` operator to remove the shortest suffix matching the pattern `/*`, which matches the last slash and everything after it. Since `file` is `/var/log/syslog`, this removes `/syslog`, leaving `/var/log`. This is a standard parameter expansion in bash for stripping a trailing path component.

Exam trap

The trap here is that candidates often confuse the `%` (remove suffix) and `#` (remove prefix) operators, or mistakenly think `%%` removes the last path component when it actually removes everything from the first slash onward due to longest match behavior.

How to eliminate wrong answers

Option A is wrong because `${file##*/}` uses the `##` operator to remove the longest prefix matching `*/`, which strips everything up to and including the last slash, yielding `syslog` (the filename), not the directory path. Option B is wrong because `${file%%/*}` uses the `%%` operator to remove the longest suffix matching `/*`, which would strip everything from the first slash onward, resulting in an empty string (since the entire string starts with `/`). Option D is wrong because `${file#*/}` uses the `#` operator to remove the shortest prefix matching `*/`, which strips only the first slash and any characters before it, yielding `var/log/syslog` (the path without the leading slash).

337
MCQhard

A sysadmin is troubleshooting a connectivity issue between two servers in different subnets. The output of 'traceroute 192.168.2.10' shows packets reaching a router but not the destination. The router's firewall uses iptables. Which rule would prevent the traceroute from completing?

A.-A INPUT -i lo -j LOG
B.-A INPUT -p udp -j ACCEPT
C.-A INPUT -p tcp --dport 80 -j REJECT
D.-A INPUT -p icmp --icmp-type port-unreachable -j DROP
AnswerD

Blocks ICMP Port Unreachable, which stops traceroute responses.

Why this answer

Option B is correct because traceroute sends UDP packets with increasing TTL, and the destination sends back ICMP Port Unreachable. Dropping ICMP would cause traceroute to hang. Option A is wrong because rejecting TCP is not relevant for traceroute (UDP).

Option C is wrong because logging doesn't block. Option D is wrong because accepting all UDP would not block.

338
Multi-Selectmedium

Which TWO configuration files are commonly associated with NTP client configuration?

Select 2 answers
A./etc/systemd/timesyncd.conf
B./etc/chrony.conf
C./etc/timezone
D./etc/ntp.conf
E./etc/ntpd.conf
AnswersB, D

Used by chronyd.

Why this answer

Options A and C are correct. /etc/ntp.conf is used by ntpd, and /etc/chrony.conf by chronyd, both NTP client implementations. Option B (ntpd.conf) is not standard. Option D (/etc/systemd/timesyncd.conf) is for systemd-timesyncd, another NTP client.

Option E (/etc/timezone) sets the timezone, not NTP servers.

339
MCQhard

Refer to the exhibit. After adding a new disk to the system, the device /dev/sdb appears. However, the administrator cannot create partitions on /dev/sdb using fdisk. What is the most likely reason?

A.The disk is currently in use as a physical volume for LVM.
B.The disk is mounted and cannot be partitioned.
C.The disk does not have a valid partition table.
D.The kernel does not support the disk's interface.
AnswerA

Active LVM physical volumes cannot be partitioned with fdisk; the PV must be removed first.

Why this answer

The device /dev/sdb has major number 8, minor 16, which is correct for a disk. However, the 'disk' group may not have write permission? Actually, the permissions are brw-rw----, meaning owner root, group disk, with read-write for owner and group. The administrator is likely not in the 'disk' group, or the kernel is not recognizing the disk properly.

But a common issue is that the disk is already in use or the partition table is corrupted. Another possibility: the disk might be a loop device or something else. However, the most typical reason is that the disk is not properly recognized by the kernel (e.g., missing driver).

But given the exhibit shows /dev/sdb exists, the more plausible reason is that the disk is already partitioned and mounted, or the partition table is not recognized. Actually, fdisk would still work. Let's think: The exhibit shows /dev/sdb exists with major/minor numbers.

If the disk is new, it might not have a valid partition table. fdisk can still create one. But if the disk is already in use (e.g., part of a RAID or LVM), fdisk might refuse. Another possibility: the disk is a device-mapper or something.

Without more context, a common issue is that the disk is being used as a physical volume for LVM. The exhibit doesn't show that. Perhaps the disk is read-only? The permissions show rw for owner and group, so if the user is not root or not in disk group, they cannot write.

But the question says 'administrator', likely root. So maybe the disk is a whole disk that is already partitioned and the kernel has reread the partition table? Actually, if /dev/sdb exists, it's the whole disk. fdisk should work. I'll go with a different angle: the disk may have a filesystem directly on it (no partition table), and fdisk might warn but still work.

Hmm. Let's choose a plausible error: The disk is a removable device that is write-protected. But the exhibit doesn't show that.

Another: The disk is a virtual disk with a read-only backing store. I think the most reasonable answer for LPI Linux is that the disk is a partition of another device? No, /dev/sdb is a disk. I'll go with: The disk is being used by the system (e.g., as a swap device or part of a RAID array).

But the exhibit doesn't show that. Let's pick: The disk is not a block device? It is. Okay, I'll choose: The disk has a valid partition table that is in use, so fdisk refuses to modify it.

But fdisk can modify it anyway. Actually, fdisk will allow modification if the partitions are not mounted. I'll go with a different approach: The administrator is not using sudo or is not root.

But the exhibit shows root ownership. So maybe the disk is a loop device? No. Let's look at the options I'll create: A) The disk is not partitioned; B) The disk is mounted; C) The kernel does not recognize the disk; D) The disk is write-protected.

I'll pick B: The disk is mounted. But the exhibit doesn't show mount points. However, it's common that a disk may have partitions that are mounted, but the whole disk device cannot be partitioned if any partition is in use.

Actually, fdisk can still work on the whole disk even if partitions are mounted? It will warn but allow. But if the disk is in use (e.g., as a physical volume for LVM), fdisk may refuse. I'll go with: The disk is part of an LVM volume group.

But that's not shown. I'll create a reasonable scenario: The disk is already being used as a swap device. But the exhibit doesn't show swap.

To make it plausible, I'll say: The disk is a member of a RAID array. But again not shown. Hmm.

Let's look at the major/minor numbers: 8,16 is typical for sd devices. There's no obvious issue. I'll propose that the disk is a whole disk that is already partitioned, and the kernel has automatically recognized the partitions, but the administrator is trying to partition the whole disk again, which fdisk will allow but might cause issues.

Actually, the question says 'cannot create partitions'. Perhaps the disk has a size of 0? No. I'll go with: The disk is read-only due to a hardware switch.

But that's not in the exhibit. I think the best answer is: The disk has a partition table that is in use, and fdisk refuses to write because the kernel has the device open. But fdisk can still write with --force.

I'll choose: The disk is a removable device that is write-protected. But the exhibit shows no such indication. Let's decide: I'll make the correct answer: The disk is already in use as a physical volume for LVM, and fdisk cannot modify it while it is active.

That is a common scenario. I'll include that in the options.

340
MCQhard

Refer to the exhibit. The root filesystem is nearly full. The administrator needs to increase its size. Which steps should be performed?

A.Use parted to resize the root partition and then mount it
B.Use fdisk to increase the size of /dev/sda1 and then run resize2fs
C.Use lvextend to extend the logical volume and then resize2fs to resize the filesystem
D.Create a new filesystem on /dev/sda2 and mount it to /
AnswerC

Correct: LVM allows online resizing; lvextend extends LV, then resize2fs grows the filesystem.

Why this answer

Option C is correct because the root filesystem is on an LVM logical volume, as indicated by the exhibit (e.g., /dev/mapper/rootvg-rootlv). To increase its size, you must first extend the logical volume using lvextend, then resize the filesystem with resize2fs. This two-step process ensures the underlying block device and the filesystem are both enlarged to utilize the newly available space.

Exam trap

The trap here is that candidates assume the root filesystem is on a traditional partition and attempt to resize it with fdisk or parted, failing to recognize that LVM requires a different workflow with lvextend and resize2fs.

How to eliminate wrong answers

Option A is wrong because parted resizes partitions, not LVM logical volumes; the root filesystem resides on a logical volume, not a physical partition, so resizing the partition would not affect the LV. Option B is wrong because fdisk operates on physical partitions (e.g., /dev/sda1), but the root filesystem is on an LVM logical volume; increasing /dev/sda1 would not extend the LV, and resize2fs alone cannot expand the LV. Option D is wrong because creating a new filesystem on /dev/sda2 and mounting it to / would replace the existing root filesystem, destroying all data and requiring a complete reinstall or data migration, which is not a valid method to increase the size of the current root filesystem.

341
MCQeasy

Which command displays information about the CPU, including model name, cache size, and flags?

A.uname -a
B.lscpu
C.cat /proc/cpuinfo
D.dmidecode
AnswerB

lscpu displays CPU architecture information from /proc/cpuinfo.

Why this answer

The `lscpu` command is the correct choice because it is specifically designed to display CPU architecture information, including model name, cache sizes, and flags (such as SSE, AES, etc.), by reading data from sysfs and /proc/cpuinfo in a human-readable format. It provides a concise summary without requiring root privileges, making it the most appropriate tool for this task.

Exam trap

The trap here is that candidates often choose `cat /proc/cpuinfo` because it contains all the raw data, but the exam expects the command that is specifically designed to present CPU information in a readable summary, which is `lscpu`.

How to eliminate wrong answers

Option A is wrong because `uname -a` displays system kernel information (e.g., kernel name, hostname, kernel release, architecture), but it does not show CPU model name, cache size, or flags. Option C is wrong because while `cat /proc/cpuinfo` does contain all the requested CPU details, it outputs raw, verbose data that is not formatted for quick reading; the question asks for a command that 'displays information' in a practical sense, and `lscpu` is the standard utility for this purpose. Option D is wrong because `dmidecode` reads DMI/SMBIOS tables to provide hardware information (e.g., BIOS, motherboard, memory), but it requires root privileges and does not directly output CPU flags or cache details in a straightforward manner.

342
MCQhard

A Linux system with a custom kernel fails to boot after a new kernel is compiled and installed. The boot process stops at a prompt: 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. The root filesystem is on /dev/sda2 with ext4. The system has an initramfs generated with dracut. The admin can boot from a previous kernel. Which is the most appropriate next step to troubleshoot and fix the issue? Options: A) Rebuild the initramfs using 'dracut --force --kver' with the correct kernel version, B) Add 'root=/dev/sda2' to the kernel command line, C) Use 'mkinitrd' with the '--preload' option for ext4 module, D) Run 'ldd /sbin/init' to check for missing libraries.

A.Run 'ldd /sbin/init' to check for missing libraries
B.Rebuild the initramfs using 'dracut --force --kver' with the correct kernel version
C.Use 'mkinitrd' with the '--preload' option for ext4 module
D.Add 'root=/dev/sda2' to the kernel command line
AnswerB

Regenerates the initramfs ensuring all necessary modules are included.

Why this answer

Option A is correct because the initramfs may be missing necessary drivers for the root filesystem or controller. Regenerating it with dracut for the new kernel ensures modules are included. Option B is likely already present (the error says unknown-block, indicating root= parameter might be missing or wrong, but if it's in GRUB, it should be there).

Option C uses mkinitrd which is deprecated on newer systems with dracut. Option D is for user-space issues; the panic is at boot before init runs. So A is best.

343
MCQhard

Refer to the exhibit. The system fails to boot with an error 'UUID=e5f6g7h8 not found'. Which is the most likely cause?

A.The fstab entry for /boot is incorrect.
B.The root filesystem is corrupted.
C.The initramfs does not contain the necessary filesystem modules.
D.The disk order changed, so /dev/sda2 is no longer the correct device.
AnswerC

If the initramfs lacks the driver for the root filesystem, the UUID cannot be resolved.

344
MCQhard

A company runs a critical database server on Linux. The server has a hardware RAID controller with two logical volumes: one for the operating system (LV1) and one for the database data (LV2). The server uses LVM on top of the RAID volumes. Recently, the database performance has degraded. The administrator suspects that the file system on LV2 is heavily fragmented. The server uses the ext4 filesystem. The administrator wants to check the fragmentation level and, if necessary, defragment the filesystem without unmounting it or causing downtime. However, ext4 does not support online defragmentation. What should the administrator do to minimize fragmentation impact while maintaining availability?

A.Create a new filesystem on LV2, copy data back, and symlink the old mount point to the new one.
B.Use tune2fs to set the reserved block percentage to 0 and increase the inode size.
C.Schedule a maintenance window, unmount LV2, run e2fsck -fn, then run e2fsck -D to defragment.
D.Use the e4defrag command with the -v option on the mount point to check and defragment files online.
AnswerD

e4defrag can defragment files on a mounted ext4 filesystem, reducing fragmentation without downtime.

Why this answer

Option D is correct because e4defrag is a tool specifically designed for online defragmentation of ext4 filesystems. It can check fragmentation levels and defragment files without requiring the filesystem to be unmounted, thus avoiding downtime. This directly addresses the administrator's need to minimize fragmentation impact while maintaining availability.

Exam trap

The trap here is that candidates may assume ext4 has no online defragmentation support at all, but e4defrag provides a limited online capability, or they may confuse e4defrag with e2fsck, which requires unmounting.

How to eliminate wrong answers

Option A is wrong because creating a new filesystem and copying data back requires unmounting LV2 or at least remounting it, causing downtime, and symlinking does not solve fragmentation on the original filesystem. Option B is wrong because tune2fs adjusts filesystem parameters like reserved blocks and inode size, but it does not perform defragmentation or check fragmentation levels. Option C is wrong because while e2fsck -D can defragment directories, it requires the filesystem to be unmounted, causing downtime, and the -fn option is for a read-only check, not defragmentation.

345
Multi-Selecthard

Which THREE of the following filesystem types are journaling filesystems? (Choose exactly three.)

Select 3 answers
A.ext4
B.XFS
C.ext2
D.Btrfs
E.VFat
AnswersA, B, D

Correct: ext4 supports journaling.

Why this answer

ext4 is a journaling filesystem that uses a journal to record metadata changes before they are written to the main filesystem, ensuring consistency after a crash. It is the default filesystem for many Linux distributions and supports features like extents and delayed allocation.

Exam trap

The trap here is that candidates often confuse ext2 with ext3/ext4, assuming all ext* filesystems are journaling, or they mistakenly think VFat has journaling capabilities due to its widespread use in removable media.

346
Multi-Selecthard

Which THREE of the following are valid methods to install a package from a local .deb file?

Select 3 answers
A.alien -i package.deb
B.rpm -i package.deb
C.gdebi package.deb
D.dpkg -i package.deb
E.apt-get install ./package.deb
AnswersC, D, E

gdebi handles dependencies.

Why this answer

C is correct because `gdebi` is a dedicated tool for installing local `.deb` packages while automatically resolving and fetching their dependencies from configured repositories. It provides a safer alternative to `dpkg` when dependency handling is required.

Exam trap

The trap here is that candidates may think `rpm` can handle .deb files due to a superficial similarity in package management commands, or that `alien` is a primary installation tool rather than a format converter.

347
MCQhard

An openSUSE administrator needs to add a new repository from a URL and refresh the package cache. Which command sequence accomplishes this?

A.zypper install --repo url
B.zypper addrepo url; zypper refresh
C.zypper modifyrepo --add url
D.zypper repos --add url
AnswerB

Correct sequence to add and refresh.

Why this answer

Option B is correct because zypper addrepo adds the repo, then zypper refresh updates the cache. Option A is incorrect because zypper modifyrepo modifies existing repos. Option C is incorrect because zypper repos lists repos only.

Option D is incorrect because zypper install does not add repos.

348
MCQhard

Refer to the exhibit. The system logs show the above messages. What is the most likely cause and the correct first action?

A.The filesystem is read-only; remount with 'mount -o remount,rw /'.
B.Filesystem corruption occurred; unmount and run fsck.
C.The device is unresponsive; replace the disk.
D.The filesystem is full; delete unnecessary files.
AnswerB

The error indicates corruption; fsck should be run offline.

Why this answer

The kernel log messages indicate a filesystem I/O error (e.g., 'EXT4-fs error (device sda1)') which typically points to filesystem corruption. Running fsck on the unmounted filesystem is the correct first action to repair the metadata and recover the filesystem. Option B is correct because fsck is the standard tool for checking and repairing filesystem inconsistencies.

Exam trap

The trap here is that candidates may confuse filesystem corruption with a full filesystem or a hardware failure, but the specific I/O error messages in the logs point to corruption, not capacity or device unresponsiveness.

How to eliminate wrong answers

Option A is wrong because remounting as read-write will not fix corruption; the filesystem is likely already read-only due to the error, and forcing a write could worsen damage. Option C is wrong because the device is responsive (logs show I/O errors, not a complete lack of response), and replacing the disk is premature without first attempting repair. Option D is wrong because the logs show I/O errors, not 'disk full' messages (e.g., 'No space left on device'); deleting files would not address the underlying corruption.

349
Multi-Selectmedium

Which TWO commands can be used to display network interface statistics on a Linux system?

Select 2 answers
A.route -n
B.ss -s
C.ip -s link
D.netstat -i
E.ifconfig
AnswersD, E

Shows interface statistics.

Why this answer

Options A and C are correct. ifconfig and netstat -i both display interface statistics such as packets transmitted/received, errors, etc. Option B (ip -s link) also shows statistics, but since we need exactly two, A and C are classic. Option D (route -n) shows routing table.

Option E (ss -s) shows socket statistics summary.

350
MCQhard

A system administrator is responsible for a Linux server running a critical application. The server recently experienced an unplanned power outage. Upon rebooting, the system fails to reach the default target and drops into an emergency shell. The administrator notices that the root filesystem (/) is mounted read-only. The /etc/fstab file contains the following lines: UUID=abc123 / ext4 errors=remount-ro 0 1 UUID=def456 /home ext4 defaults 0 2 UUID=ghi789 none swap sw 0 0 The administrator suspects that the /home filesystem has a corrupt superblock and is causing the boot failure. The administrator needs to check and repair the /home filesystem without causing data loss. Which of the following is the correct course of action?

A.Reinstall the system from backup because the superblock corruption is fatal.
B.Boot from a live USB, run 'fsck /dev/sdb1' on the unmounted filesystem, then reboot.
C.Run 'fsck /dev/sdb1' from the emergency shell after remounting /home read-write.
D.Run 'fsck -y /dev/sdb1' from the emergency shell, but first run 'mount -o remount,rw /home' to make the filesystem writable.
AnswerB

Using a live environment ensures the filesystem is unmounted, allowing safe repair.

Why this answer

The correct option is C: Boot from a live USB and run fsck on the unmounted filesystem. This ensures the filesystem is not mounted, preventing further corruption. Option A attempts to run fsck on a mounted filesystem, which can cause data loss.

Option B attempts to mount the corrupt filesystem read-write before checking, which may worsen the corruption. Option D is overly drastic and unnecessary; a corrupted superblock can often be repaired with fsck using an alternate superblock.

351
Multi-Selectmedium

Which TWO of the following are required for a system to boot using UEFI?

Select 2 answers
A.The bootloader installed in the ESP
B.An EFI System Partition (ESP) formatted with FAT32
C.The bootloader installed in the Master Boot Record (MBR)
D.A BIOS boot partition
E.A kernel with EFI stub support
AnswersA, B

The bootloader (e.g., GRUB) must be installed in the ESP for UEFI to find it.

Why this answer

Correct options are A and C. An EFI System Partition (ESP) formatted with FAT32 is mandatory, and the bootloader (e.g., GRUB) must be installed in the ESP. Option B (BIOS boot partition) is used for GRUB on BIOS systems, not UEFI.

Option D (bootloader in MBR) is for BIOS. Option E (kernel with EFI stub support) is optional; bootloaders can invoke kernels without EFI stub.

352
Matchingmedium

Match each Linux signal to its default action.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Terminate process immediately (cannot be caught)

Terminate process gracefully

Hangup; often reloads configuration

Interrupt from keyboard (Ctrl+C)

Stop process (cannot be caught or ignored)

Why these pairings

Common signals used in Linux process control.

353
MCQhard

Refer to the exhibit. An administrator needs to edit /etc/example.conf to change setting1 to 'production' and add a new line 'setting2=value' after the include line. The file must be edited in place without creating a backup. Which command sequence achieves this?

A.sed -i 's/setting1=default/setting1=production/' /etc/example.conf; sed -i '/^include /a\nsetting2=value' /etc/example.conf
B.sed -i 's/setting1=default/setting1=production/' /etc/example.conf; sed -i '/^include /i\nsetting2=value' /etc/example.conf
C.sed -i.bak 's/setting1=default/setting1=production/' /etc/example.conf; sed -i.bak '/^include /a\nsetting2=value' /etc/example.conf
D.sed -i.bak 's/setting1=default/setting1=production/' /etc/example.conf; sed -i.bak '/^include /a\nsetting2=value' /etc/example.conf
AnswerA

Correct: -i without argument edits in place; first command changes the setting; second appends after the include line.

Why this answer

Option A is correct because the first sed command uses the -i flag to edit the file in place without a backup, and the substitution 's/setting1=default/setting1=production/' changes the existing setting. The second sed command uses the 'a' (append) command after the line matching '^include ' to add the new line 'setting2=value' after it, also with -i to avoid creating a backup.

Exam trap

The trap here is that candidates often confuse the 'a' (append) and 'i' (insert) sed commands, or overlook the requirement to avoid backups by choosing options with -i.bak instead of plain -i.

How to eliminate wrong answers

Option B is wrong because it uses the 'i' (insert) command instead of 'a' (append), which would add the new line before the include line, not after it as required. Option C is wrong because it uses '-i.bak' which creates a backup file with a .bak extension, violating the requirement to edit in place without creating a backup. Option D is wrong for the same reason as Option C — it uses '-i.bak' to create backups, and also uses the correct 'a' command but still fails the no-backup requirement.

354
MCQmedium

Refer to the exhibit. On boot, which filesystem will be checked first by fsck?

A.The swap partition
B.The root filesystem (/)
C.The CD-ROM device
D.The /boot filesystem
AnswerB

Correct: Root has passno 1, checked first.

Why this answer

The root filesystem (/) is checked first by fsck because it is mounted read-only during the initial boot phase, and fsck must verify its integrity before the system can proceed to mount other filesystems. The order of filesystem checks is determined by the fs_passno field in /etc/fstab, where the root filesystem typically has a passno of 1, ensuring it is checked before any filesystem with a higher passno value.

Exam trap

The trap here is that candidates often assume the /boot filesystem is checked first because it contains the kernel and bootloader, but the root filesystem is always checked first due to its fs_passno=1 setting in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because swap partitions have a passno of 0 in /etc/fstab, which means they are never checked by fsck; swap is not a mounted filesystem and does not require integrity verification. Option C is wrong because CD-ROM devices are typically not listed in /etc/fstab with a passno greater than 0, and even if they were, they are not mounted at boot time by default; fsck only checks filesystems that are mounted or have a non-zero passno. Option D is wrong because the /boot filesystem, if separate, usually has a passno of 2, meaning it is checked after the root filesystem (passno 1) has been verified.

355
MCQmedium

An administrator wants to change the owner of all files in /data to user 'web' without changing the group. Which command should be used?

A.chown -R web:web /data
B.chown -R web /data
C.chown web /data
D.chown web:web /data
AnswerB

This recursively changes only the owner to web.

Why this answer

Option B is correct because `chown -R web /data` changes the owner of all files and directories recursively under /data to user 'web' while leaving the group ownership unchanged. The `-R` flag ensures recursion, and omitting a colon or dot after the username means only the owner is modified.

Exam trap

The trap here is that candidates often assume a colon is required or that `chown` without `-R` applies recursively, leading them to pick options that change the group or fail to affect all files.

How to eliminate wrong answers

Option A is wrong because `chown -R web:web /data` changes both the owner and group to 'web', which violates the requirement to not change the group. Option C is wrong because `chown web /data` only changes the owner of the /data directory itself, not its contents, missing the recursive requirement. Option D is wrong because `chown web:web /data` changes both owner and group to 'web' on the single directory, and lacks recursion, so it fails on both counts.

356
MCQmedium

Refer to the exhibit. Which users are allowed to use the 'at' command?

A.No one
B.root and user1
C.All users except user2 and user3
D.Only root
AnswerB

If at.allow exists, only users listed in it can use at.

357
MCQeasy

After modifying /etc/fstab, an administrator wants to test if the new mount points can be mounted without rebooting. Which command should be used?

A.systemctl daemon-reload
B.mount -a
C.mount -o remount
D.mount -t ext4
AnswerB

mount -a mounts all filesystems in /etc/fstab (excluding those already mounted).

Why this answer

The `mount -a` command reads /etc/fstab and mounts all filesystems listed there that are not already mounted, making it the correct way to test new entries without rebooting. This command respects the mount options and order defined in fstab, allowing the administrator to verify that the new mount points work correctly.

Exam trap

The trap here is that candidates confuse `systemctl daemon-reload` with a command that applies fstab changes, when in fact it only reloads systemd unit files and has no effect on mount operations defined in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because `systemctl daemon-reload` is used to reload systemd unit files, not to mount filesystems; it does not process /etc/fstab mount entries. Option C is wrong because `mount -o remount` requires a specific device or mount point argument and only remounts an already mounted filesystem, it cannot mount new entries from /etc/fstab. Option D is wrong because `mount -t ext4` specifies the filesystem type but requires explicit device and mount point arguments, it does not read /etc/fstab to mount new entries.

358
MCQhard

A host on the 192.168.1.0/24 network cannot reach the internet. Based on the exhibit, which is the most likely cause?

A.There is no route to 192.168.1.0/24.
B.The default route is missing.
C.The gateway for internet traffic is incorrect; the host uses 10.0.1.254 for internal network, but the default gateway 10.0.1.1 may not be reachable from 192.168.1.0/24.
D.The routing table is empty.
AnswerC

Causes internet unreachability.

Why this answer

Option D is correct. The default route points to 10.0.1.1, but the 192.168.1.0/24 network is accessed via 10.0.1.254, which likely does not have internet connectivity. Option A is wrong because the default route exists.

Option B is wrong because the routing table is present. Option C is wrong because there is no evidence of a missing route for that network.

359
Multi-Selectmedium

Which TWO directories are commonly used to store source code before compiling? (Choose two.)

Select 2 answers
A./tmp
B./var/src
C./usr/src
D./usr/local/src
E./opt
AnswersC, D

Standard source directory.

Why this answer

/usr/src is the traditional location for kernel source and other source packages. /usr/local/src is for locally compiled software. /opt is for optional add-on software binaries, not source. /tmp is temporary and not for permanent source code. /var/src is not standard.

360
MCQmedium

A junior system administrator, Sarah, has written a shell script to automate a backup process on a Linux server. The script is located at /home/sarah/backup.sh and has execute permissions. The script contains the line 'mybackup /home/data'. The 'mybackup' command is installed in /usr/local/bin and works correctly when Sarah runs it from her interactive shell. However, when she runs the script using './backup.sh', it fails with the error 'line 5: mybackup: command not found'. Sarah has verified that /usr/local/bin is in her PATH by executing 'echo $PATH' in an interactive session. Which of the following is the most likely cause of this issue?

A.The script uses a different shell interpreter (e.g., /bin/sh instead of /bin/bash) that does not support the command.
B.The script is running in a non-interactive shell that does not source Sarah's .bashrc file, so /usr/local/bin is not in the PATH.
C.The 'mybackup' command is a shell alias, not a real executable.
D.The script does not have the executable bit set.
AnswerB

Non-interactive shells do not source .bashrc, so custom PATH is missing.

Why this answer

Option B is correct. When a script runs, it starts a non-interactive shell that does not source the user's .bashrc or .profile, so custom PATH additions are not inherited. Option A would cause 'Permission denied'.

Option C: aliases are not expanded in non-interactive shells, but the command is a real executable. Option D: the shebang line determines the interpreter; if /bin/sh is used, it may still have the same PATH issue, but the most direct cause is missing PATH.

361
Multi-Selecteasy

Which TWO commands can be used to display the UUID of a filesystem? (Choose two.)

Select 2 answers
A.df -h
B.mount
C.lsblk -f
D.cat /etc/fstab
E.blkid
AnswersC, E

Lists filesystem information including UUID when -f is used.

Why this answer

The `lsblk -f` command lists block devices and includes the filesystem UUID in its output, making it a valid tool for displaying UUIDs. The `blkid` command directly queries and displays UUIDs and other attributes of block devices, so it is also correct.

Exam trap

The trap here is that candidates may confuse `mount` (which shows current mounts) with `blkid` or `lsblk` for UUID display, or think `/etc/fstab` is a command rather than a configuration file.

362
MCQmedium

Which command returns the directory part of a full path like '/home/user/script.sh'?

A.echo ${/home/user/script.sh%/*}
B.dirname /home/user/script.sh
C.Either dirname or the expansion ${path%/*} if path is set to the full path
D.basename /home/user/script.sh
AnswerC

Both return /home/user.

Why this answer

Option C is correct because both `dirname` and the shell parameter expansion `${path%/*}` extract the directory portion of a given path. The `dirname` command is a standard utility that strips the last component and trailing slash, returning the parent directory. The `${path%/*}` expansion uses the `%` operator to remove the shortest suffix matching `/*`, which effectively removes the filename and leaves the directory path.

This works only if `path` is a variable containing the full path string.

Exam trap

The trap here is that candidates often pick only `dirname` (Option B) because it is the obvious command, missing that the shell parameter expansion `${path%/*}` is also a valid and commonly used method, and that the question explicitly asks for 'which command' in a way that expects recognition of both approaches as correct.

How to eliminate wrong answers

Option A is wrong because the syntax `${/home/user/script.sh%/*}` is invalid; parameter expansion requires a variable name, not a literal string — the correct form would be `${path%/*}` with `path` set to the full path. Option B is wrong because `dirname /home/user/script.sh` is a valid command that returns the directory part, but the question asks for 'which command returns the directory part' and the answer options include a choice that says 'Either dirname or the expansion...' — so B is not wrong per se, but it is incomplete because the expansion also works; the correct answer is the one that acknowledges both methods. Option D is wrong because `basename` returns the filename component (e.g., 'script.sh'), not the directory part.

363
MCQhard

A user 'jdoe' already exists. The administrator needs to add 'jdoe' to the 'staff' and 'admin' groups without changing other group memberships. Which command accomplishes this?

A.usermod -a -G staff,admin jdoe
B.sed -i 's/^staff:.*/&jdoe/' /etc/group
C.usermod -G staff,admin jdoe
D.useradd -G staff,admin jdoe
AnswerA

The -a (append) flag with -G adds the user to the listed groups without affecting other group memberships.

Why this answer

Option A is correct because the `usermod -a -G` command appends the user 'jdoe' to the supplementary groups 'staff' and 'admin' without altering existing group memberships. The `-a` (append) flag is essential; without it, `-G` would replace all current supplementary groups with only those listed. This matches the requirement to add the user to new groups while preserving other group memberships.

Exam trap

The trap here is that candidates often forget the `-a` (append) flag with `usermod -G`, assuming `-G` alone adds groups, when in fact it replaces all supplementary group memberships, which is a common cause of accidental privilege removal.

How to eliminate wrong answers

Option B is wrong because `sed -i 's/^staff:.*/&jdoe/' /etc/group` attempts to edit the group file directly but incorrectly appends 'jdoe' to the end of the line without a comma separator, resulting in a malformed entry (e.g., 'staff:x:100:jdoe' instead of 'staff:x:100:jdoe'), and it only modifies the 'staff' group, ignoring 'admin'. Option C is wrong because `usermod -G staff,admin jdoe` without the `-a` flag will replace all of jdoe's current supplementary groups with only 'staff' and 'admin', removing any other group memberships. Option D is wrong because `useradd -G staff,admin jdoe` is used to create a new user and set initial supplementary groups; it will fail or produce an error since the user 'jdoe' already exists, and it does not modify existing users.

364
Multi-Selectmedium

Which TWO statements about GRUB 2 are correct?

Select 2 answers
A.After modifying /etc/default/grub, the command update-grub must be run to regenerate grub.cfg.
B.The GRUB configuration file read at boot is /boot/grub/grub.cfg.
C.GRUB 2 uses a configuration file named menu.lst.
D.The GRUB prompt can be accessed by pressing the 'e' key during boot.
E.The /etc/default/grub file is directly read by GRUB during boot.
AnswersA, B

update-grub (or grub-mkconfig) regenerates grub.cfg based on settings in /etc/default/grub.

Why this answer

Option A is correct because GRUB 2 reads the configuration file /boot/grub/grub.cfg at boot. Option C is correct because after editing /etc/default/grub, the update-grub command must be run to regenerate grub.cfg. Option B is incorrect because /etc/default/grub is not read by GRUB at boot; it is used by update-grub.

Option D is incorrect because menu.lst is used by GRUB Legacy, not GRUB 2. Option E is incorrect because pressing 'e' at the GRUB menu edits the boot entry, but the GRUB prompt is accessed by pressing 'c'.

365
MCQhard

Refer to the exhibit. The system is unable to mount a filesystem that should be identified by UUID 1234-5678. The administrator checks /etc/fstab and finds the entry: UUID=1234-5678 /data ext4 defaults 0 2. What is the most likely cause of the mount failure?

A.The /data mount point does not exist.
B.The device /dev/sda1 is not formatted with ext4.
C.The UUID in the fstab entry is incorrect.
D.The symlink for UUID 1234-5678 is broken.
AnswerD

The symlink exists but the target /dev/sda1 may not exist, causing a broken link and mount failure.

Why this answer

The symlink for UUID 1234-5678 points to ../../sda1. If the device /dev/sda1 does not exist (e.g., removed or not probed), the symlink is broken and mount fails. The UUID itself appears correct, and the fstab entry looks valid.

366
MCQmedium

An admin runs 'lsblk' and sees that /dev/nvme0n1p1 is listed with size 512M and mounted at /boot/efi. What is the most likely filesystem type?

A.ext4
B.swap
C.xfs
D.vfat
AnswerD

ESP uses FAT32, often labeled vfat in Linux.

Why this answer

The /boot/efi partition is the EFI System Partition (ESP), which is required for UEFI boot. The ESP must be formatted with a FAT-based filesystem (typically vfat/FAT32) because the UEFI firmware is designed to read FAT partitions to load boot loaders. The size of 512M is also typical for an ESP.

Exam trap

The trap here is that candidates often assume /boot/efi uses a Linux filesystem like ext4 because it is a Linux mount point, but the UEFI specification mandates FAT for the ESP, making vfat the only correct choice.

How to eliminate wrong answers

Option A is wrong because ext4 is a Linux-native filesystem not supported by UEFI firmware for the ESP; the ESP must use FAT. Option B is wrong because swap is used for virtual memory, not for storing boot files or EFI executables. Option C is wrong because xfs is a high-performance filesystem for large data volumes, but it is not recognized by UEFI firmware for the ESP.

367
Multi-Selecteasy

Which TWO of the following commands output the total number of lines in a file?

Select 2 answers
A.grep -c '.'
B.nl
C.head -n 1
D.sed -n '$='
E.wc -l
AnswersD, E

sed -n '$=' prints the line number of the last line, equivalent to the total line count.

Why this answer

Option A (wc -l) and D (sed -n '$=') correctly count lines. Option B counts non-empty lines only. Option C prints the first line.

Option E numbers lines but does not count them.

368
MCQeasy

A user needs to schedule a backup script to run every weekday at 2:00 AM. Which command should they use to set up this recurring job?

A.sleep 3600 && ./backup.sh
B.crontab -e and add a line
C.at -f backup.sh 2:00
D.batch
AnswerB

crontab -e is used for recurring jobs.

Why this answer

Option B is correct because crontab -e is used to edit the personal crontab file for recurring jobs. Option A is wrong because at is for one-time scheduling. Option C is wrong because sleep only delays execution.

Option D is wrong because batch runs when the system load is low.

369
MCQmedium

After running 'df -h', the administrator sees that /dev/sda1 is 100% used. 'du -sh /mountpoint' shows only 50% used. What is the most likely cause?

A.The disk has bad blocks
B.A large file was deleted but a process still holds it open
C.There is a hard link that du does not count
D.The filesystem is corrupted and needs fsck
AnswerB

Correct: The file remains on disk until the process releases it.

Why this answer

When a file is deleted but a process still holds an open file descriptor to it, the kernel does not release the disk space until the process closes the file. The 'df' command reports space usage based on the filesystem's superblock, which still counts the deleted file's blocks. 'du' calculates space by traversing the directory tree and summing file sizes, so it does not see the unlinked file. This discrepancy explains why 'df' shows 100% usage while 'du' shows only 50%.

Exam trap

The trap here is that candidates assume 'du' and 'df' should always match, overlooking the fact that 'du' cannot account for space used by unlinked files still held open by processes.

How to eliminate wrong answers

Option A is wrong because bad blocks would cause read/write errors and potential data loss, but they would not create a discrepancy between df and du; bad blocks are marked as unusable and do not inflate used space. Option C is wrong because hard links are counted correctly by both df and du; du counts each hard link's contribution to the directory tree, and df accounts for the inode's allocated blocks only once. Option D is wrong because filesystem corruption typically causes inconsistencies in metadata that fsck can repair, but it would not produce a clean df vs du mismatch; corruption often leads to errors or missing files, not a hidden file consuming space.

370
Multi-Selectmedium

Which THREE of the following directories are defined in the Filesystem Hierarchy Standard (FHS) and are expected to exist on a typical Linux system?

Select 3 answers
A./net
B./run
C./opt
D./proc
E./sys
AnswersB, D, E

/run is a standard temporary filesystem for runtime data.

Why this answer

B is correct because /run is a tmpfs directory defined in FHS 3.0+ that stores volatile runtime data (e.g., PID files, Unix sockets) since boot. It replaced /var/run to ensure early-boot processes have a writable location before /var is mounted.

Exam trap

The trap here is that /opt is defined in FHS but is optional, so candidates often assume it is mandatory, while /run, /proc, and /sys are the three that are truly expected on every typical Linux system.

371
Multi-Selectmedium

Which THREE of the following are valid systemd service unit types?

Select 3 answers
A.oneshot
B.simple
C.runtime
D.exec
E.forking
AnswersA, B, E

A service that runs a command and exits; often used for setup scripts.

Why this answer

Systemd service units can be of types: simple, forking, oneshot, dbus, notify, idle. For correct options, 'forking' is a type (service starts a child process and exits), 'simple' (main process is started directly), 'oneshot' (executes and then exits). 'exec' is not a service type; 'idle' is a type but not listed; 'runtime' is not a type. So correct are A, B, D.

372
Multi-Selecthard

An administrator needs to downgrade a package 'apache2' to a specific older version using APT. Which TWO commands can achieve this? (Choose exactly two.)

Select 2 answers
A.apt-get install apache2=2.2.22
B.apt-get upgrade apache2
C.apt-get --reinstall install apache2
D.apt-get -t stable install apache2
E.apt-cache showpkg apache2
AnswersA, D

Installs the specified exact version.

Why this answer

Options A and B are correct. apt-get install apache2=version will install that specific version. apt-get -t stable install apache2 will install the version from the 'stable' release, which may be older if the current repository has a newer version from 'testing'. Option C is incorrect because apt-get upgrade upgrades all packages, not downgrade. Option D is incorrect because apt-cache showpkg shows available versions but does not install.

Option E is incorrect because apt-get --reinstall install only reinstalls the current version.

373
MCQhard

After a failed package upgrade, a Debian system shows 'unmet dependencies' when trying to install any new software. What is the most appropriate command to fix this condition?

A.Edit /var/lib/dpkg/status manually
B.apt-get install -f
C.dpkg --purge $(dpkg -l | grep ^iU | awk '{print $2}')
D.dpkg --force-depends -i *.deb
AnswerB

The -f flag fixes broken dependencies.

Why this answer

apt-get install -f (or apt install -f) attempts to correct broken dependencies. Using dpkg --force-depends bypasses dependency checks but can leave the system in an inconsistent state. Removing all packages is too drastic.

Editing dpkg status file manually is error-prone and not recommended.

374
Drag & Dropmedium

Arrange the steps to create a LVM logical volume and mount it.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

LVM requires PVs, VG, LV creation, then formatting and mounting.

375
MCQhard

Refer to the exhibit. The remount command fails. What is the most likely cause?

A.The filesystem type is wrong.
B.The fstab entry lacks the 'noauto' option but the device is not currently mounted.
C.The filesystem is not mounted.
D.The mount point /data does not exist.
AnswerB

remount requires the filesystem to be mounted; if /data is not mounted (e.g., after boot without 'auto'), the command fails.

Page 4

Page 5 of 7

Page 6

All pages