CCNA System Services Networking Questions

74 questions · System Services Networking topic · All types, answers revealed

1
MCQmedium

A DHCP server assigns IP addresses to clients, but some clients are not receiving the correct gateway. Which configuration file should be checked on the DHCP server?

A./etc/dhcpd.conf
B./etc/dhcp/dhclient.conf
C./etc/dhcp/dhcpd.conf
D./etc/resolv.conf
AnswerC

Standard configuration file for DHCP server.

Why this answer

Option A is correct because the DHCP daemon configuration file is typically /etc/dhcp/dhcpd.conf. Option B is wrong because that path is not standard. Option C is wrong because that file configures the DHCP client if using dhclient.

Option D is wrong because it is the default gateway file for the system, not DHCP config.

2
MCQmedium

An administrator wants systemd-journald logs to persist across reboots. What must be created?

A.The directory /run/log/journal
B.The file /etc/journald.conf
C.The directory /var/log/journal
D.The directory /var/spool/journal
AnswerC

If this directory exists and has correct ownership, journald stores logs persistently.

Why this answer

Option D is correct because creating /var/log/journal with appropriate permissions (owned by root:systemd-journal) makes logs persistent. Option A is the volatile location, Option B is a spool directory not used by journald, and Option C is not a standard path.

3
MCQmedium

An Ubuntu 20.04 server needs a static IP address. The administrator has created a netplan YAML file at /etc/netplan/01-netcfg.yaml. What is the next step to apply the configuration?

A.netplan apply
B.ifconfig eth0 down; ifconfig eth0 up
C.service network-manager restart
D.systemctl restart networking
AnswerA

netplan apply parses YAML and configures network interfaces accordingly.

Why this answer

The netplan apply command reads the YAML configuration and applies it to the system, typically by configuring systemd-networkd. Restarting the networking service is for legacy systems. ifconfig commands are deprecated. NetworkManager is usually not used on servers.

4
MCQhard

A company manages a cluster of 50 web servers running Ubuntu 20.04. The servers are configured to synchronize time with an internal NTP server at 10.0.0.100 using the default ntpd. The NTP server itself syncs with external stratum 2 servers. Recently, the security team implemented a restrictive iptables firewall on all servers, allowing only essential services. Several servers in the 10.0.1.0/24 network now report time drift and ntpq -p shows all peers with '?' status. A network engineer runs tcpdump on one affected server and sees no NTP replies from 10.0.0.100. The NTP server's firewall is configured to allow inbound NTP from 10.0.0.0/24 only. The engineer also notes that the server's /etc/ntp.conf contains the line 'restrict 10.0.0.100' (which is incorrect) and that ntpq -crv shows 'sync target not reachable'. Which single action will most directly resolve the synchronization issue for the affected servers?

A.Add an iptables rule on the affected server to accept outbound UDP packets to 10.0.0.100 port 123.
B.Remove the line 'restrict 10.0.0.100' from /etc/ntp.conf.
C.Modify the NTP server's firewall to allow inbound NTP from 10.0.1.0/24.
D.Add a static route on the affected server for 10.0.0.100 via a different gateway.
AnswerA

Correct: The client's firewall is dropping outbound NTP packets; allowing them enables the client to reach the server and receive time synchronization.

Why this answer

The problem is that the NTP client's firewall on the affected servers (10.0.1.0/24) is blocking outbound NTP traffic, and the server's firewall is correctly blocking inbound from non-10.0.0.0/24. The incorrect 'restrict 10.0.0.100' line in ntp.conf is irrelevant because it only restricts the role of that IP (as a client) and does not block traffic. Adding an ACCEPT rule for outbound UDP 123 to the NTP server on the client's iptables will allow the client to send requests and receive replies.

Changing the NTP server's firewall to allow 10.0.1.0/24 is a longer-term fix but not a direct action on the affected server. Modifying ntp.conf to remove the restrict line won't help with the firewall block. Adding a static route is irrelevant.

5
Multi-Selectmedium

On a modern Linux system using systemd-networkd for interface management and systemd-resolved for DNS, which THREE files are typically involved in network configuration and DNS resolution?

Select 3 answers
A./etc/systemd/network/10-static.network
B./etc/network/interfaces
C./etc/resolv.conf
D./etc/hosts
E./etc/sysconfig/network-scripts/ifcfg-eth0
AnswersA, C, D

systemd-networkd uses .network files in this directory.

Why this answer

/etc/systemd/network/ files define network interfaces. /etc/resolv.conf is a symlink managed by systemd-resolved and contains DNS server addresses. /etc/hosts provides local hostname resolution. /etc/network/interfaces is used by ifupdown (Debian legacy). /etc/sysconfig/network-scripts/ is used by Red Hat legacy ifcfg files.

6
MCQeasy

Refer to the exhibit. The administrator wants to ensure that SSH service starts automatically after a system reboot. Based on the output, what is the current status of this setting?

A.The service is enabled and will start at boot.
B.The service is disabled and will not start at boot.
C.The service is static and cannot be enabled.
D.The service is not running.
AnswerA

'enabled' indicates it will start at boot.

Why this answer

The `systemctl is-enabled sshd` command returns 'enabled', which means the SSH service is configured to start automatically at boot. This is confirmed by the output in the exhibit, showing that the service is enabled and will start during system initialization.

Exam trap

The trap here is that candidates may confuse the 'enabled' status with the 'active' (running) status, or misinterpret 'static' as a valid state for this service, when the output clearly shows 'enabled'.

How to eliminate wrong answers

Option B is wrong because the output explicitly shows 'enabled', not 'disabled', so the service will start at boot. Option C is wrong because 'static' is a possible systemd unit state that means the unit cannot be manually enabled or disabled but can be started by other units; however, the output shows 'enabled', not 'static'. Option D is wrong because the question asks about the status of automatic start at boot, not whether the service is currently running; the `is-enabled` command does not indicate the current runtime state.

7
Multi-Selecteasy

Which TWO commands can be used to display the current routing table on a Linux system?

Select 2 answers
A.ss -r
B.route -n
C.iptables -L
D.ifconfig -r
E.ip route show
AnswersB, E

Correct: route -n displays the routing table in numeric format.

Why this answer

The 'route -n' and 'ip route show' commands both display the kernel routing table. 'ifconfig -r' is invalid (ifconfig does not have a -r option). 'netstat -r' also displays routing tables, but it is deprecated and not listed as an option (here we used it as a distractor). 'ss -r' does not show routing; it shows socket statistics. 'iptables -L' shows firewall rules.

8
MCQeasy

A developer asks the system administrator to configure a local web server for testing using Apache. The server should serve files from /var/www/test. Which directive must be set in the Apache configuration to set this document root?

A.Alias /test /var/www/test
B.ServerRoot /var/www/test
C.DocumentRoot /var/www/test
D.DirectoryIndex /var/www/test
AnswerC

DocumentRoot defines the root directory for HTTP requests.

Why this answer

Option C is correct: DocumentRoot directive sets the directory from which Apache serves files. Option A (ServerRoot) sets config directory. Option B (DirectoryIndex) sets default file.

Option D (Alias) maps URL paths to directories.

9
MCQhard

A company runs a web server using Apache with multiple virtual hosts. The administrator needs to restrict access to a specific virtual host based on the client IP address. Which configuration directive should be placed inside the <VirtualHost> block to deny IP 192.168.1.100?

A.Require host 192.168.1.100
B.Require not ip 192.168.1.100
C.Deny from 192.168.1.100
D.Require valid-user
AnswerB

New syntax: Require not ip denies the specific IP.

Why this answer

Option B is correct because `Require not ip` is the Apache 2.4 syntax for access control. Option A is old syntax (Allow/Deny). Option C is for host-based.

Option D is for valid-user.

10
MCQmedium

Refer to the exhibit. The system has two network interfaces: eth0 and eth1. Which interface will be used to reach a host at IP address 10.10.10.10?

A.eth1 via gateway 10.0.0.1.
B.eth0 via gateway 192.168.1.1.
C.eth0 via the default gateway.
D.eth0 directly.
AnswerA

10.10.10.10 falls within 10.0.0.0/8.

Why this answer

The routing table determines that the destination IP 10.10.10.10 is not within any directly connected subnet (eth0: 192.168.1.0/24, eth1: 10.0.0.0/24). The most specific matching route is the static route to 10.0.0.0/8 via gateway 10.0.0.1 on eth1, which covers the 10.10.10.10 address. Therefore, eth1 is used to reach the host.

Exam trap

The trap here is that candidates often assume the default gateway is always used for non-local traffic, forgetting that a more specific static route (like 10.0.0.0/8) takes precedence over the default route.

How to eliminate wrong answers

Option B is wrong because the route via gateway 192.168.1.1 on eth0 is for the 192.168.1.0/24 subnet, which does not include 10.10.10.10. Option C is wrong because the default gateway (0.0.0.0/0) is only used when no more specific route matches; here, the 10.0.0.0/8 route is more specific and takes precedence. Option D is wrong because 10.10.10.10 is not on the directly connected subnet of eth0 (192.168.1.0/24), so it cannot be reached directly without a gateway.

11
MCQmedium

Based on the exhibit, what is the most likely cause of the SSH service failure?

A.The sshd service is disabled.
B.The firewall is blocking port 22.
C.Another service is already listening on port 22.
D.The SSH configuration file has a syntax error.
AnswerC

Address already in use error.

Why this answer

Option A is correct. The error 'Address already in use' indicates port 22 is already occupied by another process. Option B is wrong because the process exited successfully but was killed due to start limit.

Option C is wrong because there's no firewall mention. Option D is wrong because the service is enabled.

12
Multi-Selecthard

Which THREE of the following are true regarding the use of systemd-networkd for network configuration? (Choose three.)

Select 3 answers
A.It can assign static IP addresses using .network files.
B.It can be used to configure network bridges.
C.It supports DHCP for dynamic IP assignment.
D.Configuration files are stored in /etc/network/.
E.It supports bonding of multiple interfaces.
AnswersA, B, C

Static IP via .network files.

Why this answer

Option A is correct because systemd-networkd uses .network files (e.g., /etc/systemd/network/10-static.network) to assign static IP addresses via the [Address] section. This allows precise control over IPv4/IPv6 addresses, subnet masks, and gateways without relying on DHCP.

Exam trap

The trap here is that candidates confuse the configuration directory /etc/systemd/network/ with the legacy /etc/network/ used by ifupdown, or assume systemd-networkd supports bonding natively when it actually requires additional kernel modules or external tools.

13
MCQmedium

Refer to the exhibit. An administrator runs ss -tuln and gets the output above. Which of the following statements about this server is true?

A.The server only runs SSH and DNS.
B.The server runs SSH and NTP only.
C.The server only runs SSH and HTTP.
D.The server runs SSH, HTTP, HTTPS, NTP, and mDNS.
AnswerD

Ports 22, 80, 443, 123, and 5353 correspond to these services.

Why this answer

Option C is correct because the output shows SSH, HTTP, HTTPS, mDNS, and NTP services listening on their respective ports. Options A, B, and D are incomplete or incorrect.

14
MCQmedium

After a reboot, a server fails to obtain an IP address on its sole ethernet interface. The administrator checks /etc/netplan/01-netcfg.yaml and finds the configuration looks correct. However, the interface shows no IP. The system uses systemd-networkd. Which command should be run next to apply the configuration and bring up the interface?

A.netplan apply
B.ifup eth0
C.systemctl restart networking
D.systemctl restart systemd-networkd
AnswerA

netplan apply ensures the YAML config is parsed and applied to systemd-networkd.

Why this answer

netplan apply reads the YAML configuration and generates systemd-networkd files, then applies them. Restarting systemd-networkd alone may not re-read the netplan configuration. ifup is a legacy command. systemctl restart networking is for SysV systems.

15
Multi-Selecthard

An administrator needs to monitor real-time network bandwidth usage on a Linux server. Which two tools are specifically designed for this purpose? (Choose two.)

Select 2 answers
A.netstat
B.nload
C.traceroute
D.ping
E.iftop
AnswersB, E

Displays incoming and outgoing traffic graphs.

Why this answer

Options A and B are correct. iftop and nload display real-time network bandwidth usage. ping and traceroute measure connectivity, while netstat shows connections but not throughput.

16
MCQeasy

On a Debian-based system using ifupdown, which file should be edited to configure a static IP address for an interface?

A./etc/systemd/network/50-static.network
B./etc/network/interfaces
C./etc/netplan/01-netcfg.yaml
D./etc/sysconfig/network-scripts/ifcfg-eth0
AnswerB

This is the main configuration file for ifupdown on Debian.

Why this answer

Option B is correct because /etc/network/interfaces is the traditional configuration file for network interfaces on Debian. Option A is for Red Hat-based systems, Option C for netplan, and Option D for systemd-networkd.

17
MCQeasy

A system administrator notices that the system time is incorrect by several minutes. Which command should be used first to check the status of NTP synchronization?

A.timedatectl
B.ntpdate
C.date
D.hwclock
AnswerA

timedatectl displays NTP synchronization status and allows detailed checks.

Why this answer

The timedatectl command shows the current time, date, timezone, and NTP synchronization status. The date command only displays the current time but not NTP status. hwclock accesses the hardware clock, and ntpdate performs a one-time sync but does not show status.

18
MCQeasy

An administrator notices that SSH connections to a remote Linux server are timing out. After confirming network connectivity, which command should the administrator run on the server to check whether the SSH daemon is actively listening?

A.ls /etc/ssh/
B.systemctl status sshd
C.nc -zv localhost 22
D.netstat -tuln
AnswerB

This command shows the current status of the sshd service, including whether it is running.

Why this answer

Option A is correct because systemctl queries the service manager to show the status of the sshd service, including whether it is running and enabled. Option B shows listening ports but does not give the service status. Option C tests port connectivity but not the service itself.

Option D only checks for configuration file existence.

19
Multi-Selectmedium

Which TWO of the following are valid methods to configure network interfaces on a Linux system? (Choose two.)

Select 2 answers
A.Editing /etc/network/interfaces file.
B.Using the 'ifconfig' command.
C.Using the 'ip' command.
D.Using the 'route' command.
E.Editing /etc/sysconfig/network-scripts/ network configuration files.
AnswersA, C

Used by Debian-based systems.

Why this answer

Option A is correct because the `/etc/network/interfaces` file is the primary configuration file for network interfaces on Debian-based Linux distributions (e.g., Ubuntu). It allows static or dynamic (DHCP) configuration of interfaces using directives like `iface`, `address`, and `netmask`, and is read by the `ifup` and `ifdown` commands at boot or on demand.

Exam trap

The trap here is that candidates often confuse temporary runtime commands (like `ifconfig` and `route`) with persistent configuration methods, or they assume a distribution-specific path like `/etc/sysconfig/network-scripts/` is universally valid across all Linux systems.

20
Multi-Selecthard

Which THREE steps are required to configure a static IP address on a modern Linux system using systemd-networkd?

Select 3 answers
A.Edit /etc/hosts to map IP to hostname
B.Create a .network file in /etc/systemd/network/
C.Edit /etc/resolv.conf to set DNS servers
D.Run 'ip addr add <IP> dev eth0'
E.Run 'systemctl restart systemd-networkd'
AnswersB, C, E

Required for static configuration.

Why this answer

Options A, B, and C are correct. To configure static IP with systemd-networkd: create a .network file (A), restart the service (B), and set DNS in resolv.conf or via network configuration (C). Option D (edit /etc/hosts) is optional and not required for IP configuration.

Option E (ip addr add) is temporary and not persistent.

21
Multi-Selecteasy

Which three files are essential for network configuration and name resolution on a typical Linux system? (Choose three.)

Select 3 answers
A./etc/network/interfaces
B./etc/hosts
C./etc/sysctl.conf
D./etc/nsswitch.conf
E./etc/resolv.conf
AnswersB, D, E

Maps hostnames to IP addresses locally.

Why this answer

Options A, B, and C are correct. /etc/hosts contains static hostname mappings, /etc/resolv.conf specifies DNS servers, and /etc/nsswitch.conf defines the order of name resolution sources. /etc/network/interfaces is distribution-specific, and /etc/sysctl.conf is for kernel parameters, not essential for basic network configuration.

22
Multi-Selecthard

Which TWO commands can be used to display the current firewall rules in a system using nftables? (Choose two.)

Select 2 answers
A.systemctl status nftables
B.iptables -L -n
C.nft list ruleset
D.nft list table inet filter
E.firewall-cmd --list-all
AnswersC, D

Lists entire nftables ruleset.

Why this answer

Options A and D are correct. `nft list ruleset` lists all nftables rules. `nft list table inet filter` lists a specific table. Option B is for iptables. Option C is for systemd service.

Option E is for firewall-cmd.

23
MCQmedium

A web server running Apache on Linux is experiencing slow response times. The administrator runs 'netstat -tuln' and sees many connections in TIME_WAIT state. Which of the following is the best course of action to improve performance?

A.Increase the KeepAliveTimeout directive.
B.Disable the KeepAlive directive.
C.Enable TCP keepalive and adjust kernel parameters for faster reuse.
D.Increase the MaxKeepAliveRequests directive.
AnswerC

Adjusting tcp_tw_reuse and tcp_tw_recycle can reduce TIME_WAIT.

Why this answer

Option C is correct because TIME_WAIT connections indicate that the server is waiting for lingering packets before fully closing TCP sockets. Enabling TCP keepalive and adjusting kernel parameters like net.ipv4.tcp_tw_reuse (or net.ipv4.tcp_tw_recycle in older kernels) allows the kernel to reuse sockets in TIME_WAIT state for new connections, reducing resource exhaustion and improving performance under high connection rates.

Exam trap

The trap here is that candidates confuse Apache's KeepAlive directives (HTTP-level persistent connections) with TCP-level keepalive and TIME_WAIT management, leading them to incorrectly choose options that adjust HTTP keep-alive settings instead of addressing the TCP socket state.

How to eliminate wrong answers

Option A is wrong because increasing KeepAliveTimeout (which controls how long Apache waits for the next request on a persistent connection) does not affect the TIME_WAIT state of TCP sockets; it only extends idle keep-alive duration, potentially worsening resource usage. Option B is wrong because disabling KeepAlive forces a new TCP connection for every HTTP request, which increases the number of TIME_WAIT sockets and degrades performance further. Option D is wrong because MaxKeepAliveRequests limits the number of requests per persistent connection, but does not address the underlying TCP TIME_WAIT issue; it may even increase connection churn if set too low.

24
MCQmedium

Refer to the exhibit. The administrator is unable to SSH into the server (TCP port 22) from a remote host. The iptables rules are as shown. What is the most likely cause?

A.The default policy is ACCEPT, so SSH should be accepted.
B.The second rule drops all incoming traffic, including SSH.
C.The SSH service is not running.
D.The first rule only allows loopback, not SSH.
AnswerB

The DROP rule matches all traffic not yet matched.

Why this answer

Option A is correct: the last rule drops all incoming traffic, and there is no rule allowing SSH. Option B is wrong because the default policy is ACCEPT, but the DROP rule supersedes. Option C is wrong because the loopback rule allows lo only.

Option D is wrong because the policy is ACCEPT but the explicit DROP rule catches all.

25
Multi-Selecteasy

Which TWO tools can be used to query DNS records? (Choose two.)

Select 2 answers
A.nslookup
B.ss
C.dig
D.ping
E.traceroute
AnswersA, C

Name server lookup, queries DNS.

Why this answer

Options B and D are correct. `dig` and `nslookup` are DNS query tools. Option A (ping) tests connectivity. Option C (traceroute) traces route.

Option E (ss) shows sockets.

26
Multi-Selectmedium

Which two commands can be used to send a test email from the command line to verify SMTP functionality? (Choose two.)

Select 2 answers
A.telnet localhost 25
B.mutt -s test user@example.com
C.mail -s test user@example.com
D.echo 'test' | sendmail user@example.com
E.sendmail -bv user@example.com
AnswersC, D

The mail command reads input and sends an email.

Why this answer

Options A and D are correct. The 'mail' command can send emails, and echoing text into sendmail also sends an email. Option B (sendmail -bv) only verifies the address, Option C (telnet) tests SMTP but does not deliver a complete email, and Option E (mutt) requires configuration.

27
MCQhard

A Linux system's hostname resolution does not consult /etc/hosts before querying DNS. Which file controls the order of name resolution services?

A./etc/nsswitch.conf
B./etc/host.conf
C./etc/resolv.conf
D./etc/dnsmasq.conf
AnswerA

This file controls the order of sources for name resolution, such as files (hosts) and DNS.

Why this answer

Option D is correct because /etc/nsswitch.conf defines the order of name resolution sources (e.g., files, dns). Options A configures DNS servers, B is legacy, and C is for a DNS proxy.

28
MCQhard

A company's server administrator needs to replace an existing DNS server (192.168.1.10) with a new one (192.168.1.20). Which file must be updated on all DHCP clients to ensure they use the new DNS server?

A./etc/dhcp/dhcpd.conf
B./etc/resolv.conf
C./etc/nsswitch.conf
D./etc/hosts
AnswerA

DHCP server config; update DNS options and restart DHCP.

Why this answer

Option B is correct because the DHCP server configuration (/etc/dhcp/dhcpd.conf) contains the DNS servers to be offered to clients. Updating that file and restarting the DHCP service will push the new DNS to clients. Option A is wrong because it is the client's local DNS config, but it should be managed by DHCP.

Option C is wrong because it is often overwritten by DHCP. Option D is wrong because it is for hostname resolution, not DNS server specification.

29
MCQhard

An administrator reviews the above DHCP server logs. Based on the output, which statement is correct about the DHCP transaction?

A.The client sent a DHCPINFORM to renew its existing lease.
B.The DHCP server is configured to assign IP addresses from a pool that includes 192.168.1.100.
C.The client successfully obtained the IP address 192.168.1.100.
D.The DHCP server rejected the client's request because the DHCPREQUEST was not broadcast.
AnswerC

DHCPACK confirms the lease assignment.

Why this answer

The DHCP server logs show a successful four-way handshake: DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. The final DHCPACK from the server confirms that the client has been granted the IP address 192.168.1.100, making option C correct.

Exam trap

The trap here is that candidates may confuse the DHCPREQUEST broadcast requirement with a rejection, or incorrectly assume that a DHCPINFORM is used for lease renewal, when in fact DHCPINFORM is only for stateless configuration requests.

How to eliminate wrong answers

Option A is wrong because a DHCPINFORM is used by a client that already has an IP address to request additional configuration parameters (like DNS servers), not to renew a lease; lease renewal uses DHCPREQUEST (unicast). Option B is wrong because the logs only show that 192.168.1.100 was offered and acknowledged; they do not indicate whether this address comes from a pool that includes 192.168.1.100 — the server could be configured with a static reservation or a different pool. Option D is wrong because the DHCPREQUEST in a typical renewal or selection phase is sent as a broadcast (with the 'broadcast' flag set) to ensure all DHCP servers on the subnet receive it; the server did not reject the request, as evidenced by the DHCPACK.

30
MCQeasy

Refer to the exhibit. A system administrator runs 'ip route show default' and gets this output. What does it indicate?

A.The DNS server is 192.168.1.1.
B.The default route points to gateway 192.168.1.1 on interface eth0.
C.The system has no internet access.
D.The IP address of the system is 192.168.1.1.
AnswerB

That is exactly what the output means.

Why this answer

Option B is correct because the output shows the default gateway is 192.168.1.1 reachable via interface eth0. Option A incorrectly interprets as DNS, Option C is false because connectivity may exist, Option D is wrong because the IP address is on eth0 but not shown as the device's own IP.

31
MCQhard

A mail server using Postfix is rejecting emails from a partner domain. The administrator checks the maillog and sees 'relay access denied'. Which Postfix configuration parameter is most likely misconfigured?

A.mydestination
B.inet_interfaces
C.relayhost
D.mynetworks
AnswerD

mynetworks specifies IP ranges allowed to relay.

Why this answer

Option A is correct: `mynetworks` defines which clients can relay through the server. Option B (mydestination) defines local domains. Option C (relayhost) is for outbound relay.

Option D (inet_interfaces) controls which interfaces to listen on.

32
Multi-Selectmedium

Which THREE steps are required to configure a network interface with a static IP address using the ip command (assuming interface eth0)? (Choose three.)

Select 3 answers
A.ifconfig eth0 192.168.1.10 netmask 255.255.255.0
B.ip route add default via 192.168.1.1
C.ip addr add 192.168.1.10/24 dev eth0
D.ip link set eth0 up
E.echo 'nameserver 8.8.8.8' > /etc/resolv.conf
AnswersB, C, D

Adds default gateway.

Why this answer

Options B, C, D are correct. You need to add IP, bring interface up, and add default route. Option A is not needed if using ip; ifconfig is deprecated.

Option E is for DNS, which is not part of ip command.

33
MCQhard

A server runs systemd-resolved and uses a VPN. DNS queries fail intermittently. The administrator checks /etc/resolv.conf and finds it is a symlink to /run/systemd/resolve/stub-resolv.conf. Which command should be used to view the effective DNS servers and debug the issue?

A.cat /etc/resolv.conf
B.resolvectl status
C.systemctl restart systemd-resolved
D.dig @localhost
AnswerB

resolvectl status shows per-link DNS servers and overall resolver configuration.

Why this answer

resolvectl status displays the DNS servers for each link, including VPN interfaces, and shows the current resolver configuration. cat /etc/resolv.conf only shows the stub file, not the actual upstream servers. dig @localhost uses the stub resolver. Restarting systemd-resolved may not fix misconfiguration.

34
MCQmedium

A system administrator notices that the system clock is consistently 5 minutes ahead of the actual time. The NTP service is enabled and running. Which command should the administrator run to force an immediate time synchronization?

A.ntpq -p
B.ntpdate pool.ntp.org
C.systemctl restart ntpd
D.timedatectl set-time ...
AnswerB

ntpdate performs immediate synchronization.

Why this answer

Option C is correct because `ntpdate` forces an immediate synchronization. Option A (ntpq) is for querying NTP status. Option B (timedatectl) sets time zone but not force sync.

Option D (systemctl restart ntpd) restarts the service but does not force immediate update.

35
MCQhard

After running 'ip route show default', a system administrator sees no output. Users on that system can only communicate with hosts on the local subnet. What is the most likely cause?

A.DNS is misconfigured
B.A firewall is blocking all traffic
C.The network interface is down
D.The default gateway is missing
AnswerD

Without a default route, traffic cannot reach external networks.

Why this answer

Option B is correct because the absence of a default route means traffic to destinations outside the local subnet cannot be forwarded. Option A could be an issue but connectivity to local subnet works. Option C is less specific, and Option D would cause no connectivity at all.

36
MCQeasy

A technician is troubleshooting network connectivity. The server's IP is 192.168.1.10/24, and the gateway is 192.168.1.1. The server can ping the gateway but cannot ping 8.8.8.8. Which command is most appropriate to check if the default route is configured?

A.route -n
B.ifconfig eth0
C.ping 192.168.1.1
D.arp -n
AnswerA

Shows routing table.

Why this answer

Option A is correct: `route -n` shows the routing table including default gateway. Option B (ifconfig) shows interface config. Option C (ping) tests connectivity.

Option D (arp) shows MAC address table.

37
MCQhard

A system administrator notices that the NTP service on a Linux server is not synchronizing time with external NTP servers. The administrator runs 'ntpq -p' and sees that all servers listed have a 'reach' value of 0. Which of the following is the most likely cause?

A.The system timezone is incorrectly set.
B.The NTP service is configured to use the local clock.
C.A firewall is blocking UDP port 123.
D.The NTP server is using a different NTP version.
AnswerC

Reach 0 indicates no response, common when firewall blocks NTP.

Why this answer

The `reach` value of 0 in `ntpq -p` output indicates that the NTP client has received no responses from any of the configured servers. Since NTP uses UDP port 123 for communication, a firewall blocking this port would prevent the client from sending or receiving NTP packets, resulting in zero reachability. This is the most common cause when all servers show a reach of 0.

Exam trap

The trap here is that candidates may confuse a reach value of 0 with a stratum value of 16 or a synchronization failure due to timezone misconfiguration, but the reach value specifically indicates network-level communication failure, not configuration or version issues.

How to eliminate wrong answers

Option A is wrong because the system timezone setting affects the display of local time, not the synchronization process with NTP servers; NTP works with UTC internally. Option B is wrong because if the NTP service were configured to use the local clock, the `ntpq -p` output would typically show a server entry like `LOCAL(0)` with a reach value greater than 0, not all servers at 0. Option D is wrong because NTP is backward compatible; different NTP versions (v3, v4) can interoperate, and version mismatch would not cause a reach value of 0 for all servers.

38
MCQhard

Refer to the exhibit. The administrator expects logs to be sent to a remote syslog server at 192.168.1.100 on UDP port 514. However, no logs are being received at the remote server. Which is the most likely issue?

A.The remote syslog server's firewall is blocking incoming UDP port 514.
B.The local7 rule overrides the remote rule.
C.The wildcard *.* does not include kernel messages.
D.The syntax should use @@ for UDP.
AnswerA

Most common issue: remote server not reachable or no listener.

Why this answer

Option C is correct: The syntax `@` indicates UDP by default, but often rsyslog requires TCP with `@@`. However, the real issue is that the remote server may not be listening. Option A is wrong because `*.*` sends all logs.

Option B is wrong because there's no other filter. Option D is less likely.

39
MCQmedium

On a Linux server using systemd and Postfix for email service, an administrator needs to diagnose a delivery failure for a local user. Which command should be used to view the most recent mail-related system journal entries?

A.tail -f /var/log/maillog
B.systemctl status postfix
C.less /var/log/syslog
D.journalctl -u postfix
AnswerD

This command retrieves all journal messages for the postfix unit, ideal for troubleshooting.

Why this answer

Option D is correct because journalctl -u postfix filters the systemd journal to show only Postfix-related logs. Option A checks a traditional log file, Option B is too general, and Option C shows service status only.

40
MCQmedium

Refer to the exhibit. A system administrator notices that remote SSH connections are being blocked from all IP addresses except 10.0.0.5. Which configuration change would allow SSH from any IP?

A.Add a new rule to accept SSH from any source to the beginning of the chain.
B.Change the INPUT chain policy to ACCEPT.
C.Delete the first rule.
D.Move the second rule to be the first rule.
AnswerA

Correct: Adding an ACCEPT rule for SSH from any source before the DROP rule will allow all SSH traffic, as the packet will be accepted before reaching the DROP rule.

Why this answer

The exhibit shows an iptables INPUT chain with a default policy of DROP. Rule 1 accepts SSH from 10.0.0.5 only. Rule 2 drops all SSH traffic.

To allow SSH from any IP, a new rule must be added before the DROP rule to ACCEPT SSH from any source. Changing the default policy to ACCEPT would still be overridden by the explicit DROP rule. Moving the second rule to first would drop all SSH.

Deleting the first rule would remove the only ACCEPT, leaving only the DROP rule, so still blocked.

41
Matchingmedium

Match each Linux command to its primary function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Search text using patterns

Change file permissions

Report snapshot of current processes

Archive files

Stream editor for filtering and transforming text

Why these pairings

Essential command-line utilities.

42
MCQeasy

A small business runs a web application on a Linux server that uses Apache to serve dynamic content via PHP-FPM. The server currently uses the default Apache configuration, but the administrator wants to improve security by limiting access to the server's administrative interface (located at /admin) to only the local network (192.168.1.0/24). The administrative interface is accessed via a separate VirtualHost on port 443. The administrator has created a new VirtualHost configuration file for the admin site. However, after reloading Apache, users from outside the local network can still access the /admin page. The administrator has verified that the VirtualHost is being parsed and that mod_authz_core is enabled. Which of the following actions would most likely resolve the issue?

A.Add the following inside the <VirtualHost> block for the admin site: <Directory /var/www/admin> Require ip 192.168.1.0/24 </Directory>
B.Add the following to the server's iptables: iptables -A INPUT -p tcp --dport 443 -s 192.168.1.0/24 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j DROP
C.Add the following inside the <VirtualHost> block: <Location /admin> Require valid-user AuthType Basic AuthUserFile /etc/httpd/.htpasswd </Location>
D.Set the DocumentRoot of the default VirtualHost to /var/www/admin.
AnswerA

This restricts directory access to the local subnet.

Why this answer

Option A is correct: The <Directory> block with Require ip restricts access to the /admin directory. Option B adds authentication but not IP restriction. Option C adds SSL but doesn't restrict.

Option D might allow all. The issue is likely missing IP restriction directives inside the VirtualHost.

43
MCQmedium

A system administrator is configuring a Linux server to act as a router. The server has two network interfaces: eth0 (192.168.1.1/24) and eth1 (10.0.0.1/24). Which of the following commands enables IP forwarding on this server?

A.route add default gw 10.0.0.1
B.sysctl -w net.ipv4.ip_forward=1
C.echo 1 > /proc/sys/net/ipv4/ip_forward
D.sysctl -w net.ipv4.ip_forward=1
AnswerD

Correctly enables IP forwarding.

Why this answer

Option D is correct because the `sysctl -w net.ipv4.ip_forward=1` command immediately enables IP forwarding at runtime by writing the value 1 to the kernel parameter `net.ipv4.ip_forward`. This is the standard and recommended method for enabling packet forwarding between interfaces on a Linux router, allowing traffic to be routed between the 192.168.1.0/24 and 10.0.0.0/24 networks.

Exam trap

The trap here is that candidates may confuse setting a default gateway (Option A) with enabling IP forwarding, or they may think that writing directly to `/proc/sys` (Option C) is incorrect because of case sensitivity or persistence concerns, but the real trick is that both Options B and D are identical commands, and the exam expects you to recognize that only one is listed as correct, so you must choose the one that matches the exact syntax shown in the answer choices.

How to eliminate wrong answers

Option A is wrong because `route add default gw 10.0.0.1` sets a default gateway for outbound traffic, not IP forwarding; it does not enable the kernel to forward packets between interfaces. Option B is wrong because `sysctl -w net.ipv4.ip_forward=1` is syntactically identical to Option D but is listed as a separate option; however, in the context of this question, Option B is actually the same command and would also be correct, but the question designates Option D as the correct answer, so Option B is considered a duplicate and not the intended choice. Option C is wrong because `echo 1 > /proc/sys/net/ipv4/ip_forward` is a valid method to enable IP forwarding, but it requires root privileges and the path is case-sensitive; the correct path is `/proc/sys/net/ipv4/ip_forward` (lowercase), and while it works, it is less preferred than `sysctl` because it does not persist across reboots and is not the standard LPIC-1 recommended command.

44
MCQhard

An administrator is troubleshooting a DNS issue. The command 'dig @8.8.8.8 example.com' returns a response, but 'host example.com' returns 'Host not found'. Which of the following is the most likely cause?

A.The network interface is down.
B.The /etc/hosts file is corrupt.
C.The DNS server at 8.8.8.8 is not responding.
D.The /etc/resolv.conf file is misconfigured.
AnswerD

'host' uses local resolver, which may have wrong DNS servers.

Why this answer

The command 'dig @8.8.8.8 example.com' succeeds, proving that the DNS server at 8.8.8.8 is reachable and functional, and that network connectivity is fine. However, 'host example.com' fails because it uses the system's default resolver, which reads /etc/resolv.conf to determine which DNS server to query. If /etc/resolv.conf is misconfigured (e.g., missing or incorrect nameserver entries), the resolver cannot reach a valid DNS server, resulting in 'Host not found'.

Exam trap

The trap here is that candidates see a successful 'dig' and assume DNS is fully working, not realizing that 'dig' with an explicit server bypasses the local resolver configuration, while 'host' relies on /etc/resolv.conf.

How to eliminate wrong answers

Option A is wrong because if the network interface were down, 'dig @8.8.8.8' would also fail (no route to host). Option B is wrong because the /etc/hosts file is used for local hostname resolution before DNS; a corrupt file could cause incorrect mappings but would not cause a 'Host not found' error when the DNS query itself fails—the resolver would still attempt DNS. Option C is wrong because the 'dig @8.8.8.8' command succeeded, directly proving that 8.8.8.8 is responding.

45
MCQhard

A Linux server running multiple virtual hosts on Apache suddenly becomes unresponsive to web requests. The administrator finds that the server still responds to ping. Which diagnostic command would best identify whether Apache is accepting connections?

A.ip route show
B.curl -I http://localhost
C.ping -c 4 localhost
D.ss -tlnp | grep :80
AnswerD

Shows if Apache is listening on port 80.

Why this answer

Option C is correct because ss -tlnp shows listening TCP sockets. If port 80 is not listed, Apache is not listening. Option A is wrong because ping tests ICMP, not TCP.

Option B is wrong because it shows the routing table. Option D is wrong because it tests connectivity to a specific host, not the server's own listening state.

46
MCQhard

Refer to the exhibit. A system administrator finds this line in /etc/rsyslog.conf. What is the effect of this configuration?

A.Only messages with facility *.info are forwarded.
B.All syslog messages are forwarded via TCP to the server.
C.All syslog messages are forwarded via UDP to the server at 192.168.1.100 on port 514.
D.Only authentication-related messages are forwarded.
AnswerC

General rule with @ for UDP, *.* for all.

Why this answer

Option A is correct because *.* means all facilities and priorities, @ indicates UDP syslog forwarding to the specified server and port. Option B is wrong because it specifies a filter not present. Option C is wrong because @ is UDP, not TCP.

Option D is wrong because it limits to authentication errors.

47
MCQeasy

Which of the following commands will display the default gateway of a Linux system?

A.arp -a
B.netstat -i
C.ip route show
D.ifconfig
AnswerC

Displays routing table including default gateway.

Why this answer

The `ip route show` command displays the kernel routing table, which includes the default gateway as a default route (typically `default via <gateway-IP>`). This is the standard modern tool for viewing routing information on Linux systems.

Exam trap

The trap here is that candidates often confuse `netstat -r` (which does show the routing table) with `netstat -i` (which only shows interface statistics), leading them to incorrectly select option B.

How to eliminate wrong answers

Option A is wrong because `arp -a` displays the ARP cache (IP-to-MAC address mappings), not routing information or the default gateway. Option B is wrong because `netstat -i` shows network interface statistics (packets, errors, etc.), not the routing table or default gateway. Option D is wrong because `ifconfig` displays network interface configuration (IP address, netmask, etc.) but does not show routing information or the default gateway.

48
MCQmedium

An organization's DNS server (BIND) is authoritatively serving the example.com zone. The administrator needs to add a mail exchange record for mail.example.com with priority 10. Which resource record should be added to the zone file?

A.example.com. IN MX 10 mail.example.com.
B.mail.example.com. IN A 192.168.1.10
C.mail.example.com. IN CNAME example.com.
D.example.com. IN TXT "v=spf1 mx -all"
AnswerA

MX record defines mail exchange with priority.

Why this answer

Option B is correct: MX record with priority and mail server hostname. Option A is an A record. Option C is a CNAME.

Option D is a TXT record.

49
Multi-Selecteasy

Which TWO commands are commonly used to start, stop, or restart system services on a Linux system that uses systemd as its init system?

Select 2 answers
A.service
B.journalctl
C.chkconfig
D.systemctl
E.init.d
AnswersA, D

service is a legacy wrapper that works with systemd on most distros.

Why this answer

systemctl is the native tool for managing systemd services. The service command still works as a wrapper for backward compatibility. init.d is a directory of scripts, not a command. chkconfig is for SysV init. journalctl is for logs, not service management.

50
MCQhard

A company runs a critical web application on a Linux server (Ubuntu 20.04) with Apache and MySQL. The server has two network interfaces: eth0 (public IP) and eth1 (private IP). Recently, the application has been experiencing intermittent connectivity issues. Users report that the web page sometimes loads slowly or times out. The administrator checks the network configuration and finds the following: eth0 is configured with a static IP 203.0.113.10/24, gateway 203.0.113.1; eth1 is configured with a static IP 10.0.0.10/24, no gateway. The administrator runs 'ip route show' and sees: default via 203.0.113.1 dev eth0, 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.10 metric 100. The administrator also notices that the system's /etc/resolv.conf contains nameserver 8.8.8.8 and nameserver 8.8.4.4. The MySQL server is configured to listen on 127.0.0.1. What is the most likely cause of the intermittent connectivity issues?

A.The private network interface (eth1) is misconfigured, causing traffic to be routed incorrectly.
B.The DNS servers are not reachable, causing delays in name resolution.
C.The public network interface (eth0) is experiencing high latency or packet loss due to ISP issues.
D.The MySQL server is listening on localhost, but should listen on the private IP for better performance.
AnswerC

Intermittent connectivity issues are often caused by problems with the external link.

Why this answer

Option C is correct because the intermittent connectivity issues described (slow page loads and timeouts) are classic symptoms of high latency or packet loss on the public network path. The routing table shows a default gateway via eth0 (203.0.113.1), which is the only path to the internet, and the DNS servers (8.8.8.8, 8.8.4.4) are external, so any degradation on eth0 would directly impact web application responsiveness. The administrator's observation that eth0 is configured with a static IP and gateway, combined with no alternative route, points to ISP-level issues as the most likely cause.

Exam trap

The trap here is that candidates may incorrectly attribute the issue to DNS misconfiguration or interface misrouting, overlooking that the default route via eth0 makes the public interface the single point of failure for internet-bound traffic, and that intermittent symptoms point to network path degradation rather than configuration errors.

How to eliminate wrong answers

Option A is wrong because eth1 is correctly configured with a static IP 10.0.0.10/24 and no gateway, which is appropriate for a private network; the routing table shows a direct route to 10.0.0.0/24 via eth1, and since the default route is via eth0, traffic is not misrouted. Option B is wrong because DNS servers 8.8.8.8 and 8.8.4.4 are public Google DNS servers that are typically reachable; if they were unreachable, the application would fail consistently rather than intermittently, and the issue would manifest as name resolution failures, not slow page loads or timeouts. Option D is wrong because MySQL listening on 127.0.0.1 is standard for local-only access, and the web application (Apache) is on the same server, so connecting via the loopback interface is optimal for performance; listening on the private IP would add unnecessary network overhead and not cause intermittent connectivity.

51
MCQhard

A sysadmin is troubleshooting a connectivity issue between two servers in different subnets. The output of 'traceroute 192.168.2.10' shows packets reaching a router but not the destination. The router's firewall uses iptables. Which rule would prevent the traceroute from completing?

A.-A INPUT -i lo -j LOG
B.-A INPUT -p udp -j ACCEPT
C.-A INPUT -p tcp --dport 80 -j REJECT
D.-A INPUT -p icmp --icmp-type port-unreachable -j DROP
AnswerD

Blocks ICMP Port Unreachable, which stops traceroute responses.

Why this answer

Option B is correct because traceroute sends UDP packets with increasing TTL, and the destination sends back ICMP Port Unreachable. Dropping ICMP would cause traceroute to hang. Option A is wrong because rejecting TCP is not relevant for traceroute (UDP).

Option C is wrong because logging doesn't block. Option D is wrong because accepting all UDP would not block.

52
Multi-Selectmedium

Which TWO configuration files are commonly associated with NTP client configuration?

Select 2 answers
A./etc/systemd/timesyncd.conf
B./etc/chrony.conf
C./etc/timezone
D./etc/ntp.conf
E./etc/ntpd.conf
AnswersB, D

Used by chronyd.

Why this answer

Options A and C are correct. /etc/ntp.conf is used by ntpd, and /etc/chrony.conf by chronyd, both NTP client implementations. Option B (ntpd.conf) is not standard. Option D (/etc/systemd/timesyncd.conf) is for systemd-timesyncd, another NTP client.

Option E (/etc/timezone) sets the timezone, not NTP servers.

53
Multi-Selectmedium

Which TWO commands can be used to display network interface statistics on a Linux system?

Select 2 answers
A.route -n
B.ss -s
C.ip -s link
D.netstat -i
E.ifconfig
AnswersD, E

Shows interface statistics.

Why this answer

Options A and C are correct. ifconfig and netstat -i both display interface statistics such as packets transmitted/received, errors, etc. Option B (ip -s link) also shows statistics, but since we need exactly two, A and C are classic. Option D (route -n) shows routing table.

Option E (ss -s) shows socket statistics summary.

54
MCQhard

A host on the 192.168.1.0/24 network cannot reach the internet. Based on the exhibit, which is the most likely cause?

A.There is no route to 192.168.1.0/24.
B.The default route is missing.
C.The gateway for internet traffic is incorrect; the host uses 10.0.1.254 for internal network, but the default gateway 10.0.1.1 may not be reachable from 192.168.1.0/24.
D.The routing table is empty.
AnswerC

Causes internet unreachability.

Why this answer

Option D is correct. The default route points to 10.0.1.1, but the 192.168.1.0/24 network is accessed via 10.0.1.254, which likely does not have internet connectivity. Option A is wrong because the default route exists.

Option B is wrong because the routing table is present. Option C is wrong because there is no evidence of a missing route for that network.

55
MCQeasy

A small office has a network printer with IP 192.168.1.100. The printer is shared via CUPS. A user reports that they cannot print a document from their workstation. The printer appears in the list of available printers, but when they try to print, the job hangs in the queue with status 'processing'. The administrator suspects the printer may be offline or the CUPS service is not running. Which command should the administrator run first to gather diagnostic information about the printer and its queue?

A.ping 192.168.1.100
B.lpstat -t
C.lpadmin -p printer -E
D.systemctl restart cups
AnswerB

lpstat -t shows printer status, queue, and error information for diagnosis.

Why this answer

lpstat -t provides a comprehensive overview of printer status, including whether the printer is accepting jobs, the queue state, and any error messages. Restarting cups could disrupt print jobs. Ping only tests network connectivity but not CUPS functionality.

Re-adding the printer is unnecessary without first diagnosing the issue.

56
MCQhard

A server in a corporate network uses systemd-resolved for DNS. Internal hostnames (e.g., server.example.lan) fail to resolve, but external names (e.g., google.com) work. The /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf. The administrator checks the systemd-resolved configuration and finds that the internal DNS server is listed globally, but the network interface has no specific DNS set. Which command should be used to assign the internal DNS server to the interface and fix resolution?

A.Add the internal hostnames to /etc/hosts.
B.Run 'resolvectl dns eth0 10.0.0.1' to set the DNS server for the interface.
C.Restart systemd-resolved service.
D.Edit /etc/resolv.conf and add the internal DNS server.
AnswerB

This sets the per-link DNS, allowing systemd-resolved to use the internal server for that interface.

Why this answer

The issue is that the per-link DNS configuration is missing. resolvectl dns sets the DNS server for a specific interface, overriding the global setting for that interface. Editing /etc/resolv.conf directly is ineffective as it is managed by systemd-resolved. Restarting the service does not set the missing per-link DNS.

Adding entries to /etc/hosts is a static workaround.

57
Drag & Dropmedium

Order the steps to mount an NFS share from a remote server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

NFS mounting requires the client package, a local directory, and the mount command with server and export path.

58
MCQeasy

A user submitted a print job to a CUPS printer but used the wrong options. Which command should the administrator use to cancel the job?

A.lpstat
B.cancel
C.lprm
D.lpadmin
AnswerB

The cancel command is part of CUPS and cancels print jobs.

Why this answer

Option B is correct because cancel is the standard CUPS command to remove print jobs. Option A (lprm) is from the legacy BSD printing system. Option C (lpstat) lists jobs, and Option D (lpadmin) configures printers.

59
MCQmedium

A sysadmin notices that after modifying iptables rules, the SSH service is unreachable from a specific subnet (192.168.1.0/24). Which command should be used to view the current rules with line numbers for easier identification?

A.iptables -L
B.iptables -L --line-numbers
C.iptables -t raw -L
D.iptables -t nat -L
AnswerB

Shows rules with line numbers for easier editing.

Why this answer

Option B is correct because iptables -L --line-numbers displays rules with line numbers, helpful for inserting or deleting rules. Option A is wrong because it shows rules but without line numbers. Option C is wrong because it shows the NAT table, not the filter table affecting SSH.

Option D is wrong because it shows raw table.

60
MCQeasy

An organization wants to implement a centralized logging solution for multiple Linux servers. Which service should run on the central server to receive syslog messages?

A.journald
B.syslogd
C.rsyslogd
D.syslog-ng
AnswerC

Standard syslog daemon used for receiving remote logs.

Why this answer

Option B is correct because the rsyslog daemon (rsyslogd) is the standard syslog server on modern Linux distributions. Option A is wrong because syslog-ng is not the default on most distributions. Option C is wrong because journald is the systemd log collector but not typically used as network syslog receiver by default.

Option D is wrong because syslogd is the legacy daemon, often replaced by rsyslog.

61
MCQmedium

A web server running on this host is not accessible from clients. Based on the exhibit, what is the most likely reason?

A.The FORWARD chain policy is DROP.
B.The OUTPUT chain policy is ACCEPT.
C.Incoming HTTP traffic is blocked by a DROP rule on port 80.
D.SSH traffic is blocked.
AnswerC

The rule explicitly drops TCP port 80.

Why this answer

Option A is correct. The INPUT chain has a DROP rule for TCP port 80, blocking incoming web traffic. Option B is wrong because port 22 (SSH) is allowed.

Option C is wrong because FORWARD policy is DROP but that affects forwarded traffic, not local input. Option D is wrong because OUTPUT policy is ACCEPT.

62
MCQeasy

A user reports that they cannot connect to a remote server using SSH. The administrator checks the SSH server status and it is running. Which of the following is the most likely cause?

A.A firewall is blocking port 22.
B.The client's subnet mask is incorrect.
C.The client cannot resolve the server's hostname.
D.The SSH server is using UDP instead of TCP.
AnswerA

Firewall blocking SSH port is a common issue.

Why this answer

SSH operates over TCP port 22 by default. If the SSH server is running but the client cannot connect, a firewall blocking port 22 is the most likely cause because it would prevent the TCP handshake from completing, even though the SSH daemon (sshd) is active and listening.

Exam trap

The trap here is that candidates may assume a running SSH server guarantees connectivity, overlooking that a firewall can block the port even when the service is active, or they may confuse SSH's TCP usage with UDP-based protocols like DNS.

How to eliminate wrong answers

Option B is wrong because an incorrect subnet mask would prevent the client from reaching any host outside its local subnet, but the question specifies a remote server, so routing or gateway issues would be more relevant; a subnet mask error alone would not selectively block SSH while allowing other traffic. Option C is wrong because if the client cannot resolve the server's hostname, the user would likely receive a 'Name or service not known' error, not a connection failure to a running SSH server; the administrator could test with the server's IP address to isolate DNS issues. Option D is wrong because SSH uses TCP (Transmission Control Protocol) for reliable, connection-oriented communication, not UDP; UDP is used by protocols like DNS or DHCP, and SSH has no UDP mode.

63
MCQeasy

A user reports that they cannot access the company's web server. The administrator confirms the server is running and network connectivity is fine. Which command should be used to verify that the HTTP service is listening on the correct port?

A.ping 127.0.0.1
B.netstat -rn
C.iperf3 -c localhost
D.ss -tlnp
AnswerD

Shows listening TCP sockets with port and process.

Why this answer

Option B is correct because ss -tlnp shows listening TCP sockets with port numbers and process names. Option A is wrong because it shows routing table. Option C is wrong because it tests connectivity, not listening sockets.

Option D is wrong because it shows network statistics, not listening ports.

64
MCQmedium

A system administrator wants to monitor network traffic on a specific port (TCP/443) entering the server. Which command will capture packets on interface eth0 and display them in real-time?

A.netstat -tulpn | grep :443
B.ss -tulpn | grep :443
C.tcpdump -i eth0 port 443
D.iptables -L -n -v
AnswerC

tcpdump captures packets on specified port.

Why this answer

Option C is correct: `tcpdump -i eth0 port 443` captures and displays packets on port 443. Option A (netstat -tulpn) shows listening ports. Option B (ss -tulpn) shows sockets.

Option D (iptables -L -n) lists firewall rules.

65
MCQeasy

A junior system administrator is tasked with setting up a new Linux server that will act as a network time client. The server must synchronize its clock with the external NTP pool servers 0.pool.ntp.org, 1.pool.ntp.org, and 2.pool.ntp.org. The administrator installs the ntp package and edits /etc/ntp.conf to include the following lines: server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org However, after restarting the ntpd service, the administrator notices that the system time does not appear to be synchronized. The command 'ntpq -p' returns no output. The administrator checks the status of the ntpd service with 'systemctl status ntp' and sees that the service is active (running). What is the most likely reason for the synchronization failure?

A.The NTP servers are unreachable due to a firewall blocking UDP port 123.
B.The ntpd daemon is configured to only adjust the clock gradually and refuses to make large time jumps by default.
C.The ntp.conf file is missing the 'pool' directive; instead, 'server' lines are used incorrectly.
D.The ntpd service is not enabled to start at boot, so it stopped after the administrator logged out.
AnswerB

ntpd will not step the time if the offset is too large; the -g flag or ntpdate command should be used initially.

Why this answer

B is correct because the ntpd daemon, by default, will not make large time jumps (more than a certain threshold, typically 128 ms) and instead gradually slews the clock. If the system clock is significantly out of sync (e.g., by minutes or hours), ntpd will refuse to step the time and may appear to do nothing, resulting in no output from 'ntpq -p' until the daemon has had time to adjust or until the offset is corrected manually. The administrator likely started ntpd with a large clock offset, and the daemon is waiting for the clock to drift naturally or for a manual intervention.

Exam trap

The trap here is that candidates assume a running service with configured servers should immediately synchronize, overlooking ntpd's default conservative behavior of refusing large time jumps, which is a common cause of apparent synchronization failure in exam scenarios.

How to eliminate wrong answers

Option A is wrong because if UDP port 123 were blocked by a firewall, the ntpd service would still be active and 'ntpq -p' would typically show the configured servers with a 'reach' value of 0, not return no output at all. Option C is wrong because the 'server' directive is perfectly valid for specifying NTP servers; the 'pool' directive is an alternative for a pool of servers but not required, and using 'server' lines does not cause synchronization to fail. Option D is wrong because the service is shown as 'active (running)' via systemctl, so it is currently running regardless of whether it is enabled at boot; the administrator's logout does not stop a running systemd service.

66
MCQeasy

An administrator is configuring a DHCP server to assign IP addresses to clients in the 192.168.10.0/24 subnet. The server should provide the default gateway as 192.168.10.1 and DNS server as 8.8.8.8. Which option in /etc/dhcp/dhcpd.conf defines the default gateway?

A.option subnet-mask 255.255.255.0;
B.option routers 192.168.10.1;
C.option broadcast-address 192.168.10.255;
D.option domain-name-servers 8.8.8.8;
AnswerB

routers is the DHCP option for default gateway.

Why this answer

Option A is correct: `option routers` in dhcpd.conf sets the default gateway. Option B (option domain-name-servers) sets DNS. Option C (option subnet-mask) sets netmask.

Option D (option broadcast-address) sets broadcast.

67
MCQhard

An administrator wants to combine two network interfaces into a single logical interface for redundancy and increased throughput. The system uses NetworkManager. Which method is currently recommended to achieve this?

A.Use ifenslave to enslave interfaces
B.Configure a bond using nmcli
C.Set up a team interface using teamd
D.Edit /proc/net/bonding directly
AnswerB

NetworkManager can manage bonded interfaces using nmcli, making it the recommended method.

Why this answer

Option A is correct because NetworkManager supports bonding via nmcli commands. Option B is legacy bonding configuration, Option C uses the older teaming approach, and Option D depends on ifenslave which is outdated.

68
MCQhard

A system administrator notices that the system time is slowly drifting from the actual time. The system uses chrony for NTP synchronization. The administrator runs 'chronyc sources' and sees no reachable sources. The firewall is enabled and configured. Which action should the administrator take to resolve the time synchronization issue?

A.Configure chrony to use a different port for NTP.
B.Restart chronyd service.
C.Add a firewall rule to allow UDP 123 outbound to NTP servers.
D.Use ntpdate to set the time manually once.
AnswerC

Opening the correct port allows chrony to communicate with NTP sources.

Why this answer

The absence of reachable sources suggests a firewall blocking UDP port 123, which chrony uses. Adding a firewall rule to allow outgoing NTP traffic will likely restore synchronization. Chrony cannot use a different port for standard NTP.

Restarting chronyd without fixing the firewall will not help. Switching to ntpdate is a temporary workaround.

69
Multi-Selectmedium

Which THREE of the following are valid files or directories used by the Domain Name System (DNS) resolution process on a Linux system?

Select 3 answers
A./etc/host.conf
B./etc/resolv.conf
C./etc/named.conf
D./etc/sysconfig/network
E./etc/nsswitch.conf
AnswersA, B, E

Specifies resolver options like order and multi.

Why this answer

Option A is correct because `/etc/host.conf` controls the order in which hostname resolution methods are tried (e.g., 'order hosts,bind'), directly influencing whether the system queries DNS or checks local files first. This file is part of the glibc resolver's configuration and is consulted during the DNS resolution process on Linux.

Exam trap

The trap here is that candidates confuse server-side DNS configuration files (like `/etc/named.conf`) with client-side resolution files, or they overlook `/etc/host.conf` and `/etc/nsswitch.conf` as essential parts of the DNS resolution chain.

70
MCQmedium

A system administrator wants to configure NTP client on a server running systemd and using systemd-timesyncd. Which file should be edited to set the NTP server?

A./etc/chrony.conf
B./etc/systemd/timesyncd.conf
C./etc/ntp.conf
D./etc/ntp/ntp.conf
AnswerB

This is the configuration file for systemd-timesyncd, the default NTP client on systemd systems.

Why this answer

Option C is correct because systemd-timesyncd configuration is stored in /etc/systemd/timesyncd.conf. Option A is for the traditional ntpd, Option B for chrony, and Option D is not a standard path.

71
MCQeasy

After updating the SSH configuration, a sysadmin restarts the sshd service, but remote connections still use the old settings. Which command should be used to reload the configuration without dropping existing connections?

A.systemctl restart sshd
B.systemctl reload sshd
C.systemctl refresh sshd
D.systemctl restart sshd
AnswerB

Reloads config without dropping connections.

Why this answer

Option D is correct because 'systemctl reload sshd' instructs the daemon to reload its configuration without disconnecting active sessions. Option A is wrong because restart kills all connections. Option B is wrong because reload is standard.

Option C is wrong because it is not a valid systemctl command.

72
MCQhard

A security administrator needs to allow SSH access from the 10.0.0.0/8 network but deny all other traffic to port 22. The firewall uses iptables with default policy ACCEPT on the INPUT chain. Which set of rules should be added?

A.iptables -A INPUT -p tcp --dport 22 -j DROP; iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT
B.iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j DROP; iptables -A INPUT -p tcp --dport 22 -j ACCEPT
C.iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT
D.iptables -A INPUT -s 10.0.0.0/8 -p tcp --dport 22 -j ACCEPT; iptables -A INPUT -p tcp --dport 22 -j DROP
AnswerD

Allows subnet first, then drops all other SSH.

Why this answer

Option C is correct: First rule allows SSH from 10.0.0.0/8, second rule drops all other SSH. Option A would drop all SSH. Option B allows from subnet but doesn't block others.

Option D blocks subnet.

73
MCQmedium

A company is deploying a new web application and needs to ensure high availability. They have two web servers and want to use DNS round-robin. Which DNS record type is most appropriate?

A.MX
B.PTR
C.CNAME
D.A
AnswerD

Multiple A records enable DNS round-robin.

Why this answer

Option A is correct because multiple A records for the same hostname will rotate answers in round-robin fashion. Option B is wrong because CNAME is an alias, not for multiple IPs. Option C is wrong because MX is for mail exchange.

Option D is wrong because PTR is for reverse DNS.

74
MCQhard

A database server on a Linux system is configured to listen on TCP port 3306. The administrator wants to restrict access to the database server to only the local network (192.168.1.0/24) using iptables. Which of the following iptables rules achieves this?

A.iptables -A INPUT -p tcp --dport 3306 -d 192.168.1.0/24 -j DROP
B.iptables -A OUTPUT -p tcp --dport 3306 -d 192.168.1.0/24 -j ACCEPT
C.iptables -A INPUT -p tcp --dport 3306 -s 192.168.1.0/24 -j ACCEPT
D.iptables -A OUTPUT -p tcp --sport 3306 -s 192.168.1.0/24 -j ACCEPT
AnswerC

Correct rule to allow incoming MySQL from local subnet.

Why this answer

Option C is correct because it adds an INPUT chain rule that accepts TCP traffic destined for port 3306 only when the source address is within the 192.168.1.0/24 subnet. This effectively restricts incoming database connections to the local network, while all other sources are implicitly dropped by the default INPUT policy or subsequent rules.

Exam trap

The trap here is confusing the -s (source) and -d (destination) flags, leading candidates to pick Option A which drops traffic to the local network instead of accepting traffic from it.

How to eliminate wrong answers

Option A is wrong because it uses the -d (destination) flag instead of -s (source), and then jumps to DROP, which would block traffic destined for the 192.168.1.0/24 network (i.e., traffic going out to that subnet) rather than restricting incoming connections from it. Option B is wrong because it applies to the OUTPUT chain, which controls outgoing traffic; restricting access to an incoming database server requires an INPUT chain rule, not OUTPUT. Option D is wrong because it uses the OUTPUT chain with --sport 3306 (source port) and -s (source address), which would match outgoing packets originating from port 3306 with a source address in 192.168.1.0/24 — this is irrelevant for controlling incoming connections to the database server.

Ready to test yourself?

Try a timed practice session using only System Services Networking questions.