Sample questions
Red Hat Certified System Administrator EX200 practice questions
A system administrator needs to find all regular files larger than 10MB in /var/log. Which find command should they use?
Trap 1: find /var/log -type f -size -10M
Finds files smaller than 10MB.
Trap 2: find /var/log -type d -size +10M
Finds directories, not files.
Trap 3: find /var/log -type f -size 10M
Finds files exactly 10MB.
- A
find /var/log -type f -size -10M
Why wrong: Finds files smaller than 10MB.
- B
find /var/log -type d -size +10M
Why wrong: Finds directories, not files.
- C
find /var/log -type f -size 10M
Why wrong: Finds files exactly 10MB.
- D
find /var/log -type f -size +10M
Correct syntax for larger than 10MB.
A user needs to view the last 15 lines of a log file that is constantly being updated. Which command should they use?
Trap 1: tail -f /var/log/messages
Follows file, not just last 15 lines.
Trap 2: cat /var/log/messages
Shows entire file.
Trap 3: head -15 /var/log/messages
Shows first 15 lines.
- A
tail -n 15 /var/log/messages
Shows last 15 lines.
- B
tail -f /var/log/messages
Why wrong: Follows file, not just last 15 lines.
- C
cat /var/log/messages
Why wrong: Shows entire file.
- D
head -15 /var/log/messages
Why wrong: Shows first 15 lines.
Which TWO statements about systemd journal and rsyslog are correct?
Trap 1: rsyslog reads log messages directly from the journal files in…
rsyslog does not read journal files; it receives messages via socket or from journald forwarding.
Trap 2: The command 'journalctl --list-boots' lists only the current boot's…
--list-boots lists all boots for which journal data is available, not just the current.
Trap 3: The command 'journalctl -u sshd.service' outputs the same as 'tail…
/var/log/messages is a text file; journalctl outputs from the binary journal, and they may not be identical.
- A
rsyslog reads log messages directly from the journal files in /var/log/journal.
Why wrong: rsyslog does not read journal files; it receives messages via socket or from journald forwarding.
- B
The command 'journalctl --list-boots' lists only the current boot's journal entries.
Why wrong: --list-boots lists all boots for which journal data is available, not just the current.
- C
The command 'journalctl -u sshd.service' outputs the same as 'tail -f /var/log/messages' for SSH logs.
Why wrong: /var/log/messages is a text file; journalctl outputs from the binary journal, and they may not be identical.
- D
The journal stores logs in a structured binary format, allowing filtering by fields like _UID or _SYSTEMD_UNIT.
journald uses structured logging with various metadata fields.
- E
The journal can forward log messages to rsyslog by setting ForwardToSyslog=yes in /etc/systemd/journald.conf.
This configuration enables forwarding from journald to syslog.
A system administrator needs to ensure that a specific process continues to run even if it crashes. The process is started by a systemd service unit. Which approach ensures the process is automatically restarted by systemd, with a delay of 30 seconds after each crash, and does not count restarts towards the failure limit?
Trap 1: Restart=on-failure and RestartSec=30
on-failure only restarts on non-zero exit codes or signals; a clean exit (exit code 0) would not trigger restart.
Trap 2: Restart=always, RestartSec=30, StartLimitIntervalSec=0
Setting StartLimitIntervalSec=0 without StartLimitBurst=0 still uses the default StartLimitBurst value (5), so after 5 restarts the service will stop.
Trap 3: Restart=always and RestartSec=30
Without StartLimitIntervalSec and StartLimitBurst settings, the default restart limits will eventually stop the service after multiple crashes.
- A
Restart=always, RestartSec=30, StartLimitIntervalSec=0, StartLimitBurst=0
These settings disable the restart rate limit and ensure the service restarts every 30 seconds regardless of crash behavior.
- B
Restart=on-failure and RestartSec=30
Why wrong: on-failure only restarts on non-zero exit codes or signals; a clean exit (exit code 0) would not trigger restart.
- C
Restart=always, RestartSec=30, StartLimitIntervalSec=0
Why wrong: Setting StartLimitIntervalSec=0 without StartLimitBurst=0 still uses the default StartLimitBurst value (5), so after 5 restarts the service will stop.
- D
Restart=always and RestartSec=30
Why wrong: Without StartLimitIntervalSec and StartLimitBurst settings, the default restart limits will eventually stop the service after multiple crashes.
A system administrator needs to ensure that a web server running Apache httpd starts automatically after a system reboot. Which command should the administrator use to enable the httpd service?
Trap 1: systemctl daemon-reload
Reloads systemd configuration, not related to enabling services.
Trap 2: systemctl start httpd
Starts the service now, but does not enable it for boot.
Trap 3: systemctl reenable httpd
Not a valid systemctl subcommand.
- A
systemctl daemon-reload
Why wrong: Reloads systemd configuration, not related to enabling services.
- B
systemctl start httpd
Why wrong: Starts the service now, but does not enable it for boot.
- C
systemctl reenable httpd
Why wrong: Not a valid systemctl subcommand.
- D
systemctl enable httpd
Enables the service to start at boot.
Refer to the exhibit. The administrator wants to create a single file system that spans the entire 20 GB disk /dev/sdb. All data on the disk can be discarded. Which steps are required to create an XFS file system on the whole disk?
Exhibit
Refer to the exhibit. # lsblk /dev/sdb NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 0 20G 0 disk ├─sdb1 8:17 0 2G 0 part ├─sdb2 8:18 0 2G 0 part └─sdb3 8:19 0 16G 0 part # blkid /dev/sdb1 /dev/sdb1: UUID="abc123" TYPE="xfs" # blkid /dev/sdb2 /dev/sdb2: UUID="def456" TYPE="ext4" # blkid /dev/sdb3 /dev/sdb3: UUID="ghi789" TYPE="swap"
Trap 1: Run mkfs.xfs /dev/sdb directly; it will overwrite the partition…
mkfs.xfs on whole disk with existing partition table may fail or require -f, but best practice is to remove partitions first.
Trap 2: Use pvcreate /dev/sdb, then vgcreate, lvcreate, and format the…
LVM is not required; the question asks for a single file system on the whole disk, not logical volumes.
Trap 3: Run mkfs.xfs -f /dev/sdb; it will force creation of XFS on the…
While -f can force, creating a file system without partitions is unusual and not standard practice for a disk with partitions.
- A
Run mkfs.xfs /dev/sdb directly; it will overwrite the partition table and create a file system.
Why wrong: mkfs.xfs on whole disk with existing partition table may fail or require -f, but best practice is to remove partitions first.
- B
Use pvcreate /dev/sdb, then vgcreate, lvcreate, and format the logical volume with mkfs.xfs.
Why wrong: LVM is not required; the question asks for a single file system on the whole disk, not logical volumes.
- C
Run mkfs.xfs -f /dev/sdb; it will force creation of XFS on the whole disk without partition table.
Why wrong: While -f can force, creating a file system without partitions is unusual and not standard practice for a disk with partitions.
- D
Use fdisk to delete all partitions, create a new partition spanning the whole disk, then run mkfs.xfs on the new partition.
Correct procedure: remove partitions, create single partition, format with XFS.
A system administrator needs to ensure that the user 'jdoe' cannot log in via SSH but can still use other services like FTP. Which approach should the administrator take?
Trap 1: Lock the user account with 'usermod -L jdoe'
Locking the account prevents all authentication.
Trap 2: Delete the user's password with 'passwd -d jdoe'
Deleting the password prevents any authentication, including FTP.
Trap 3: Remove the user's home directory
Removing the home directory does not prevent login; the user can still log in.
- A
Lock the user account with 'usermod -L jdoe'
Why wrong: Locking the account prevents all authentication.
- B
Delete the user's password with 'passwd -d jdoe'
Why wrong: Deleting the password prevents any authentication, including FTP.
- C
Remove the user's home directory
Why wrong: Removing the home directory does not prevent login; the user can still log in.
- D
Change the user's shell to /sbin/nologin
/sbin/nologin prevents interactive login but allows non-login services like FTP.
Refer to the exhibit. A web server runs as user 'apache'. The directory /var/www/html is owned by root:root with permissions 755. The administrator wants to allow the user 'webuser' to upload files to /var/www/html via SFTP. Which step is necessary to achieve this?
Exhibit
Refer to the exhibit. [root@server ~]# getent passwd webuser webuser:x:1001:1001:Web User:/home/webuser:/sbin/nologin [root@server ~]# ls -ld /var/www/html drwxr-xr-x. 2 root root 6 Jan 10 10:00 /var/www/html [root@server ~]# ls -lZ /var/www/html drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/html [root@server ~]# id webuser uid=1001(webuser) gid=1001(webuser) groups=1001(webuser) [root@server ~]# groups webuser webuser : webuser
Trap 1: Change webuser's shell to /bin/bash to allow SFTP login
SFTP does not require a login shell; /sbin/nologin is acceptable.
Trap 2: Change the SELinux context of /var/www/html to…
SELinux context change is not needed for SFTP; the httpd context is fine.
Trap 3: Set an ACL on /var/www/html to grant webuser write access
While ACL would work, it's not the only way; group ownership is simpler and sufficient.
- A
Change webuser's shell to /bin/bash to allow SFTP login
Why wrong: SFTP does not require a login shell; /sbin/nologin is acceptable.
- B
Change group ownership of /var/www/html to a group that includes webuser and add group write permission
This gives webuser write access via group membership.
- C
Change the SELinux context of /var/www/html to httpd_sys_rw_content_t
Why wrong: SELinux context change is not needed for SFTP; the httpd context is fine.
- D
Set an ACL on /var/www/html to grant webuser write access
Why wrong: While ACL would work, it's not the only way; group ownership is simpler and sufficient.
A container named 'web1' was created and ran briefly before exiting with status 0. The administrator needs to restart it and attach to the running container's console. Which command should be used?
Trap 1: podman run --name web1 -it registry.access.redhat.com/ubi8/httpd-24
This creates a new container, ignoring the existing one.
Trap 2: podman start web1
Starts but does not attach to console.
Trap 3: podman restart web1 && podman attach web1
restart works on running containers; web1 is stopped.
- A
podman run --name web1 -it registry.access.redhat.com/ubi8/httpd-24
Why wrong: This creates a new container, ignoring the existing one.
- B
podman start web1
Why wrong: Starts but does not attach to console.
- C
podman restart web1 && podman attach web1
Why wrong: restart works on running containers; web1 is stopped.
- D
podman start web1 && podman attach web1
Start the stopped container, then attach to it.
Put the steps to configure a cron job that runs a script every day at 2:30 AM in the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Order the steps to configure SELinux to allow Apache to read files in a custom directory /webcontent.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Arrange the steps to configure a network bond (mode 1) using two interfaces (eth0, eth1) in RHEL.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Order the steps to configure firewall rules to allow HTTP and HTTPS traffic using firewalld.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Arrange the steps to configure a logical volume snapshot named 'snap_lv_data' of logical volume 'lv_data'.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Order the steps to configure a new user 'jdoe' with UID 2000, home directory /home/jdoe, and secondary group 'staff'.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Put the steps to configure a new swap partition of 2 GiB on /dev/sdc1 and enable it in order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
A backup script uses tar to create an archive, but the administrator wants to exclude the /tmp directory from the backup. Which tar option should be added?
Trap 1: --ignore-failed-read
Ignores unreadable files, does not exclude.
Trap 2: --exclude-from=/tmp
Reads exclude list from file /tmp, not exclude the directory.
Trap 3: -X /tmp
Same as --exclude-from; treats /tmp as a file with patterns.
- A
--exclude=/tmp
Excludes the /tmp directory.
- B
--ignore-failed-read
Why wrong: Ignores unreadable files, does not exclude.
- C
--exclude-from=/tmp
Why wrong: Reads exclude list from file /tmp, not exclude the directory.
- D
-X /tmp
Why wrong: Same as --exclude-from; treats /tmp as a file with patterns.
An administrator wants to display a list of all currently logged-in users. Which command is most appropriate?
Trap 1: w
Shows detailed info including load, but not the standard list.
Trap 2: last
Shows last logins history.
Trap 3: users
Lists usernames only, no terminal or time.
- A
who
Displays currently logged-in users.
- B
w
Why wrong: Shows detailed info including load, but not the standard list.
- C
last
Why wrong: Shows last logins history.
- D
users
Why wrong: Lists usernames only, no terminal or time.
A new Linux administrator needs to read the manual page for the 'ls' command but also wants to search for the word 'color' within the manual. Which command accomplishes this?
Trap 1: man -k color
Searches man page titles and descriptions for 'color'.
Trap 2: man ls | grep color
Pipes formatted output; less reliable.
Trap 3: man color
Tries to open a man page named 'color'.
- A
man -k color
Why wrong: Searches man page titles and descriptions for 'color'.
- B
man ls and then type /color
Within man, / searches for the string.
- C
man ls | grep color
Why wrong: Pipes formatted output; less reliable.
- D
man color
Why wrong: Tries to open a man page named 'color'.
You are a system administrator for a company running Red Hat Enterprise Linux 8. A developer reports that a script which runs daily at 2 AM is failing. The script is located at /opt/scripts/backup.sh and is owned by root. The developer says the script runs fine when executed manually with './backup.sh' from the /opt/scripts directory. The script is scheduled via a root crontab entry: '0 2 * * * /opt/scripts/backup.sh'. However, the script fails because it cannot find a configuration file located at './config.ini'. What is the most likely cause and the correct solution?
Trap 1: The configuration file is missing
It exists in /opt/scripts; better to use absolute path.
Trap 2: The cron job runs as a different user
The job runs as root; changing user won't fix relative path.
Trap 3: The script is not executable
It runs manually, so it is executable.
- A
Cron uses a different PATH. Modify the script to use absolute paths for all files, including config.ini.
Absolute paths resolve the working directory issue.
- B
The configuration file is missing. Copy config.ini to /root.
Why wrong: It exists in /opt/scripts; better to use absolute path.
- C
The cron job runs as a different user. Change the cron job to run as the developer's user.
Why wrong: The job runs as root; changing user won't fix relative path.
- D
The script is not executable. Run chmod +x /opt/scripts/backup.sh.
Why wrong: It runs manually, so it is executable.
Which TWO commands can be used to create a filesystem on a new partition? (Choose two.)
Trap 1: mount /dev/sdb1 /mnt
Mounts an existing filesystem.
Trap 2: parted /dev/sdb
parted is for partitioning.
Trap 3: fdisk /dev/sdb
fdisk is for partitioning, not filesystem creation.
- A
mount /dev/sdb1 /mnt
Why wrong: Mounts an existing filesystem.
- B
mkfs /dev/sdb1
mkfs creates a filesystem (default ext2).
- C
parted /dev/sdb
Why wrong: parted is for partitioning.
- D
mkfs.ext4 /dev/sdb1
Creates ext4 filesystem.
- E
fdisk /dev/sdb
Why wrong: fdisk is for partitioning, not filesystem creation.
Which command creates a 2GB logical volume named 'lvdata' in the volume group 'vgdata'?
Trap 1: lvcreate -n vgdata -L 2G lvdata
Arguments swapped.
Trap 2: lvcreate -n lvdata -s 2G vgdata
-s is for snapshot.
Trap 3: lvcreate -l 2G -n lvdata vgdata
-l is for extents, not size.
- A
lvcreate -L 2G -n lvdata vgdata
Correct syntax.
- B
lvcreate -n vgdata -L 2G lvdata
Why wrong: Arguments swapped.
- C
lvcreate -n lvdata -s 2G vgdata
Why wrong: -s is for snapshot.
- D
lvcreate -l 2G -n lvdata vgdata
Why wrong: -l is for extents, not size.
Which TWO commands can be used to view the contents of a compressed file named 'archive.tar.gz' without extracting it?
Trap 1: gzip -d archive.tar.gz
Decompresses, not list.
Trap 2: gunzip -c archive.tar.gz
Decompresses to stdout, but not list.
Trap 3: tar -xf archive.tar.gz
Extracts the archive.
- A
gzip -d archive.tar.gz
Why wrong: Decompresses, not list.
- B
tar -tzf archive.tar.gz
Lists contents of tar.gz.
- C
gunzip -c archive.tar.gz
Why wrong: Decompresses to stdout, but not list.
- D
tar -xf archive.tar.gz
Why wrong: Extracts the archive.
- E
zcat archive.tar.gz | tar -t
Decompresses and lists.
A server has a software RAID 5 array /dev/md0. One of its disks fails. The administrator wants to replace it without rebooting. Which command should be used to mark the disk as failed?
Trap 1: mdadm --fault /dev/md0 /dev/sdb
--fault is incorrect.
Trap 2: echo faulty > /sys/block/md0/md/dev-sdb/state
While possible, it's not the standard mdadm command.
Trap 3: mdadm --set-faulty /dev/md0 /dev/sdb
--set-faulty is not a valid option.
- A
mdadm --fault /dev/md0 /dev/sdb
Why wrong: --fault is incorrect.
- B
echo faulty > /sys/block/md0/md/dev-sdb/state
Why wrong: While possible, it's not the standard mdadm command.
- C
mdadm --set-faulty /dev/md0 /dev/sdb
Why wrong: --set-faulty is not a valid option.
- D
mdadm --fail /dev/md0 /dev/sdb
Correct: mdadm --manage with --fail.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.