CCNA Devices Filesystems Questions

75 of 108 questions · Page 1/2 · Devices Filesystems topic · Answers revealed

1
MCQmedium

You manage a CentOS 7 server that runs a critical application storing data on an XFS filesystem mounted at /data. The server experiences an unexpected power outage. After rebooting, the application fails to start, and you suspect filesystem corruption. You boot into single-user mode and attempt to mount /data, but the mount fails with an error: 'mount: /dev/sdb1: can't read superblock'. You run 'xfs_repair -n /dev/sdb1' and it reports the log is dirty and must be replayed or the filesystem repaired with the -L option (force log zeroing). You want to recover the filesystem with minimal data loss. Which action should you take?

A.Run 'xfs_repair -L /dev/sdb1' to force log replay and repair.
B.Mount the filesystem with the 'norecovery' option to bypass the log and then attempt to repair.
C.Run 'fsck -y /dev/sdb1' to automatically repair.
D.Run 'xfs_admin -U generate /dev/sdb1' to generate a new UUID and then mount.
AnswerA

-L zeros the log and forces a replay, which is necessary when the log is corrupt.

Why this answer

The correct answer is A because xfs_repair -L /dev/sdb1 forces the log to be zeroed (cleared) and then performs a full filesystem check and repair. This is necessary when the log is dirty and cannot be replayed normally due to corruption, such as after an unclean shutdown. The -L option is the standard recovery method for XFS when the log is damaged, and it minimizes data loss by only discarding the log (which contains metadata changes that were not yet written to disk) while preserving the rest of the filesystem data.

Exam trap

The trap here is that candidates familiar with ext4 may instinctively choose fsck (Option C), not realizing that XFS has its own repair tool (xfs_repair) and that fsck is incompatible with XFS filesystems.

How to eliminate wrong answers

Option B is wrong because mounting with 'norecovery' bypasses log replay entirely, leaving the filesystem in an inconsistent state and preventing any repair; it is used for read-only access to salvage data, not for recovery. Option C is wrong because fsck is designed for ext2/ext3/ext4 filesystems, not XFS; running fsck on an XFS filesystem can cause further damage or fail to recognize the filesystem type. Option D is wrong because xfs_admin -U generate changes the UUID of the filesystem, which does not address superblock corruption or dirty log issues; it is used for UUID management, not repair.

2
MCQmedium

A Linux system has multiple disk partitions. The administrator wants to view the UUID of a specific partition for use in /etc/fstab. Which command will display the UUID?

A.blkid /dev/sda1
B.fdisk -l /dev/sda1
C.lsblk -f
D.cat /proc/partitions
AnswerA

blkid displays UUID and other attributes of the specified device.

Why this answer

The `blkid` command queries the libblkid library to display block device attributes, including the UUID and filesystem type. Running `blkid /dev/sda1` outputs the UUID for that specific partition, which can be directly copied into /etc/fstab for persistent mounting.

Exam trap

The trap here is that candidates may confuse `lsblk -f` (which shows all UUIDs in a tree format) as the command for a specific partition, or think `fdisk -l` displays UUIDs, when in fact `blkid` is the dedicated tool for querying a single partition's UUID.

How to eliminate wrong answers

Option B is wrong because `fdisk -l /dev/sda1` is invalid syntax; `fdisk -l` lists partition tables for a whole disk (e.g., /dev/sda), not a single partition, and it does not display UUIDs. Option C is wrong because `lsblk -f` shows UUIDs for all block devices, not just a specific partition, and the question asks for a command that displays the UUID of a specific partition, making it less direct. Option D is wrong because `cat /proc/partitions` only lists partition major/minor numbers and block counts, not UUIDs or filesystem attributes.

3
MCQhard

A system is experiencing frequent crashes. Investigation shows that the root filesystem is mounted with 'errors=remount-ro'. The admin wants to prevent data loss by mounting with 'errors=panic' in /etc/fstab. Which change is correct?

A.Add 'errors=panic' as an additional option
B.Change the mount point to /panic
C.Use 'defaults,errors=panic'
D.Replace 'errors=remount-ro' with 'errors=panic'
AnswerD

Directly changes the error handling behavior.

Why this answer

Option D is correct because the admin wants to change the error behavior from remounting the filesystem read-only to panicking the kernel. In /etc/fstab, each mount option is a comma-separated list; to change the error handling, you must replace the existing 'errors=remount-ro' with 'errors=panic' in the options field. Adding an additional 'errors=panic' would create a conflict (the last one parsed typically wins, but it's ambiguous and not the intended clean configuration).

Exam trap

The trap here is that candidates think they can simply add 'errors=panic' as an extra option (Option A) without removing the existing 'errors=remount-ro', not realizing that duplicate 'errors=' directives create ambiguity and are not the intended way to change the error handling policy.

How to eliminate wrong answers

Option A is wrong because adding 'errors=panic' as an additional option alongside 'errors=remount-ro' would create duplicate 'errors=' directives; the kernel's mount parser may use the last one, but this is ambiguous and not a reliable or clean configuration. Option B is wrong because changing the mount point to '/panic' is nonsensical—it does not affect error handling and would break the root filesystem mount location. Option C is wrong because 'defaults,errors=panic' would replace all existing options with defaults plus the panic behavior, which would remove other necessary options (like 'rw') and could cause the root filesystem to mount incorrectly or lose required settings.

4
MCQmedium

Refer to the exhibit. Which filesystem will be checked last during system boot by fsck?

A./dev/sda3
B./dev/sda2
C./dev/sda1
D./dev/sdb1
AnswerA

Pass 2, checked after pass 1 filesystems and before any higher pass numbers.

Why this answer

The /etc/fstab file defines the order in which filesystems are checked by fsck during boot, based on the sixth field (pass number). A pass number of 1 is checked first (typically the root filesystem), 2 is checked next (other filesystems), and 0 means no check. In the exhibit, /dev/sda3 has a pass number of 2, but since it is listed last among the entries with pass number 2, it will be checked after all other pass-2 filesystems, making it the last one checked overall.

Exam trap

The trap here is that candidates assume the pass number alone determines the order, ignoring that filesystems with the same pass number are checked sequentially based on their listing order in /etc/fstab.

How to eliminate wrong answers

Option B is wrong because /dev/sda2 has a pass number of 1, which is checked first during boot. Option C is wrong because /dev/sda1 has a pass number of 2 but appears earlier in /etc/fstab than /dev/sda3, so it is checked before /dev/sda3. Option D is wrong because /dev/sdb1 has a pass number of 0, meaning it is never checked by fsck during boot.

5
MCQhard

Refer to the exhibit. A user tries to execute a script on a mounted filesystem but gets a permission denied error. The script has execute permissions. What is the most likely cause?

A.The script is not executable for the user.
B.The user does not have read permission on the script.
C.The filesystem is mounted with the 'noexec' option.
D.The filesystem is full.
AnswerC

The 'noexec' mount option disables execution of binaries/scripts on that filesystem.

Why this answer

The mount options include 'noexec', which prevents execution of binaries or scripts on that filesystem regardless of file permissions.

6
MCQmedium

Refer to the exhibit. An administrator wants to add a new partition that uses the remaining space on /dev/sda (total 40GB). What is the next free sector for the start of the new partition?

A.83886080
B.83886079
C.83886078
D.0
AnswerA

The next free sector after the last used sector.

Why this answer

The correct next free sector is 83886080 because the existing partition(s) on /dev/sda end at sector 83886079, and the next sector after that is 83886080. Since the disk has a total of 40 GB (which is 40 × 1024 × 1024 × 1024 / 512 = 83886080 sectors), sector 83886080 is also the last sector on the disk, meaning the new partition would start at the very end of the available space. This aligns with the standard practice of starting a partition at the next free sector after the last used one.

Exam trap

The trap here is that candidates often confuse the last sector number (83886079) with the next free sector, forgetting that sectors are zero-indexed and the next free sector is one greater than the last used sector, which in this case equals the total sector count and indicates no space remains.

How to eliminate wrong answers

Option B (83886079) is wrong because that is the last sector of the existing partition, not the next free sector; starting a partition there would overlap with the existing data. Option C (83886078) is wrong because it is two sectors before the end of the existing partition, causing an even larger overlap. Option D (0) is wrong because sector 0 is the Master Boot Record (MBR) and is already occupied by the partition table and boot code; it cannot be used as the start of a new partition.

7
Matchingmedium

Match each networking tool to its primary use.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Test network connectivity to a host

Display network connections, routing tables, etc.

Capture and analyze network packets

Query DNS for domain name or IP

Configure network interfaces and routing

Why these pairings

Common network troubleshooting and configuration tools.

8
MCQmedium

A Linux administrator is troubleshooting a server that fails to boot with the error 'Give root password for maintenance (or press Control-D to continue)'. The root filesystem is on /dev/sda2, formatted as ext4. The administrator suspects a filesystem inconsistency. The server is in a remote data center and the administrator has console access via IPMI. Which of the following is the safest procedure to repair the filesystem?

A.At the maintenance prompt, run 'mount -o remount,ro /dev/sda2 /' then 'fsck -f /dev/sda2' and then 'reboot'.
B.At the maintenance prompt, run 'fsck /dev/sda2' and answer yes to all prompts.
C.At the maintenance prompt, run 'fsck -y /dev/sda2' to force repair.
D.At the maintenance prompt, run 'fsck -a /dev/sda2' to automatically repair.
AnswerA

Correct: remount read-only, then fsck, then reboot.

Why this answer

Option A is correct because it first remounts the root filesystem as read-only to prevent any writes during the repair, which is essential for a consistent fsck run on an ext4 filesystem. Then it uses 'fsck -f' to force a check even if the filesystem appears clean, followed by a reboot to exit maintenance mode. This is the safest procedure as it avoids the risk of the filesystem being mounted read-write during repair, which could cause further corruption.

Exam trap

The trap here is that candidates often choose 'fsck -y' or '-a' thinking they are the safest automated options, but they fail to recognize that these options can automatically apply destructive repairs (like truncating corrupt files) without administrator review, whereas the correct procedure ensures the filesystem is read-only and forces a check with the '-f' flag.

How to eliminate wrong answers

Option B is wrong because running 'fsck' without the '-f' flag may skip the check if the filesystem is marked clean, and answering 'yes' to all prompts interactively is not suitable for remote console access where automation is preferred. Option C is wrong because 'fsck -y' automatically answers 'yes' to all prompts, including potentially dangerous actions like discarding data or truncating files, which could lead to data loss without administrator oversight. Option D is wrong because 'fsck -a' is a legacy option for ext2/ext3 that attempts automatic repair but may not be fully supported on ext4 and can be less safe than '-f' with manual confirmation.

9
MCQmedium

A system fails to mount an XFS filesystem with the entry in /etc/fstab. The entry looks correct. Which fstab field might be missing or incorrect?

A.The device field
B.The options field
C.The mountpoint field
D.The filesystem type field
AnswerD

Correct: If the type is omitted or incorrect (e.g., ext4 instead of xfs), mount may fail.

Why this answer

The XFS filesystem requires the filesystem type field in /etc/fstab to be explicitly set to 'xfs'. If this field is missing or incorrect (e.g., left blank, set to 'auto', or mistyped as 'ext4'), the mount command will fail because it cannot determine the correct filesystem driver to use. Even if the device, mountpoint, and options appear correct, an incorrect or missing type field prevents the kernel from loading the XFS module and mounting the filesystem.

Exam trap

LPI often tests the misconception that the filesystem type field is optional or can be left as 'auto' for all filesystems, but for XFS (and other non-default filesystems), the type must be explicitly specified because auto-detection may fail or the required kernel module may not be loaded automatically.

How to eliminate wrong answers

Option A is wrong because the device field (e.g., /dev/sda1 or UUID=...) must be correct for the system to identify the block device; if it were missing or incorrect, the error would be about a missing device, not a filesystem type mismatch. Option B is wrong because the options field (e.g., defaults, noatime) controls mount behavior but does not affect the kernel's ability to identify the filesystem type; incorrect options would cause mount to succeed with different parameters or fail with a specific option error. Option C is wrong because the mountpoint field (e.g., /mnt/data) must exist and be correct; if missing or incorrect, the error would be 'mount point does not exist' or 'not a directory', not a filesystem type failure.

10
MCQeasy

Which FHS directory contains essential binaries needed for booting and repairing the system, even before /usr is mounted?

A./boot
B./usr/bin
C./sbin
D./bin
AnswerD

Contains essential binaries like ls, mount, etc.

Why this answer

Option D is correct because the /bin directory contains essential user binaries (e.g., ls, cp, mount, bash) required for booting, repairing, and single-user mode, even when /usr is not mounted. The Filesystem Hierarchy Standard (FHS) mandates that /bin must be available before /usr is mounted, ensuring critical commands are accessible during early boot stages or recovery scenarios.

Exam trap

The trap here is that candidates often confuse /sbin with /bin, assuming that system repair binaries are exclusively in /sbin, but the FHS explicitly designates /bin for essential user binaries required before /usr is mounted, while /sbin is for system administration tools that may also be needed but are not the primary answer for 'essential binaries' in this context.

How to eliminate wrong answers

Option A is wrong because /boot contains the kernel and bootloader files (e.g., vmlinuz, initramfs), not the essential user binaries needed for system repair after booting. Option B is wrong because /usr/bin holds non-essential user binaries that are typically mounted later in the boot process (often on a separate partition) and may not be available when /usr is unmounted. Option C is wrong because /sbin contains system administration binaries (e.g., fdisk, mkfs) intended for system maintenance, but the FHS specifies /bin as the directory for essential user binaries required for booting and repair; /sbin is also critical but the question specifically asks for 'essential binaries' that include user commands, not just system administration tools.

11
MCQhard

Refer to the exhibit. An admin attempts to execute a shell script located in /tmp but gets 'Permission denied'. Which mount option is most likely causing this?

A.relatime
B.noexec
C.nodev
D.nosuid
AnswerB

Prevents execution of any files on the filesystem.

Why this answer

The 'noexec' mount option prevents execution of any binary or script directly from the filesystem, regardless of file permissions. Since the script is in /tmp and the admin gets 'Permission denied' despite correct execute bits, the /tmp partition is likely mounted with noexec, which is a common security hardening practice.

Exam trap

The trap here is that candidates assume 'Permission denied' always means missing execute bits (chmod +x), when in fact the noexec mount option silently blocks execution even with correct permissions.

How to eliminate wrong answers

Option A (relatime) is wrong because it only controls how access timestamps are updated on the filesystem, not execution permissions. Option C (nodev) is wrong because it prevents block or character special devices from being interpreted, not script execution. Option D (nosuid) is wrong because it ignores setuid/setgid bits on executables, but does not block execution itself.

12
MCQeasy

Based on the lsblk output, which of the following is true?

A.The disk /dev/sdb has an extended partition.
B.The root filesystem is mounted from /dev/sda5.
C.The partition /dev/sda2 is an extended partition.
D.The disk /dev/sda has a primary partition sda5.
AnswerC

Size 1K and no mount point indicate extended partition.

Why this answer

Option C is correct because in the lsblk output, /dev/sda2 is listed as a partition of type 'Extended' (typically shown as 'Extended' or with a partition type ID of 5 in fdisk). Extended partitions cannot be directly formatted or mounted; they serve as containers for logical partitions (e.g., sda5). The lsblk output would show sda2 with no filesystem or mount point, and sda5 would appear as a child of sda2, confirming sda2 is extended.

Exam trap

The trap here is that candidates often confuse partition numbering with partition type, assuming that any partition numbered 5 or higher is automatically a primary partition, when in fact on MBR disks, partitions 5+ are always logical partitions inside an extended partition.

How to eliminate wrong answers

Option A is wrong because the lsblk output does not show /dev/sdb having an extended partition; /dev/sdb would need a partition listed as 'Extended' or with logical partitions nested under it, which is not indicated. Option B is wrong because the root filesystem is typically mounted from a primary or logical partition with a filesystem (e.g., ext4), and lsblk would show a mount point of '/' for that partition; if /dev/sda5 is a logical partition inside an extended partition, it could be root, but the question states 'based on the lsblk output' and without seeing the actual output, the statement is not universally true—it depends on the specific output. Option D is wrong because /dev/sda5, if it exists, is a logical partition (numbered 5 or higher) inside an extended partition, not a primary partition; primary partitions on MBR disks are numbered 1-4.

13
Multi-Selectmedium

Which THREE of the following commands can be used to display information about block devices?

Select 3 answers
A.lsblk
B.free
C.fdisk -l
D.blkid
E.ip link
AnswersA, C, D

Lists block devices.

Why this answer

A is correct because `lsblk` lists all block devices (e.g., hard drives, SSDs, partitions) by reading the sysfs filesystem and the udev database, displaying their names, sizes, and mount points. It is the primary command for viewing block device topology.

Exam trap

The trap here is that candidates may confuse `free` (memory) or `ip link` (network) with block device commands, or forget that `fdisk -l` and `blkid` also display block device information, not just `lsblk`.

14
Multi-Selecthard

Which TWO utilities can be used to check and repair an XFS filesystem?

Select 2 answers
A.e2fsck
B.fsck
C.xfs_repair
D.xfs_check
E.btrfs check
AnswersC, D

xfs_repair is the primary tool for checking and repairing XFS filesystems.

Why this answer

C is correct because `xfs_repair` is the primary utility for checking and repairing XFS filesystems, designed to handle metadata corruption and ensure consistency. It is the recommended tool for XFS, similar to how `fsck` works for other filesystems but with XFS-specific optimizations.

Exam trap

The trap here is that candidates may confuse `xfs_check` as a repair tool when it is actually read-only, or mistakenly think `fsck` is a direct XFS repair utility rather than a wrapper that delegates to `xfs_repair`.

15
MCQeasy

Refer to the exhibit. An administrator notices that /proc is mounted with 'noexec'. What is the impact of this mount option?

A.Device files are not interpreted.
B.Setuid programs do not work.
C.No binaries can be executed directly from /proc.
D.The filesystem cannot be written to.
AnswerC

noexec prevents execution of binaries on the filesystem.

Why this answer

The 'noexec' mount option prevents the direct execution of any binary files located on the mounted filesystem. Since /proc is a virtual filesystem that contains runtime system information and process data, mounting it with 'noexec' means that no binaries can be executed directly from /proc. This is a security measure to prevent malicious code from being run from procfs, as /proc should never contain executable programs in normal operation.

Exam trap

The trap here is that candidates often confuse 'noexec' with 'nosuid' or 'nodev', thinking it affects setuid binaries or device files, when in fact 'noexec' strictly controls whether binary executables can be run directly from the filesystem.

How to eliminate wrong answers

Option A is wrong because device files are not interpreted by the 'noexec' option; device file handling is governed by the 'nodev' mount option, which prevents the interpretation of device files. Option B is wrong because setuid programs are affected by the 'nosuid' mount option, not 'noexec'; 'noexec' only prevents direct execution of binaries, while setuid behavior is controlled separately. Option D is wrong because the ability to write to a filesystem is controlled by the 'ro' (read-only) or 'rw' (read-write) mount options, not by 'noexec', which only affects execution permissions.

16
MCQeasy

Which directory in the Filesystem Hierarchy Standard (FHS) contains essential user command binaries that are needed in single-user mode?

A./tmp
B./sbin
C./bin
D./boot
AnswerC

Correct: essential user binaries.

Why this answer

The /bin directory contains essential user command binaries (e.g., ls, cp, mv) that are required for system booting and repair in single-user mode. According to the FHS, /bin is intended for commands needed by both the system administrator and users when no other filesystems are mounted, making it critical for single-user mode operations.

Exam trap

The trap here is that candidates confuse /sbin with /bin, assuming that system administration binaries are the essential ones for single-user mode, when in fact /bin provides the user-level commands needed for basic system interaction and recovery.

How to eliminate wrong answers

Option A is wrong because /tmp is a temporary directory for files that may be deleted on reboot, not for essential command binaries. Option B is wrong because /sbin contains system administration binaries (e.g., fdisk, init) intended for the root user, not essential user commands needed in single-user mode. Option D is wrong because /boot contains static boot loader files (e.g., kernel images, initramfs) and not user command binaries.

17
MCQhard

A database server with high I/O requirements needs a filesystem layout optimized for performance. The server has four identical 500GB SSDs. Which design best balances performance and reliability, considering the need to separate transaction logs from data files?

A.Use all four SSDs in RAID 10.
B.Use two SSDs in RAID 1 for logs and two in RAID 1 for data.
C.Combine all four SSDs into a single RAID 0 volume, then partition for data and logs.
D.Use one SSD for transaction logs and the other three in RAID 0 for data files.
AnswerD

Separates logs from data for performance; RAID 0 maximizes data throughput, logs benefit from dedicated device.

Why this answer

Option D is correct because it isolates transaction logs on a dedicated SSD to eliminate write contention with data files, while the remaining three SSDs in RAID 0 maximize sequential throughput for data. This design prioritizes performance for high-I/O workloads, accepting the reliability trade-off of RAID 0 for data, which is acceptable when logs (critical for recovery) are on a separate, non-striped device.

Exam trap

LPI often tests the misconception that RAID 10 is always the best balance of performance and reliability, but in this scenario, the need to physically separate logs from data and maximize throughput for high-I/O workloads makes a dedicated log device with RAID 0 for data the optimal performance choice, despite reduced redundancy.

How to eliminate wrong answers

Option A is wrong because RAID 10 (mirroring + striping) across all four SSDs provides redundancy but introduces write overhead from mirroring, which can reduce write performance for high-I/O transaction logs, and it does not physically separate logs from data, leading to contention. Option B is wrong because using two separate RAID 1 pairs isolates logs and data but wastes half the total capacity (only 1TB usable out of 2TB) and does not leverage striping for data throughput, which is suboptimal for high-I/O data files. Option C is wrong because a single RAID 0 volume across all four SSDs offers maximum capacity and speed but provides zero fault tolerance; a single drive failure destroys both logs and data, violating the reliability requirement, and it does not separate logs from data, causing contention.

18
MCQhard

You are a system administrator at a hosting company. A customer reports that their website hosted on a shared LAMP server is returning error 500. The server runs Ubuntu 22.04 with Apache, MySQL, and PHP. You log in and find that the /var partition (on /dev/sda3, ext4) is almost full. You identify that the MySQL database directory /var/lib/mysql contains several large binary logs that are no longer needed. You delete the binary logs using 'rm -f /var/lib/mysql/mysql-bin.*'. However, the available space does not increase. You also notice that an inode leak is suspected. You check inode usage with 'df -i' and see that the partition has plenty of free inodes. You then check with 'lsof | grep deleted' and see several entries for mysqld holding deleted files. What is the correct procedure to free the space?

A.Restart the MySQL service with 'systemctl restart mysql'.
B.Use 'dpkg --purge mysql-server' to completely remove MySQL, then reinstall it.
C.Run 'e2fsck -f /dev/sda3' to reclaim inodes and fix filesystem inconsistencies.
D.Move the binary logs to a different partition using 'mv /var/lib/mysql/mysql-bin.* /tmp/' and then delete them.
AnswerA

Restarting MySQL closes all open file handles, allowing the kernel to release the disk space occupied by deleted files.

Why this answer

When a file is deleted while a process (like mysqld) still holds an open file descriptor to it, the file's inode remains allocated and the disk space is not freed until the process releases the descriptor. Restarting the MySQL service (systemctl restart mysql) causes mysqld to close all open file descriptors, allowing the kernel to release the deleted binary logs' inodes and reclaim the disk space.

Exam trap

The trap here is that candidates assume deleting a file immediately frees disk space, overlooking that processes with open file descriptors prevent the kernel from releasing the inode and data blocks until the descriptor is closed.

How to eliminate wrong answers

Option B is wrong because completely purging and reinstalling MySQL is an unnecessarily destructive and time-consuming procedure; the issue is simply that the MySQL process holds open file descriptors to the deleted logs, not a problem with the MySQL installation itself. Option C is wrong because e2fsck checks and repairs filesystem metadata, but it does not force processes to release open file descriptors; the inodes are already marked as deleted but are still held open by mysqld, so e2fsck cannot reclaim them. Option D is wrong because moving the files to /tmp/ and then deleting them would still leave the MySQL process holding open file descriptors to the moved (and then deleted) files, resulting in the same space-not-freed problem; the core issue is the open file descriptor, not the file's location.

19
MCQeasy

A technician runs 'blkid' and sees output like '/dev/sda2: UUID="abc-def-ghi" TYPE="ext4"'. Which command can mount this partition using its UUID?

A.mount -U "abc-def-ghi" /mnt
B.mount -I "abc-def-ghi" /mnt
C.mount /dev/sda2 /mnt
D.mount -L "abc-def-ghi" /mnt
AnswerA

mount -U mounts by UUID.

Why this answer

Option A is correct because the 'mount' command supports the '-U' option to specify a partition by its UUID, which is a unique identifier for the filesystem. This allows mounting without relying on device names like /dev/sda2, which can change across reboots. The UUID is taken directly from the 'blkid' output.

Exam trap

The trap here is that candidates may confuse the '-U' (UUID) option with the '-L' (label) option, or assume that any option that accepts a string can mount by UUID, leading them to select the incorrect '-L' or '-I' flags.

How to eliminate wrong answers

Option B is wrong because '-I' is not a valid option for the mount command; it is used with 'lsblk' to specify a device by major:minor number, not for mounting. Option C is wrong because while it would work in this specific case, it uses the device path /dev/sda2 instead of the UUID, which is not the command requested by the question (the question asks for a command that mounts using the UUID). Option D is wrong because '-L' is used to mount by filesystem label, not by UUID; the label is a human-readable name, while the UUID is a unique hexadecimal string.

20
MCQmedium

A user complains that a filesystem is reporting 'Disk quota exceeded' even though the user has not stored any new files recently. What could be the cause?

A.Symlinks are counted against the quota
B.Hard links are consuming additional inodes
C.The user has exceeded the inode quota
D.File ownership is misconfigured
AnswerC

Inode quota limits the number of files, not just disk space.

Why this answer

Option C is correct because Linux filesystems enforce two types of quotas: block quotas (for disk space) and inode quotas (for the number of files and directories). If the user has not stored new files recently but still receives a 'Disk quota exceeded' error, it is likely that they have exceeded their inode quota, meaning they have created too many files or directories (each consuming an inode), even if those files are small or empty. The error message is generic and can refer to either quota type, so the inode limit is the probable cause when no recent data writes have occurred.

Exam trap

The trap here is that candidates assume 'Disk quota exceeded' always refers to disk space (blocks), but LPIC-1 tests the distinction between block quotas and inode quotas, and that the same error message applies to both.

How to eliminate wrong answers

Option A is wrong because symlinks (symbolic links) are not counted against the quota of the user who owns the symlink; they are separate files that point to another file and do not consume the target's quota. Option B is wrong because hard links do not consume additional inodes; they are additional directory entries pointing to the same inode, so the inode count remains unchanged for the user. Option D is wrong because misconfigured file ownership would cause permission errors (e.g., 'Permission denied'), not a 'Disk quota exceeded' error, which is specifically a quota enforcement mechanism.

21
MCQhard

A system is running out of disk space on /var. The administrator finds that /var/log/syslog is 4GB. Which of the following is the best course of action to prevent future issues while keeping recent logs?

A.Use 'truncate -s 0 /var/log/syslog' to empty the file.
B.Configure logrotate to rotate and compress logs daily.
C.Configure syslog to stop logging.
D.Delete /var/log/syslog and create an empty file.
AnswerB

Correct: logrotate manages log sizes.

Why this answer

Option B is correct because logrotate is the standard Linux utility for managing log file growth. By configuring it to rotate and compress logs daily, the administrator can automatically archive old logs (e.g., /var/log/syslog.1.gz) and keep only recent entries in the active file, preventing disk space exhaustion without losing historical data.

Exam trap

The trap here is that candidates confuse immediate space recovery (truncation/deletion) with sustainable log management, overlooking that logrotate provides automated, policy-driven rotation and compression to prevent recurrence.

How to eliminate wrong answers

Option A is wrong because truncating the file to zero bytes only frees space immediately but does not prevent the file from growing again; it also discards all existing logs, which may violate compliance or troubleshooting needs. Option C is wrong because stopping syslog entirely would halt all system logging, losing critical diagnostic information and potentially violating security auditing requirements. Option D is wrong because deleting and recreating the file is functionally similar to truncation—it frees space now but offers no automated rotation or compression, so the problem will recur.

22
MCQhard

A Linux system fails to boot with the error 'Kernel panic: VFS: Unable to mount root fs on unknown-block(0,0)'. After investigation, the administrator suspects that the root filesystem device is not being detected. Which of the following is the most likely cause?

A.The root filesystem is corrupted
B.The initrd file is missing or corrupted
C.The root= kernel parameter points to a non-existent device
D.The SATA controller driver is not included in the kernel
AnswerC

If the root= parameter specifies a device that does not exist or is not recognized, the kernel fails with this error.

Why this answer

The error 'VFS: Unable to mount root fs on unknown-block(0,0)' indicates the kernel cannot locate the device specified by the 'root=' kernel parameter. If this parameter points to a non-existent device (e.g., wrong partition number or missing disk), the kernel fails to mount the root filesystem, causing a panic. This is the most direct cause among the options.

Exam trap

The trap here is that candidates often confuse a missing initrd (which handles driver loading) with a root device misconfiguration, but the specific 'unknown-block(0,0)' error directly points to the root= parameter pointing to a device that does not exist, not a driver or initrd issue.

How to eliminate wrong answers

Option A is wrong because a corrupted root filesystem would typically produce a different error (e.g., 'mount: /dev/sda1: can't read superblock') rather than 'unknown-block(0,0)', which indicates the device itself is not found. Option B is wrong because a missing or corrupted initrd would cause a failure to load necessary drivers or modules, but the error here specifically points to the root device not being recognized, not a missing initrd. Option D is wrong because if the SATA controller driver were missing, the kernel would not detect the disk at all, but the error 'unknown-block(0,0)' suggests the kernel is trying to mount a device it cannot find, not that the controller is unsupported; a missing driver would typically result in no block device being created, not a specific unknown-block error.

23
MCQmedium

A system administrator notices that the /tmp directory is filling up quickly, causing applications to fail. The administrator wants to ensure that files in /tmp are automatically cleaned after a certain period. Which of the following is the best approach without installing additional software?

A.Add a cron job that runs 'rm -rf /tmp/*' every hour.
B.Install tmpwatch and configure it to clean files older than 1 day.
C.Set the sticky bit on /tmp to automatically delete old files.
D.Configure the systemd-tmpfiles service with a configuration file to clean /tmp regularly.
AnswerD

systemd-tmpfiles is part of systemd and is available by default; it provides a clean mechanism for temporary file management.

Why this answer

Option D is correct because systemd-based Linux distributions include the systemd-tmpfiles service, which can be configured via files in /etc/tmpfiles.d/ to automatically clean temporary files based on age, size, or other criteria. This approach uses built-in systemd functionality without requiring additional software, and it is the recommended method for managing /tmp cleanup on modern systems.

Exam trap

The trap here is that candidates may confuse the sticky bit (which only prevents deletion by other users) with automatic cleanup, or assume that a brute-force cron job is acceptable, while the correct answer leverages a built-in systemd service that is already present on most modern Linux distributions.

How to eliminate wrong answers

Option A is wrong because using 'rm -rf /tmp/*' in a cron job is dangerous and unreliable: it will delete all files regardless of age, may fail on hidden files or subdirectories with special characters, and can cause race conditions or data loss for running applications. Option B is wrong because tmpwatch is not installed by default on most modern distributions and the question explicitly states 'without installing additional software'. Option C is wrong because the sticky bit (chmod +t) only prevents users from deleting files they do not own; it does not automatically delete old files.

24
MCQmedium

Refer to the exhibit. The system administrator notices the /var/log partition is nearly full. The syslog file is 2GB. Which command will safely reduce the size of this log file without stopping the logging daemon?

A.cp /dev/null /var/log/syslog
B.rm /var/log/syslog && touch /var/log/syslog
C.> /var/log/syslog
D.mv /var/log/syslog /var/log/syslog.old
AnswerC

Truncating the file to zero length is safe; the file descriptor remains valid.

Why this answer

The 'logrotate' utility can be used to rotate logs, but the simplest safe method is to truncate the file using '> /var/log/syslog' or 'truncate -s 0 /var/log/syslog'. Copying or deleting may cause issues with the running process.

25
MCQhard

During boot, a Linux system displays 'Kernel panic – not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. Which of the following is the most likely cause?

A.The root filesystem is corrupted and needs fsck.
B.The kernel lacks the necessary driver for the storage controller.
C.The root= parameter in the boot loader points to a non-existent device.
D.The initrd is missing or corrupted.
AnswerB

Missing driver prevents accessing the root filesystem.

Why this answer

The error 'unknown-block(0,0)' indicates the kernel cannot find a device to mount as root. This typically occurs when the kernel lacks the driver for the storage controller (e.g., SATA, NVMe, SCSI host adapter) needed to access the root filesystem. Without the driver, the kernel cannot enumerate the block device, even if the root= parameter is correct and the filesystem is intact.

Exam trap

The trap here is that candidates often confuse 'unknown-block(0,0)' with a missing root= parameter or a corrupted filesystem, but the error specifically indicates the kernel cannot find the block device at all, which is almost always a missing storage driver.

How to eliminate wrong answers

Option A is wrong because a corrupted root filesystem would produce a different error, such as 'mount: /dev/sda1: can't read superblock' or a kernel panic with a filesystem-specific error, not 'unknown-block(0,0)'. Option C is wrong because if root= pointed to a non-existent device, the kernel would still attempt to mount it and fail with a 'mount: special device does not exist' or 'no such device' message, not the generic 'unknown-block(0,0)' which indicates the device node was never created. Option D is wrong because a missing or corrupted initrd typically causes a different panic like 'Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)' only if the initrd itself contains the necessary storage driver; however, the error here is specifically about the root device not being found, which can occur even with a valid initrd if the initrd lacks the correct driver or the root= parameter is misconfigured, but the most common and direct cause is a missing storage controller driver in the kernel or initrd.

26
MCQmedium

Which directory under the root filesystem is defined by FHS as containing variable data that may change in size, such as logs and spools?

A./opt
B./var
C./run
D./tmp
AnswerB

Correct: /var holds variable data like logs and spools.

Why this answer

The Filesystem Hierarchy Standard (FHS) defines /var as the directory for variable data that changes in size during normal system operation, including log files (e.g., /var/log), spool directories (e.g., /var/spool/mail), and temporary files that persist across reboots. This is distinct from /tmp, which is cleared on reboot, and /run, which holds runtime variable data that is volatile and cleared at boot.

Exam trap

The trap here is that candidates confuse /var with /run or /tmp because both hold variable data, but the FHS specifically assigns persistent variable data (logs, spools) to /var, while /run is for volatile runtime state and /tmp for temporary files that may be cleared on reboot.

How to eliminate wrong answers

Option A is wrong because /opt is reserved for the installation of add-on application software packages, not for variable data like logs or spools. Option C is wrong because /run contains runtime variable data (e.g., PID files, sockets) that is cleared at system boot, whereas /var retains data across reboots. Option D is wrong because /tmp is for temporary files that may be deleted on reboot and is not intended for persistent variable data like logs or spools.

27
MCQhard

An administrator is configuring a new server with two SATA disks. The first disk (/dev/sda) holds the root filesystem. The second disk (/dev/sdb) is intended to provide additional storage for user home directories. The administrator partitions /dev/sdb using 'fdisk' to create a single partition /dev/sdb1, formats it with 'mkfs.ext4' and adds the following line to /etc/fstab: '/dev/sdb1 /home ext4 defaults 0 2'. After rebooting, the /home directory is empty and the command 'df -h' does not show /dev/sdb1. However, running 'mount /dev/sdb1 /home' manually works perfectly. The disk is not listed in 'cat /proc/mounts' before the manual mount. What is the most likely cause of this issue?

A.The fstab entry is missing the _netdev option, which is required for local SATA disks.
B.The /home directory is not empty and contains files that conflict with the mount.
C.The fstab entry uses the device file /dev/sdb1 instead of the UUID.
D.The filesystem on /dev/sdb1 has errors and needs to be checked with fsck before mounting.
AnswerD

If the filesystem has errors, the system may not mount it automatically at boot to prevent further damage, but manual mount may still succeed if the errors are not severe.

Why this answer

The fstab entry uses the device file /dev/sdb1 rather than a UUID or filesystem label. While this can work, it is fragile if device ordering changes. However, the most common cause of a device not mounting at boot when the device file is correct is that the filesystem has errors requiring fsck.

Option B is incorrect because the device file is correct (manual mount works). Option C is incorrect because an empty /home directory does not prevent mounting. Option D is incorrect because _netdev is for network filesystems.

Option A is correct because if the filesystem has errors, the system may skip the mount at boot to avoid data loss, but manual mount with 'mount' bypasses fsck checks.

28
Multi-Selectmedium

Which THREE directories under the root filesystem are typically used for variable data that changes frequently during system operation, according to FHS?

Select 3 answers
A./usr
B./var
C./run
D./tmp
E./opt
AnswersB, C, D

/var is for variable data such as logs, mail spools, etc.

Why this answer

The Filesystem Hierarchy Standard (FHS) designates /var for variable data that changes in size and content during normal system operation, such as logs (/var/log), spool files (/var/spool), and databases (/var/lib). /run holds runtime variable data describing the system since boot, while /tmp is for temporary files that may be deleted on reboot. Together, these three directories are the standard locations for frequently changing data under the root filesystem.

Exam trap

The trap here is that candidates often confuse /usr with /var because /usr contains some subdirectories like /usr/local/var in older systems, but the FHS explicitly separates read-only /usr from writable /var, and /usr is not intended for frequently changing data.

29
Multi-Selecteasy

According to the Filesystem Hierarchy Standard (FHS), which TWO directories are intended for variable data that persists across system reboots? (Choose two.)

Select 2 answers
A./run
B./opt
C./var
D./usr/local
E./tmp
AnswersA, C

/run holds runtime variable data that persists during a session, but is considered variable data per FHS.

Why this answer

/var is the primary directory for variable data such as logs, databases, and spools. /run is used for runtime variable data that must persist only during a session, but FHS specifies it for variable data as well. /opt is for add-on software, /tmp is for temporary files (may be cleared on reboot), and /usr/local is for locally installed software, not variable data.

30
MCQeasy

According to the Filesystem Hierarchy Standard (FHS), which directory contains essential system binaries required during boot?

A./usr/bin
B./usr/local/bin
C./sbin
D./bin
AnswerC

Correct: /sbin holds system binaries needed for booting and system repair.

Why this answer

According to the Filesystem Hierarchy Standard (FHS), /sbin contains essential system binaries required for booting, repairing, and recovering the system. These binaries are critical before /usr is mounted, such as fsck, init, and route. While /bin also contains essential binaries, the FHS specifically designates /sbin for system administration binaries needed during boot.

Exam trap

The trap here is that candidates confuse /bin with /sbin, assuming both contain essential boot binaries, but the FHS specifically assigns system administration binaries to /sbin, and /bin is often a symlink to /usr/bin on modern systems, making it non-essential during early boot.

How to eliminate wrong answers

Option A is wrong because /usr/bin contains non-essential user binaries that are not required during boot; it is typically mounted later in the boot process. Option B is wrong because /usr/local/bin contains locally installed software binaries, which are not part of the essential boot set and are also mounted after /usr. Option D is wrong because although /bin historically held essential binaries, the FHS now specifies that /bin may be a symbolic link to /usr/bin on many modern systems, and the essential system administration binaries are specifically placed in /sbin.

31
MCQmedium

A system administrator notices that a server with an ext4 filesystem fails to boot after editing /etc/fstab. The error message indicates that the root filesystem cannot be mounted. Which of the following is the most likely cause?

A.The root filesystem is mounted read-only.
B.The swap partition entry is missing.
C.The UUID or device name for the root filesystem is incorrect.
D.The filesystem type is specified as 'auto' instead of 'ext4'.
AnswerC

An incorrect UUID or device path in /etc/fstab prevents the kernel from mounting the root filesystem.

Why this answer

Option C is correct because if the UUID or device name for the root filesystem in /etc/fstab is incorrect, the kernel cannot locate the root device during boot, resulting in a mount failure. The init process reads /etc/fstab to mount the root filesystem, and any mismatch—such as a typo in the UUID or a stale device path—will cause the system to drop into emergency mode.

Exam trap

The trap here is that candidates may think 'auto' is invalid for the root filesystem or that a missing swap entry is critical, but the core issue is always the correct identification of the root device in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because mounting the root filesystem read-only is a common recovery technique (e.g., via kernel boot parameter 'ro') and does not prevent mounting; it actually helps avoid corruption. Option B is wrong because a missing swap partition entry does not affect the mounting of the root filesystem; swap is optional and only used for virtual memory. Option D is wrong because specifying 'auto' as the filesystem type tells the system to auto-detect the type (e.g., via blkid), which is valid and often recommended for flexibility; it would not cause a mount failure for ext4.

32
MCQhard

An admin needs to create a new filesystem on /dev/sdc1 with a 256-byte inode size and a 1:512 block to inode ratio for a mail server expected to store millions of small files. Which mkfs command best meets these requirements?

A.mkfs.ext4 -I 256 -i 512 /dev/sdc1
B.mkfs.ext4 -b 4096 -I 256 /dev/sdc1
C.mkfs.xfs -i maxpct=50 /dev/sdc1
D.mkfs.btrfs -s 4k /dev/sdc1
AnswerA

Correctly sets inode size and bytes-per-inode.

Why this answer

Option A is correct because the `-I 256` flag sets the inode size to 256 bytes, and the `-i 512` flag sets the bytes-per-inode ratio to 512, meaning one inode is created for every 512 bytes of filesystem space. This yields a 1:512 block-to-inode ratio (assuming a 4096-byte block size, each block would have 8 inodes), which is ideal for a mail server storing millions of small files, as it provides a very high inode density to avoid running out of inodes.

Exam trap

The trap here is that candidates often confuse the `-I` (inode size) flag with the `-i` (bytes-per-inode) flag, or assume that setting a large block size (`-b 4096`) alone is sufficient to handle many small files, when in fact the inode ratio is the critical parameter for inode count.

How to eliminate wrong answers

Option B is wrong because while it sets the inode size to 256 bytes with `-I 256`, it does not specify the bytes-per-inode ratio; the `-b 4096` flag only sets the block size to 4096 bytes, leaving the inode ratio at the default (typically 16384 bytes per inode), which would create far too few inodes for millions of small files. Option C is wrong because `mkfs.xfs` does not support a direct bytes-per-inode ratio flag like `-i`; the `-i maxpct=50` option limits the maximum percentage of filesystem space used for inodes, but XFS is not designed for extremely high inode counts and cannot match the fine-grained control of ext4's `-i` parameter. Option D is wrong because `mkfs.btrfs` with `-s 4k` sets the sector size to 4KB, not the inode size or inode ratio; Btrfs dynamically allocates inodes and does not allow manual tuning of inode density, making it unsuitable for the specific requirement of a 1:512 block-to-inode ratio.

33
MCQmedium

A Linux system has a 500GB SSD. The administrator wants to partition it to support a web server with the following requirements: root (/) 20GB, swap 4GB, /var 50GB, /home 100GB, and the remaining for /srv. Which partitioning strategy is best practice according to the FHS and performance considerations?

A.Use a single partition for root, but create separate partitions for /tmp, /var, /home, and /srv.
B.Create a single LVM volume group with logical volumes for each mount point.
C.Create separate partitions for root, swap, /var, /home, and /srv.
D.Allocate one large partition for root and use bind mounts for /var, /home, and /srv.
AnswerC

Separate partitions provide isolation, prevent one oversize from affecting others, and allow different mount options per filesystem.

Why this answer

Option C is correct because creating separate partitions for root, swap, /var, /home, and /srv aligns with best practices for the Filesystem Hierarchy Standard (FHS) and performance isolation. This approach prevents one filesystem from exhausting space needed by another (e.g., runaway logs in /var cannot fill /home) and allows independent mount options (e.g., noexec on /home) and filesystem tuning for each mount point.

Exam trap

The trap here is that candidates often choose LVM (Option B) thinking it is always best practice for flexibility, but the question explicitly asks for best practice according to the FHS and performance considerations — for a fixed-size single disk with known requirements, simple partitions are simpler, faster, and more aligned with FHS separation principles than LVM's added abstraction layer.

How to eliminate wrong answers

Option A is wrong because it omits a separate swap partition (required for virtual memory) and includes /tmp, which is not requested; the FHS does not mandate separate /tmp for a web server, and the requirement specifies swap, not /tmp. Option B is wrong because while LVM offers flexibility, the question asks for 'best practice according to the FHS and performance considerations' — LVM adds complexity and potential performance overhead (e.g., metadata I/O, lack of direct block alignment) compared to simple partitions for a fixed-size, single-disk scenario; the FHS does not require LVM. Option D is wrong because bind mounts do not provide independent filesystem boundaries; all data resides on the root partition, so a full root filesystem would still affect /var, /home, and /srv, defeating the purpose of isolation and risking system instability.

34
Multi-Selecthard

Which TWO of the following are true about the /proc filesystem?

Select 2 answers
A.It is formatted with the ext4 filesystem.
B.It is a network filesystem.
C.It is a pseudo-filesystem that contains runtime system information.
D.It is used to store persistent configuration data.
E.It is typically mounted at boot time.
AnswersC, E

Correct: /proc is virtual.

Why this answer

Option C is correct because the /proc filesystem is a pseudo-filesystem that does not exist on disk; it is created by the kernel at runtime to expose system and process information (e.g., /proc/cpuinfo, /proc/meminfo). It provides a mechanism for user-space programs to query kernel data structures without making system calls directly.

Exam trap

The trap here is that candidates often confuse /proc with a real filesystem stored on disk, leading them to select Option A, or they mistake its runtime nature for persistent storage (Option D), when in fact /proc is a volatile kernel interface that is mounted automatically at boot (Option E).

35
MCQeasy

A system administrator needs to check if a filesystem has any errors without actually performing a repair. Which command should be used?

A.fsck -y /dev/sdb1
B.fsck -N /dev/sdb1
C.fsck -n /dev/sdb1
D.e2fsck -p /dev/sdb1
AnswerC

fsck -n performs a non-interactive, read-only check.

Why this answer

The `-n` option with `fsck` performs a read-only check, displaying any filesystem errors without making any modifications or repairs. This is the correct choice for a non-destructive check that only reports issues.

Exam trap

The trap here is confusing `-N` (which only shows what would be checked without actually scanning) with `-n` (which performs a read-only scan), leading candidates to mistakenly choose the dry-run option instead of the actual read-only check.

How to eliminate wrong answers

Option A is wrong because `fsck -y` automatically answers 'yes' to all repair prompts, which would attempt to fix errors, not just check for them. Option B is wrong because `fsck -N` only shows what would be done (a dry-run) without actually checking the filesystem for errors. Option D is wrong because `e2fsck -p` automatically repairs filesystem issues without prompting, which performs repairs rather than just checking.

36
MCQhard

A medium-sized company runs a web server on Linux with two 1TB disks in a software RAID1 (mdadm) configuration for the root filesystem and /var. Recently, the /var partition is reporting low disk space. The administrator discovers that old log files are consuming space but should be rotated. However, the logrotate service is not running. After starting logrotate, it fails to rotate some logs because of missing directories. Additionally, the administrator wants to add a third disk (500GB SSD) for additional storage and mount it under /srv/webdata. The disk is new and not partitioned. The server uses systemd and the current /etc/fstab uses UUIDs. What is the correct sequence of steps to add the new disk and ensure it is mounted automatically at boot?

A.Format the disk with ext4, add an entry to /etc/fstab using the device path /dev/sdc with the nofail option, then mount -a.
B.Partition the disk with fdisk, create an ext4 filesystem, create the mount point, mount the filesystem, obtain the UUID, add an entry to /etc/fstab using the UUID, and run mount -a to verify.
C.Add the disk to the existing RAID1 array to expand it, then grow the filesystem to use the new space.
D.Initialize the disk as an LVM physical volume, extend the existing volume group, create a logical volume, format it, mount it, and add to /etc/fstab.
AnswerB

This is the correct, standard procedure.

Why this answer

Option B is correct because it follows the standard procedure for adding a new disk to a Linux system: partition the disk (even if only one partition is needed), create a filesystem, create a mount point, mount it, obtain the UUID (e.g., via blkid), add an entry to /etc/fstab using the UUID for reliable boot-time mounting, and verify with mount -a. This ensures the disk is mounted automatically at boot, independent of device name changes, and aligns with systemd's expectation of UUID-based fstab entries.

Exam trap

The trap here is that candidates may think they can skip partitioning (Option A) or assume LVM is always better (Option D), but the LPIC-1 exam expects the standard, safe procedure of partitioning, formatting, and using UUIDs in fstab for a new disk.

How to eliminate wrong answers

Option A is wrong because it skips partitioning (a new disk must be partitioned before creating a filesystem, even if using the whole disk), uses the device path /dev/sdc instead of a UUID (which can change on reboot, especially with multiple disks), and the nofail option is unnecessary and not a substitute for proper fstab configuration. Option C is wrong because adding the disk to the existing RAID1 array would expand the array but not create a separate mount point under /srv/webdata; it would also require resyncing and growing the filesystem, which is not the stated goal of adding a third disk for additional storage. Option D is wrong because while LVM is a valid approach, the question does not mention LVM being in use, and the current setup uses software RAID1 and UUID-based fstab; introducing LVM would require additional steps (creating a volume group, logical volume) that are not part of the standard simple disk addition procedure, and the correct answer must match the simplest and most direct method described in the scenario.

37
MCQeasy

Which of the following directories is NOT defined in the Filesystem Hierarchy Standard (FHS)?

A./run
B./proc
C./net
D./media
E./sys
AnswerC

/net is not defined in the FHS.

Why this answer

The /net directory is not defined in the Filesystem Hierarchy Standard (FHS). The FHS specifies standard directory locations like /run, /proc, /media, and /sys, but /net is not a required or standard directory; it may appear in some systems as a mount point for network filesystems but is not part of the FHS specification.

Exam trap

The trap here is that candidates may assume /net is a standard FHS directory because it appears in some distributions for network mounts, but the FHS does not define it, and the exam expects knowledge of the official standard directories.

How to eliminate wrong answers

Option A is wrong because /run is defined in FHS as a tmpfs directory for storing volatile runtime data since FHS 3.0. Option B is wrong because /proc is defined in FHS as a virtual filesystem providing process and kernel information. Option D is wrong because /media is defined in FHS as the mount point for removable media devices.

Option E is wrong because /sys is defined in FHS as a virtual filesystem for kernel and device information (sysfs).

38
MCQeasy

An administrator needs to identify the device file for the first SATA SSD in a server. Which device file should they use?

A./dev/hda
B./dev/sdb
C./dev/nvme0n1
D./dev/sda
AnswerD

Correct: SATA SSDs are typically /dev/sda (first disk).

Why this answer

The first SATA SSD in a Linux system is typically assigned the device file /dev/sda. SATA drives use the SCSI subsystem via the libata driver, which names them /dev/sdX, with 'a' representing the first detected drive. This is the standard naming convention for SATA SSDs in modern Linux kernels.

Exam trap

The trap here is that candidates often confuse SATA with PATA (IDE) and choose /dev/hda, or mistakenly think SATA SSDs use NVMe naming like /dev/nvme0n1, not realizing that SATA drives are mapped to the SCSI subsystem as /dev/sdX.

How to eliminate wrong answers

Option A is wrong because /dev/hda is used for PATA (IDE) drives, not SATA SSDs; SATA drives are handled by the SCSI subsystem and named /dev/sdX. Option B is wrong because /dev/sdb would be the second SATA drive (or second SCSI device), not the first. Option C is wrong because /dev/nvme0n1 is used for NVMe SSDs, which connect via PCIe and use a different naming scheme (nvme0n1 for the first namespace of the first NVMe controller), not for SATA SSDs.

39
Multi-Selecthard

Which THREE conditions will cause the fsck command to automatically run on the root filesystem during boot? (Choose three.)

Select 3 answers
A.The 'fsck.mode=force' kernel parameter was specified.
B.The system was not shut down properly.
C.The root filesystem's superblock indicates an unclean unmount.
D.The root filesystem is read-only.
E.The filesystem has been mounted more than the configured maximum mount count.
AnswersB, C, E

Improper shutdown sets a dirty flag.

Why this answer

Option B is correct because when the system was not shut down properly (e.g., due to a power failure or crash), the root filesystem is marked as 'dirty' in its superblock. During the next boot, fsck detects this condition and automatically runs a filesystem check on the root partition to ensure consistency before mounting it.

Exam trap

The trap here is that candidates may think 'read-only' (Option D) implies a filesystem check is needed, but fsck only triggers based on superblock flags and mount counts, not the current mount mode.

40
MCQmedium

A server has a partition /dev/sda2 that is almost full. The admin suspects a large file has been deleted but is still held open by a process. Which command can identify such a file?

A.du -sh /
B.find / -size +100M
C.lsof | grep deleted
D.df -h
AnswerC

Shows open files marked as deleted.

Why this answer

The `lsof` command lists open files and their associated processes. When a file is deleted but still held open by a process, `lsof` shows the filename with a '(deleted)' marker in its output. Piping through `grep deleted` filters for exactly those entries, allowing the admin to identify the file and the process keeping it alive, which is the precise scenario described.

Exam trap

The trap here is that candidates often choose `df -h` or `du` because they show disk usage, but they fail to realize that deleted-but-open files are invisible to those tools, while `lsof` directly reveals the hidden space consumption.

How to eliminate wrong answers

Option A is wrong because `du -sh /` calculates disk usage of the entire root filesystem but does not show which files are deleted and still open; it only reports current space consumption. Option B is wrong because `find / -size +100M` locates files larger than 100 MB on disk, but it cannot detect files that have been unlinked (deleted) from the directory tree, as those files no longer have a directory entry to find. Option D is wrong because `df -h` shows overall filesystem disk usage and free space, but it provides no information about individual files or processes holding deleted files open.

41
MCQhard

A Linux system has a software RAID1 array /dev/md0 consisting of /dev/sda1 and /dev/sdb1. After replacing a failed disk, the administrator runs 'mdadm --manage /dev/md0 --add /dev/sdc1', but the array remains degraded. Which command should be used to check the status of the array?

A.mdadm --examine /dev/sdc1
B.mdadm --version
C.mdadm --detail /dev/md0
D.mdadm --query /dev/md0
AnswerC

Correct: shows detailed array status.

Why this answer

The `mdadm --detail /dev/md0` command displays the current state of the RAID array, including its status (e.g., degraded, active), the number of active and failed devices, and the sync/resync progress. Since the array remains degraded after adding a new disk, this command will show whether the new disk has been properly integrated or if there is an underlying issue, such as a missing or failed component.

Exam trap

The trap here is that candidates often confuse `--examine` (which inspects a disk's superblock) with `--detail` (which shows the array's overall state), leading them to choose Option A when they need to check the array's degraded status rather than a single disk's metadata.

How to eliminate wrong answers

Option A is wrong because `mdadm --examine /dev/sdc1` reads the superblock on a specific disk to show its metadata and RAID membership, but it does not report the overall array status or whether the array is still degraded. Option B is wrong because `mdadm --version` only prints the version of the mdadm utility and provides no information about the array's state. Option D is wrong because `mdadm --query /dev/md0` gives a brief summary (e.g., 'is not an md array' or a one-line status) but lacks the detailed device-by-device status and resync progress needed to diagnose why the array remains degraded.

42
MCQeasy

You are a junior system administrator tasked with adding a new 500GB HDD to a Debian 11 server that will be used for backup storage. The server currently has a 120GB SSD with two partitions: sda1 (boot) and sda2 (root). You have physically installed the HDD and it is recognized as /dev/sdb. You need to partition the disk with a single partition covering the entire disk, format it as ext4, and ensure it is automatically mounted at /backup at boot time. Which sequence of commands should you execute to accomplish this?

A.sudo parted /dev/sdb mklabel gpt && sudo parted /dev/sdb mkpart primary ext4 0% 100% && sudo mkfs.ext4 /dev/sdb1 && echo '/dev/sdb1 /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
B.sudo mkfs.ext4 /dev/sdb1 && echo '/dev/sdb1 /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
C.sudo mkfs.ext4 /dev/sdb && echo '/dev/sdb /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
D.sudo fdisk /dev/sdb (create partition) && sudo mkswap /dev/sdb1 && echo '/dev/sdb1 /backup ext4 defaults 0 2' | sudo tee -a /etc/fstab && sudo mount -a
AnswerA

Properly creates GPT partition table, single partition, formats as ext4, adds fstab entry, and mounts.

Why this answer

Option A is correct because it first creates a GPT partition table on /dev/sdb with parted, then creates a single primary partition spanning the entire disk, formats that partition (not the raw disk) as ext4, adds an fstab entry for automatic mounting at /backup, and finally mounts all filesystems. This sequence ensures the disk is properly partitioned, formatted, and configured for persistent boot-time mounting.

Exam trap

The trap here is that candidates may try to format the raw disk device (e.g., /dev/sdb) instead of a partition (e.g., /dev/sdb1), or skip the partitioning step entirely, leading to an unbootable or improperly configured filesystem.

How to eliminate wrong answers

Option B is wrong because it attempts to run mkfs.ext4 directly on /dev/sdb1 without first creating a partition table or partition on /dev/sdb, so /dev/sdb1 does not exist and the command will fail. Option C is wrong because it formats the raw disk device /dev/sdb with ext4 instead of a partition, which is not a standard practice and will prevent proper partitioning; also, the fstab entry references /dev/sdb, which is the whole disk, not a filesystem. Option D is wrong because it uses mkswap to create a swap filesystem on /dev/sdb1, but the requirement is to format it as ext4 for backup storage, not swap.

43
MCQeasy

The /proc filesystem is described as a virtual filesystem. Which statement best describes its purpose?

A.It contains configuration files for system services.
B.It provides an interface to kernel data structures and processes.
C.It holds binary executables for system administration.
D.It stores temporary files that survive reboots.
AnswerB

/proc is a pseudo-filesystem for kernel and process info.

Why this answer

The /proc filesystem is a virtual filesystem that does not contain actual files on disk but instead provides a runtime interface to kernel data structures, including process information, system memory, CPU details, and hardware configuration. This allows users and system tools (like ps, top, and free) to read kernel state in real time without needing direct kernel memory access.

Exam trap

The trap here is that candidates confuse /proc with a real filesystem for storing configuration or executables, when in fact it is a virtual interface to kernel data structures that contains no persistent files.

How to eliminate wrong answers

Option A is wrong because configuration files for system services are stored in /etc, not in /proc, which is a virtual filesystem with no persistent configuration data. Option C is wrong because binary executables for system administration reside in directories like /bin, /sbin, /usr/bin, or /usr/sbin, while /proc contains no executable binaries. Option D is wrong because temporary files that survive reboots are typically stored in /var/tmp, whereas /proc is a volatile, kernel-generated filesystem that is recreated fresh on every boot and does not persist any data.

44
MCQeasy

According to the Filesystem Hierarchy Standard (FHS), in which directory should third-party static libraries be installed?

A./lib
B./usr/local/lib
C./opt/lib
D./usr/lib
AnswerD

Third-party libraries that are not part of the base system should go in /usr/lib.

Why this answer

The Filesystem Hierarchy Standard (FHS) specifies that /usr/lib is the correct directory for third-party static libraries that are part of the system's package management. This directory holds libraries that are not dynamically linked and are required by programs in /usr/bin and /usr/sbin, ensuring consistency across the system.

Exam trap

The trap here is that candidates often confuse /usr/local/lib with the correct location for system-managed third-party libraries, mistakenly thinking 'local' implies any locally installed third-party software, when in fact /usr/local is for site-specific, non-package-manager software.

How to eliminate wrong answers

Option A is wrong because /lib is reserved for essential shared libraries and kernel modules required for booting and running core system binaries, not for third-party static libraries. Option B is wrong because /usr/local/lib is intended for locally compiled software and libraries not managed by the system's package manager, not for third-party packages installed via the system. Option C is wrong because /opt/lib is used for libraries that are part of self-contained add-on application packages installed in /opt, not for general third-party static libraries that follow the FHS hierarchy.

45
Multi-Selecthard

Which THREE commands can be used to display the UUID of a filesystem on a Linux system without superuser privileges? (Choose three.)

Select 3 answers
A.file -s /dev/sda1
B.blkid
C.dumpe2fs -h
D.findfs UUID=...
E.lsblk -f
AnswersA, B, E

file -s reads filesystem superblock and can display UUID for some filesystems; works without root if device permissions allow.

Why this answer

The `file -s /dev/sda1` command reads the superblock of the specified block device and displays filesystem type information, which typically includes the UUID for filesystems like ext4, XFS, or Btrfs. This works without superuser privileges because it only performs a read-only inspection of the device file's metadata, not requiring any write access or privileged system calls.

Exam trap

The trap here is that candidates often assume `dumpe2fs -h` works without root because it only reads metadata, but Linux requires root for direct block device access unless the device file has world-readable permissions (which is rare), while `blkid` and `lsblk -f` leverage cached data to bypass this restriction.

46
Multi-Selecteasy

Which TWO options in /etc/fstab affect whether a filesystem is mounted at boot? (Choose two.)

Select 2 answers
A.user
B.defaults
C.auto
D.ro
E.noauto
AnswersC, E

auto tells mount -a (boot) to mount the filesystem.

Why this answer

The 'auto' option (C) explicitly tells the system to mount the filesystem automatically at boot time via `mount -a` (as run by systemd or init scripts). Conversely, 'noauto' (E) prevents automatic mounting at boot, requiring manual intervention. Both directly control boot-time behavior in /etc/fstab.

Exam trap

The trap here is that candidates often confuse 'auto' with 'defaults' or think 'ro' affects boot mounting, when in fact only 'auto' and 'noauto' directly control automatic mounting at boot.

47
MCQhard

A disk is partitioned with GPT. The administrator wants to see the partition type GUIDs and partition UUIDs. Which command is most appropriate?

A.blkid /dev/sda
B.lsblk -f /dev/sda
C.fdisk -l /dev/sda
D.gdisk -l /dev/sda
AnswerD

Correct: gdisk -l displays GPT partition details including UUIDs.

Why this answer

Option D is correct because `gdisk -l /dev/sda` is the GPT-specific partitioning tool that displays partition type GUIDs (e.g., EBD0A0A2-B9E5-4433-87C0-68B6B72699C7 for Microsoft basic data) and partition unique GUIDs (UUIDs) for each partition on a GPT disk. Unlike MBR tools, GPT stores these 128-bit identifiers in the partition table headers, and `gdisk` is designed to read and present them directly.

Exam trap

The trap here is that candidates confuse filesystem UUIDs (shown by `blkid` and `lsblk -f`) with partition table GUIDs (type and partition UUIDs), and assume `fdisk -l` is sufficient for GPT details, but `fdisk` omits the GUIDs that `gdisk` specifically exposes.

How to eliminate wrong answers

Option A is wrong because `blkid /dev/sda` shows filesystem UUIDs and type labels (e.g., ext4, swap) from the block device's superblock, not the partition table's type GUIDs or partition UUIDs stored in the GPT header. Option B is wrong because `lsblk -f /dev/sda` also displays filesystem information (UUID, label, FSTYPE) from the filesystem metadata, not the GPT partition type GUIDs or partition UUIDs. Option C is wrong because `fdisk -l /dev/sda` is designed for MBR (DOS) partition tables and, while it can read GPT disks, it does not display partition type GUIDs or partition UUIDs; it shows only partition numbers, start/end sectors, size, and a generic type code (e.g., 'Microsoft basic data') without the GUIDs.

48
MCQeasy

A system administrator wants to ensure that the filesystem on /dev/sdb1 is checked for errors every 30 mounts. Which command accomplishes this?

A.fsck -c 30 /dev/sdb1
B.e2fsck -c 30 /dev/sdb1
C.tune2fs -c 30 /dev/sdb1
D.mount -o errors=remount-ro
AnswerC

Sets the mount count threshold to 30.

Why this answer

The `tune2fs` command is used to adjust tunable filesystem parameters on ext2/ext3/ext4 filesystems. The `-c` option sets the maximum mount count between filesystem checks; `tune2fs -c 30 /dev/sdb1` configures the filesystem to trigger an `fsck` check every 30 mounts. This is the correct tool for modifying this persistent setting.

Exam trap

The trap here is confusing the `-c` option of `tune2fs` (set mount count) with the `-c` option of `e2fsck` (bad-block check), leading candidates to mistakenly choose `e2fsck -c 30`.

How to eliminate wrong answers

Option A is wrong because `fsck` is a frontend that runs filesystem checks, not a tool to set mount-count parameters; `fsck -c 30` would attempt to check the filesystem and the `-c` option is not valid for setting mount intervals. Option B is wrong because `e2fsck` is the ext2/ext3/ext4 filesystem checker, and its `-c` option performs a bad-block scan, not a mount-count configuration. Option D is wrong because `mount -o errors=remount-ro` is a mount option that remounts the filesystem as read-only on error, but it does not schedule periodic checks based on mount count.

49
Multi-Selecteasy

Which TWO of the following commands can be used to create a new filesystem on a partition?

Select 2 answers
A.fdisk
B.mkfs.ext4
C.parted
D.fsck
E.mkfs
AnswersB, E

mkfs.ext4 directly creates an ext4 filesystem.

Why this answer

B is correct because `mkfs.ext4` is a specific command that creates an ext4 filesystem on a partition. E is correct because `mkfs` is a generic front-end that can create various filesystem types (e.g., ext4, xfs, btrfs) based on the `-t` option or by invoking filesystem-specific wrappers like `mkfs.ext4`.

Exam trap

The trap here is that candidates confuse partition management tools (fdisk, parted) with filesystem creation tools (mkfs), or mistakenly think fsck can create a filesystem because it interacts with filesystem metadata.

50
MCQmedium

A Linux system has two SATA disks: /dev/sda (250GB) and /dev/sdb (500GB). The administrator wants to create a logical volume group named 'vgdata' using partitions on both disks, then create a 600GB logical volume named 'lvdata' for a database. Which sequence of commands should be used?

A.pvcreate /dev/sdb1 /dev/sdc1; lvcreate -L 600G -n lvdata vgdata; vgcreate vgdata /dev/sdb1 /dev/sdc1
B.pvcreate /dev/sdb /dev/sdc; vgcreate vgdata /dev/sdb /dev/sdc; lvcreate -L 600G -n lvdata vgdata
C.pvcreate /dev/sdb1 /dev/sdc1; vgcreate vgdata /dev/sdb1 /dev/sdc1; lvcreate -L 600G -n lvdata vgdata
D.vgcreate vgdata /dev/sdb1 /dev/sdc1; pvcreate /dev/sdb1 /dev/sdc1; lvcreate -L 600G -n lvdata vgdata
AnswerC

Correct order: pvcreate, vgcreate, lvcreate.

Why this answer

Option C is correct because it follows the proper LVM sequence: first create physical volumes (PVs) on the partitions /dev/sdb1 and /dev/sdc1 using pvcreate, then create the volume group 'vgdata' from those PVs using vgcreate, and finally create the logical volume 'lvdata' with a size of 600GB using lvcreate. This order ensures that the PVs exist before the VG is created, and the VG exists before the LV is created.

Exam trap

The trap here is that candidates may confuse the order of LVM commands (pvcreate, vgcreate, lvcreate) or mistakenly use whole disks instead of partitions, but the question explicitly requires partitions on both disks.

How to eliminate wrong answers

Option A is wrong because it attempts to create a logical volume (lvcreate) before the volume group (vgcreate) exists, which will fail; also, it uses /dev/sdc1 instead of /dev/sdb1 for the second disk, but the question specifies /dev/sdb, not /dev/sdc. Option B is wrong because it uses whole disks (/dev/sdb and /dev/sdc) instead of partitions, which is possible but not the scenario described (the question says 'partitions on both disks'), and it also references /dev/sdc instead of /dev/sdb. Option D is wrong because it attempts to create the volume group (vgcreate) before creating the physical volumes (pvcreate), which will fail as the PVs must exist first.

51
MCQmedium

Refer to the exhibit. An administrator attempts to remount /mnt as read-only but receives the error shown. What is the most likely cause?

A.The /mnt directory is not a mount point
B.The /mnt directory is not empty
C.The /mnt directory does not exist
D.The filesystem is already mounted read-only
AnswerA

The error explicitly says 'mount point not mounted', meaning nothing is mounted there.

Why this answer

The error 'mount: /mnt is not a mount point' indicates that the administrator attempted to use the `remount` option on a directory that is not currently a mount point. The `mount -o remount` command only works on directories where a filesystem is already mounted; it modifies the mount options of an existing mount, not a regular directory. Since /mnt is not a mount point, the kernel rejects the operation with this specific error.

Exam trap

The trap here is that candidates confuse the `remount` option (which modifies an existing mount) with the `mount` command (which creates a new mount), leading them to think the error is about directory emptiness or existence rather than the mount point status.

How to eliminate wrong answers

Option B is wrong because a non-empty directory can still be a mount point; the error message specifically says 'not a mount point', not 'not empty'. Option C is wrong because if /mnt did not exist, the error would be 'mount: /mnt: No such file or directory', not 'not a mount point'. Option D is wrong because if the filesystem were already mounted read-only, the `remount` command would succeed (it would just be a no-op) or produce a different error like 'mount: /mnt: cannot remount ...' but not 'not a mount point'.

52
MCQhard

You are a Linux administrator for a large e-commerce company. The company's application server runs Ubuntu 22.04 and uses a Btrfs filesystem for the /srv/app partition to take advantage of snapshots and compression. During a routine maintenance window, you create a snapshot of the /srv/app subvolume using 'btrfs subvolume snapshot /srv/app /srv/app_snapshot'. Later, you need to roll back to the snapshot because of a failed application update. You attempt to delete the original subvolume with 'btrfs subvolume delete /srv/app', but the command fails with the error: 'ERROR: cannot delete '/srv/app': Device or resource busy'. You check that no processes are using the directory with lsof, and it shows no open files. The /srv/app subvolume is the default subvolume and is mounted via fstab with the option 'subvol=/' (the root of the Btrfs filesystem). What is the most likely reason for the deletion failure, and how should you proceed?

A.The subvolume is read-only; change it to read-write with 'btrfs property set -f /srv/app ro false'.
B.You cannot delete the subvolume because it is the default subvolume; you must first delete the snapshot and then recreate the original.
C.The Btrfs kernel module has a readahead lock on the subvolume; wait for it to expire or reboot.
D.The subvolume is the default subvolume (ID 5) and cannot be deleted while it is the mounted root; use 'btrfs subvolume set-default <new_subvol_id> /srv/app', then unmount and remount with the new default subvolume, then delete the old subvolume.
AnswerD

The default subvolume is special and cannot be deleted while it is the mounted root. Changing the default allows deletion after remount.

Why this answer

The error occurs because the subvolume at /srv/app is the default subvolume (ID 5) of the Btrfs filesystem, and it is currently mounted as the root of the filesystem via the 'subvol=/' mount option. A default subvolume cannot be deleted while it is mounted because the kernel treats it as the top-level volume. To delete it, you must first set a different subvolume as the default using 'btrfs subvolume set-default', then unmount and remount the filesystem with the new default, after which the original subvolume can be safely deleted.

Exam trap

The trap here is that candidates assume the 'Device or resource busy' error always means a process is using the directory, but in Btrfs it can also indicate that the subvolume is the mounted default, which requires changing the default before deletion.

How to eliminate wrong answers

Option A is wrong because the error is not about read-only status; the subvolume is writable by default, and a read-only subvolume would produce a different error message. Option B is wrong because you can delete the default subvolume after changing the default to another subvolume; deleting the snapshot first is unnecessary and does not address the root cause. Option C is wrong because there is no such thing as a 'readahead lock' on a Btrfs subvolume; the error is due to the subvolume being the mounted default, not a kernel lock.

53
MCQeasy

A Linux technician receives a report that a USB flash drive inserted into a system is not automatically detected. Which command should the technician use to verify if the device is recognized by the kernel?

A.fdisk -l
B.lsusb
C.blkid
D.dmesg | tail
AnswerD

dmesg output includes kernel messages; tail shows the latest entries, including USB detection.

Why this answer

The `dmesg | tail` command displays kernel ring buffer messages, which include real-time hardware detection events such as USB device insertion. When a USB flash drive is plugged in, the kernel logs messages about device recognition, driver binding, and assigned device nodes (e.g., /dev/sdb). This makes it the most direct way to verify if the kernel has detected the device.

Exam trap

The trap here is that candidates assume `lsusb` or `fdisk -l` are sufficient for kernel-level detection, but `lsusb` only confirms USB enumeration, not block device assignment, and `fdisk -l` requires prior kernel recognition.

How to eliminate wrong answers

Option A is wrong because `fdisk -l` lists partition tables on block devices that are already recognized by the kernel, but it does not show kernel detection events; if the device is not recognized, `fdisk -l` will not list it. Option B is wrong because `lsusb` only lists USB buses and devices at the USB protocol level, but it does not confirm whether the kernel has assigned a block device node or loaded the appropriate storage driver. Option C is wrong because `blkid` displays block device attributes (like UUID and filesystem type) for devices that are already present in the /dev directory; it cannot detect a device that the kernel has not yet recognized.

54
Multi-Selecteasy

Which TWO commands can be used to display information about block devices such as disks and partitions? (Choose exactly two.)

Select 2 answers
A.blkid
B.lsblk
C.df
D.fdisk -l
E.mount
AnswersA, B

Correct: blkid shows block device attributes.

Why this answer

`blkid` (block ID) locates and prints attributes of block devices, such as UUID, filesystem type, and LABEL, by reading the device's superblock. `lsblk` lists all block devices (e.g., disks, partitions) in a tree-like format, showing their major/minor numbers, size, and mount points, by reading sysfs and udev databases. Both commands are specifically designed to display information about block devices.

Exam trap

The trap here is that candidates often confuse `df` (filesystem disk usage) or `mount` (mounted filesystems) with commands that display raw block device information, not realizing that block device commands like blkid and lsblk work on unmounted devices and show attributes like UUIDs and partition tables.

55
MCQhard

According to FHS, which directory should NOT be mounted on a networked filesystem (e.g., NFS) because it contains host-specific configuration files?

A./home
B./var
C./etc
D./opt
AnswerC

Correct: /etc must be local to each host due to unique configuration.

Why this answer

The Filesystem Hierarchy Standard (FHS) specifies that /etc contains host-specific configuration files that must be local to each machine. Mounting /etc over a network filesystem like NFS would cause all clients to share the same configuration, breaking system identity, network settings, and security policies. This violates the FHS requirement that /etc be a local filesystem.

Exam trap

The trap here is that candidates may think /var or /home are the correct answers because they contain user data or logs, but the FHS specifically singles out /etc as the directory that must remain local due to its host-specific configuration files.

How to eliminate wrong answers

Option A is wrong because /home is designed to be shared across networked systems via NFS, allowing user home directories to be accessed from any client. Option B is wrong because /var contains variable data such as logs and spools that can be shared or local, but it is not specifically prohibited from NFS mounting by the FHS. Option D is wrong because /opt is for add-on software packages and can be shared over NFS if the software is identical across hosts, though it is not host-specific like /etc.

56
MCQhard

An ext4 filesystem is experiencing performance degradation due to very frequent small writes. Which tune2fs option can help by reserving a percentage of blocks for the root user to prevent fragmentation?

A.-i 0
B.-g root
C.-c 0
D.-m 0
AnswerD

-m sets reserved block percentage; setting to 0 frees space for all users but may increase fragmentation.

Why this answer

Option D is correct because the `-m 0` option in tune2fs sets the reserved blocks percentage to 0, which prevents the filesystem from reserving a percentage of blocks exclusively for the root user. This reduces fragmentation from frequent small writes by allowing all blocks to be used for data, avoiding the scenario where small files are scattered across reserved and unreserved areas. The reserved blocks are typically 5% by default, and setting it to 0 can improve performance for high-write workloads.

Exam trap

The trap here is that candidates often confuse `-m 0` with disabling filesystem checks (options A or C) or think `-g root` is a valid way to reserve blocks for root, when in fact `-m` directly controls the reserved block percentage and is the correct tool for this purpose.

How to eliminate wrong answers

Option A is wrong because `-i 0` disables the filesystem check interval (i.e., maximum time between checks), which does not affect block reservation or fragmentation from small writes. Option B is wrong because `-g root` is not a valid tune2fs option; the `-g` option is used to specify a group for reserved blocks, but it requires a group ID or name, and 'root' is not a valid group specification in this context. Option C is wrong because `-c 0` sets the maximum mount count between filesystem checks to 0, disabling checks based on mount count, which has no impact on block reservation or fragmentation.

57
Multi-Selectmedium

Which THREE directories are required to be directly under the root filesystem (/) according to the Filesystem Hierarchy Standard? (Choose exactly three.)

Select 3 answers
A./lib
B./var
C./sbin
D./bin
E./home
AnswersA, C, D

Correct: /lib is required for shared libraries and kernel modules.

Why this answer

According to the Filesystem Hierarchy Standard (FHS), the directories /bin, /lib, and /sbin are required to be directly under the root filesystem. /bin contains essential user command binaries needed for system booting and repair, /lib contains shared libraries and kernel modules required by binaries in /bin and /sbin, and /sbin contains essential system administration binaries for booting and recovery. These directories must be present on the root partition to ensure the system can boot and run in single-user mode.

Exam trap

The trap here is that candidates often confuse 'required' directories with 'recommended' ones, mistakenly selecting /var or /home because they are common, while the FHS only mandates /bin, /lib, and /sbin as essential for booting.

58
MCQhard

Refer to the exhibit. The 'mount -a' command fails for the NFS mount. What is the most likely cause?

A.The local mount point /mnt/nfs does not exist.
B.The filesystem type 'nfs' is not supported by the kernel.
C.The NFS server is not exporting the directory or is unreachable.
D.The 'defaults' option is missing for the NFS entry.
AnswerC

The error 'can't read superblock' typically indicates a problem connecting to the NFS server or the export.

Why this answer

The NFS server (192.168.1.100) is not reachable or the export is not available, causing the superblock read failure. The '_netdev' option indicates network filesystem, but it still fails if the network is not ready or server is down.

59
MCQmedium

You are the system administrator for a small business running a Red Hat Enterprise Linux 8 server that hosts a MySQL database and a web server. The server has two physical disks: a 240GB SSD (sda) with partitions sda1 (boot), sda2 (root), sda3 (swap), and a 1TB HDD (sdb) with a single partition sdb1 mounted at /var/lib/mysql. The server has been running for months without issues. However, this morning you receive alerts that the MySQL database is not accepting new connections. You log in and find that the /var filesystem is 100% full. You check the disk usage and see that /var/lib/mysql uses 90% of the space, but there are also large log files in /var/log/httpd. To free up space immediately and restore database service while planning a permanent solution, you decide to compress old log files and move some database archives to a backup server. After compressing several log files with gzip, the available space increases by only a few MB. You then delete some old database backups from /var/lib/mysql/backup, but the space usage shown by df remains unchanged. What is the most likely cause of this behavior?

A.Some processes have open file handles to the deleted files, preventing the space from being released.
B.The disk quota for the mysql user is exceeded, so deletions do not reduce usage.
C.The SSD is not TRIM-enabled, so deleted blocks are not reclaimed.
D.The filesystem was remounted read-only due to errors, so deletions are not permanent.
AnswerA

When a file is deleted but still open, the space is not freed until the file handle is closed. Use lsof to identify the processes.

Why this answer

When a file is deleted but still held open by a running process (e.g., the MySQL daemon or httpd), the filesystem does not release the disk space until all file handles are closed. In this scenario, the large log files in /var/log/httpd were compressed with gzip, but the original uncompressed files may still be open by the web server process, so deleting them (or the old database backups) does not free space until the process is restarted or the handles are released. This explains why df still shows 100% usage despite the deletions.

Exam trap

The trap here is that candidates assume deleting files immediately frees space on disk, overlooking the fact that open file handles by running processes can retain the data blocks until the handles are closed.

How to eliminate wrong answers

Option B is wrong because disk quotas limit the amount of space a user can consume, but they do not prevent freed space from being reflected after deletions; quotas would only block new writes, not hide released space. Option C is wrong because TRIM is an SSD-specific command for garbage collection of unused blocks, which affects performance and wear but does not impact whether deleted files release space on a mounted filesystem; the space release is a filesystem-level operation independent of TRIM. Option D is wrong because a read-only remount would prevent deletions from being written at all, not allow them to appear successful while hiding the space release; the user was able to delete files, so the filesystem is writable.

60
MCQhard

An administrator runs `fsck /dev/sdb1` on an ext4 filesystem that is currently mounted. What is the likely outcome?

A.It will succeed and repair any errors
B.It will automatically remount the filesystem read-only and check
C.It will refuse and exit with a warning
D.It will safely perform a read-only check
AnswerC

fsck detects the filesystem is mounted and aborts to prevent damage.

Why this answer

Running fsck on a mounted ext4 filesystem is unsafe because the kernel may have cached metadata that differs from the on-disk state, leading to false corruption detection or actual data loss. The fsck tool detects the mounted state via /proc/mounts or the kernel's internal mount table and refuses to run, printing a warning and exiting with a non-zero exit code (typically 8). This is a deliberate safety mechanism to prevent filesystem corruption.

Exam trap

The trap here is that candidates may assume fsck can safely perform a read-only check on a mounted filesystem, but the LPIC-1 exam tests the specific rule that fsck refuses to run on any mounted filesystem (except with special options like -f for root in single-user mode) to prevent data corruption.

How to eliminate wrong answers

Option A is wrong because fsck will not succeed or repair errors on a mounted ext4 filesystem; it aborts immediately to avoid corrupting the filesystem. Option B is wrong because fsck does not automatically remount the filesystem read-only; that would require manual intervention (e.g., 'mount -o remount,ro') and is not part of fsck's behavior. Option D is wrong because fsck does not safely perform a read-only check on a mounted ext4 filesystem; even a read-only check can be dangerous if the kernel's cached metadata differs from disk, and fsck explicitly refuses to run on any mounted filesystem (except for root filesystem in some emergency scenarios with special flags).

61
MCQmedium

An application assumes its data is stored in /opt/app/data, but the /opt filesystem is running out of space. The administrator moves the data to /var/app/data. Which method will allow the application to continue accessing the data at /opt/app/data without modifying the application's configuration?

A.Use ln -s /var/app/data /opt/app/data
B.Edit /etc/fstab to mount /var/app/data at /opt/app/data
C.Use mount --bind /var/app/data /opt/app/data
D.Create a symbolic link /opt/app/data -> /var/app/data
AnswerC

Bind mount makes /var/app/data accessible at /opt/app/data, preserving all file attributes and paths.

Why this answer

Option C is correct because `mount --bind` creates a bind mount that makes the contents of `/var/app/data` appear at `/opt/app/data` without moving or copying files. The application continues to access the data at the original path, and the kernel transparently redirects all filesystem operations to the new location. This avoids modifying the application's configuration or creating a symbolic link that might not be followed by all programs (e.g., those using `chroot` or running with restricted permissions).

Exam trap

The trap here is that candidates often choose symbolic links (options A or D) because they seem simpler, but they overlook that some applications or system services (e.g., those running under `chroot` or with `noexec` restrictions) may not follow symlinks, whereas a bind mount works at the kernel level and is fully transparent.

How to eliminate wrong answers

Option A is wrong because `ln -s /var/app/data /opt/app/data` creates a symbolic link named `/opt/app/data` pointing to `/var/app/data`, but the application expects a directory at `/opt/app/data`, not a symlink; if the application does not follow symlinks (e.g., due to security restrictions or `O_NOFOLLOW`), it will fail. Option B is wrong because editing `/etc/fstab` to mount `/var/app/data` at `/opt/app/data` requires a reboot or manual remount, and the mount point `/opt/app/data` must already exist as an empty directory; this is a persistent solution but not the immediate, non-disruptive method described. Option D is wrong because creating a symbolic link `/opt/app/data -> /var/app/data` is essentially the same as option A and suffers from the same limitations; additionally, the order of arguments is reversed (the link name should be the second argument), and the application may not traverse symlinks in certain contexts.

62
Multi-Selecteasy

Which TWO of the following are valid mount options for the ext4 filesystem?

Select 2 answers
A.sync
B.data=journal
C.noatime
D.ro
E.noload
AnswersB, C

Enables journaling of data, valid for ext4.

Why this answer

Option B is correct because 'data=journal' is a valid mount option for ext4 that enables journaling of both metadata and file data, providing the highest level of data integrity by writing all data to the journal before the main filesystem. Option C is correct because 'noatime' is a standard mount option that disables updating the access time (atime) on inodes, reducing disk writes and improving performance.

Exam trap

The trap here is that candidates often confuse generic mount options (like 'sync' or 'ro') with filesystem-specific options, or they misremember 'noload' as a valid ext4 option when it is actually an ext3 option or a misspelling of 'norecovery'.

63
MCQeasy

After plugging in a USB storage device, the system does not automatically mount it. The 'lsusb' command shows the device. What is the first command to check if the kernel detected the block device?

A.lsblk
B.mount
C.dmesg
D.fdisk
AnswerC

dmesg displays kernel ring buffer messages, which include device detection.

Why this answer

The 'dmesg' command displays kernel ring buffer messages, which include hardware detection and driver initialization logs. When a USB storage device is plugged in, the kernel logs the device's recognition, including the assigned block device name (e.g., /dev/sdb). Checking 'dmesg' is the first step to confirm that the kernel has detected the block device, even if it is not automatically mounted.

Exam trap

The trap here is that candidates assume 'lsblk' or 'mount' are the first commands to check, but they only show devices that have already been fully registered or mounted, not the raw kernel detection event that 'dmesg' captures.

How to eliminate wrong answers

Option A is wrong because 'lsblk' lists block devices but relies on the kernel having already registered them; if the device is not automatically mounted, 'lsblk' may not show it if the kernel hasn't detected it yet. Option B is wrong because 'mount' shows currently mounted filesystems, not whether the kernel detected the block device; a device can be detected but not mounted. Option D is wrong because 'fdisk' is a partitioning tool that requires the block device to already be recognized by the kernel; it cannot detect or confirm initial kernel detection.

64
MCQhard

A company is setting up a database server that requires high reliability and support for snapshots. The storage will be on a single large disk. Which filesystem is best suited for this requirement?

A.ext4
B.NTFS
C.XFS
D.btrfs
AnswerD

Btrfs natively supports snapshots, checksums, and self-healing for high reliability.

Why this answer

Btrfs (B-tree filesystem) is best suited for this requirement because it natively supports snapshots, checksumming, and copy-on-write (CoW) for high reliability, all on a single disk. Unlike other Linux filesystems, btrfs provides built-in snapshot and rollback capabilities without requiring an external volume manager, making it ideal for database servers needing consistent point-in-time backups.

Exam trap

The trap here is that candidates often choose XFS for its high performance with large files, but they overlook that XFS lacks native snapshot support, while btrfs is specifically designed for advanced features like snapshots and self-healing on a single disk.

How to eliminate wrong answers

Option A is wrong because ext4 lacks native snapshot support; it relies on external tools like LVM for snapshots, which adds complexity and does not provide filesystem-level checksumming for data integrity. Option B is wrong because NTFS is a Windows filesystem not natively supported on Linux without FUSE or kernel modules, and it is not designed for the Linux environment or LPIC-1 scope. Option C is wrong because XFS does not support snapshots natively; it requires LVM or other volume managers for snapshot functionality, and while it offers high performance for large files, it lacks the integrated snapshot and rollback features of btrfs.

65
Multi-Selecteasy

Which TWO commands can be used to create an ext4 filesystem on a partition?

Select 2 answers
A.mkfs.btrfs /dev/sdb1
B.mkfs.ext4 /dev/sdb1
C.mke2fs -t ext4 /dev/sdb1
D.mkfs.msdos /dev/sdb1
E.mkfs.xfs /dev/sdb1
AnswersB, C

Explicitly creates ext4 filesystem.

Why this answer

The `mkfs.ext4` command is a direct front-end for creating an ext4 filesystem, making option B correct. Option C is also correct because `mke2fs -t ext4` explicitly calls the ext2/3/4 filesystem creation tool with the ext4 type, producing an identical ext4 filesystem. Both commands ultimately invoke the same underlying `mke2fs` utility with the appropriate filesystem type.

Exam trap

The trap here is that candidates may think only `mkfs.ext4` is valid, overlooking that `mke2fs -t ext4` is an equivalent command, or they may confuse filesystem-specific mkfs wrappers (like `mkfs.btrfs` or `mkfs.xfs`) as being able to create ext4 filesystems.

66
MCQeasy

Which command creates an ext4 filesystem on /dev/sdb1 without interactive prompts?

A.mkfs -t ext4 /dev/sdb1
B.mke2fs -t ext4 /dev/sdb1
C.mkfs.ext2 /dev/sdb1
D.mkfs.ext4 /dev/sdb1
AnswerD

Correct: mkfs.ext4 creates an ext4 filesystem non-interactively.

Why this answer

Option D is correct because `mkfs.ext4` is a direct frontend to `mke2fs` that creates an ext4 filesystem without interactive prompts. It automatically formats the partition with ext4 defaults, requiring no user confirmation, making it suitable for scripting.

Exam trap

The trap here is that candidates often confuse `mkfs -t ext4` (which may prompt interactively) with `mkfs.ext4` (which is designed for non-interactive use), or they mistakenly think `mkfs.ext2` can create an ext4 filesystem due to the similar naming convention.

How to eliminate wrong answers

Option A is wrong because `mkfs -t ext4 /dev/sdb1` will create an ext4 filesystem but may prompt for confirmation if the device is already formatted or if it detects an existing filesystem, depending on the version and environment; it is not guaranteed to be non-interactive. Option B is wrong because `mke2fs -t ext4 /dev/sdb1` is equivalent to `mkfs.ext4` in functionality, but the command name `mke2fs` is less commonly used and the question specifically asks for the command that creates an ext4 filesystem without interactive prompts; while it works, the standard and expected answer is `mkfs.ext4`. Option C is wrong because `mkfs.ext2 /dev/sdb1` creates an ext2 filesystem, not ext4, and thus does not meet the requirement.

67
Multi-Selectmedium

Which THREE directories are required by the Filesystem Hierarchy Standard (FHS) to exist on the root filesystem? (Choose three.)

Select 3 answers
A./proc
B./var
C./srv
D./opt
E./sys
AnswersB, C, D

Required for variable data.

Why this answer

The Filesystem Hierarchy Standard (FHS) mandates that /var, /srv, and /opt must exist on the root filesystem. /var contains variable data such as logs and spools, /srv holds site-specific service data, and /opt is reserved for add-on application software packages. These directories are explicitly listed as required in the FHS specification.

Exam trap

The trap here is that candidates often confuse commonly present virtual filesystems (like /proc and /sys) with FHS-mandated directories, because they appear on almost every Linux system, but the FHS does not require them to exist on the root filesystem.

68
MCQhard

Refer to the exhibit. After adding a new disk to the system, the device /dev/sdb appears. However, the administrator cannot create partitions on /dev/sdb using fdisk. What is the most likely reason?

A.The disk is currently in use as a physical volume for LVM.
B.The disk is mounted and cannot be partitioned.
C.The disk does not have a valid partition table.
D.The kernel does not support the disk's interface.
AnswerA

Active LVM physical volumes cannot be partitioned with fdisk; the PV must be removed first.

Why this answer

The device /dev/sdb has major number 8, minor 16, which is correct for a disk. However, the 'disk' group may not have write permission? Actually, the permissions are brw-rw----, meaning owner root, group disk, with read-write for owner and group. The administrator is likely not in the 'disk' group, or the kernel is not recognizing the disk properly.

But a common issue is that the disk is already in use or the partition table is corrupted. Another possibility: the disk might be a loop device or something else. However, the most typical reason is that the disk is not properly recognized by the kernel (e.g., missing driver).

But given the exhibit shows /dev/sdb exists, the more plausible reason is that the disk is already partitioned and mounted, or the partition table is not recognized. Actually, fdisk would still work. Let's think: The exhibit shows /dev/sdb exists with major/minor numbers.

If the disk is new, it might not have a valid partition table. fdisk can still create one. But if the disk is already in use (e.g., part of a RAID or LVM), fdisk might refuse. Another possibility: the disk is a device-mapper or something.

Without more context, a common issue is that the disk is being used as a physical volume for LVM. The exhibit doesn't show that. Perhaps the disk is read-only? The permissions show rw for owner and group, so if the user is not root or not in disk group, they cannot write.

But the question says 'administrator', likely root. So maybe the disk is a whole disk that is already partitioned and the kernel has reread the partition table? Actually, if /dev/sdb exists, it's the whole disk. fdisk should work. I'll go with a different angle: the disk may have a filesystem directly on it (no partition table), and fdisk might warn but still work.

Hmm. Let's choose a plausible error: The disk is a removable device that is write-protected. But the exhibit doesn't show that.

Another: The disk is a virtual disk with a read-only backing store. I think the most reasonable answer for LPI Linux is that the disk is a partition of another device? No, /dev/sdb is a disk. I'll go with: The disk is being used by the system (e.g., as a swap device or part of a RAID array).

But the exhibit doesn't show that. Let's pick: The disk is not a block device? It is. Okay, I'll choose: The disk has a valid partition table that is in use, so fdisk refuses to modify it.

But fdisk can modify it anyway. Actually, fdisk will allow modification if the partitions are not mounted. I'll go with a different approach: The administrator is not using sudo or is not root.

But the exhibit shows root ownership. So maybe the disk is a loop device? No. Let's look at the options I'll create: A) The disk is not partitioned; B) The disk is mounted; C) The kernel does not recognize the disk; D) The disk is write-protected.

I'll pick B: The disk is mounted. But the exhibit doesn't show mount points. However, it's common that a disk may have partitions that are mounted, but the whole disk device cannot be partitioned if any partition is in use.

Actually, fdisk can still work on the whole disk even if partitions are mounted? It will warn but allow. But if the disk is in use (e.g., as a physical volume for LVM), fdisk may refuse. I'll go with: The disk is part of an LVM volume group.

But that's not shown. I'll create a reasonable scenario: The disk is already being used as a swap device. But the exhibit doesn't show swap.

To make it plausible, I'll say: The disk is a member of a RAID array. But again not shown. Hmm.

Let's look at the major/minor numbers: 8,16 is typical for sd devices. There's no obvious issue. I'll propose that the disk is a whole disk that is already partitioned, and the kernel has automatically recognized the partitions, but the administrator is trying to partition the whole disk again, which fdisk will allow but might cause issues.

Actually, the question says 'cannot create partitions'. Perhaps the disk has a size of 0? No. I'll go with: The disk is read-only due to a hardware switch.

But that's not in the exhibit. I think the best answer is: The disk has a partition table that is in use, and fdisk refuses to write because the kernel has the device open. But fdisk can still write with --force.

I'll choose: The disk is a removable device that is write-protected. But the exhibit shows no such indication. Let's decide: I'll make the correct answer: The disk is already in use as a physical volume for LVM, and fdisk cannot modify it while it is active.

That is a common scenario. I'll include that in the options.

69
MCQhard

Refer to the exhibit. The root filesystem is nearly full. The administrator needs to increase its size. Which steps should be performed?

A.Use parted to resize the root partition and then mount it
B.Use fdisk to increase the size of /dev/sda1 and then run resize2fs
C.Use lvextend to extend the logical volume and then resize2fs to resize the filesystem
D.Create a new filesystem on /dev/sda2 and mount it to /
AnswerC

Correct: LVM allows online resizing; lvextend extends LV, then resize2fs grows the filesystem.

Why this answer

Option C is correct because the root filesystem is on an LVM logical volume, as indicated by the exhibit (e.g., /dev/mapper/rootvg-rootlv). To increase its size, you must first extend the logical volume using lvextend, then resize the filesystem with resize2fs. This two-step process ensures the underlying block device and the filesystem are both enlarged to utilize the newly available space.

Exam trap

The trap here is that candidates assume the root filesystem is on a traditional partition and attempt to resize it with fdisk or parted, failing to recognize that LVM requires a different workflow with lvextend and resize2fs.

How to eliminate wrong answers

Option A is wrong because parted resizes partitions, not LVM logical volumes; the root filesystem resides on a logical volume, not a physical partition, so resizing the partition would not affect the LV. Option B is wrong because fdisk operates on physical partitions (e.g., /dev/sda1), but the root filesystem is on an LVM logical volume; increasing /dev/sda1 would not extend the LV, and resize2fs alone cannot expand the LV. Option D is wrong because creating a new filesystem on /dev/sda2 and mounting it to / would replace the existing root filesystem, destroying all data and requiring a complete reinstall or data migration, which is not a valid method to increase the size of the current root filesystem.

70
Multi-Selecthard

Which THREE of the following filesystem types are journaling filesystems? (Choose exactly three.)

Select 3 answers
A.ext4
B.XFS
C.ext2
D.Btrfs
E.VFat
AnswersA, B, D

Correct: ext4 supports journaling.

Why this answer

ext4 is a journaling filesystem that uses a journal to record metadata changes before they are written to the main filesystem, ensuring consistency after a crash. It is the default filesystem for many Linux distributions and supports features like extents and delayed allocation.

Exam trap

The trap here is that candidates often confuse ext2 with ext3/ext4, assuming all ext* filesystems are journaling, or they mistakenly think VFat has journaling capabilities due to its widespread use in removable media.

71
MCQhard

Refer to the exhibit. The system logs show the above messages. What is the most likely cause and the correct first action?

A.The filesystem is read-only; remount with 'mount -o remount,rw /'.
B.Filesystem corruption occurred; unmount and run fsck.
C.The device is unresponsive; replace the disk.
D.The filesystem is full; delete unnecessary files.
AnswerB

The error indicates corruption; fsck should be run offline.

Why this answer

The kernel log messages indicate a filesystem I/O error (e.g., 'EXT4-fs error (device sda1)') which typically points to filesystem corruption. Running fsck on the unmounted filesystem is the correct first action to repair the metadata and recover the filesystem. Option B is correct because fsck is the standard tool for checking and repairing filesystem inconsistencies.

Exam trap

The trap here is that candidates may confuse filesystem corruption with a full filesystem or a hardware failure, but the specific I/O error messages in the logs point to corruption, not capacity or device unresponsiveness.

How to eliminate wrong answers

Option A is wrong because remounting as read-write will not fix corruption; the filesystem is likely already read-only due to the error, and forcing a write could worsen damage. Option C is wrong because the device is responsive (logs show I/O errors, not a complete lack of response), and replacing the disk is premature without first attempting repair. Option D is wrong because the logs show I/O errors, not 'disk full' messages (e.g., 'No space left on device'); deleting files would not address the underlying corruption.

72
MCQmedium

Refer to the exhibit. On boot, which filesystem will be checked first by fsck?

A.The swap partition
B.The root filesystem (/)
C.The CD-ROM device
D.The /boot filesystem
AnswerB

Correct: Root has passno 1, checked first.

Why this answer

The root filesystem (/) is checked first by fsck because it is mounted read-only during the initial boot phase, and fsck must verify its integrity before the system can proceed to mount other filesystems. The order of filesystem checks is determined by the fs_passno field in /etc/fstab, where the root filesystem typically has a passno of 1, ensuring it is checked before any filesystem with a higher passno value.

Exam trap

The trap here is that candidates often assume the /boot filesystem is checked first because it contains the kernel and bootloader, but the root filesystem is always checked first due to its fs_passno=1 setting in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because swap partitions have a passno of 0 in /etc/fstab, which means they are never checked by fsck; swap is not a mounted filesystem and does not require integrity verification. Option C is wrong because CD-ROM devices are typically not listed in /etc/fstab with a passno greater than 0, and even if they were, they are not mounted at boot time by default; fsck only checks filesystems that are mounted or have a non-zero passno. Option D is wrong because the /boot filesystem, if separate, usually has a passno of 2, meaning it is checked after the root filesystem (passno 1) has been verified.

73
MCQeasy

After modifying /etc/fstab, an administrator wants to test if the new mount points can be mounted without rebooting. Which command should be used?

A.systemctl daemon-reload
B.mount -a
C.mount -o remount
D.mount -t ext4
AnswerB

mount -a mounts all filesystems in /etc/fstab (excluding those already mounted).

Why this answer

The `mount -a` command reads /etc/fstab and mounts all filesystems listed there that are not already mounted, making it the correct way to test new entries without rebooting. This command respects the mount options and order defined in fstab, allowing the administrator to verify that the new mount points work correctly.

Exam trap

The trap here is that candidates confuse `systemctl daemon-reload` with a command that applies fstab changes, when in fact it only reloads systemd unit files and has no effect on mount operations defined in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because `systemctl daemon-reload` is used to reload systemd unit files, not to mount filesystems; it does not process /etc/fstab mount entries. Option C is wrong because `mount -o remount` requires a specific device or mount point argument and only remounts an already mounted filesystem, it cannot mount new entries from /etc/fstab. Option D is wrong because `mount -t ext4` specifies the filesystem type but requires explicit device and mount point arguments, it does not read /etc/fstab to mount new entries.

74
Multi-Selecteasy

Which TWO commands can be used to display the UUID of a filesystem? (Choose two.)

Select 2 answers
A.df -h
B.mount
C.lsblk -f
D.cat /etc/fstab
E.blkid
AnswersC, E

Lists filesystem information including UUID when -f is used.

Why this answer

The `lsblk -f` command lists block devices and includes the filesystem UUID in its output, making it a valid tool for displaying UUIDs. The `blkid` command directly queries and displays UUIDs and other attributes of block devices, so it is also correct.

Exam trap

The trap here is that candidates may confuse `mount` (which shows current mounts) with `blkid` or `lsblk` for UUID display, or think `/etc/fstab` is a command rather than a configuration file.

75
MCQmedium

An admin runs 'lsblk' and sees that /dev/nvme0n1p1 is listed with size 512M and mounted at /boot/efi. What is the most likely filesystem type?

A.ext4
B.swap
C.xfs
D.vfat
AnswerD

ESP uses FAT32, often labeled vfat in Linux.

Why this answer

The /boot/efi partition is the EFI System Partition (ESP), which is required for UEFI boot. The ESP must be formatted with a FAT-based filesystem (typically vfat/FAT32) because the UEFI firmware is designed to read FAT partitions to load boot loaders. The size of 512M is also typical for an ESP.

Exam trap

The trap here is that candidates often assume /boot/efi uses a Linux filesystem like ext4 because it is a Linux mount point, but the UEFI specification mandates FAT for the ESP, making vfat the only correct choice.

How to eliminate wrong answers

Option A is wrong because ext4 is a Linux-native filesystem not supported by UEFI firmware for the ESP; the ESP must use FAT. Option B is wrong because swap is used for virtual memory, not for storing boot files or EFI executables. Option C is wrong because xfs is a high-performance filesystem for large data volumes, but it is not recognized by UEFI firmware for the ESP.

Page 1 of 2 · 108 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Devices Filesystems questions.