CCNA GNU and Unix Commands Questions

38 questions · GNU and Unix Commands · All types, answers revealed

1
MCQhard

Refer to the exhibit. The process with PID 1234 is in state 'Z'. What is the most likely cause and appropriate action?

A.The process is stopped; use kill -CONT to continue.
B.The process is a daemon; it should be restarted.
C.The process is sleeping; wait for it to become ready.
D.The process is a zombie; the parent process must be killed or wait for it to be reaped.
AnswerD

Zombies require the parent to reap them; if parent is not waiting, it may need to be terminated.

Why this answer

In Linux process states, 'Z' indicates a zombie process, which is a child process that has terminated but whose exit status has not yet been read by its parent process via the wait() system call. The correct action is to either kill the parent process (so that the zombie is reaped by init) or ensure the parent calls wait() to reap the child. Option D correctly identifies this.

Exam trap

The trap here is that candidates confuse zombie ('Z') with stopped ('T') or sleeping ('S') states, leading them to choose a recovery action like sending SIGCONT or simply waiting, rather than recognizing that a zombie requires the parent to reap it or be terminated.

How to eliminate wrong answers

Option A is wrong because a stopped process is indicated by state 'T' (or 't'), not 'Z', and kill -CONT is used to resume a stopped process, not handle a zombie. Option B is wrong because a daemon process typically runs in the background with state 'S' (sleeping) or 'R' (running), and restarting a daemon does not address a zombie; zombies are already dead and waiting to be reaped. Option C is wrong because a sleeping process is indicated by state 'S' or 'D' (uninterruptible sleep), not 'Z', and waiting will not resolve a zombie—the zombie persists until the parent reaps it.

2
Matchingmedium

Match each device file naming pattern to its device type.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

First SCSI/SATA disk

First NVMe SSD

First serial port (COM1)

First loopback device

First software RAID device

Why these pairings

Common Linux device naming conventions.

3
MCQmedium

A systems administrator needs to change the permissions of the file /home/user/script.sh so that the owner can read, write, and execute; the group can read and execute; and others have no access. Which command accomplishes this?

A.chmod 755 /home/user/script.sh
B.chmod 750 /home/user/script.sh
C.chmod 770 /home/user/script.sh
D.chmod 741 /home/user/script.sh
AnswerB

750 gives rwx for owner, r-x for group, and --- for others, matching the requirement.

Why this answer

Option B is correct because chmod 750 sets the permissions to rwxr-x---, which gives the owner read, write, and execute (7), the group read and execute (5), and others no access (0). This matches the requirement exactly.

Exam trap

The trap here is that candidates often confuse the octal values, especially mistaking 755 (which grants others read/execute) for the correct setting, or they forget that 750 denies others access while 755 does not.

How to eliminate wrong answers

Option A is wrong because chmod 755 sets permissions to rwxr-xr-x, which gives others read and execute access, violating the requirement that others have no access. Option C is wrong because chmod 770 sets permissions to rwxrwx---, which gives the group write access in addition to read and execute, exceeding the required group permissions. Option D is wrong because chmod 741 sets permissions to rwxr----x, which gives others only execute access (1) instead of no access, and the group has only read access (4) instead of read and execute.

4
Multi-Selecteasy

Which THREE of the following are correct features of the 'grep' command? (Choose three.)

Select 3 answers
A.-i makes the search case-insensitive
B.-v inverts the match
C.-c counts matching lines
D.-l prints line numbers of matches
E.-r enables regular expression matching
AnswersA, B, C

Correct: --ignore-case.

Why this answer

Option A is correct because the `-i` flag in `grep` performs case-insensitive matching, so patterns like 'error' will match 'Error', 'ERROR', etc. This is a common requirement when searching log files where case may vary.

Exam trap

The trap here is that candidates confuse `-l` (list filenames) with `-n` (show line numbers) and assume `-r` enables regex, when in fact `-r` is for recursive directory traversal and regex is the default behavior.

5
MCQmedium

Which command is used to compress a file with the highest compression ratio?

A.gzip -9
B.xz -9
C.bzip2 -9
D.compress
AnswerB

xz offers the highest compression ratio among these tools, especially with -9.

Why this answer

Option B is correct because `xz -9` uses the LZMA2 compression algorithm, which typically achieves a higher compression ratio than gzip (DEFLATE) or bzip2 (Burrows-Wheeler transform) at the cost of slower speed and higher memory usage. The `-9` flag sets the highest compression level, maximizing the ratio.

Exam trap

The trap here is that candidates often assume gzip or bzip2 with `-9` offers the highest compression ratio because they are more common, but xz is the correct answer due to its superior LZMA2 algorithm.

How to eliminate wrong answers

Option A is wrong because gzip uses the DEFLATE algorithm, which generally provides lower compression ratios than xz, especially at level 9. Option C is wrong because bzip2 uses the Burrows-Wheeler transform and Huffman coding, which can achieve good ratios but is typically outperformed by xz's LZMA2 in terms of compression ratio. Option D is wrong because `compress` uses the LZW algorithm, which is outdated and offers significantly lower compression ratios than modern tools like xz.

6
Drag & Dropmedium

Order the steps to recover a forgotten root password on a Linux system.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Recovery involves booting into a shell with root access, remounting read-write, and changing the password.

7
Multi-Selecthard

Which TWO of the following are valid methods to run a shell script named 'script.sh' using the bash shell, assuming the script has execute permission? (Choose two.)

Select 2 answers
A../script.sh
B.sh script.sh
C.script.sh (if in PATH)
D.source script.sh
E.bash script.sh
AnswersA, E

Executes the script using its shebang line, assumed to be bash.

Why this answer

Option A is correct because './script.sh' explicitly invokes the script using the current shell's shebang interpreter (e.g., #!/bin/bash) and requires execute permission. Option E is correct because 'bash script.sh' runs the script as an argument to the bash interpreter, which reads and executes the file line by line, also requiring execute permission.

Exam trap

The trap here is that candidates often confuse 'sh script.sh' with 'bash script.sh', not realizing that sh may be a different shell (e.g., dash) that lacks bash-specific features, and that 'source' is for importing functions/variables, not for running a script as a separate process.

8
Multi-Selectmedium

Which TWO commands can be used to display the contents of a compressed text file (e.g., .gz, .bz2) directly to standard output without decompressing to disk?

Select 2 answers
A.gzcat
B.zless
C.bzcat
D.lzcat
E.zcat
AnswersC, E

bzcat decompresses .bz2 files to stdout.

Why this answer

Option C (bzcat) is correct because it reads bzip2-compressed files (.bz2) and decompresses them directly to standard output without creating a decompressed file on disk. Option E (zcat) is correct because it does the same for gzip-compressed files (.gz), acting as a front-end to gzip -dc.

Exam trap

The trap here is that candidates may confuse zcat with gzcat (which is not standard) or think zless is equivalent to zcat, when in fact zless is a pager that does not output continuously to stdout.

9
Matchingmedium

Match each Linux runlevel to its typical description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Halt

Single-user mode

Multi-user with networking

Multi-user with GUI

Reboot

Why these pairings

Standard SysV init runlevels.

10
MCQeasy

Refer to the exhibit. Which file system is full and what is the likely consequence if the administrator does not take action?

A.Both are full; system will crash.
B./dev/sda1 is full; system may become unstable.
C.Neither is full; available space is sufficient.
D./dev/sdb1 is full; applications writing to /var may fail.
AnswerD

The mount point /var is at 100% usage.

Why this answer

The exhibit shows that /dev/sdb1, mounted on /var, has 0% available space (100% used). The /var directory stores variable data such as logs, spool files, and temporary files. If /var fills up, critical services like syslog, cron, or package managers (e.g., apt, yum) cannot write to their log or spool files, causing applications that depend on /var to fail.

This is why option D is correct.

Exam trap

LPI often tests the misconception that a full root filesystem (/dev/sda1) is the only critical issue, but the trap here is that /var (often a separate partition) can fill up silently, causing application failures without an immediate system crash.

How to eliminate wrong answers

Option A is wrong because only /dev/sdb1 is full; /dev/sda1 has available space, so the system will not crash outright, but services relying on /var may fail. Option B is wrong because /dev/sda1 is not full; it has 20% used and 80% available, so the system will not become unstable from that mount point. Option C is wrong because /dev/sdb1 is indeed full (100% used), so available space is not sufficient for /var.

11
MCQmedium

Refer to the exhibit. When will the backup script run?

A.Daily at 4:30 AM
B.Monthly at 4:30 AM on the 1st
C.Yearly at 4:30 AM
D.Weekly at 4:30 AM
AnswerB

The '1' in the day-of-month field indicates the first day of each month.

Why this answer

The cron entry `30 4 1 * * /usr/local/bin/backup.sh` specifies that the script runs when the minute is 30, hour is 4, and day-of-month is 1, with the month and day-of-week fields set to `*` (meaning every month and every day of the week). This results in execution at 4:30 AM on the 1st day of every month, making option B correct.

Exam trap

LPI often tests the misconception that a `*` in the day-of-week field implies 'every day' but candidates forget that the day-of-month field of `1` restricts execution to only the 1st, not daily.

How to eliminate wrong answers

Option A is wrong because 'Daily at 4:30 AM' would require the day-of-month field to be `*` (or a day-of-week field set to `*` with no day-of-month restriction), but here the day-of-month is `1`, limiting execution to only the 1st of each month. Option C is wrong because 'Yearly at 4:30 AM' would typically use a specific month field (e.g., `30 4 1 1 *` for January 1st), but the month field is `*`, meaning every month, not just one month per year. Option D is wrong because 'Weekly at 4:30 AM' would require a specific day-of-week value (e.g., `30 4 * * 0` for Sunday), but the day-of-week field is `*` and the day-of-month is `1`, which does not guarantee a weekly schedule.

12
MCQmedium

After receiving a compressed tarball archive.tar.gz from a colleague, you want to list its contents without extracting. Which command should you use?

A.tar -xzf archive.tar.gz
B.tar -cvf archive.tar.gz
C.gzip -d archive.tar.gz | tar -t
D.tar -tvf archive.tar.gz
AnswerD

-t lists the contents of the archive without extracting.

Why this answer

The `tar -tvf archive.tar.gz` command lists the contents of a compressed tarball without extracting it. The `-t` option tells tar to list the archive's table of contents, `-v` provides verbose output (showing file permissions, ownership, etc.), and `-f` specifies the archive file. Tar automatically detects and decompresses the gzip compression when reading the file, so no separate decompression step is needed.

Exam trap

The trap here is that candidates confuse the `-x` (extract) flag with `-t` (list) because both are used for reading archives, but only `-t` lists without extracting; LPI often tests this by offering `-xzf` as a distractor, assuming candidates will misremember the flag for listing.

How to eliminate wrong answers

Option A is wrong because `tar -xzf archive.tar.gz` extracts the archive (the `-x` flag means extract), not lists its contents. Option B is wrong because `tar -cvf archive.tar.gz` creates a new archive (the `-c` flag means create) from files, which would overwrite the existing file or fail, and does not list contents. Option C is wrong because `gzip -d archive.tar.gz | tar -t` attempts to decompress the file and pipe the output to `tar -t`, but `gzip -d` without `-c` (or `--stdout`) writes the decompressed data to a file (removing the .gz extension) instead of sending it to stdout, so the pipe receives no data and tar fails; even if corrected with `gzip -dc`, it is unnecessarily complex since tar handles decompression natively.

13
MCQmedium

Refer to the exhibit. Which file has a special permission that allows a user to execute the file with the privileges of the file owner?

A./usr/bin/myapp
B./tmp/shared
C./usr/bin/su
D.None of the above
AnswerC

Has setuid bit (rws).

Why this answer

The /usr/bin/su command has the SUID (Set User ID) special permission set (typically mode 4755). This allows any user who executes the file to run it with the effective user ID of the file owner (root), enabling privilege escalation to perform administrative tasks. The SUID bit is represented by an 's' in the owner's execute position when viewed with ls -l.

Exam trap

The trap here is that candidates often confuse the SUID permission with the SGID or sticky bit, or assume that any executable file in /usr/bin has special permissions, when in fact only specific system binaries like su, sudo, and passwd are configured with SUID for security reasons.

How to eliminate wrong answers

Option A is wrong because /usr/bin/myapp is a generic application file that does not inherently have the SUID permission set; without the SUID bit, it executes with the privileges of the user who runs it, not the file owner. Option B is wrong because /tmp/shared is a directory (or a regular file without SUID), and directories use the SGID or sticky bit for different purposes (e.g., group inheritance or preventing file deletion by non-owners), not for executing with the file owner's privileges. Option D is wrong because /usr/bin/su does have the special permission described, so 'None of the above' is incorrect.

14
MCQmedium

An administrator needs to copy a directory hierarchy from one server to another over SSH, preserving permissions, ownership, and timestamps. Which command is most appropriate?

A.cp -a /source /mnt/remote
B.tar cf - /source | ssh user@dest "tar xf - -C /target"
C.scp -rp /source user@dest:/target
D.rsync -avz /source user@dest:/target
AnswerB

Preserves all metadata and works over SSH.

Why this answer

Option B is correct because it uses `tar` to create an archive of the source directory, pipes it over SSH, and extracts it on the remote server with `tar xf - -C /target`. This method preserves all file metadata (permissions, ownership, timestamps) because `tar` captures and restores these attributes by default, and the pipe over SSH transfers the raw archive without any transformation. Unlike `scp` or `rsync` (without root privileges), this approach can preserve ownership even when the user is not root, as long as the remote `tar` runs with appropriate privileges.

Exam trap

The trap here is that candidates often choose `rsync -avz` (Option D) because it is commonly used for backups, but they overlook that preserving ownership over SSH requires root privileges and the `--numeric-ids` flag, which is not specified in the option, making `tar` the more reliable choice for this specific requirement.

How to eliminate wrong answers

Option A is wrong because `cp -a /source /mnt/remote` assumes the remote directory is mounted locally (e.g., via NFS or SSHFS), not over SSH directly; it does not use SSH for transport and would fail if the remote server is not mounted. Option C is wrong because `scp -rp` does not preserve ownership (it resets ownership to the connecting user) and may not preserve all timestamps in all cases; it also lacks the ability to preserve extended attributes or ACLs that `tar` can handle. Option D is wrong because `rsync -avz` without `--numeric-ids` and running as root on both sides will not preserve ownership (it maps UIDs/GIDs based on the remote user's permissions), and it may alter timestamps if the remote filesystem does not support nanosecond precision; additionally, `rsync` over SSH requires the remote user to have write permissions to the target, and ownership preservation typically requires root privileges.

15
Drag & Dropmedium

Arrange the steps to configure a static IP address on a Linux system using the command line.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static IP configuration requires editing the appropriate config file, then restarting networking to apply changes.

16
MCQmedium

Refer to the exhibit. A user runs 'python --version' and gets 'Python 3.9.1'. Which command would run Python 2 instead?

A.python --version2
B.python2
C.python3
D.python2 --version
AnswerB

python2 is a separate executable and will run Python 2.

17
MCQhard

An administrator runs the command 'find / -name "*.conf" 2>/dev/null | head -n 10' and notices that the command returns very quickly. Which statement best describes what happened?

A.It scans the entire filesystem but stops after sending the first 10 lines to head due to a broken pipe.
B.It lists 10 .conf files only from the current directory because the path is /.
C.It lists all .conf files in the filesystem because head only affects output, not find.
D.It lists only the first 10 .conf files found in the filesystem.
AnswerA

Find continues until it tries to write after head closes, then stops.

Why this answer

Option A is correct because the `find` command starts scanning the entire filesystem from root (`/`), but its output is piped to `head -n 10`, which reads only the first 10 lines and then closes the pipe. When `head` closes the pipe, `find` receives a SIGPIPE signal (broken pipe) and terminates early, so the command returns very quickly without scanning the entire filesystem.

Exam trap

The trap here is that candidates often think `head` simply filters output after the command finishes, not realizing that pipe-induced SIGPIPE causes the upstream command to terminate early, which is why the command returns quickly.

How to eliminate wrong answers

Option B is wrong because the path `/` specifies the root directory, not the current directory; `find /` starts the search from the root of the filesystem, not from the current working directory. Option C is wrong because `head` does affect the `find` command via the pipe: when `head` exits after reading 10 lines, it closes the pipe, causing `find` to receive a broken pipe signal and stop. Option D is wrong because it implies `find` completes its full scan and then `head` selects the first 10 lines, but in reality `find` stops early due to the broken pipe, which is why the command returns quickly.

18
MCQmedium

A system administrator notices that the system's syslog messages are not being written to /var/log/messages. The rsyslog service is running. The administrator wants to check the configuration syntax of rsyslog. Which command should be used?

A.rsyslogd -d
B.rsyslogd -f
C.rsyslogd -N
D.rsyslogd -v
AnswerC

-N performs a syntax check on the configuration file.

Why this answer

The correct command is `rsyslogd -N` because the `-N` option performs a configuration syntax check without starting or restarting the rsyslog daemon. This allows the administrator to validate the rsyslog configuration file for errors before applying changes, ensuring that syslog messages will be written correctly to /var/log/messages.

Exam trap

The trap here is that candidates may confuse `-N` with `-d` (debug mode) or `-f` (config file path), assuming that running the daemon with a verbose flag or specifying a file will reveal syntax errors, whereas only `-N` performs a dedicated syntax check without executing the daemon.

How to eliminate wrong answers

Option A is wrong because `rsyslogd -d` runs rsyslogd in debug mode, which outputs verbose debugging information to the terminal but does not specifically check configuration syntax. Option B is wrong because `rsyslogd -f` specifies an alternative configuration file to use, not a syntax check; it would load and use that file, potentially causing issues if the syntax is invalid. Option D is wrong because `rsyslogd -v` displays the version information of rsyslogd and does not perform any configuration validation.

19
Multi-Selecteasy

Which TWO commands can be used to view the contents of a compressed file named archive.tar.gz without extracting it to disk?

Select 2 answers
A.gzip -d archive.tar.gz
B.bunzip2 -c archive.tar.gz | tar -t
C.tar -tzf archive.tar.gz
D.gunzip -l archive.tar.gz
E.zcat archive.tar.gz | tar -t
AnswersC, E

Correct: tar -t lists table of contents; -z handles gzip; -f specifies file.

Why this answer

Option C is correct because the `tar -tzf` command lists the contents of a tar archive compressed with gzip without extracting it. The `-t` flag tells tar to list the table of contents, `-z` handles the gzip decompression on the fly, and `-f` specifies the archive file. This is the standard, single-command method for viewing the contents of a `.tar.gz` file without writing any files to disk.

Exam trap

The trap here is that candidates often confuse `gunzip -l` (which shows compression metadata) with listing the actual file contents, or they mistakenly apply bzip2 tools to gzip archives, forgetting that each compression format requires its own specific decompression utility.

20
MCQhard

A script uses 'set -e' and then executes 'grep pattern file'. If the pattern is not found, the script exits. Which of the following modifications would prevent the script from exiting while still allowing detection of the pattern's absence?

A.grep -q pattern file || true
B.set +e; grep pattern file; exit_code=$?; set -e
C.grep pattern file; exit_code=$?
D.grep pattern file | head -1
AnswerB

Temporarily disables exit-on-error, captures exit code, then re-enables.

Why this answer

Option B is correct because it temporarily disables 'set -e' with 'set +e', runs the grep command, captures its exit code in a variable, then re-enables 'set -e'. This allows the script to continue executing after a non-zero exit from grep, while still preserving the exit code for later conditional checks. The other options either fail to preserve the exit code or do not prevent the script from exiting under 'set -e'.

Exam trap

The trap here is that candidates often think '|| true' or piping to another command will both prevent exit and preserve the exit code, but they fail to realize that these constructs either discard the exit code or do not reliably prevent exit under all shell configurations.

How to eliminate wrong answers

Option A is wrong because 'grep -q pattern file || true' prevents the script from exiting (due to the '|| true' ensuring a zero exit status), but it does not capture the exit code of grep, so the absence of the pattern cannot be detected later. Option C is wrong because simply running 'grep pattern file; exit_code=$?' without first disabling 'set -e' will cause the script to exit immediately if grep returns non-zero, so the exit code is never captured. Option D is wrong because 'grep pattern file | head -1' uses a pipe, and under 'set -e' the script will exit if grep fails (since the pipe's exit status is the exit status of the last command, which is head, but the shell's 'set -e' behavior can still cause exit if grep fails in some shells; more importantly, the exit code of grep is lost because only the exit code of the pipeline is available, and head typically succeeds even if grep fails).

21
MCQeasy

A system administrator wants to list all files in a directory that have been modified in the last 24 hours. Which command would be most appropriate?

A.ls -l --time=mod
B.find . -mmin 1440
C.ls -lt
D.find . -mtime -1
AnswerD

-mtime -1 finds files modified less than 1 day ago, which is the last 24 hours.

Why this answer

Option D is correct because the `find` command with `-mtime -1` searches for files whose modification time is less than 1 day ago (i.e., within the last 24 hours). The minus sign before the number means 'less than' that many days, so `-mtime -1` matches files modified in the last 24 hours. This is the standard, precise way to list files by modification time in a directory tree.

Exam trap

The trap here is that candidates confuse `-mtime` with `-mmin` and forget that the minus sign in `-mtime -1` is required to mean 'less than', or they mistakenly think `ls -lt` filters by time when it only sorts.

How to eliminate wrong answers

Option A is wrong because `ls -l --time=mod` lists files with their modification time displayed, but it does not filter files by age; it shows all files in the directory. Option B is wrong because `find . -mmin 1440` uses minutes (1440 minutes = 24 hours), but the syntax `-mmin` expects an integer without a sign; `-mmin 1440` matches files modified exactly 1440 minutes ago, not within the last 24 hours (the correct syntax would be `-mmin -1440`). Option C is wrong because `ls -lt` lists files sorted by modification time (newest first), but it does not filter; it shows all files in the directory, regardless of age.

22
Multi-Selectmedium

Which TWO commands can be used to display the contents of a compressed file without decompressing it to disk? (Choose two.)

Select 2 answers
A.zcat file.gz
B.gzip -d file.gz
C.tar -xzf file.tar.gz
D.bzcat file.bz2
E.uncompress file.Z
AnswersA, D

Equivalent to gunzip -c; outputs to stdout.

Why this answer

A is correct because `zcat` reads a gzip-compressed file and writes its decompressed content to standard output without saving the decompressed data to disk. This allows you to view the contents of `file.gz` directly in the terminal or pipe it to other commands.

Exam trap

The trap here is that candidates confuse commands that decompress to stdout (like `zcat` and `bzcat`) with commands that decompress to disk (like `gzip -d` or `uncompress`), or they mistakenly think `tar -xzf` only displays the archive contents when it actually extracts them.

23
MCQmedium

Refer to the exhibit. What will be the default permissions of a newly created file using the touch command?

A.-rw-r--r--
B.-rw-rw-rw-
C.-rwxr-xr-x
D.-rw-rw-r--
AnswerA

Correct: 666 - 022 = 644, giving owner read/write, group read, others read.

Why this answer

Default base permissions for a file are 666 (rw-rw-rw-). Subtracting the umask 022 gives 644 (rw-r--r--), which corresponds to option B.

24
Multi-Selecthard

Which THREE of the following are valid symbolic mode expressions for the chmod command?

Select 3 answers
A.u+x
B.755
C.a+rwx
D.c+r
E.g-w
AnswersA, C, E

Adds execute permission for the user.

Why this answer

Option A is correct because 'u+x' is a valid symbolic mode expression for chmod, where 'u' stands for the user (owner), '+' adds a permission, and 'x' is the execute permission. This syntax follows the POSIX standard for symbolic modes, allowing precise modification of file permissions without specifying an absolute octal value.

Exam trap

The trap here is that candidates may confuse numeric (octal) modes with symbolic modes, or assume that any single-letter class like 'c' is valid, when only u, g, o, and a are recognized by the chmod command.

25
MCQhard

A web server runs Apache and generates extensive access logs. To conserve disk space, an administrator sets up a cron job that runs nightly at 2:00 AM. The job executes a shell script located at /usr/local/bin/rotate_logs.sh. The script is intended to find all .log files in /var/log/apache2/ that are older than 7 days, compress them with gzip, and move the compressed files to /var/log/archive/. However, after several days, the administrator notices that the /var/log partition is nearly full and the logs are not being compressed. The cron log shows the job ran at the scheduled time but produced no terminal output (stdout or stderr). The script itself contains no explicit echo statements or error handling. The administrator has root access and wants to diagnose the problem without disrupting the running web server. Which of the following is the most appropriate first step to identify the failure?

A.Run the script manually with 'bash -x /usr/local/bin/rotate_logs.sh' to observe command execution.
B.Use 'ps -ef | grep compress' to check if the cron job spawned any child processes.
C.Check the file permissions of the archive directory with 'ls -ld /var/log/archive'.
D.Review the system logs in /var/log/syslog for any entries related to gzip or the script.
AnswerA

The -x flag shows each command as it runs, exposing any errors.

Why this answer

Option A is correct because running the script with 'bash -x' enables execution tracing, which prints each command and its arguments as they are executed. This will reveal exactly where the script fails—whether due to a missing file, permission error, or incorrect path—without modifying the script or disrupting the running web server. Since the cron job produced no output, the script likely encountered a silent failure, and 'bash -x' is the most direct way to diagnose it.

Exam trap

The trap here is that candidates may jump to checking permissions or system logs because they assume a permission or system-level error, but the most efficient first step is to reproduce the script's execution with tracing enabled to see exactly what commands run and where they fail.

How to eliminate wrong answers

Option B is wrong because 'ps -ef | grep compress' only checks for currently running processes named 'compress'; the cron job has already finished, so no child processes would exist, and this does not help diagnose why the script failed. Option C is wrong because checking permissions of /var/log/archive is a secondary step; the script may fail before even attempting to move files (e.g., due to a missing source directory or incorrect find command), and permissions alone cannot reveal the root cause of a silent failure. Option D is wrong because reviewing system logs like /var/log/syslog may show gzip-related errors only if the script actually ran gzip and logged errors; since the script has no error handling and produced no output, there may be no relevant entries, making this an inefficient first step.

26
MCQmedium

You are a Linux administrator for a company that runs a web server on a system with limited disk space. The web server logs are stored in /var/log/httpd/access_log and grow quickly. The operations team requires that the most recent logs be available for troubleshooting, but logs older than 7 days must be compressed to save space. You decide to implement log rotation using logrotate. The logrotate configuration file for httpd currently contains: /var/log/httpd/*.log { daily rotate 7 compress delaycompress missingok notifempty sharedscripts postrotate /bin/systemctl reload httpd 2>/dev/null || true endscript } After applying this configuration, you notice that log files are being compressed immediately instead of after one rotation. What is the most likely cause and the correct step to fix this?

A.Remove the 'sharedscripts' directive to ensure the postrotate script runs for each log file individually.
B.Change the rotation frequency to 'weekly' so that the most recent week's logs remain uncompressed and older logs are compressed.
C.Remove the 'delaycompress' directive to ensure compression occurs at each rotation.
D.Add the 'copytruncate' directive to avoid moving the log file, allowing the web server to continue writing to the same file.
AnswerB

With weekly rotation, the most recent rotated log (one week old) remains uncompressed due to delaycompress, while older logs are compressed, meeting the requirement of compressing logs older than 7 days.

Why this answer

Option B is correct because the configuration uses 'rotate 7' with 'daily' frequency, meaning seven daily rotations are kept. However, 'delaycompress' delays compression by one rotation, so the most recent rotated log remains uncompressed. With 'daily' rotation, the current log and the most recent rotated log are both uncompressed, which may appear as if compression happens immediately.

Changing to 'weekly' ensures that only the most recent week's logs remain uncompressed, matching the requirement that logs older than 7 days are compressed.

Exam trap

The trap here is that candidates may misinterpret 'delaycompress' as causing immediate compression, when in fact it delays compression by one rotation, and the issue is actually the rotation frequency being too short relative to the retention period.

How to eliminate wrong answers

Option A is wrong because 'sharedscripts' is not related to compression timing; it controls whether the postrotate script runs once for all logs or per log file. Option C is wrong because removing 'delaycompress' would cause compression to occur at each rotation, which is the opposite of the desired behavior (logs older than 7 days should be compressed, not the most recent). Option D is wrong because 'copytruncate' is used when the application cannot be signaled to close and reopen its log file; it does not affect compression timing and would not solve the immediate compression issue.

27
MCQhard

Refer to the exhibit. The system fails to boot with an error 'UUID=e5f6g7h8 not found'. Which is the most likely cause?

A.The fstab entry for /boot is incorrect.
B.The root filesystem is corrupted.
C.The initramfs does not contain the necessary filesystem modules.
D.The disk order changed, so /dev/sda2 is no longer the correct device.
AnswerC

If the initramfs lacks the driver for the root filesystem, the UUID cannot be resolved.

28
MCQhard

Refer to the exhibit. An administrator needs to edit /etc/example.conf to change setting1 to 'production' and add a new line 'setting2=value' after the include line. The file must be edited in place without creating a backup. Which command sequence achieves this?

A.sed -i 's/setting1=default/setting1=production/' /etc/example.conf; sed -i '/^include /a\nsetting2=value' /etc/example.conf
B.sed -i 's/setting1=default/setting1=production/' /etc/example.conf; sed -i '/^include /i\nsetting2=value' /etc/example.conf
C.sed -i.bak 's/setting1=default/setting1=production/' /etc/example.conf; sed -i.bak '/^include /a\nsetting2=value' /etc/example.conf
D.sed -i.bak 's/setting1=default/setting1=production/' /etc/example.conf; sed -i.bak '/^include /a\nsetting2=value' /etc/example.conf
AnswerA

Correct: -i without argument edits in place; first command changes the setting; second appends after the include line.

Why this answer

Option A is correct because the first sed command uses the -i flag to edit the file in place without a backup, and the substitution 's/setting1=default/setting1=production/' changes the existing setting. The second sed command uses the 'a' (append) command after the line matching '^include ' to add the new line 'setting2=value' after it, also with -i to avoid creating a backup.

Exam trap

The trap here is that candidates often confuse the 'a' (append) and 'i' (insert) sed commands, or overlook the requirement to avoid backups by choosing options with -i.bak instead of plain -i.

How to eliminate wrong answers

Option B is wrong because it uses the 'i' (insert) command instead of 'a' (append), which would add the new line before the include line, not after it as required. Option C is wrong because it uses '-i.bak' which creates a backup file with a .bak extension, violating the requirement to edit in place without creating a backup. Option D is wrong for the same reason as Option C — it uses '-i.bak' to create backups, and also uses the correct 'a' command but still fails the no-backup requirement.

29
MCQmedium

Refer to the exhibit. Which users are allowed to use the 'at' command?

A.No one
B.root and user1
C.All users except user2 and user3
D.Only root
AnswerB

If at.allow exists, only users listed in it can use at.

30
Multi-Selecteasy

Which TWO of the following commands output the total number of lines in a file?

Select 2 answers
A.grep -c '.'
B.nl
C.head -n 1
D.sed -n '$='
E.wc -l
AnswersD, E

sed -n '$=' prints the line number of the last line, equivalent to the total line count.

Why this answer

Option A (wc -l) and D (sed -n '$=') correctly count lines. Option B counts non-empty lines only. Option C prints the first line.

Option E numbers lines but does not count them.

31
MCQhard

Refer to the exhibit. The remount command fails. What is the most likely cause?

A.The filesystem type is wrong.
B.The fstab entry lacks the 'noauto' option but the device is not currently mounted.
C.The filesystem is not mounted.
D.The mount point /data does not exist.
AnswerB

remount requires the filesystem to be mounted; if /data is not mounted (e.g., after boot without 'auto'), the command fails.

32
MCQhard

A developer wants to change the ownership of all files in a directory tree to the user 'www-data' and group 'www-data', but only files that are currently owned by user 'nobody'. Which command accomplishes this?

A.chown --from=nobody www-data:www-data /path
B.find /path -user nobody -exec chown www-data:www-data {} \;
C.chown -R --from=nobody www-data:www-data /path
D.chown -R www-data:www-data /path
AnswerC

Correctly uses recursive mode and the --from option to limit changes to files owned by nobody.

Why this answer

Option C is correct because the `chown -R --from=nobody www-data:www-data /path` command recursively changes ownership of files and directories only if they are currently owned by the user 'nobody'. The `--from` option specifies the current owner (and optionally group) to match before applying the change, and `-R` ensures recursion into subdirectories. This exactly meets the requirement to change ownership only for files owned by 'nobody'.

Exam trap

The trap here is that candidates often forget the `-R` flag for recursion or overlook the `--from` option, leading them to choose a brute-force approach like `chown -R` (option D) that changes all files regardless of current ownership, or a more complex `find`-based solution (option B) that works but is not the most direct command tested.

How to eliminate wrong answers

Option A is wrong because it lacks the `-R` flag, so it only changes ownership of the top-level directory `/path` itself, not files within the directory tree. Option B is wrong because while it uses `find` to locate files owned by 'nobody' and executes `chown`, it does not use the `--from` option and would change ownership of all files found, but the command is syntactically correct; however, it is less efficient and not the single command the question expects, and the question asks for 'which command accomplishes this' with the implication of a direct `chown` approach. Option D is wrong because it changes ownership of all files in the directory tree to 'www-data:www-data' regardless of the current owner, not only those owned by 'nobody'.

33
MCQmedium

A developer is troubleshooting a shell script that uses the variable $HOME but it outputs nothing when the script runs. The script is executed with ./script.sh from an interactive shell. What is the most likely cause?

A.The script is run with sh instead of bash
B.The script is run with sudo
C.The HOME variable is not exported
D.The user has no home directory
AnswerC

Variables must be exported to be available in child processes; interactive shells export HOME, but scripts invoked with ./ may not inherit if the parent shell is non-interactive.

Why this answer

Option C is correct because the HOME variable is typically set by the login process and exported to the environment. If the script is run in a context where HOME is not exported (e.g., a non-interactive shell or a script that clears the environment), the variable will be empty. The script uses $HOME, which expands to nothing if HOME is unset or not exported, causing the output to be empty.

Exam trap

The trap here is that candidates may think the script's shell interpreter (sh vs bash) or sudo is the cause, but the real issue is that the HOME variable must be exported to be inherited by the script's environment.

How to eliminate wrong answers

Option A is wrong because running with sh instead of bash does not affect the HOME variable; HOME is a standard environment variable set by the system regardless of the shell. Option B is wrong because running with sudo does not clear HOME by default; sudo preserves the HOME variable unless explicitly configured with env_reset or the -H flag. Option D is wrong because if the user had no home directory, the HOME variable would still be set to the default (e.g., /) or the system would assign a fallback; the variable would not be empty.

34
MCQeasy

A user reports that when they run 'ls -l' in their home directory, they see files but all files have permissions like '-rwxrwxrwx', which is unexpected. The system administrator checks and finds that the user's umask is set to 000. The user wants all new files to be created with default permissions of -rw-r--r-- (644) and directories that are drwxr-xr-x (755). What should the user set their umask to?

A.007
B.022
C.002
D.027
AnswerB

022 gives files 644 and directories 755.

Why this answer

The umask is a three-digit octal value that is subtracted from the default base permissions (666 for files, 777 for directories) to determine the default permissions for newly created files and directories. To achieve file permissions of 644 (rw-r--r--) and directory permissions of 755 (rwxr-xr-x), the umask must be 022. This is because 666 - 022 = 644 for files, and 777 - 022 = 755 for directories.

Exam trap

The trap here is that candidates often mistakenly think the umask is added to or directly specifies the permissions, rather than understanding it is subtracted from the default base permissions (666 for files, 777 for directories).

How to eliminate wrong answers

Option A (007) is wrong because it would result in file permissions of 660 (rw-rw----) and directory permissions of 770 (rwxrwx---), which are too restrictive for the desired 644/755. Option C (002) is wrong because it would yield file permissions of 664 (rw-rw-r--) and directory permissions of 775 (rwxrwxr-x), giving group write access, which is not the requested 644/755. Option D (027) is wrong because it would produce file permissions of 640 (rw-r-----) and directory permissions of 750 (rwxr-x---), which are too restrictive for both files and directories.

35
MCQmedium

Refer to the exhibit. Which statement is true about SSH root login on this server?

A.Root can log in only from localhost.
B.Root cannot log in at all.
C.Root can log in using a public key.
D.Root can log in with a password.
AnswerC

PermitRootLogin prohibit-password allows key-based login.

36
MCQhard

A company runs a legacy application on a Linux server. The application fails to start after a reboot, claiming a 'cannot open shared object file' error. The system administrator checks the library path and finds that the required library is present in /usr/local/lib but the application cannot find it. The administrator has verified that the library file exists and is readable. Which of the following is the most likely cause and solution?

A.The library has insufficient execute permissions; add execute bit.
B.The application is setuid root and the library path is ignored; use $LD_LIBRARY_PATH.
C.The library path is not in /etc/ld.so.conf; run ldconfig after adding it.
D.The library is compiled for a different architecture; recompile the library.
AnswerC

ldconfig updates the linker cache to include paths from /etc/ld.so.conf.

Why this answer

The dynamic linker/loader (ld.so) uses the cache file /etc/ld.so.cache to resolve shared library dependencies at runtime. Although the library exists in /usr/local/lib, that path is not listed in /etc/ld.so.conf (or a file included by it), so the linker never scans it. Running ldconfig rebuilds the cache and makes the library discoverable, which resolves the 'cannot open shared object file' error.

Exam trap

The trap here is that candidates assume a library found in a standard-looking path like /usr/local/lib is automatically searched, but the dynamic linker only uses paths explicitly listed in /etc/ld.so.conf (or its included files) after running ldconfig.

How to eliminate wrong answers

Option A is wrong because shared object files require read permission, not execute permission, for the dynamic linker to load them; execute permission is irrelevant for libraries. Option B is wrong because setuid binaries do ignore LD_LIBRARY_PATH for security reasons, but the proper solution is to add the path to /etc/ld.so.conf and run ldconfig, not to rely on LD_LIBRARY_PATH which is insecure and not persistent. Option D is wrong because a library compiled for a different architecture would cause a different error (e.g., 'wrong ELF class' or 'cannot load shared object file: No such file or directory' due to ABI mismatch), not a simple 'cannot open' error when the file exists and is readable.

37
MCQeasy

A systems administrator needs to find all files in /var/log that were modified in the last 24 hours and contain the word 'error'. Which command accomplishes this?

A.grep -r 'error' /var/log -mtime 0
B.find /var/log -mtime 0 -exec grep -l 'error' {} \;
C.find /var/log -mmin 1440 -exec grep 'error' {}
D.ls -l /var/log | grep error
AnswerB

Correctly uses find to filter by modification time and grep to search content.

Why this answer

Option B is correct because it uses `find` with `-mtime 0` to locate files modified within the last 24 hours, then pipes each found file to `grep -l` to print only filenames containing 'error'. The `-exec` option runs `grep` on each file individually, and `-l` ensures only matching filenames are output, not the matching lines.

Exam trap

The trap here is that candidates often confuse `grep` options with `find` options (like `-mtime`) or forget that `grep` alone cannot filter by file modification time, leading them to choose Option A or C without recognizing the missing `-l` flag or syntax errors.

How to eliminate wrong answers

Option A is wrong because `grep -r` recursively searches file contents but does not filter by modification time; `-mtime 0` is not a valid `grep` option (it belongs to `find`), so the command would fail or behave unexpectedly. Option C is wrong because `-mmin 1440` correctly finds files modified in the last 1440 minutes (24 hours), but `-exec grep 'error' {}` lacks the `-l` flag, causing it to print matching lines instead of filenames, and it does not use `+` or `;` correctly (missing `\;` or `+`), which may lead to syntax errors or unintended behavior. Option D is wrong because `ls -l /var/log | grep error` only lists filenames in `/var/log` that contain 'error' in their name (or metadata line), not files whose content contains the word 'error', and it ignores modification time filtering entirely.

38
MCQeasy

An administrator wants to change the ownership of a file to user 'jane' and group 'staff'. Which command should be used?

A.chown jane.staff file
B.chgrp jane staff file
C.chown jane:staff file
D.chown jane staff file
AnswerC

Correct syntax: user:group.

Why this answer

Option C is correct because the `chown` command with the syntax `chown user:group file` changes both the user and group ownership of a file in a single command. This is the standard POSIX syntax, where a colon separates the user and group names, allowing the administrator to set ownership to user 'jane' and group 'staff' atomically.

Exam trap

The trap here is that candidates often confuse the colon (:) with a period (.) as the separator, or incorrectly assume that `chown` can accept two separate arguments for user and group, leading them to choose option A or D instead of the correct colon syntax.

How to eliminate wrong answers

Option A is wrong because `chown jane.staff file` uses a period (dot) as a separator, which is an obsolete and non-portable syntax; modern systems interpret the dot as part of the username, not as a user:group delimiter, and may fail or produce unexpected results. Option B is wrong because `chgrp jane staff file` is invalid syntax—`chgrp` changes only the group, and its correct usage is `chgrp group file`; passing two arguments (jane and staff) before the file name is incorrect and will cause a command error. Option D is wrong because `chown jane staff file` treats 'staff' as a second file argument, not as a group; `chown` expects either a user alone or a user:group pair, so this will attempt to change ownership to user 'jane' on two files ('staff' and 'file'), which is not the intended operation.

Ready to test yourself?

Try a timed practice session using only GNU and Unix Commands questions.