Red Hat Certified System Administrator EX200 (EX200) — Questions 175

527 questions total · 8pages · All types, answers revealed

Page 1 of 8

Page 2
1
Multi-Selectmedium

Which THREE of the following commands can be used to display information about file systems?

Select 3 answers
A.df
B.blkid
C.lsblk
D.fdisk
E.du
AnswersA, B, C

df displays mounted file system usage including size, used space, and mount points.

Why this answer

The `df` command displays information about mounted file systems, including total size, used space, available space, and mount points. It reads the /proc/mounts file to show file system usage statistics, making it a primary tool for file system information.

Exam trap

Red Hat often tests the distinction between disk partitioning tools (fdisk) and file system information commands, so candidates mistakenly select fdisk because it lists partitions, but it does not display file system details like type or usage.

2
MCQeasy

What is the default filesystem type in Red Hat Enterprise Linux 8?

A.btrfs
B.ZFS
C.ext4
D.XFS
AnswerD

Correct: XFS is the default filesystem in RHEL 8.

Why this answer

In Red Hat Enterprise Linux 8, the default filesystem type is XFS. XFS is a high-performance 64-bit journaling filesystem that supports large files and filesystems, and it has been the default since RHEL 7. The Anaconda installer selects XFS by default for the root filesystem during a standard installation.

Exam trap

The trap here is that candidates may confuse the default filesystem in RHEL 8 with ext4, which was the default in RHEL 6 and earlier, or mistakenly think btrfs is the default due to its prominence in other distributions like openSUSE.

How to eliminate wrong answers

Option A is wrong because btrfs is not the default filesystem in RHEL 8; it is available as a technology preview but is not the default choice. Option B is wrong because ZFS is not included in RHEL 8 due to licensing incompatibilities (CDDL vs GPL) and is not a supported filesystem. Option C is wrong because ext4, while supported and commonly used in older RHEL versions, is not the default in RHEL 8; XFS replaced ext4 as the default starting in RHEL 7.

3
MCQeasy

Based on the exhibit, which command should be used to start the container named 'mycontainer'?

A.podman attach mycontainer
B.podman restart mycontainer
C.podman run mycontainer
D.podman start mycontainer
AnswerD

Correct. This starts the existing container that exited.

Why this answer

The correct command to start an existing but stopped container is 'podman start mycontainer'. 'podman start' resumes a container that has been created (via 'podman create') or previously stopped, without creating a new instance. Option D is correct because it directly addresses the requirement to start the container named 'mycontainer' that already exists.

Exam trap

The trap here is that candidates confuse 'podman run' (which creates and starts a new container) with 'podman start' (which starts an existing stopped container), leading them to choose option C when the container already exists.

How to eliminate wrong answers

Option A is wrong because 'podman attach' connects your terminal to a running container's standard input/output/error streams; it does not start a container. Option B is wrong because 'podman restart' stops and then starts a container that is already running or stopped, but the question asks specifically to 'start' the container, not to restart it; restart implies a stop followed by a start, which is unnecessary and potentially disruptive for a stopped container. Option C is wrong because 'podman run' creates and starts a new container from an image, but the container 'mycontainer' already exists (as implied by the exhibit), so 'run' would attempt to create a duplicate or fail if the name conflicts.

4
MCQeasy

A system administrator needs to allow members of the 'developers' group to run any command as root without being prompted for a password. Which sudoers configuration line should be added?

A.%developers ALL=(root) PASSWD: ALL
B.%developers ALL=(ALL) NOPASSWD: ALL
C.developers ALL=(ALL) NOPASSWD: ALL
D.%developers ALL=(ALL) ALL
AnswerB

This line grants passwordless sudo to the group.

Why this answer

Option B is correct because the line `%developers ALL=(ALL) NOPASSWD: ALL` grants all members of the 'developers' group (indicated by the `%` prefix) permission to run any command as any user (including root) via sudo without being prompted for a password. The `NOPASSWD` tag is the key directive that bypasses password authentication, which directly matches the requirement to run commands as root without a password.

Exam trap

Red Hat often tests the distinction between user and group entries in sudoers, where omitting the `%` prefix causes candidates to mistakenly apply the rule to a user instead of a group, leading to a non-functional configuration.

How to eliminate wrong answers

Option A is wrong because it uses `PASSWD: ALL` instead of `NOPASSWD: ALL`, which would still require the user to enter a password when running sudo commands, contrary to the requirement. Option C is wrong because it omits the `%` prefix before 'developers', which means the rule applies to a user named 'developers' rather than the group, so members of the group would not be affected. Option D is wrong because it lacks the `NOPASSWD` tag entirely, meaning sudo would prompt for a password by default, and it also uses `ALL` for the user specification without the `%` prefix, making it apply to a user named 'developers' instead of the group.

5
MCQmedium

To enable per-user quotas on an XFS file system, which mount option should be used?

A.uquota
B.quota
C.usrquota
D.user_quota
AnswerA

uquota is the correct mount option for per-user quotas on XFS.

Why this answer

On XFS file systems, the correct mount option to enable per-user quotas is `uquota`. This is the XFS-specific shorthand that activates user quota accounting and enforcement. While other options like `usrquota` work on ext4, XFS requires `uquota` or the longer `usrquota` is also accepted in modern kernels, but the official Red Hat documentation and EX200 exam focus on `uquota` as the correct XFS mount option.

Exam trap

The trap here is that candidates familiar with ext4 often choose `usrquota` (option C), not realizing that XFS uses its own distinct mount option `uquota`, and the exam specifically tests this file-system-specific syntax.

How to eliminate wrong answers

Option B (quota) is wrong because it is a generic term, not a valid mount option; XFS requires specific options like `uquota` or `gquota` to enable quota enforcement. Option C (usrquota) is wrong because while it is a valid mount option for ext4 file systems, XFS uses `uquota` as its native option; `usrquota` is not recognized by XFS in older kernels and is not the standard Red Hat recommendation for XFS. Option D (user_quota) is wrong because this is not a valid Linux mount option for any common file system; it is a fictitious option that might confuse candidates unfamiliar with XFS syntax.

6
Multi-Selectmedium

Which TWO commands can change the primary group of an existing user?

Select 2 answers
A.usermod -aG
B.gpasswd -a
C.vigr
D.groupmems -a
E.useradd -G
AnswersA, B

The -aG option appends the user to specified supplementary groups.

Why this answer

The `usermod -g` command (not `-aG`, which adds supplementary groups) changes the primary group of an existing user. The `gpasswd -a` command adds a user to a group, but it does not change the primary group; it only affects supplementary group membership. Therefore, neither option A nor B is correct for changing the primary group.

The correct commands are `usermod -g` (to set the primary group) and `usermod -G` (to set supplementary groups, but not the primary).

Exam trap

The trap here is confusing the `-g` (primary group) and `-G` (supplementary groups) flags with `usermod`, and assuming `gpasswd -a` or `groupmems -a` can change the primary group when they only manage supplementary membership.

7
MCQeasy

An administrator needs to set up an automount point for NFS shares from server nfs.example.com:/exports/backup. The mount point should be /backup and should mount on access. Which configuration is correct?

A.Install autofs and create /etc/auto.master.d/backup.autofs with the same content
B.Use systemd-mount with automount options
C.Add to /etc/auto.master: /backup /etc/auto.backup and in /etc/auto.backup: backup -fstype=nfs4 nfs.example.com:/exports/backup
D.Add an entry to /etc/fstab: nfs.example.com:/exports/backup /backup nfs4 defaults 0 0
AnswerC

Correct autofs configuration: master file points to map file.

Why this answer

Option C is correct because it defines an autofs indirect map: the master map entry /backup /etc/auto.backup tells autofs to use /etc/auto.backup as the map for the /backup mount point, and the map entry backup -fstype=nfs4 nfs.example.com:/exports/backup specifies that accessing /backup/backup triggers an NFSv4 mount of the remote export. This configuration mounts the share on demand (automount) rather than at boot or via fstab.

Exam trap

The trap here is that candidates confuse static fstab mounts (which mount at boot) with automount behavior, or they misidentify the correct autofs map file syntax and location, often expecting a single file or a different extension.

How to eliminate wrong answers

Option A is wrong because /etc/auto.master.d/backup.autofs is not a valid autofs configuration file; autofs uses master map files (e.g., /etc/auto.master) and indirect/direct map files (e.g., /etc/auto.backup), not .autofs extension files. Option B is wrong because systemd-mount with automount options is a systemd-native mechanism that does not integrate with autofs; the question specifically asks for an automount point using autofs, not systemd units. Option D is wrong because adding an entry to /etc/fstab with defaults 0 0 mounts the share at boot time (or on mount -a), not on access; automount requires autofs or systemd automount units, not a static fstab entry.

8
MCQmedium

A system administrator needs to ensure that a web server running Apache httpd starts automatically after a system reboot. Which command should the administrator use to enable the httpd service?

A.systemctl daemon-reload
B.systemctl start httpd
C.systemctl reenable httpd
D.systemctl enable httpd
AnswerD

Enables the service to start at boot.

Why this answer

Option D is correct because `systemctl enable httpd` creates the necessary symlinks in the systemd unit configuration directories (e.g., `/etc/systemd/system/multi-user.target.wants/`) to ensure the httpd service starts automatically at boot. This is the standard method for enabling a service in a Red Hat Enterprise Linux 8/9 environment using systemd.

Exam trap

The trap here is that candidates confuse `systemctl start` (immediate runtime start) with `systemctl enable` (persistent boot-time activation), or they invent a non-existent command like `systemctl reenable` instead of using the correct `systemctl enable`.

How to eliminate wrong answers

Option A is wrong because `systemctl daemon-reload` reloads the systemd manager configuration, scanning for new or changed unit files, but does not enable any service for automatic startup. Option B is wrong because `systemctl start httpd` immediately starts the service in the current session but does not configure it to persist across reboots. Option C is wrong because `systemctl reenable httpd` is not a valid systemd command; the correct command to re-enable a service is `systemctl enable httpd` (which is idempotent) or `systemctl disable httpd` followed by `systemctl enable httpd`.

9
MCQeasy

In /etc/fstab, which values in the dump and pass fields enable automatic file system checking at boot?

A.dump=1, pass=0
B.dump=0, pass=0
C.dump=0, pass=1
D.dump=1, pass=1
AnswerC

pass=1 enables automatic fsck at boot (root file system).

Why this answer

Option C is correct because the `pass` field in `/etc/fstab` controls the order of file system checks at boot. A value of 1 means the root file system is checked first, and a value of 2 or higher means other file systems are checked after root. The `dump` field is for backup utility (dump) and is not related to boot-time checking; it must be 0 to disable dump.

Thus, `dump=0, pass=1` enables automatic file system checking (fsck) at boot for the root file system.

Exam trap

Red Hat often tests the misconception that `dump=1` is required for boot-time file system checks, but the `dump` field is unrelated to fsck; the trap is confusing the `dump` field with the `pass` field's role in enabling automatic checks.

How to eliminate wrong answers

Option A is wrong because `dump=1` enables dump backups (not boot-time checking), and `pass=0` disables fsck entirely, so no automatic checking occurs. Option B is wrong because `dump=0` and `pass=0` both disable dump and fsck, meaning no file system check at boot. Option D is wrong because `dump=1` enables dump (unnecessary for boot checking) and `pass=1` enables fsck, but the combination is not required; the correct minimal setting for enabling fsck is `dump=0, pass=1`.

10
Multi-Selecthard

Which three fields are present in every /etc/fstab entry? (Choose three.)

Select 3 answers
A.Mount point
B.Device
C.Dump field
D.Filesystem type
E.UUID
AnswersA, B, D

Correct. The mount point is the second field.

Why this answer

The /etc/fstab file defines filesystem mount points and options. Every entry must specify the device (or UUID), the mount point, and the filesystem type so the system knows what to mount, where to mount it, and how to interpret the filesystem. Without these three fields, the mount operation cannot proceed.

Exam trap

Red Hat often tests the misconception that UUID is a separate required field, but it is merely a common way to specify the device — the required field is the device identifier, which can be a UUID, label, or kernel device path.

11
MCQhard

An administrator attempts to mount an XFS filesystem from /dev/sdc1 to /mnt/archive but receives the error: 'mount: /mnt/archive: wrong fs type, bad option, bad superblock on /dev/sdc1, missing codepage or helper program, or other error.' The output of 'dumpe2fs /dev/sdc1' shows 'dumpe2fs: Bad magic number in super-block while trying to open /dev/sdc1'. What is the most likely problem?

A.The mount point /mnt/archive does not exist
B.The filesystem on /dev/sdc1 is XFS, not ext4
C.The XFS kernel module is not loaded
D.The partition /dev/sdc1 does not exist
AnswerB

dumpe2fs is for ext2/3/4; if it shows bad magic number, the device likely contains a different filesystem like XFS. Running mount with -t xfs would work.

Why this answer

The error message 'wrong fs type' combined with 'dumpe2fs: Bad magic number in super-block' indicates that the filesystem on /dev/sdc1 is not an ext2/3/4 filesystem. dumpe2fs is designed to read ext2/3/4 superblocks, and the 'bad magic number' error means it cannot find a valid ext superblock. Since the administrator is trying to mount an XFS filesystem, the correct tool to examine it is xfs_db or xfs_info, not dumpe2fs. Therefore, the most likely problem is that the filesystem is XFS, not ext4.

Exam trap

The trap here is that candidates see 'bad superblock' and immediately think of ext4 superblock corruption or backup superblock recovery, when in fact the error is simply due to using an ext4-specific tool (dumpe2fs) on a non-ext4 filesystem.

How to eliminate wrong answers

Option A is wrong because if the mount point /mnt/archive did not exist, the error would be 'mount point does not exist' rather than 'wrong fs type' or 'bad superblock'. Option C is wrong because if the XFS kernel module were not loaded, the error would typically be 'mount: unknown filesystem type 'xfs'' or a similar message, not a 'bad superblock' error from dumpe2fs. Option D is wrong because if /dev/sdc1 did not exist, the error would be 'mount: special device /dev/sdc1 does not exist' or 'no such device', not a superblock-related error.

12
MCQhard

You are managing a Red Hat Enterprise Linux 9 server that hosts a critical database application. The database stores its data on an XFS filesystem mounted on /data, backed by a logical volume in a volume group named vg_db. Recently, the database team reported that write operations are failing with 'Disk quota exceeded' errors, but the filesystem still shows 40% free space. You check the filesystem quota configuration and find that no user or group quotas are set on /data. The database runs as user 'dbadmin' with group 'dba'. Which of the following is the most likely cause of the 'Disk quota exceeded' error?

A.The logical volume is thin provisioned and the data pool is full.
B.An XFS project quota is configured on the /data directory, limiting the space used by the database files.
C.SELinux is blocking the database writes due to a denial.
D.The filesystem has run out of inodes.
AnswerB

Project quotas can limit directory usage.

Why this answer

Option B is correct because XFS project quotas can limit the total space used by a directory tree, regardless of the user or group that owns the files. Even though no user or group quotas are set, a project quota on /data restricts the database files, causing 'Disk quota exceeded' errors despite 40% free space on the filesystem.

Exam trap

The trap here is that candidates assume 'Disk quota exceeded' always implies user or group quotas are configured, overlooking XFS project quotas which operate on directory trees and are invisible to standard 'quota' or 'repquota' commands without the '-p' flag.

How to eliminate wrong answers

Option A is wrong because a thin-provisioned logical volume with a full data pool would cause 'No space left on device' errors, not 'Disk quota exceeded', and the filesystem would show 0% free space, not 40%. Option C is wrong because SELinux denials produce 'Permission denied' or AVC denial messages, not 'Disk quota exceeded' errors. Option D is wrong because running out of inodes would cause 'No space left on device' errors when creating files, and the filesystem would still show free space, but the error message would be different and the 'df -i' command would show 100% inode usage.

13
Multi-Selecthard

Which THREE commands can be used to check the disk space usage of the /home partition?

Select 3 answers
A.df -h /home
B.lsblk /dev/sda1
C.fdisk -l /dev/sda
D.parted /dev/sda print
E.du -sh /home
AnswersA, B, E

Shows free and used space.

Why this answer

Option A is correct because `df -h /home` displays the disk space usage of the /home filesystem in human-readable format (e.g., GB, MB). The `df` command reports the total, used, and available space for mounted filesystems, making it the standard tool for checking partition-level disk usage.

Exam trap

The trap here is that candidates confuse partition table tools (fdisk, parted) with filesystem usage tools (df, du), or mistakenly think `lsblk` shows disk space usage when it only shows device size and mount points.

14
MCQmedium

A partition /dev/sdc1 is formatted as ext4. The administrator needs to check the file system for errors without making any repairs. Which command should be used?

A.xfs_repair -n /dev/sdc1
B.fsck -n /dev/sdc1
C.fsck -y /dev/sdc1
D.e2fsck -p /dev/sdc1
AnswerB

fsck -n performs a non-destructive, read-only check without repairs.

Why this answer

The `fsck -n` command checks the file system for errors without making any repairs, as the `-n` flag forces a non-interactive, read-only check. Since /dev/sdc1 is formatted as ext4, `fsck` automatically calls the appropriate ext4-specific tool (e2fsck) with the no-repair option. This matches the requirement to only check for errors without fixing them.

Exam trap

Red Hat often tests the distinction between checking and repairing file systems, and the trap here is that candidates may confuse `-n` (no repair) with `-y` (auto-repair) or assume `xfs_repair -n` works on ext4, not recognizing that file system-specific tools must match the file system type.

How to eliminate wrong answers

Option A is wrong because `xfs_repair -n` is used for XFS file systems, not ext4; /dev/sdc1 is formatted as ext4, so this command is incompatible and would fail. Option C is wrong because `fsck -y` automatically answers 'yes' to all repair prompts, which would make repairs, contradicting the requirement to check without making repairs. Option D is wrong because `e2fsck -p` runs in 'preen' mode, which automatically repairs minor file system issues without prompting, thus performing repairs rather than just checking.

15
MCQmedium

An administrator needs to create a user account that will be used by an application service. The account should not have a valid shell or home directory. Which command correctly creates such an account?

A.useradd -r -M -s /bin/false appuser
B.useradd -r -s /sbin/nologin -M appuser
C.useradd -r -s /sbin/nologin appuser
D.useradd -s /bin/false -M appuser
AnswerB

Correctly disables login and skips home directory creation.

Why this answer

Option D is correct because it combines -r (system account), -s /sbin/nologin (invalid shell), and -M (no home directory). Option A lacks -M, Option B lacks -r, Option C uses /bin/false which is not a standard nologin shell.

16
Multi-Selecthard

A system administrator needs to ensure that data written to a container's `/var/lib/mysql` directory persists after the container is removed. Which TWO methods accomplish this requirement?

Select 2 answers
A.Use the `--read-only` flag.
B.Use the `--tmpfs` flag.
C.Create a named volume with `podman volume create` and mount it.
D.Mount a host directory using `-v /host/data:/var/lib/mysql`.
E.Use the `--rm` flag when running the container.
AnswersC, D

Named volumes are managed by Podman and persist even after the container is removed, unless explicitly deleted.

Why this answer

Options B and E are correct. Mounting a host directory (B) and using a named volume (E) both persist data outside the container's writable layer. Option A is incorrect because --rm removes the container and its anonymous volumes.

Option C is incorrect because --read-only makes the filesystem read-only, preventing writes. Option D is incorrect because --tmpfs creates a temporary in-memory filesystem that is lost when the container stops.

17
MCQmedium

Refer to the exhibit. A user named 'carol' has been added to the system with the command useradd -G wheel carol. Which line in /etc/group will confirm that carol is now a member of the wheel group?

A.wheel:x:10:carol,root,alice,bob
B.wheel:x:10:root,alice,bob,carol
C.wheel:x:10:root,alice,bob,carol,
D.wheel:x:10:root,alice,bob carol
AnswerB

Option A is correct; useradd -G appends the user to the comma-separated member list without a trailing comma.

18
Matchingmedium

Match each cron syntax field to its meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

0-59

0-23

1-31

1-12 or Jan-Dec

Why these pairings

Cron job timing is specified using these five fields.

19
MCQmedium

What does the 's' in the owner execute position indicate?

A.Mandatory access control
B.SetGID
C.Sticky bit
D.No special permission
E.SetUID
AnswerE

SetUID shows 's' in the owner execute position.

Why this answer

In Linux file permissions, the 's' in the owner execute position (e.g., `-rwsr-xr-x`) indicates the SetUID (Set User ID) special permission. When set on an executable file, it allows the process to run with the effective user ID of the file's owner (typically root), rather than the user who launched it. This is why option E is correct.

Exam trap

Red Hat often tests the distinction between SetUID (owner execute 's') and SetGID (group execute 's'), and candidates confuse which position corresponds to which special permission.

How to eliminate wrong answers

Option A is wrong because Mandatory Access Control (MAC) is a security model enforced by systems like SELinux or AppArmor, not represented by the 's' in the owner execute position. Option B is wrong because SetGID (Set Group ID) is indicated by an 's' in the group execute position, not the owner execute position. Option C is wrong because the sticky bit is indicated by a 't' in the 'others' execute position, not the owner execute position.

Option D is wrong because 'No special permission' would show a simple 'x' in the owner execute position, not an 's'.

20
MCQhard

A server has a disk with LVM logical volumes. The administrator needs to extend a logical volume to use all remaining free space in the volume group. Which command sequence is correct?

A.lvextend -l +100%FREE /dev/vg/lv && xfs_growfs /dev/vg/lv
B.lvextend -L +100%FREE /dev/vg/lv && resize2fs /dev/vg/lv
C.lvextend -l +50%FREE /dev/vg/lv && xfs_growfs /dev/vg/lv
D.lvresize -L +100%VG /dev/vg/lv && resize2fs /dev/vg/lv
AnswerA

Correct for XFS filesystem: extend using all free extents then grow.

Why this answer

Option A is correct because `lvextend -l +100%FREE` extends the logical volume to use all remaining free extents in the volume group, and `xfs_growfs` is the correct command to grow an XFS filesystem online. This sequence ensures the logical volume and filesystem both utilize all available space without unmounting.

Exam trap

Red Hat often tests the distinction between `-l` (extents/percentage) and `-L` (absolute size) in LVM commands, and the requirement to match the filesystem-specific grow tool (xfs_growfs vs. resize2fs) to the filesystem type.

How to eliminate wrong answers

Option B is wrong because `-L +100%FREE` uses an invalid size syntax (the `-L` option expects a size like `+10G`, not a percentage of free space; `-l` is required for extent-based percentages). Additionally, `resize2fs` is for ext2/3/4 filesystems, not XFS. Option C is wrong because `-l +50%FREE` only uses half the free space, not all remaining space as required.

Option D is wrong because `-L +100%VG` is invalid syntax (the `-L` option does not accept `%VG`; only `-l` accepts `%VG`, `%PVS`, `%FREE`, or `%ORIGIN`), and `resize2fs` is incorrect for XFS.

21
MCQeasy

Which command can be used to display a list of all currently mounted filesystems on a Linux system?

A.fdisk -l
B.lsblk -m
C.cat /proc/filesystems
D.df -a
E.mount
AnswerE

Correct: lists all mounted filesystems.

Why this answer

The `mount` command with no arguments displays a list of all currently mounted filesystems, showing the device, mount point, filesystem type, and mount options. This is the standard and most direct way to view active mounts on a Linux system.

Exam trap

The trap here is that candidates confuse commands that list block devices or filesystem types with the command that shows actual mounted filesystems, leading them to pick `lsblk` or `cat /proc/filesystems` instead of `mount`.

How to eliminate wrong answers

Option A is wrong because `fdisk -l` lists partition tables on block devices, not currently mounted filesystems. Option B is wrong because `lsblk -m` lists block devices with their permissions and owners, but does not show mount status or filesystem type details. Option C is wrong because `cat /proc/filesystems` shows which filesystem types are supported by the kernel, not which are currently mounted.

Option D is wrong because `df -a` reports disk space usage for mounted filesystems, but it does not display all mount details such as mount options or device paths for pseudo-filesystems.

22
MCQmedium

A system administrator needs to extend a logical volume 'lv_data' in volume group 'vg_data' by adding a new 50GB disk. Which sequence of commands should be used (assuming the filesystem is XFS)?

A.pvcreate, vgextend, lvextend, resize2fs
B.vgextend, lvcreate, pvcreate, xfs_growfs
C.vgextend, pvcreate, lvextend, xfs_growfs
D.pvcreate, vgextend, lvextend, xfs_growfs
E.pvcreate, lvextend, vgextend, fsck
AnswerD

Correct. This is the proper sequence for extending an XFS LV.

Why this answer

Option D is correct because the proper sequence to extend an XFS logical volume is: first, initialize the new disk as a physical volume with `pvcreate`; second, add it to the volume group with `vgextend`; third, extend the logical volume with `lvextend`; and finally, grow the XFS filesystem with `xfs_growfs`. XFS does not support shrinking and requires `xfs_growfs` (not `resize2fs`) for online growth.

Exam trap

The trap here is that candidates confuse `resize2fs` (for ext4) with `xfs_growfs` (for XFS), or incorrectly order the commands by adding the disk to the volume group before initializing it as a physical volume.

How to eliminate wrong answers

Option A is wrong because `resize2fs` is used for ext2/3/4 filesystems, not XFS; XFS uses `xfs_growfs`. Option B is wrong because `lvcreate` creates a new logical volume, not extends an existing one, and `pvcreate` must precede `vgextend`. Option C is wrong because `pvcreate` must be run before `vgextend` to initialize the disk as a physical volume.

Option E is wrong because `lvextend` cannot be done before adding the physical volume to the volume group (`vgextend`), and `fsck` is a filesystem check, not a resize tool.

23
MCQmedium

A system administrator runs the following command: # vgextend mydata-vg /dev/sdc. After successfully extending the volume group, what is the next step to make the additional space available in the logical volume mydata-lv?

A.xfs_growfs /data
B.lvextend -l +100%FREE /dev/mydata-vg/mydata-lv
C.resize2fs /dev/mydata-vg/mydata-lv
D.lvextend -L +10G /dev/mydata-vg/mydata-lv
AnswerB

Extends LV to use all free extents.

Why this answer

Option B is correct because after extending the volume group with vgextend, you must extend the logical volume to use the new free space. The command lvextend -l +100%FREE /dev/mydata-vg/mydata-lv allocates all remaining free extents in the volume group to the logical volume, making the additional space available for the filesystem.

Exam trap

The trap here is that candidates often confuse the order of operations and try to grow the filesystem directly (option A or C) without first extending the logical volume, or they use a specific size (option D) instead of the '100%FREE' syntax to consume all new space.

How to eliminate wrong answers

Option A is wrong because xfs_growfs /data is used to grow an XFS filesystem, but the logical volume itself has not been extended yet; you must first run lvextend to allocate the space to the LV. Option C is wrong because resize2fs is for ext2/ext3/ext4 filesystems, not XFS, and again the LV must be extended first. Option D is wrong because lvextend -L +10G adds a specific amount of space (10 GiB) rather than using all available free space in the volume group, which may not match the full extent of the newly added physical volume.

24
MCQeasy

An administrator writes a script that uses the 'set -e' option at the top. What is the primary effect of this option?

A.It treats unset variables as an error
B.It prints each command before execution
C.It enables debug mode with verbose output
D.It exits the script immediately if a command fails
AnswerD

C is correct. 'set -e' makes the script exit on any non-zero exit status.

Why this answer

Option C is correct because 'set -e' causes the shell to exit immediately if any command exits with a non-zero status, which helps in catching errors early. Option A is wrong because 'set -e' does not affect variable expansion. Option B is wrong because it is for 'set -u'.

Option D is wrong because it is for 'set -x'.

25
MCQmedium

A file has been assigned an incorrect SELinux context, preventing a service from accessing it. Which command restores the default SELinux context for that file?

A.restorecon
B.chcon
C.fixfiles
D.setfiles
AnswerA

restorecon restores the default context for the specified file.

Why this answer

The 'restorecon' command restores the default SELinux security context as defined by the policy. 'chcon' changes context manually, 'setfiles' is for bulk relabeling, and 'fixfiles' is for comprehensive relabeling.

26
Multi-Selecteasy

A system administrator writes a shell script to monitor disk usage and send an alert if any partition exceeds 80%. Which TWO of the following are best practices for implementing this script?

Select 2 answers
A.Use `cat /proc/partitions` to retrieve partition sizes.
B.Include error handling to check for missing commands and exit gracefully.
C.Send alerts only via syslog (logger command).
D.Use `df -h` and parse the output to check usage percentages.
E.Use `du -h /` and parse the output.
AnswersB, D

Correct: error handling improves script robustness.

Why this answer

Option B is correct because robust shell scripts should always include error handling to verify that required commands (e.g., `df`, `awk`, `grep`) are available before proceeding. This prevents the script from failing silently or producing misleading output, and allows it to exit gracefully with a meaningful error message, which is a key best practice for production scripts.

Exam trap

Red Hat often tests the distinction between `df` (filesystem-level usage) and `du` (directory-level usage), and candidates mistakenly choose `du` because they think it shows disk usage, but it does not report capacity or percentage used.

27
Multi-Selecteasy

Which TWO commands can be used to view the contents of a compressed gzip file without decompressing it permanently? (Choose two.)

Select 2 answers
A.zgrep file.gz
B.zless file.gz
C.gunzip file.gz
D.gzip -d file.gz
E.zcat file.gz
AnswersB, E

Allows paging through decompressed data without permanent decompression.

Why this answer

Options B and E are correct. zcat (B) decompresses to stdout, zless (E) allows paging. A and C permanently decompress. D searches text inside the archive.

28
MCQhard

Refer to the exhibit. A web server must also accept HTTPS traffic on port 8443. Which command should the administrator run to permanently open this port?

A.firewall-cmd --add-service=8443/tcp --permanent
B.firewall-cmd --add-port=8443/tcp
C.firewall-cmd --add-port=8443/tcp --permanent && firewall-cmd --reload
D.firewall-cmd --add-port=8443/tcp --zone=public
AnswerC

This adds the port permanently and reloads the firewall to apply changes.

Why this answer

The correct command adds port 8443/tcp permanently and reloads the firewall. Option B lacks --permanent and reload. Option C adds the port without --permanent.

Option D uses --add-service incorrectly.

29
MCQhard

A system administrator at a company is configuring a new storage array for a file server. The server uses LVM on top of a hardware RAID5 array. The administrator has created a volume group "vg_data" and a logical volume "lv_docs" intended for an XFS filesystem. After formatting with mkfs.xfs and mounting to /docs, the system works. However, after a reboot, the mount point is empty and the logical volume is not mounted. The administrator checks /etc/fstab and finds an entry using the device path /dev/vg_data/lv_docs. What is the most likely cause?

A.The mount point /docs was deleted during reboot
B.The XFS filesystem was corrupted during reboot
C.The logical volume name is misspelled in /etc/fstab
D.The volume group is not activated during boot because the LVM service is not enabled
AnswerD

The LVM service must be enabled for automatic activation.

Why this answer

Option D is correct because LVM volume groups are not automatically activated during boot unless the lvm2-lvmetad service (or equivalent LVM service) is enabled. Without this service, the system does not scan for and activate volume groups, so logical volumes like /dev/vg_data/lv_docs are not available for mounting. The /etc/fstab entry using the device path fails silently, leaving /docs empty.

Exam trap

The trap here is that candidates assume a valid /etc/fstab entry with the correct device path guarantees mounting after reboot, overlooking the prerequisite that LVM volume groups must be activated by a system service before the device is accessible.

How to eliminate wrong answers

Option A is wrong because mount points are directories in the filesystem and are not deleted during a reboot; the /docs directory persists unless explicitly removed. Option B is wrong because XFS filesystem corruption is not a typical side effect of a reboot, and if corruption occurred, the mount would likely fail with an error message, not silently leave the mount point empty. Option C is wrong because the question states the administrator checked /etc/fstab and found an entry using /dev/vg_data/lv_docs, implying the name is correct; a misspelling would cause a 'no such device' error, but the scenario describes a silent failure after reboot.

30
Drag & Dropmedium

Order the steps to configure firewall rules to allow HTTP and HTTPS traffic using firewalld.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Firewalld rules are added with --permanent flag and then reloaded to take effect.

31
Multi-Selecthard

A container is running but cannot be accessed from the network. Which TWO commands could help diagnose the issue? (Select exactly two.)

Select 2 answers
A.podman logs
B.podman port
C.podman inspect
D.podman exec
E.podman top
AnswersB, C

Shows which host ports are mapped to the container.

Why this answer

Option B is correct because `podman port` lists the port mappings for a container, showing which host ports are mapped to container ports. If a container is running but unreachable from the network, this command reveals whether the expected port mapping exists and is correctly configured. Without a proper mapping, external traffic cannot reach the container's service.

Exam trap

Red Hat often tests the distinction between commands that inspect container metadata (`podman inspect`) versus commands that interact with running processes (`podman exec`, `podman top`), leading candidates to choose the latter for network issues.

32
MCQhard

An administrator needs to grant user 'dev' the ability to execute /usr/local/bin/deploy.sh as root without a password, but no other commands. Which sudoers entry accomplishes this?

A.dev ALL=(root) PASSWD: /usr/local/bin/deploy.sh
B.dev ALL=(root) NOPASSWD: /usr/local/bin/deploy.sh
C.dev ALL=(ALL) NOPASSWD: /usr/local/bin/deploy.sh
D.%dev ALL=(root) NOPASSWD: /usr/local/bin/deploy.sh
AnswerB

This gives dev passwordless sudo to the specified command as root.

Why this answer

The correct syntax is 'dev ALL=(root) NOPASSWD: /usr/local/bin/deploy.sh'. This allows dev to run that specific command as root without a password.

33
MCQhard

A user reports that they can log in but cannot change their password. Which file might be misconfigured?

A./etc/shadow with an expiration date in the past
B./etc/group with no user entry
C./etc/login.defs with PASS_MAX_DAYS set to 0
D./etc/passwd with incorrect shell
AnswerA

Option A is correct: if the shadow entry has an expired password (e.g., maximum password age reached or account locked), the user may be unable to change the password.

Why this answer

The /etc/shadow file stores password aging information, including the date of the last password change and the expiration date. If the account's expiration date is set in the past, the system will allow login (if the account is not locked) but will prevent the user from changing their password because the account is considered expired. This matches the symptom where the user can authenticate but cannot update their password.

Exam trap

The trap here is that candidates often assume password change issues are caused by /etc/passwd or /etc/login.defs, but the actual control for password aging and expiration is in /etc/shadow, specifically the expiration date field.

How to eliminate wrong answers

Option B is wrong because /etc/group defines group memberships and has no direct effect on password change capability; a missing user entry would prevent group access but not password operations. Option C is wrong because PASS_MAX_DAYS set to 0 in /etc/login.defs means the password never expires (no maximum age), which would not prevent a password change; it would actually allow unlimited password age. Option D is wrong because an incorrect shell in /etc/passwd affects the user's login session (e.g., preventing shell access) but does not block the password change operation itself, which is handled by the shadow file and PAM.

34
MCQeasy

A system administrator wants to run a container that uses the rootless mode available in Podman. Which requirement must be met for rootless containers to work correctly?

A.The container must be run with the '--privileged' flag.
B.The user must have entries in /etc/subuid and /etc/subgid for user namespace mapping.
C.The system must have cgroups v2 enabled.
D.The user must have root privileges to run the container.
AnswerB

Subuid/subgid mappings are required for rootless containers to allocate UIDs/GIDs.

Why this answer

Rootless Podman containers require user namespace mapping to assign subordinate UIDs and GIDs from the host to the container. Without entries in /etc/subuid and /etc/subgid for the user, Podman cannot allocate the necessary ID ranges, and the container will fail to run in rootless mode.

Exam trap

Red Hat often tests the misconception that rootless containers require root privileges or special flags like '--privileged', when in fact they rely on user namespace mapping configured in /etc/subuid and /etc/subgid.

How to eliminate wrong answers

Option A is wrong because the '--privileged' flag grants elevated capabilities and disables user namespace isolation, which is the opposite of what rootless mode requires. Option C is wrong because cgroups v2 is not a strict requirement for rootless containers; Podman can use cgroups v1 with rootless mode, though v2 is recommended for better resource management. Option D is wrong because rootless mode explicitly allows non-root users to run containers, so requiring root privileges contradicts the purpose of rootless containers.

35
MCQmedium

An administrator needs to combine two physical network interfaces into a single logical interface for redundancy. Which RHEL tool is recommended to configure this in RHEL 8/9?

A.teamd
B.ip link
C.brctl
D.nmcli
AnswerD

NetworkManager command-line tool, recommended for configuring bonds.

Why this answer

Option D (nmcli) is the preferred command-line tool for network management and can configure bonding/teaming. Option A (ip link) can set bonding but is lower-level. Option B (teamd) is used for teaming but nmcli is more common.

Option C (brctl) is for bridging.

36
Multi-Selecthard

Which THREE of the following mount options are commonly used to enhance security on a filesystem?

Select 3 answers
A.nosuid
B.nodev
C.suid
D.defaults
E.noexec
AnswersA, B, E

Correct: blocks setuid/setgid bits.

Why this answer

The `nosuid` option prevents the set-user-identifier (setuid) and set-group-identifier (setgid) bits from taking effect on the filesystem. This blocks unprivileged users from executing binaries with elevated privileges, a common vector for privilege escalation attacks.

Exam trap

The trap here is that candidates often confuse `defaults` with a secure baseline, not realizing it includes `suid`, `dev`, and `exec` — the very options that security hardening aims to disable.

37
MCQhard

A system fails to mount an XFS filesystem at boot. The /etc/fstab entry is: UUID=abc123 /mnt xfs defaults 0 0. Running mount -a shows: 'mount: wrong fs type, bad option, bad superblock on /dev/sdb1'. Which is the most likely cause?

A.The UUID specified in fstab does not match the actual UUID of /dev/sdb1.
B.The mount point /mnt does not exist.
C.The kernel does not have XFS support enabled.
D.The filesystem on /dev/sdb1 is not XFS but ext4.
AnswerA

Mismatched UUID is a common cause; verify with blkid.

Why this answer

The error message 'wrong fs type, bad option, bad superblock' typically indicates that the system cannot identify the filesystem on the device. Since the fstab entry uses UUID=abc123, the most likely cause is that the UUID specified does not match the actual UUID of /dev/sdb1, causing mount to attempt to mount a device that either does not exist or has a different filesystem signature. The mount command first resolves the UUID to a device, and if the UUID is incorrect, it may try to mount the wrong device or fail to find one.

Exam trap

Red Hat often tests the distinction between a missing mount point (which gives a clear 'No such file or directory' error) and a UUID mismatch (which produces a misleading 'wrong fs type' error), leading candidates to incorrectly suspect kernel support or filesystem type issues.

How to eliminate wrong answers

Option B is wrong because if the mount point /mnt did not exist, the error would be 'mount point does not exist' or 'No such file or directory', not a filesystem type error. Option C is wrong because if the kernel lacked XFS support, the error would be 'mount: unknown filesystem type 'xfs'' or similar, not a 'wrong fs type' message that implies the filesystem is recognized but mismatched. Option D is wrong because if the filesystem were ext4, the error would still be 'wrong fs type' only if the fstab explicitly specified 'xfs' and the kernel tried to mount it as XFS; however, the error message 'bad superblock' is more specific to a superblock mismatch, and the UUID mismatch is a more direct and common cause than a filesystem type mismatch, which would also produce a different error (e.g., 'mount: /dev/sdb1 is not a valid XFS filesystem').

38
Multi-Selecteasy

Which TWO of the following commands can be used to create an XFS filesystem on a block device?

Select 2 answers
A.mkfs.ext4 /dev/sdb1
B.mkfs.xfs /dev/sdb1
C.xfs_admin /dev/sdb1
D.mke2fs /dev/sdb1
E.mkfs -t xfs /dev/sdb1
AnswersB, E

Correct: directly creates XFS.

Why this answer

The `mkfs.xfs` command (option B) directly creates an XFS filesystem on a block device. The `mkfs -t xfs` command (option E) is the generic front-end that calls the same XFS-specific tool, making both valid. These are the standard methods for formatting a partition with the XFS filesystem in Red Hat Enterprise Linux.

Exam trap

The trap here is that candidates confuse filesystem creation commands with management commands (like `xfs_admin`) or assume `mke2fs` is a generic tool that can create any filesystem type, when it is strictly for ext2/3/4 families.

39
MCQmedium

A team wants to run a container as a non-root user inside the container for security. Which instruction should be included in the Containerfile?

A.USER
B.PODMAN_USER
C.ENV USER
D.RUN useradd
AnswerA

Correct. The USER instruction sets the active user for subsequent instructions.

Why this answer

The USER instruction in a Containerfile (Dockerfile) sets the user name or UID to use when running the container and for any subsequent RUN, CMD, or ENTRYPOINT instructions. By default, containers run as root (UID 0), which poses a security risk. Using USER to switch to a non-root user (e.g., USER 1001) ensures the container process runs with reduced privileges, aligning with the principle of least privilege.

Exam trap

The trap here is that candidates often confuse creating a user (RUN useradd) with actually running as that user, forgetting that the USER instruction is required to switch the runtime context, or they invent non-existent instructions like PODMAN_USER.

How to eliminate wrong answers

Option B (PODMAN_USER) is wrong because there is no such instruction in Containerfile/Dockerfile syntax; Podman uses the same standard instructions as Docker. Option C (ENV USER) is wrong because ENV sets environment variables (e.g., ENV USER=myuser) but does not change the runtime user identity; the container still runs as root unless a USER instruction is used. Option D (RUN useradd) is wrong because while useradd creates a user account inside the image, it does not switch the active user for subsequent instructions or the container's entrypoint; you must still use USER to actually run as that user.

40
MCQhard

A script has a syntax error. Which command will help identify the line number of the error without executing the script?

A.which bash
B.bash -n script.sh
C.set -x
D.bash -v script.sh
AnswerB

bash -n checks syntax only and reports errors with line numbers.

Why this answer

Option B is correct because 'bash -n script.sh' performs syntax checking only. Option A ('set -x') enables execution trace. Option C ('bash -v') prints lines as read.

Option D shows the path of bash.

41
MCQmedium

A system administrator is managing a Red Hat Enterprise Linux 9 web server running Apache httpd. The server hosts a custom application that stores its files in /var/www/custom. The administrator has set ownership to apache:apache and file permissions to 755. However, when users access the web application, they receive a 'Forbidden' error. The httpd service is running, and SELinux is in enforcing mode. The administrator checks the SELinux context of the /var/www/custom directory and sees 'unconfined_u:object_r:default_t:s0'. What should the administrator do to resolve the issue without disabling SELinux?

A.Use semanage fcontext to set the SELinux type to httpd_sys_content_t and run restorecon
B.Set SELinux to permissive mode
C.Use chcon to set the SELinux type to httpd_sys_content_t
D.Add the apache user to the group that owns the directory
AnswerA

This changes the file context persistently; semanage fcontext adds a rule to the file context database, and restorecon applies it.

Why this answer

The SELinux type 'default_t' prevents httpd from reading the files. The correct approach is to change the context type to 'httpd_sys_content_t' persistently using semanage fcontext and then apply it with restorecon. Using chcon is temporary and will not survive a file system relabel.

42
MCQeasy

A user needs to find all files with the '.conf' extension under /etc. Which command should be used?

A.grep -r "*.conf" /etc
B.locate /etc/*.conf
C.ls /etc/*.conf
D.find /etc -name "*.conf"
AnswerD

find recursively searches the directory tree for files matching the pattern.

Why this answer

Option D is correct because the `find` command is designed to search for files and directories based on criteria such as name, type, or size. Using `find /etc -name "*.conf"` recursively searches the entire `/etc` directory tree for files ending in `.conf`, which is the standard and most reliable method for this task.

Exam trap

The trap here is that candidates confuse `grep` (for content search) with `find` (for file search), or assume `ls` with a glob is sufficient, overlooking the need for recursion across subdirectories.

How to eliminate wrong answers

Option A is wrong because `grep -r` searches for text patterns inside file contents, not for filenames; it would attempt to match the literal string "*.conf" within files, not find files with that extension. Option B is wrong because `locate` relies on a pre-built database (updated by `updatedb`) and may not reflect recent changes or include all files under `/etc` by default; also, the pattern `/etc/*.conf` is a shell glob, not a valid `locate` argument. Option C is wrong because `ls /etc/*.conf` only lists files matching the glob in the immediate `/etc` directory, not in subdirectories, and will fail or produce errors if no matches are found or if there are too many matches.

43
MCQhard

A RHEL 9 system has a second disk /dev/sdb that needs to be partitioned with a single partition using all space, formatted with XFS, and mounted persistently at /data. The administrator uses fdisk to create the partition /dev/sdb1. Which filesystem creation command should be used?

A.mkfs.xfs /dev/sdb1
B.mke2fs /dev/sdb1
C.mkfs -t ext4 /dev/sdb1
D.mkfs.ext4 /dev/sdb1
AnswerA

Creates XFS filesystem.

Why this answer

The correct command is mkfs.xfs /dev/sdb1 because the question specifies that the partition must be formatted with XFS. The mkfs.xfs command is the dedicated tool for creating an XFS filesystem on a block device. It directly invokes the mkfs.xfs utility, which writes the XFS superblock and metadata structures to the partition.

Exam trap

The trap here is that candidates often confuse mkfs.xfs with generic mkfs commands or ext-family tools, assuming any mkfs variant will work, but the exam specifically tests knowledge of the correct filesystem-specific command for XFS.

How to eliminate wrong answers

Option B is wrong because mke2fs is a legacy command for creating ext2/ext3/ext4 filesystems, not XFS. Option C is wrong because mkfs -t ext4 creates an ext4 filesystem, not XFS. Option D is wrong because mkfs.ext4 is a convenience wrapper for creating ext4 filesystems, not XFS.

44
Multi-Selecteasy

Which THREE of the following are valid utilities for creating partitions on a disk in Red Hat Enterprise Linux?

Select 3 answers
A.mkfs
B.mount
C.fdisk
D.gdisk
E.parted
AnswersC, D, E

fdisk is a classic partitioning tool for MBR and GPT (with limitations).

Why this answer

C is correct because `fdisk` is a traditional command-line utility for creating, deleting, and managing MBR (Master Boot Record) partition tables on disks in Red Hat Enterprise Linux. It supports interactive and scripted partitioning, making it a valid tool for local storage configuration.

Exam trap

The trap here is that candidates often confuse filesystem creation (`mkfs`) or mounting (`mount`) with actual partition creation, leading them to select those invalid options instead of the correct partitioning utilities.

45
MCQeasy

Which command displays the current system time, timezone, and whether NTP synchronization is active?

A.ntpq -p
B.date
C.timedatectl
D.cal
AnswerC

Shows local time, universal time, RTC time, time zone, and NTP status.

Why this answer

The `timedatectl` command (option C) is the correct tool in Red Hat Enterprise Linux (RHEL) for querying and configuring system time, timezone, and NTP synchronization status. It displays the current local time, timezone, and whether NTP is active or enabled in a single, clear output, making it the standard utility for these tasks in systemd-based systems.

Exam trap

The trap here is that candidates often choose `ntpq -p` (option A) because they associate it with NTP, but they overlook that it does not show the system time or timezone, which the question explicitly requires.

How to eliminate wrong answers

Option A is wrong because `ntpq -p` only shows the list of NTP peers and their synchronization status (e.g., delay, offset, jitter), but it does not display the current system time or timezone. Option B is wrong because `date` outputs the current date and time but does not show the timezone name or NTP synchronization status. Option D is wrong because `cal` simply displays a calendar for a given month or year and has no relation to time, timezone, or NTP.

46
Multi-Selecteasy

Which TWO commands can list all groups a user belongs to? (Choose exactly 2)

Select 2 answers
A.id -nG
B.cat /etc/group | grep user
C.usermod -g user
D.getent group user
E.groups
AnswersA, E

Option A is correct; id -nG prints the group names of the current user.

Why this answer

Option A is correct because `id -nG` displays the group names (`-n`) and all group IDs (`-G`) for the current user or a specified user. This command reads the user's group memberships from the system databases (e.g., `/etc/group` and `/etc/passwd`) and outputs the supplementary and primary group names, making it a reliable way to list all groups a user belongs to.

Exam trap

The trap here is that candidates often think `cat /etc/group | grep user` or `getent group user` will list all groups for a user, but these commands only search for a group named 'user' or lines containing the string, not the user's actual group memberships, which is a common misconception tested on the EX200 exam.

47
MCQhard

Refer to the exhibit. A user tries to execute a script located in /data/script.sh but gets 'Permission denied'. The script has execute permissions. What is the most likely cause?

A.The filesystem is mounted with noexec
B.The filesystem is full
C.SELinux is blocking execution
D.The script is in a directory with noexec
AnswerA

noexec prevents all execution from the filesystem.

Why this answer

The most likely cause is that the filesystem where /data resides is mounted with the 'noexec' option. This mount option prevents the execution of any binary or script directly from that filesystem, regardless of the file's individual execute permissions. The 'noexec' flag is commonly set on partitions like /tmp or /var for security reasons, and it overrides the file's permission bits.

Exam trap

Red Hat often tests the distinction between file-level permissions and filesystem-level mount options, where candidates mistakenly think execute permissions alone guarantee execution, ignoring that mount options like 'noexec' can override them.

How to eliminate wrong answers

Option B is wrong because a full filesystem would produce a 'No space left on device' error, not 'Permission denied'. Option C is wrong because SELinux blocking execution typically produces an 'Operation not permitted' or AVC denial message, not a generic 'Permission denied', and the question states the script has execute permissions. Option D is wrong because directories themselves do not have a 'noexec' attribute; the 'noexec' option is a mount-level filesystem flag, not a directory-level attribute.

48
Multi-Selectmedium

Which TWO commands can be used to view the current size and usage of an LVM logical volume? (Choose two.)

Select 2 answers
A.df -h
B.lsblk
C.vgdisplay
D.lvdisplay
E.lvs
AnswersD, E

Shows LV size and attributes.

Why this answer

D is correct because `lvdisplay` shows detailed attributes of LVM logical volumes, including size (LV Size) and current usage (Current LE, Allocated LE). E is correct because `lvs` provides a concise, tabular view of logical volumes with columns for size (LSize) and usage (Data% for thin volumes, or by comparing Allocated PE vs Total PE). Both commands directly query LVM metadata from the kernel device mapper.

Exam trap

Red Hat often tests the distinction between filesystem-level commands (`df`) and LVM metadata commands (`lvdisplay`, `lvs`), trapping candidates who think `df` shows LVM volume size rather than filesystem usage.

49
MCQmedium

Refer to the exhibit. An administrator runs xfs_growfs on /dev/sdc1. What is the most likely reason the command succeeded without prior partition resizing?

A.The partition was automatically resized by xfs_growfs
B.The underlying block device (partition or logical volume) was extended before the command
C.The filesystem was already using the full partition size and the command had no effect
D.The filesystem was mounted with the 'grow' option allowing online growth
AnswerB

Correct. xfs_growfs grows the filesystem to fill the device; the device must already be larger.

Why this answer

The output shows data blocks changed from 2621440 to 5242880, doubling the size. This suggests the underlying block device (partition or LVM) was already extended. xfs_growfs only grows the filesystem to match the device size; it does not resize the device itself.

50
MCQmedium

An administrator writes a script to check disk usage and send an alert if usage exceeds 80%. The script uses 'df -h /' and parses the output. To maintain portability and avoid common pitfalls, which approach is recommended?

A.Use 'df -h / | tail -1 | sed 's/.* //' | tr -d '%'
B.Use 'df -h / | tail -1 | cut -d' ' -f5'
C.Use 'df / | awk 'NR==2 {print $5}' | tr -d '%'
D.Use 'df -h / | grep -oP '\d+%'
AnswerC

A is correct. It grabs the second line and fifth column, which is the percentage.

Why this answer

Option A is correct because using 'awk' with the percentage column is robust and handles different 'df' output formats. Option B is wrong because 'cut' might break if output format varies. Option C is wrong because using 'sed' with a fixed position is fragile.

Option D is wrong because using 'grep' to extract the percentage can be unreliable.

51
MCQhard

During boot, a server fails to mount an NFS filesystem listed in /etc/fstab. Which troubleshooting step should be taken first to isolate the issue?

A.Check the status of remote-fs.target with 'systemctl status remote-fs.target'
B.Check the status of nfs-client.target with 'systemctl status nfs-client.target'
C.Try to manually mount the NFS share with 'mount /mnt/nfs'
D.View kernel messages with 'dmesg | grep -i nfs'
AnswerA

remote-fs.target is responsible for mounting remote filesystems at boot.

Why this answer

Option A is correct because when an NFS filesystem fails to mount during boot, the first step is to check whether the remote-fs.target unit is active. This target is responsible for triggering the mounting of all remote filesystems (including NFS) after the network is available. If remote-fs.target is not active or has failed, the NFS mount will not be attempted, and troubleshooting should start here before investigating the NFS share itself.

Exam trap

Red Hat often tests the misconception that NFS client services (nfs-client.target) are responsible for mounting NFS filesystems, when in fact the mounting is orchestrated by remote-fs.target, and troubleshooting should start there.

How to eliminate wrong answers

Option B is wrong because nfs-client.target is a target that only ensures NFS client services (like rpcbind and nfs-idmapd) are started, but it does not directly control the mounting of filesystems listed in /etc/fstab; the actual mount is governed by remote-fs.target. Option C is wrong because attempting to manually mount the share with 'mount /mnt/nfs' assumes the issue is with the share or network, but if the boot failure is due to a missing or misconfigured remote-fs.target, the manual mount might succeed and mislead the troubleshooting; the correct first step is to check the target status. Option D is wrong because viewing kernel messages with 'dmesg | grep -i nfs' can provide useful details after the target status is verified, but it is not the first step; the boot failure may be caused by a target dependency issue that dmesg would not directly reveal.

52
MCQmedium

An administrator needs to measure the execution time of the command 'backup.sh'. Which command prefix should be used?

A.time
B.date
C.watch
D.timeout
AnswerA

time measures how long a command takes to complete.

Why this answer

The 'time' command is the correct prefix to measure the execution time of a command in Linux. When placed before 'backup.sh', it runs the script and then outputs the real, user, and system time consumed, providing the precise measurement the administrator needs.

Exam trap

The trap here is that candidates may confuse 'time' with 'timeout' because both involve time, but 'timeout' controls execution duration while 'time' measures it.

How to eliminate wrong answers

Option B is wrong because 'date' displays or sets the system date and time, not the execution duration of a command. Option C is wrong because 'watch' repeatedly runs a command at a specified interval (default 2 seconds) to monitor its output, not to measure its execution time. Option D is wrong because 'timeout' runs a command with a time limit and kills it if it exceeds that limit, which is for controlling runtime, not measuring it.

53
MCQmedium

A system administrator needs to find all regular files larger than 10MB in /var/log. Which find command should they use?

A.find /var/log -type f -size -10M
B.find /var/log -type d -size +10M
C.find /var/log -type f -size 10M
D.find /var/log -type f -size +10M
AnswerD

Correct syntax for larger than 10MB.

Why this answer

Option D is correct because it uses `-type f` to select only regular files and `-size +10M` to match files larger than 10 megabytes. The `+` prefix in the `-size` test means 'greater than', which is the correct syntax for finding files exceeding a given size.

Exam trap

Red Hat often tests the `+` and `-` prefix syntax for `-size`, and the trap here is that candidates confuse `-size +10M` with `-size 10M` or `-size -10M`, or they mistakenly use `-type d` instead of `-type f` when the question specifies regular files.

How to eliminate wrong answers

Option A is wrong because `-size -10M` uses the `-` prefix, which means 'less than 10MB', not 'greater than'. Option B is wrong because `-type d` selects directories, not regular files, and the question specifically asks for regular files. Option C is wrong because `-size 10M` without a `+` or `-` prefix matches files exactly 10MB in size, not files larger than 10MB.

54
MCQhard

An administrator is migrating user accounts to a new system. They want to preserve the user's primary group name and GID. Which commands should be used in sequence?

A.useradd -u <UID> -g <group> <user>
B.useradd -g <group> <user>
C.groupadd --gid <GID> <group> && useradd -g <group> <user>
D.groupadd -g <GID> <group> then useradd -g <group> <user>
AnswerC

This creates the group with the specified GID first, then creates the user with that group.

Why this answer

Option D is correct: first create the group with the specific GID using groupadd -g, then create the user with that group using useradd -g. Option A will fail if the group doesn't exist. Option B uses -g for groupadd and -g for useradd, but the order is wrong.

Option C sets only UID, not group.

55
Multi-Selecteasy

Which TWO commands are needed to set up a swap partition on /dev/sdd1 for immediate use?

Select 2 answers
A.swapon /dev/sdd1
B.parted /dev/sdd mkswap
C.mkswap /dev/sdd1
D.swapon -a
E.mkfs.swap /dev/sdd1
AnswersA, C

Correct: Activates the swap partition.

Why this answer

Option A is correct because the `swapon /dev/sdd1` command activates the swap partition immediately, making it available for the kernel to use as virtual memory. Option C is correct because `mkswap /dev/sdd1` writes the swap signature (UUID and swap superblock) to the partition, which is a prerequisite for any swap device to be recognized by the kernel. Together, these two commands first prepare the partition as a swap area and then enable it for immediate use.

Exam trap

Red Hat often tests the distinction between preparing a swap device (`mkswap`) and activating it (`swapon`), and the trap here is that candidates might think `swapon -a` or a single command like `mkfs.swap` is sufficient, when in fact both steps are required and the correct command names are specific.

56
MCQeasy

A user reports that they cannot start a service. Which command would an administrator use to view the service's journal logs since last boot?

A.journalctl -b
B.journalctl -u service -b
C.journalctl service
D.dmesg | grep service
AnswerB

This combination correctly shows logs for the service since last boot.

Why this answer

Option B is correct because `journalctl -u service -b` combines the `-u` flag to filter logs for a specific systemd unit (the service) with the `-b` flag to show only logs from the current boot. This is the precise command an administrator would use to view a service's journal logs since the last system start, directly addressing the user's inability to start the service.

Exam trap

The trap here is that candidates often forget the `-u` flag is mandatory to filter for a specific service unit, mistakenly thinking `journalctl service` is valid, or they confuse `journalctl -b` (all logs since boot) with the more targeted command needed for service-specific troubleshooting.

How to eliminate wrong answers

Option A is wrong because `journalctl -b` shows all journal logs since the last boot, but without the `-u` flag it does not filter for a specific service, making it impractical for troubleshooting a single service. Option C is wrong because `journalctl service` is invalid syntax; `journalctl` requires the `-u` flag to specify a unit name, otherwise it treats 'service' as a non-existent option or argument. Option D is wrong because `dmesg | grep service` displays kernel ring buffer messages, which are primarily hardware and driver-related, not the detailed service logs from systemd-journald, and it does not filter by boot session.

57
MCQhard

A system administrator is managing a Red Hat Enterprise Linux 9 server that uses LVM for storage. The volume group 'vgdata' contains two 500 GB physical volumes (sdb and sdc) with a logical volume 'lvdata' of 800 GB formatted with XFS and mounted at /data. The administrator adds a new 200 GB disk /dev/sdd and intends to use all of its capacity to extend lvdata. The following commands are executed in order: pvcreate /dev/sdd, vgextend vgdata /dev/sdd, lvextend -l +100%FREE /dev/vgdata/lvdata. The lvextend command completes successfully, but running 'df -h /data' still shows 800 GB. What is the most likely reason?

A.The volume group 'vgdata' is not active, so the new space is ignored.
B.The logical volume was extended using a snapshot instead of the original.
C.The filesystem has not been grown after extending the logical volume.
D.The physical volume was not created correctly and the space is not available.
AnswerC

XFS requires xfs_growfs to resize the filesystem.

Why this answer

After extending the logical volume with `lvextend`, the underlying block device has more space, but the filesystem still sees the original size. For XFS, you must run `xfs_growfs /data` (or `xfs_growfs /dev/vgdata/lvdata`) to expand the filesystem to use the newly allocated extents. Without this step, `df -h` continues to report the old filesystem size.

Exam trap

The trap here is that candidates assume `lvextend` automatically resizes the filesystem, but Red Hat exams specifically test that you must run a separate filesystem-specific command (e.g., `xfs_growfs` or `resize2fs`) after extending the logical volume.

How to eliminate wrong answers

Option A is wrong because the volume group must be active for `lvextend` to succeed; the command completed successfully, confirming vgdata is active. Option B is wrong because snapshots are separate logical volumes; extending the original LV does not involve snapshots, and no snapshot was created in the scenario. Option D is wrong because `pvcreate /dev/sdd` and `vgextend vgdata /dev/sdd` both succeeded, and the `lvextend` command used `+100%FREE`, which would have failed if the PV were not available.

58
MCQhard

After editing /etc/fstab to add a mount for /data, the system fails to boot and drops to a maintenance shell. Which recovery step should be taken first?

A.Remove the disk that contains the problematic mount
B.Boot into single-user mode and run 'mount -a' to list errors
C.Boot from installation media and reinstall the operating system
D.At the maintenance shell, run 'systemctl emergency' to drop to emergency mode
E.Boot into rescue mode and comment out or correct the problematic line in /etc/fstab
AnswerE

Correct. Rescue mode allows access to the system's root filesystem to edit fstab.

Why this answer

Option E is correct because when a misconfigured /etc/fstab entry prevents the system from booting, the first recovery step is to boot into rescue mode (or single-user mode if available) and edit /etc/fstab to comment out or correct the problematic line. This restores the ability to boot normally without reinstalling or removing hardware.

Exam trap

The trap here is that candidates may think 'mount -a' will show errors or that switching to emergency mode is a recovery step, when in fact the immediate fix is to edit /etc/fstab directly from the maintenance shell or rescue mode.

How to eliminate wrong answers

Option A is wrong because physically removing a disk is unnecessary and disruptive; the issue is a configuration error in /etc/fstab, not a hardware failure. Option B is wrong because 'mount -a' attempts to mount all filesystems listed in /etc/fstab and would fail again with the same error, not list errors in a helpful way; it does not fix the root cause. Option C is wrong because reinstalling the operating system is an extreme overreaction; the problem is a single misconfigured line that can be corrected with a text editor.

Option D is wrong because 'systemctl emergency' switches to emergency mode, which is even more restrictive than the maintenance shell and does not address the need to edit /etc/fstab; the system is already in a maintenance shell where editing is possible.

59
Multi-Selecthard

Which THREE commands can be used to monitor real-time process status and update the display every 2 seconds? (Choose three.)

Select 3 answers
A.htop
B.top -d 2
C.ps aux
D.watch -n 2 ps aux
E.at 2
AnswersA, B, D

htop is an interactive process viewer that updates in real-time.

Why this answer

A is correct because `htop` is an interactive process viewer that by default updates in real-time (every ~1-2 seconds) and allows you to monitor processes dynamically. It provides a color-coded, user-friendly interface with CPU, memory, and swap usage bars, updating continuously without needing a separate interval flag.

Exam trap

Red Hat often tests the distinction between snapshot commands (like `ps aux`) and real-time monitoring tools (like `top`, `htop`, or `watch`), trapping candidates who think `ps aux` can update continuously without an external wrapper like `watch`.

60
Multi-Selecthard

Which THREE factors determine whether a local user can SSH into a Red Hat Enterprise Linux 9 system? (Choose three.)

Select 3 answers
A.The /etc/nologin file exists.
B.The user has sudo privileges.
C.The user's shell is listed in /etc/shells.
D.The user's ~/.ssh/authorized_keys file exists and has correct permissions.
E.The /etc/ssh/sshd_config file allows password or key authentication.
AnswersC, D, E

sshd checks if shell is valid; non-shell like /sbin/nologin prevents login.

Why this answer

Option C is correct because SSHd validates that the user's login shell is listed in /etc/shells before allowing authentication. If the shell is not present in /etc/shells (e.g., /sbin/nologin or a custom script), SSHd will deny the connection, even if the user has valid credentials. This check is controlled by the 'AllowUsers' and 'DenyUsers' directives but is a fundamental security measure to prevent users with non-standard shells from gaining interactive access.

Exam trap

The trap here is that candidates often confuse the /etc/nologin file (which affects console logins) with the /etc/shells check (which affects SSH), or assume that sudo privileges imply SSH access, when in reality SSH authentication is independent of sudo.

61
Multi-Selecteasy

A system administrator needs to ensure a service called 'myapp' starts automatically at boot and also start it immediately without affecting the current boot configuration. Which TWO commands should be used?

Select 2 answers
A.systemctl daemon-reload myapp
B.systemctl start myapp
C.systemctl restart myapp
D.systemctl activate myapp
E.systemctl enable myapp
AnswersB, E

Correct: Starts the service immediately.

Why this answer

The 'systemctl enable myapp' command creates the necessary symlinks so that the service starts automatically at boot, while 'systemctl start myapp' launches the service immediately in the current session without altering the boot configuration. Together, they satisfy both requirements without affecting the existing boot setup.

Exam trap

The trap here is that candidates confuse 'enable' with 'start' or think 'restart' or 'daemon-reload' can achieve both goals, but only the combination of 'enable' (for boot persistence) and 'start' (for immediate activation) meets the exact requirements.

62
MCQmedium

A system administrator needs to change the primary group of an existing user to a group that already exists. Which command should be used?

A.groupmod -g existinggroup username
B.usermod -g existinggroup username
C.usermod -p existinggroup username
D.usermod -G existinggroup username
AnswerB

Option A is correct: -g changes the user's primary group to the specified group.

Why this answer

Option B is correct because the `usermod -g` command changes the primary group of an existing user to a specified group that already exists on the system. The `-g` option sets the initial login group (GID) for the user, which must be a valid group name or GID from `/etc/group`.

Exam trap

The trap here is confusing the `-g` (primary group) and `-G` (supplementary groups) options of `usermod`, leading candidates to pick option D when they need to change the primary group.

How to eliminate wrong answers

Option A is wrong because `groupmod -g` changes the GID of an existing group, not the primary group of a user. Option C is wrong because `usermod -p` is used to set or change the user's password (encrypted), not their group membership. Option D is wrong because `usermod -G` sets the supplementary (secondary) group list for the user, not the primary group.

63
MCQhard

Refer to the exhibit. An administrator wants to create a logical volume named 'data' of size 5GB in volume group 'myvg' and mount it at /data. What is the correct sequence of commands?

A.vgcreate myvg /dev/sdb /dev/sdc lvcreate -n data -L 5G myvg mkfs.ext4 /dev/myvg/data mount /dev/myvg/data /data
B.lvcreate -n data -L 5G myvg mkfs.xfs /dev/myvg/data mount /dev/myvg/data /data
C.lvcreate -n data -L 5G myvg mkfs.xfs /dev/myvg/data mkdir /data mount /dev/myvg/data /data echo '/dev/myvg/data /data xfs defaults 0 0' >> /etc/fstab
D.pvcreate /dev/sdb vgcreate myvg /dev/sdb lvcreate -n data -L 5G myvg mkfs.xfs /dev/myvg/data mount /dev/myvg/data /data echo '/dev/myvg/data /data ext4 defaults 0 0' >> /etc/fstab
AnswerC

Correct sequence: create LV, format, create mount point, mount, and add to fstab.

64
MCQmedium

A junior system administrator configures rsyslog on a RHEL 9 server to forward logs to a remote centralized log server. They add the line *.* @192.168.1.100:514 to /etc/rsyslog.conf and restart rsyslog with systemctl restart rsyslog. Local logging works fine, but the remote server does not receive any logs. The administrator checks the local firewall and confirms that UDP port 514 is open outbound. They also verify network connectivity using nc. What is the most likely cause?

A.The systemd unit for rsyslog is masked, preventing it from running.
B.The remote rsyslog server is not listening on UDP port 514.
C.The SELinux boolean rsyslog_remote is disabled, blocking outbound syslog.
D.The configuration should use @@ for TCP instead of @ for UDP.
AnswerC

SELinux blocks rsyslog from sending network traffic if boolean is off; enabling it resolves the issue.

Why this answer

Option C is correct because on RHEL 9, SELinux enforces a targeted policy that blocks rsyslog from making outbound network connections by default. The boolean `rsyslog_remote` controls this behavior; when disabled, SELinux denies the outbound syslog traffic even though the local firewall allows it. The administrator must enable this boolean with `setsebool -P rsyslog_remote on` to allow rsyslog to forward logs via UDP or TCP.

Exam trap

The trap here is that candidates focus on network-level troubleshooting (firewall, connectivity) and overlook SELinux, which is a mandatory access control layer that can block outbound connections even when the firewall is open.

How to eliminate wrong answers

Option A is wrong because if the systemd unit for rsyslog were masked, the `systemctl restart rsyslog` command would fail with an error, and local logging would not work. Option B is wrong because the administrator verified network connectivity with `nc`, which would fail if the remote server were not listening on UDP 514, and the question states local logging works fine, implying the remote server is reachable. Option D is wrong because the `@` directive correctly specifies UDP transport; using `@@` would switch to TCP, which is not required and would not fix the SELinux block.

65
MCQmedium

Refer to the exhibit. Why did the sshd service fail?

A.The service binary is missing.
B.The service start was requested too many times in quick succession.
C.The configuration file /etc/ssh/sshd_config has a syntax error.
D.The system ran out of memory.
AnswerB

The log explicitly says 'start request repeated too quickly', resulting in start-limit.

Why this answer

B is correct because systemd's `StartLimitIntervalSec` and `StartLimitBurst` settings (default: 10 seconds and 5 starts) prevent rapid service restarts. When `sshd` fails repeatedly within the interval, systemd marks it as failed with the status 'start-limit-hit' to avoid resource exhaustion from restart loops.

Exam trap

The trap here is that candidates assume the failure is due to a configuration error or missing binary, but the 'start-limit-hit' status is a systemd mechanism that explicitly indicates too many restart attempts, not a problem with the service itself.

How to eliminate wrong answers

Option A is wrong because if the service binary were missing, `systemctl status sshd` would show 'Exec format error' or 'No such file or directory', not a start-limit-hit failure. Option C is wrong because a syntax error in `/etc/ssh/sshd_config` would cause `sshd` to exit with a specific error message in the journal (e.g., 'Bad configuration option'), not a start-limit-hit from systemd. Option D is wrong because out-of-memory conditions produce OOM-killer logs or 'Cannot allocate memory' errors in the journal, not the start-limit-hit status shown in the exhibit.

66
Multi-Selecthard

Which THREE conditions must be met for a user to effectively use the 'sudo' command to execute commands with root privileges?

Select 3 answers
A.The target command must be executable by root
B.User must be in the wheel group
C.User must have a password set
D.User must be in the sudoers file
E.The sudoers file must be edited with visudo
AnswersB, D, E

RHEL's default sudoers grants privileges to %wheel.

Why this answer

Options A, C, and D are correct. The user must be listed in the sudoers file (A), the sudoers file must be edited with visudo to avoid syntax errors (C), and on RHEL, being in the wheel group is a common requirement (D). Option B (password) is not required if NOPASSWD is set.

Option E is not a condition for the user.

67
MCQeasy

A new intern created a script to display the current user's home directory: #!/bin/bash echo "Home directory: $home" The script outputs 'Home directory: ' with nothing after the colon. What is the most likely cause?

A.The HOME variable is not set in the environment.
B.There is a typo: it should be $HOME, not $home.
C.The script is run with 'sh' instead of 'bash'.
D.The root user has no home directory.
AnswerB

bash is case-sensitive; $home is a different variable, likely unset.

Why this answer

Option D is correct because the variable name should be uppercase HOME, not lower case home. bash is case-sensitive, so $home is not set. Option A is possible but less likely because HOME is usually set. Option B is false; sh also sets HOME.

Option C is false; root has /root.

68
Multi-Selecteasy

Which TWO commands can be used to view the contents of a compressed file named 'data.log.gz' without decompressing it permanently? (Choose exactly two.)

Select 2 answers
A.gunzip data.log.gz
B.zcat data.log.gz
C.zless data.log.gz
D.gzip -d data.log.gz
E.bzcat data.log.gz
AnswersB, C

zcat decompresses to stdout without modifying the file.

Why this answer

B is correct because `zcat` reads the contents of a gzip-compressed file and outputs them to standard output without permanently decompressing the file. It is functionally equivalent to `gunzip -c` and is the standard tool for viewing compressed text files in place.

Exam trap

Red Hat often tests the distinction between commands that permanently decompress (gunzip, gzip -d) versus those that only view the contents (zcat, zless, zmore), and candidates frequently confuse `bzcat` as a valid alternative for .gz files.

69
Drag & Dropmedium

Order the steps to configure SELinux to allow Apache to read files in a custom directory /webcontent.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

SELinux configuration involves setting proper file context for Apache to access custom directories.

70
MCQeasy

An administrator needs to add a 2GB swap partition to an existing disk (/dev/sdc) that already has one partition. The administrator creates a second primary partition using fdisk and sets the type to Linux swap (82). Which command completes the setup to enable swap?

A.swapon /dev/sdc2
B.mkfs.swap /dev/sdc2 && swapon /dev/sdc2
C.mkswap /dev/sdc2 && swapon /dev/sdc2
D.mkswap /dev/sdc && swapon /dev/sdc
AnswerC

mkswap prepares the partition for use as swap, and swapon activates it immediately.

Why this answer

After creating the partition with fdisk and setting the type to 82 (Linux swap), the partition must be formatted as a swap area using `mkswap` before it can be activated. The `swapon` command then enables the swap space. Option C correctly chains `mkswap /dev/sdc2` to initialize the swap signature and `swapon /dev/sdc2` to activate it.

Exam trap

Red Hat often tests the distinction between formatting a filesystem (`mkfs`) and initializing swap (`mkswap`), leading candidates to mistakenly use `mkfs.swap` or skip the initialization step entirely.

How to eliminate wrong answers

Option A is wrong because `swapon` alone cannot activate a partition that has not been initialized as a swap area; it requires a valid swap signature written by `mkswap`. Option B is wrong because `mkfs.swap` is not a valid command; the correct command is `mkswap`. Option D is wrong because it targets the whole disk `/dev/sdc` instead of the specific partition `/dev/sdc2`, and the disk itself cannot be used as swap without a partition table and proper initialization.

71
MCQhard

An administrator wants to create a symbolic link named 'link_to_hosts' in /tmp that points to /etc/hosts. Which command is correct?

A.ln -s /tmp/link_to_hosts /etc/hosts
B.ln -s /etc/hosts /tmp/link_to_hosts
C.ln -s /etc/hosts link_to_hosts
D.ln -s /tmp/link_to_hosts /etc/hosts
AnswerB

Correct order: target /etc/hosts, link name /tmp/link_to_hosts.

Why this answer

The `ln -s` command creates a symbolic link. The correct syntax is `ln -s TARGET LINK_NAME`. Option B correctly specifies the existing target file `/etc/hosts` first, followed by the new link path `/tmp/link_to_hosts`, which creates the symbolic link in `/tmp` pointing to `/etc/hosts`.

Exam trap

Red Hat often tests the argument order of `ln -s`, where candidates mistakenly place the link name before the target, confusing it with the `cp` or `mv` command syntax where the destination comes last.

How to eliminate wrong answers

Option A is wrong because it reverses the arguments, attempting to create a link named `/etc/hosts` pointing to `/tmp/link_to_hosts`, which would fail if `/etc/hosts` already exists or create an incorrect link. Option C is wrong because it omits the full path for the link name, creating `link_to_hosts` in the current working directory instead of `/tmp` as required. Option D is wrong because it is identical to Option A, with the same reversed argument order, leading to the same incorrect behavior.

72
MCQmedium

An administrator wants to extend an XFS filesystem that resides on an LVM logical volume. The volume group has free physical extents. Which is the correct sequence?

A.lvextend, then xfs_growfs
B.lvextend, then resize2fs
C.xfs_growfs, then lvextend
D.resize2fs, then lvextend
AnswerA

Correct: extend LV, then grow filesystem.

Why this answer

To extend an XFS filesystem on an LVM logical volume, you must first extend the logical volume with `lvextend` to allocate additional physical extents from the volume group, then grow the XFS filesystem to use the new space with `xfs_growfs`. XFS does not support online shrinking and requires the filesystem to be mounted for `xfs_growfs` to work. This sequence ensures the block device has sufficient capacity before the filesystem is expanded.

Exam trap

The trap here is that candidates confuse the filesystem type and apply `resize2fs` (for ext4) to XFS, or incorrectly assume the filesystem can be grown before the logical volume is extended.

How to eliminate wrong answers

Option B is wrong because `resize2fs` is used for ext2/ext3/ext4 filesystems, not XFS; using it on an XFS filesystem would fail. Option C is wrong because `xfs_growfs` cannot expand the filesystem if the underlying logical volume has not been extended first; the filesystem cannot grow beyond the block device size. Option D is wrong because `resize2fs` is not applicable to XFS, and attempting to resize the filesystem before extending the logical volume would also fail due to insufficient block device space.

73
MCQmedium

An administrator creates a Podman pod named 'webpod' and adds two containers: 'webserver' and 'database'. Both containers are added using 'podman pod create --name webpod' followed by 'podman run --pod webpod --name webserver nginx' and 'podman run --pod webpod --name database postgres'. The administrator wants the webserver container to be able to reach the database container by the hostname 'database'. However, when the administrator executes 'podman exec webserver ping database', the ping fails with 'ping: database: Name or service not known'. Which of the following is the most likely cause and correct solution?

A.Assign each container a unique hostname using the --hostname flag
B.Recreate both containers with --net=host to share the host's network stack
C.Use 'podman pod inspect webpod' to verify both containers are part of the pod; if not, remove and recreate the containers using '--pod webpod' correctly
D.Add entries to the /etc/hosts file of the webserver container using --add-host database:$(podman inspect --format '{{.NetworkSettings.IPAddress}}' database)
AnswerC

The most likely cause is that the containers were not properly added to the same pod; inspecting the pod will confirm their membership, and recreating them with the correct flag will enable automatic DNS resolution.

Why this answer

Option C is correct because Podman pods create a shared network namespace by default, enabling DNS-based container discovery. The ping failure indicates the containers are not sharing the same pod network namespace, likely due to a misconfiguration such as using 'podman run' without the '--pod' flag or a typo. Verifying with 'podman pod inspect webpod' and recreating the containers with '--pod webpod' ensures they are in the same pod, allowing DNS resolution of container names as hostnames.

Exam trap

Red Hat often tests the misconception that container-to-container communication requires manual IP or host configuration, when in fact Podman pods provide automatic DNS resolution for container names within the same pod.

How to eliminate wrong answers

Option A is wrong because the --hostname flag sets the container's internal hostname, but DNS resolution within a pod relies on the pod's shared network namespace and the embedded DNS resolver (e.g., aardvark-dns), not individual hostnames. Option B is wrong because --net=host bypasses the pod's network namespace entirely, breaking pod-level DNS and defeating the purpose of using a pod; it also exposes containers directly on the host network, which is not the intended solution. Option D is wrong because manually adding /etc/hosts entries is unnecessary and fragile; Podman pods automatically provide DNS resolution for container names within the pod, and the IP address may change on container restart, making this approach unreliable.

74
Multi-Selecthard

Which TWO of the following are correct statements about exit codes in shell scripts?

Select 2 answers
A.An exit code of 1 means success
B.A non-zero exit code usually indicates a failure
C.An exit code of -1 indicates a system error
D.If no 'exit' is used, the script exits with code 0
E.Using 'exit 1' in a script sets the exit code to 1
AnswersB, E

B is correct.

Why this answer

Options B and D are correct. B: A non-zero exit code indicates failure, zero success. D: 'exit 1' explicitly sets the exit code.

Option A is wrong because 'exit -1' is invalid; exit codes are modulo 256. Option C is wrong because an exit code of 0 indicates success. Option E is wrong because 'exit 0' is not the default; the default is the exit code of the last command.

75
MCQeasy

Refer to the exhibit. Why does the 'bin' user have /sbin/nologin as its shell?

A.The user's home directory is missing.
B.The user is a system account that should not log in interactively.
C.The user is locked.
D.The shell is not installed.
AnswerB

System accounts use nologin.

Why this answer

Option B is correct because the /sbin/nologin shell is explicitly assigned to system accounts like 'bin' to prevent interactive logins. This shell prints a message and exits, ensuring that the account can only be used for non-interactive system processes, such as owning files or running daemons, without providing a login session.

Exam trap

Red Hat often tests the distinction between a locked account (password disabled) and a non-interactive shell (shell set to /sbin/nologin), leading candidates to confuse the two mechanisms for restricting access.

How to eliminate wrong answers

Option A is wrong because a missing home directory does not cause the shell to be set to /sbin/nologin; the shell field in /etc/passwd is independent of the home directory. Option C is wrong because a locked account (e.g., with 'passwd -l') places an exclamation mark in the password hash field in /etc/shadow, not by changing the shell to /sbin/nologin. Option D is wrong because /sbin/nologin is a valid executable that is part of the util-linux package; if it were missing, the system would fall back to /bin/sh or display an error, but the shell field would not be set to a non-existent path by default.

Page 1 of 8

Page 2

All pages