Red Hat Certified System Administrator EX200 (EX200) — Questions 76150

527 questions total · 8pages · All types, answers revealed

Page 1

Page 2 of 8

Page 3
76
MCQmedium

An administrator has created a RAID 1 array using mdadm with two 1TB disks. After a disk failure, the array is in a degraded state. Which command should be used to replace the failed disk with a new one?

A.mdadm --add /dev/md0 /dev/sdc
B.mdadm --manage /dev/md0 --fail /dev/sdb --remove /dev/sdb --add /dev/sdc
C.mdadm --remove /dev/md0 /dev/sdb --add /dev/sdc
D.mdadm --replace /dev/md0 --with /dev/sdc
AnswerB

Correct sequence: fail, remove, add.

Why this answer

Option B is correct because it uses the `--manage` subcommand to first mark the failed disk (`/dev/sdb`) as failed with `--fail`, then remove it with `--remove`, and finally add the replacement disk (`/dev/sdc`) with `--add`. This is the proper sequence in mdadm to replace a failed disk in a RAID 1 array while the array is degraded.

Exam trap

The trap here is that candidates often think they can simply add a new disk with `--add` or remove the old disk directly without first marking it as failed, but mdadm requires the explicit `--fail` step to safely replace a failed disk in a degraded array.

How to eliminate wrong answers

Option A is wrong because `mdadm --add /dev/md0 /dev/sdc` attempts to add a new disk without first failing and removing the old failed disk, which can cause conflicts or be rejected by mdadm if the failed disk is still present in the array. Option C is wrong because `mdadm --remove /dev/md0 /dev/sdb --add /dev/sdc` tries to remove a disk without first marking it as failed; mdadm will refuse to remove an active or failed disk without the `--fail` step. Option D is wrong because `mdadm --replace` is not a valid mdadm command; the correct approach uses `--manage` with the `--fail`, `--remove`, and `--add` actions.

77
MCQhard

A Red Hat Enterprise Linux 9 system has a logical volume 'lv_data' in the volume group 'vg_data' that needs to be resized from 10G to 15G. The underlying physical volumes have enough free space. Which sequence of commands correctly resizes the logical volume and the ext4 filesystem?

A.lvextend -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
B.resize2fs /dev/vg_data/lv_data; lvextend -L 15G /dev/vg_data/lv_data
C.lvextend -L 15G /dev/vg_data/lv_data; xfs_growfs /dev/vg_data/lv_data
D.lvreduce -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
AnswerA

This is the correct order for ext4.

Why this answer

Option A is correct because to resize an ext4 filesystem on a logical volume, you must first extend the logical volume with `lvextend -L 15G /dev/vg_data/lv_data` to allocate the additional 5G from the volume group, then use `resize2fs /dev/vg_data/lv_data` to grow the filesystem to fill the enlarged block device. This order ensures the underlying block device has sufficient capacity before the filesystem resize operation.

Exam trap

The trap here is that candidates often confuse the filesystem-specific resize commands, mistakenly using `xfs_growfs` for ext4 (option C) or reversing the order of operations (option B), failing to recognize that LVM resizing must precede filesystem resizing.

How to eliminate wrong answers

Option B is wrong because `resize2fs` is run before `lvextend`, which would fail as the filesystem cannot be resized beyond the current logical volume size of 10G. Option C is wrong because `xfs_growfs` is used for XFS filesystems, not ext4; using it on an ext4 filesystem would either fail or produce incorrect results. Option D is wrong because `lvreduce` shrinks the logical volume, which is the opposite of the required operation (resizing from 10G to 15G), and would reduce capacity instead of increasing it.

78
MCQmedium

A production server runs RHEL 8 with a software RAID 5 array (/dev/md0) composed of three disks: /dev/sda, /dev/sdb, /dev/sdc. The array is used to store database files. The server experiences a disk failure on /dev/sdc. The admin replaces /dev/sdc with an identical disk and wants to rebuild the array. He runs: mdadm /dev/md0 --add /dev/sdc. The command completes without error, but the array shows a degraded state after several hours. What should the admin do next?

A.Run mdadm --detail /dev/md0 to check the status and rebuild progress.
B.Rebuild will happen automatically; just wait longer.
C.Recreate the array using mdadm --create with the same parameters.
D.Format /dev/sdc with a filesystem before adding to the array.
AnswerA

This shows the state of the array and any errors.

Why this answer

Option A is correct because after adding a replacement disk to a RAID 5 array, the rebuild process begins automatically but may take hours depending on disk size and I/O load. Running `mdadm --detail /dev/md0` allows the admin to check the current state, rebuild progress (e.g., percentage complete), and any errors that might have stalled the rebuild. This is the first diagnostic step to determine if the rebuild is still ongoing, has failed, or is degraded for another reason.

Exam trap

The trap here is that candidates assume the rebuild is always automatic and instantaneous, or they panic and choose destructive options like recreating the array, instead of first verifying the rebuild status with a simple diagnostic command.

How to eliminate wrong answers

Option B is wrong because while the rebuild does start automatically, it can stall or fail due to issues like bad sectors on the new disk, I/O errors, or a mismatch in superblock information; simply waiting longer without checking progress may waste time if the rebuild has stopped. Option C is wrong because recreating the array with `mdadm --create` would destroy all existing data on the array, which is unnecessary and catastrophic for a production database server; the correct approach is to add the disk to the existing array. Option D is wrong because adding a filesystem to /dev/sdc before adding it to the array would corrupt the RAID metadata and prevent the disk from being recognized as a spare; mdadm expects a raw block device without a filesystem.

79
MCQmedium

An administrator needs to compress a directory 'data' into an archive named backup.tar.gz using gzip compression. Which command should they use?

A.gzip -r data > backup.tar.gz
B.tar -cjf backup.tar.gz data
C.tar -xzf backup.tar.gz data
D.tar -czf backup.tar.gz data
AnswerD

Correct: -c create, -z gzip, -f file.

Why this answer

Option D is correct because the `tar -czf` command creates a compressed archive: `-c` creates a new archive, `-z` filters the archive through gzip compression, `-f` specifies the archive filename `backup.tar.gz`, and `data` is the directory to archive. This produces a tarball compressed with gzip, matching the requirement exactly.

Exam trap

The trap here is confusing the compression flags: Red Hat often tests whether candidates know that `-z` is for gzip, `-j` for bzip2, and `-J` for xz, and that `-c` creates while `-x` extracts.

How to eliminate wrong answers

Option A is wrong because `gzip -r` compresses individual files recursively but does not create a single archive; redirecting output with `>` produces a corrupted file, not a valid tar.gz. Option B is wrong because `-j` specifies bzip2 compression, not gzip; this would create `backup.tar.bz2`, not `backup.tar.gz`. Option C is wrong because `-x` extracts an archive instead of creating one; this would attempt to extract from `backup.tar.gz` into the `data` directory, which is the opposite of the required action.

80
Multi-Selectmedium

Which THREE of the following are valid methods to schedule a recurring task in Red Hat Enterprise Linux 8? (Choose exactly three.)

Select 3 answers
A.Using the 'batch' command
B.Creating a systemd timer unit
C.Using the 'at' command
D.Configuring /etc/anacrontab
E.Adding an entry in /etc/crontab
AnswersB, D, E

systemd timers are the modern way to schedule tasks.

Why this answer

Systemd timer units are the modern, recommended method for scheduling recurring tasks in RHEL 8. They replace traditional cron-based scheduling by leveraging systemd's service and timer units, providing features like monotonic timers, calendar events, and integration with systemd's logging and dependency management.

Exam trap

Red Hat often tests the distinction between one-time scheduling tools (at, batch) and recurring scheduling tools (cron, anacron, systemd timers), leading candidates to mistakenly select 'at' or 'batch' for recurring tasks.

81
MCQhard

An administrator is building a container image with a Containerfile. They want to ensure that a specific RUN command always executes without using the build cache. Which build option should they use?

A.--layers=false
B.--squash
C.--force-rm
D.--no-cache
AnswerD

Correct. This disables the build cache entirely.

Why this answer

Option D is correct because the `--no-cache` build option instructs Podman or Docker to rebuild every layer from scratch, ignoring any cached intermediate layers. This ensures that the specific RUN command always executes fresh, which is essential when the command's outcome depends on dynamic external data or must not reuse stale cached results.

Exam trap

Red Hat often tests the distinction between cache-related flags and cleanup-related flags, so candidates may confuse `--no-cache` with `--force-rm` or mistakenly think `--squash` disables caching.

How to eliminate wrong answers

Option A is wrong because `--layers=false` is not a valid build option in Podman or Docker; the correct flag to disable layer caching is `--no-cache`. Option B is wrong because `--squash` merges all filesystem layers into a single layer after the build completes, but it does not prevent the use of the build cache during the build process. Option C is wrong because `--force-rm` forces removal of intermediate containers after a successful build, but it does not affect whether cached layers are used for RUN commands.

82
MCQhard

An administrator replaces a failed disk in a RAID 10 array /dev/md0. The new disk is /dev/sdc. The admin runs: mdadm /dev/md0 --add /dev/sdc. The command succeeds, but the array does not start rebuilding. What is the most likely reason?

A.The new disk must be partitioned with the same layout as the failed disk.
B.The --add command should have been --re-add instead.
C.The array is still clean and does not need the new disk yet.
D.The failed disk was not removed from the array first; you need to mark it as failed and remove it.
AnswerD

Use mdadm --manage /dev/md0 --fail /dev/sdX and --remove before adding new disk.

Why this answer

Option D is correct because when a disk in a RAID array fails, the array marks it as faulty but does not automatically remove it. The administrator must first explicitly mark the failed disk as failed with `mdadm --fail` and then remove it with `mdadm --remove` before adding a replacement. Without removing the failed device, the array still considers the old disk as part of the array, and the new disk is not recognized as a replacement, so no rebuild starts.

Exam trap

The trap here is that candidates assume a failed disk is automatically removed from the array, but mdadm requires explicit removal before a new disk can be added to trigger a rebuild.

How to eliminate wrong answers

Option A is wrong because mdadm can add a whole disk (e.g., /dev/sdc) directly to a RAID array without requiring partitions; the array will use the entire disk as a component. Option B is wrong because --re-add is used to re-add a disk that was previously part of the array and was removed but not failed, not for a new replacement disk. Option C is wrong because a RAID 10 array with a missing or failed disk is degraded and will immediately start rebuilding once a spare or new disk is added; the array's 'clean' state is irrelevant to the rebuild trigger.

83
MCQhard

Refer to the exhibit. A storage administrator needs to create a new filesystem of size 1.5 GiB on the available free space in volume group vg_data. Which command should be used?

A.lvcreate -L 1.5G -n lv_new vg_data
B.lvcreate -l 1.5G -n lv_new vg_data
C.lvcreate --size 1.5G --name lv_new vg_data
D.lvcreate -L 1500M -n lv_new vg_data
AnswerA

Correct. This creates a 1.5 GiB logical volume named lv_new in vg_data.

Why this answer

The volume group vg_data has 1.99 GiB free space. To create a 1.5 GiB logical volume, use lvcreate with -L 1.5G -n lv_new vg_data. The -L option specifies size, -n specifies name.

84
MCQmedium

A system administrator runs the command 'ls -l' and sees that a file has permissions '-rwxr-xr-x'. The administrator wants to remove execute permission for the group and others while keeping it for the owner. Which chmod command should be used?

A.chmod u-x file
B.chmod 755 file
C.chmod go-x file
D.chmod a+x file
AnswerC

go-x removes execute permission from group and others.

Why this answer

Option C is correct because the command 'chmod go-x file' removes execute permission for group (g) and others (o) while leaving the owner's permissions unchanged. The current permissions '-rwxr-xr-x' indicate owner has rwx, group has r-x, and others have r-x, so removing execute from group and others yields '-rwxr--r--'.

Exam trap

The trap here is that candidates often confuse the symbolic notation (u, g, o, a) and may incorrectly choose 'chmod u-x' thinking it affects group/others, or they misapply numeric modes like 755 which set permissions absolutely rather than modifying them incrementally.

How to eliminate wrong answers

Option A is wrong because 'chmod u-x file' removes execute permission from the owner, not from group and others, which would change the file to '-rw-r-xr-x'. Option B is wrong because 'chmod 755 file' sets permissions to rwxr-xr-x (owner rwx, group r-x, others r-x), which is the current state and does not remove execute from group and others. Option D is wrong because 'chmod a+x file' adds execute permission for all (owner, group, others), which is the opposite of what is needed.

85
MCQhard

A Red Hat Enterprise Linux 9 system is configured as a router between an internal network (10.0.1.0/24) and a DMZ network (10.0.2.0/24). IP forwarding is enabled, and firewalld is active. The internal interface (eth0) is assigned to the 'internal' firewall zone, and the DMZ interface (eth1) is assigned to the 'dmz' zone. The requirement is that hosts on the internal network should be able to initiate connections to hosts in the DMZ, but the DMZ should not be able to initiate connections to the internal network. The administrator finds that traffic from internal to DMZ is being blocked. The internal zone has 'masquerade' enabled, and the dmz zone has no special settings. What is the most likely cause of the blocked traffic?

A.The dmz zone should be assigned to the internal interface
B.The internal zone is missing a rule to allow forwarded traffic to the DMZ
C.The internal zone has masquerade enabled, which is incorrect for a router
D.The dmz zone does not have masquerade enabled
AnswerB

By default, firewalld zones drop forwarded traffic between zones unless a policy or direct rule allows it. Adding a rich rule or using policy-based forwarding is needed.

Why this answer

In firewalld, zones do not automatically allow forwarding between them unless explicitly configured. The internal zone's forwarding to the dmz zone is likely not permitted. Masquerade is for NAT, not routing, and enabling it on the internal zone is inappropriate for a pure router and may interfere.

86
MCQhard

A Red Hat Enterprise Linux server has been configured with a custom repository for offline updates. The administrator runs 'yum repolist' and the custom repository is not listed. Which command should be used to verify that the repository configuration file is valid and located in the correct directory?

A.yum repoinfo
B.cat /etc/yum.repos.d/custom.repo
C.yum check-repo
D.yum-config-manager --dump
AnswerB

Directly displays the file content, verifying its existence and location in the correct directory.

Why this answer

Option B is correct because the most direct way to verify that a repository configuration file is valid and located in the correct directory is to check its presence and syntax using 'cat /etc/yum.repos.d/custom.repo'. The repository configuration files must reside in /etc/yum.repos.d/ and have a .repo extension; if the file is missing or malformed, 'yum repolist' will not list the repository. This command simply reads the file, allowing the administrator to confirm its location and inspect its contents for errors.

Exam trap

The trap here is that candidates may assume a specialized yum subcommand exists for repository validation (like 'yum repoinfo' or 'yum check-repo'), when in fact the simplest and most reliable method is to directly inspect the configuration file with 'cat' or 'vim'.

How to eliminate wrong answers

Option A is wrong because 'yum repoinfo' is not a valid yum command; the correct command is 'yum repoinfo <repoid>' to display details about a repository that is already recognized, not to verify the configuration file's existence or validity. Option C is wrong because 'yum check-repo' is not a valid yum command; yum does not have a built-in 'check-repo' subcommand for validating repository configuration files. Option D is wrong because 'yum-config-manager --dump' is used to display the current yum configuration settings, not to verify the location or validity of a specific repository configuration file; it requires the repository to already be recognized.

87
MCQhard

You are a system administrator for a medium-sized company running Red Hat Enterprise Linux 8 on all servers. The development team has created a shell script that is supposed to be run nightly via cron to synchronize configuration files from a master server to multiple web servers. The script is located at /opt/scripts/sync_configs.sh and is owned by root. It uses rsync over SSH with key-based authentication. The script works perfectly when run manually by root, but when it runs via cron, the synchronization fails with the error 'Host key verification failed.' The script does not explicitly specify any SSH options. The cron job is configured in /etc/crontab as: `0 2 * * * root /opt/scripts/sync_configs.sh`. The SSH keys are stored in /root/.ssh/id_rsa and the known_hosts file contains the correct host key for the master server. What is the most likely cause of the failure, and what is the best course of action to resolve it?

A.The PATH variable in cron does not include /usr/bin/rsync. Add a full path to rsync in the script or set PATH in the crontab.
B.The script does not have execute permission for the root user. Run `chmod +x /opt/scripts/sync_configs.sh`.
C.The known_hosts file in /root/.ssh/ contains an incorrect host key for the master server. Remove the entry and reconnect manually to update it.
D.The cron environment lacks the SSH agent or the key is not loaded. Modify the script to use `ssh -i /root/.ssh/id_rsa -o StrictHostKeyChecking=no` or add a line to load the key via `ssh-add`.
AnswerD

Cron does not have access to the SSH agent; explicitly specifying the private key and disabling strict host key checking (or adding the host key to known_hosts via script) resolves the issue.

Why this answer

D is correct because cron runs in a minimal environment that does not automatically load the SSH agent or add keys to it. When the script runs manually as root, the SSH agent is typically running and the key is loaded, but cron does not have access to the agent's socket. The error 'Host key verification failed' is misleading; the actual issue is that SSH cannot authenticate because the private key is not available to the agent, not that the host key is unknown.

Adding `ssh -i /root/.ssh/id_rsa` explicitly specifies the key file, bypassing the need for an agent, or using `ssh-add` in the script loads the key into an agent for the cron session.

Exam trap

The trap here is that candidates see 'Host key verification failed' and immediately think the known_hosts file is wrong (option C), but the real issue is that cron lacks the SSH agent environment, causing the key to not be loaded, which leads to authentication failure that manifests as a host key error.

How to eliminate wrong answers

Option A is wrong because the error message is 'Host key verification failed,' not 'rsync: command not found,' so PATH is not the issue; rsync is being found and executed. Option B is wrong because the script is owned by root and runs as root via cron, and the question states it works manually, so execute permission is already set. Option C is wrong because the known_hosts file contains the correct host key and the script works manually, so the host key is not incorrect; the error is about authentication, not host key verification.

88
MCQhard

A container running a database service needs to persist data across restarts. The administrator decides to use a named volume. Which command creates a named volume and mounts it correctly?

A.podman run -v /var/lib/mysql:/var/lib/mysql mydb
B.podman volume create dbdata && podman run -v dbdata:/var/lib/mysql mydb
C.podman run --mount type=bind,src=dbdata,dst=/var/lib/mysql mydb
D.podman run --mount type=tmpfs,dst=/var/lib/mysql mydb
AnswerB

Creates a named volume and mounts it correctly.

Why this answer

Option B is correct because it first creates a named volume with `podman volume create dbdata`, then mounts that named volume to the container's `/var/lib/mysql` directory using the `-v` flag. Named volumes are managed by Podman and persist data independently of the container lifecycle, ensuring data survives container restarts or removal.

Exam trap

The trap here is that candidates confuse bind mounts with named volumes, assuming `-v` always creates a named volume when the source is not an absolute path, but Podman treats a non-absolute source as a host-relative path or volume name depending on context, and the exam tests the explicit use of `podman volume create` for named volumes.

How to eliminate wrong answers

Option A is wrong because `-v /var/lib/mysql:/var/lib/mysql` creates a bind mount from a host directory, not a named volume; this requires the host path to exist and does not leverage Podman's volume management. Option C is wrong because `--mount type=bind,src=dbdata,dst=/var/lib/mysql` specifies a bind mount, not a named volume; `src=dbdata` is interpreted as a host directory path, not a volume name. Option D is wrong because `--mount type=tmpfs` creates a temporary filesystem in memory, which does not persist data across container restarts or host reboots.

89
MCQeasy

A system administrator adds a new 10GB disk (/dev/sdb) to a server. The requirement is to create a single ext4 filesystem on the entire disk for storing application data. Which sequence of commands should be used?

A.fdisk /dev/sdb (create one partition) -> mkfs.ext4 /dev/sdb (without partition number)
B.fdisk /dev/sdb (create one partition) -> mkfs.ext4 /dev/sdb1 -> mount /dev/sdb1 /data
C.mkfs.ext4 /dev/sdb && mount /dev/sdb /data
D.mkfs.ext4 /dev/sdb && mount /dev/sdb /data
AnswerB

This creates a partition, formats it, and mounts it; correct procedure for adding a new disk with a filesystem.

Why this answer

Option B is correct because it follows the proper sequence: first create a partition on /dev/sdb using fdisk, then format that partition (/dev/sdb1) with an ext4 filesystem using mkfs.ext4, and finally mount it to /data. Filesystems must be created on a partition (e.g., /dev/sdb1), not directly on the whole disk device (/dev/sdb), otherwise the system will not recognize the filesystem correctly for mounting and use.

Exam trap

The trap here is that candidates may think mkfs.ext4 can be applied directly to the whole disk (/dev/sdb) and still work, overlooking the requirement to create a partition first, which is a common misconception tested in EX200.

How to eliminate wrong answers

Option A is wrong because mkfs.ext4 is applied to /dev/sdb (the whole disk) instead of a partition like /dev/sdb1; creating a filesystem directly on a whole disk without a partition table is possible but not standard practice and can cause issues with tools expecting a partition table. Option C is wrong because mkfs.ext4 /dev/sdb attempts to create a filesystem on the whole disk without a partition, and mounting it directly is unreliable; the command also lacks a partition creation step. Option D is identical to C and thus wrong for the same reasons.

90
MCQmedium

A database server experiences high disk I/O wait times. The administrator runs 'iostat -x 1' and sees that the avgqu-sz for /dev/sda is 25 and await is 200 ms. The disk is a single 7200 RPM SATA drive. Which action is most likely to improve performance?

A.Increase the read-ahead buffer using blockdev --setra
B.Change the I/O scheduler from CFQ to noop
C.Run 'fsck -f' on the filesystem to check for fragmentation
D.Replace the drive with an SSD or add additional drives in RAID 10
AnswerD

SSD or RAID provides higher IOPS and lower latency, directly addressing the high await.

Why this answer

The high avgqu-sz (25) and await (200 ms) indicate the single 7200 RPM SATA drive is saturated, as its maximum IOPS is typically around 75-100 random I/O operations per second. Replacing it with an SSD (which can handle thousands of IOPS) or adding drives in RAID 10 (which increases IOPS through parallelism) directly addresses the hardware bottleneck. No software tuning can overcome the physical limitations of a single spinning disk under heavy I/O load.

Exam trap

The trap here is that candidates assume software tuning (scheduler, read-ahead) can fix a hardware saturation issue, but Red Hat exams emphasize that when a single spinning disk is the bottleneck, only a hardware upgrade or RAID configuration will improve performance.

How to eliminate wrong answers

Option A is wrong because increasing the read-ahead buffer (--setra) only helps sequential I/O patterns, not the random I/O causing high wait times, and can actually waste memory and increase latency for random workloads. Option B is wrong because changing the I/O scheduler from CFQ to noop reduces CPU overhead but does not increase the disk's maximum IOPS; the disk is already saturated, so the scheduler choice has negligible impact on throughput. Option C is wrong because fsck checks filesystem metadata integrity, not fragmentation; even if the filesystem were fragmented, defragmentation would provide minimal benefit on a modern filesystem like ext4 and cannot resolve a hardware throughput bottleneck.

91
MCQeasy

A system administrator receives alerts that the /var/log partition is 100% full. The partition is on /dev/mapper/vg_log-lv_var_log, formatted with XFS, and is mounted at /var/log. The volume group vg_log has 10GB of free space available. The administrator runs the command `lvextend -L +10G /dev/mapper/vg_log-lv_var_log` successfully, but then `df -h` still shows 100% full. What is the next step the administrator should take to use the newly added space?

A.Run resize2fs /dev/mapper/vg_log-lv_var_log
B.Run xfs_growfs /var/log
C.Reboot the system to remount the filesystem
D.Run fsck /dev/mapper/vg_log-lv_var_log
AnswerB

xfs_growfs expands the XFS filesystem to use the newly available space in the logical volume.

Why this answer

After extending the logical volume with `lvextend`, the underlying block device has more space, but the XFS filesystem does not automatically recognize it. The correct next step is to run `xfs_growfs /var/log` to expand the filesystem to fill the newly available space. Unlike ext4, XFS cannot be resized while mounted with `resize2fs`; it requires the XFS-specific `xfs_growfs` command, which can operate on a mounted filesystem.

Exam trap

The trap here is that candidates familiar with ext4 may instinctively choose `resize2fs`, not realizing that XFS requires its own grow command (`xfs_growfs`) and that the filesystem must be explicitly resized after the logical volume extension.

How to eliminate wrong answers

Option A is wrong because `resize2fs` is used for ext2/ext3/ext4 filesystems, not XFS; using it on an XFS filesystem would fail. Option C is wrong because rebooting is unnecessary and would not cause the filesystem to automatically grow; the filesystem must be explicitly resized with `xfs_growfs`. Option D is wrong because `fsck` checks and repairs filesystem metadata, but the filesystem is healthy and simply needs to be grown; running `fsck` would not add the new space.

92
MCQmedium

A junior admin writes a script that uses functions. They notice that a variable set inside a function is not available after the function call. What is the likely cause and best practice?

A.The variable was declared with 'local', change to 'global' keyword
B.The script must be sourced (.) instead of executed to retain variables
C.The function was called inside a subshell, use 'export' to make it global
D.In bash, variables declared in a function are local by default, use 'declare -g' to make them global
AnswerD

B is correct.

Why this answer

Option B is correct. Without 'declare -g', variables inside functions are local by default in bash. The solution is to use 'declare -g' to make them global.

Option A is wrong because 'export' is not needed for parent script. Option C is wrong because 'local' makes it local, not global. Option D is wrong because subshells (with parentheses) do not affect variable scoping.

93
Multi-Selecteasy

Which THREE file descriptors are always available for every Unix process?

Select 3 answers
A.4: socket
B.3: log file
C.2: stderr
D.1: stdout
E.0: stdin
AnswersC, D, E

Always open for error output.

Why this answer

Option C is correct because file descriptor 2 (stderr) is one of the three standard file descriptors that every Unix process inherits from its parent process. These descriptors are opened automatically by the kernel when a process starts, providing default channels for input (stdin, fd 0), output (stdout, fd 1), and error output (stderr, fd 2).

Exam trap

Red Hat often tests the misconception that file descriptors beyond 0, 1, and 2 are standard or always available, leading candidates to select options like '3: log file' or '4: socket' as if they were universally present.

94
MCQhard

A Red Hat Enterprise Linux 8 server is used as a file server. It has a 1 TB disk /dev/sdc formatted as XFS and mounted at /srv/files. The /etc/fstab entry uses the device name /dev/sdc. After a hardware replacement, the new disk is detected as /dev/sdd, and the server fails to boot because /srv/files cannot be mounted. The administrator used 'blkid' and found the new disk's filesystem UUID is 'abc-123'. What is the best course of action to ensure reliable mounting after future reboots?

A.Add the 'nofail' option to the /etc/fstab entry and reboot
B.Change the /etc/fstab entry to use UUID=abc-123 and run mount -a
C.Create a symbolic link /dev/sdc pointing to /dev/sdd
D.Use PARTUUID instead of UUID in /etc/fstab
AnswerB

Correct: UUID is persistent and device-independent.

Why this answer

Option B is correct because using the filesystem UUID in /etc/fstab provides a persistent identifier that remains constant regardless of the device name assigned by the kernel. After the hardware replacement, the disk is detected as /dev/sdd, but its UUID ('abc-123') is unchanged. Changing the fstab entry to UUID=abc-123 ensures the system can reliably mount the filesystem on every boot, as the UUID is tied to the filesystem itself, not the kernel's device enumeration order.

Exam trap

The trap here is that candidates may think using the device name is sufficient because it worked before, or they may overcomplicate the fix with symlinks or PARTUUID, failing to recognize that the filesystem UUID is the simplest and most robust persistent identifier for mounting filesystems in Red Hat Enterprise Linux 8.

How to eliminate wrong answers

Option A is wrong because adding 'nofail' would allow the system to boot even if the mount fails, but it does not fix the root cause—the fstab entry still references the wrong device name (/dev/sdc), so the filesystem would not be mounted at all. Option C is wrong because creating a symbolic link /dev/sdc pointing to /dev/sdd is not persistent across reboots; device names can change again, and udev rules would be needed for a permanent symlink, which is more complex and not the standard best practice. Option D is wrong because PARTUUID identifies the partition table entry, not the filesystem; if the disk is replaced with a different partition layout, the PARTUUID may change, whereas the filesystem UUID remains stable as long as the filesystem is intact.

95
MCQmedium

A system administrator needs to ensure that a user named 'jdoe' can execute commands as root without being prompted for a password. Which configuration change should be made?

A.Add 'jdoe ALL=(ALL) NOPASSWD: ALL' to /etc/sudoers via visudo
B.Add jdoe to the wheel group and configure /etc/sudoers with '%wheel ALL=(ALL) ALL'
C.Set the UID of jdoe to 0
D.Add jdoe to the root group
AnswerA

This grants passwordless sudo access.

Why this answer

Option C is correct because adding 'jdoe ALL=(ALL) NOPASSWD: ALL' to /etc/sudoers via visudo allows passwordless sudo for all commands. Option A adds jdoe to the wheel group with password required. Option B does not grant sudo privileges.

Option D changes UID to 0, which is not recommended and can cause issues.

96
MCQmedium

Refer to the exhibit. An administrator runs these commands on a server. The administrator suspects a performance issue. Which observation from the exhibit is most likely causing a bottleneck?

A.The 'notifempty' directive may cause delays in rotation.
B.The 'compress' directive uses bzip2 by default, which is not installed.
C.The 'weekly' directive uses cron syntax incorrectly.
D.The 'create' directive requires root privileges, but the job runs as appuser.
AnswerD

The logrotate job run by appuser cannot change ownership to appuser or appgroup without sudo.

Why this answer

Option D is correct because the `create` directive in logrotate requires root privileges to create new log files with the specified ownership and permissions. Since the job runs as `appuser`, it lacks the necessary privileges to execute the `create` directive, causing the rotation to fail and potentially leading to a bottleneck as logs are not rotated properly.

Exam trap

Red Hat often tests the misconception that `compress` defaults to bzip2 or that `weekly` uses cron syntax, but the real trap here is overlooking that `create` requires root privileges, which is a common oversight when configuring logrotate for non-root users.

How to eliminate wrong answers

Option A is wrong because `notifempty` prevents rotation of empty log files, which avoids unnecessary rotations and does not cause delays; it is a standard optimization. Option B is wrong because `compress` uses gzip by default, not bzip2, and even if bzip2 were intended, logrotate would fall back to no compression or fail gracefully, not cause a bottleneck. Option C is wrong because `weekly` is a valid logrotate frequency directive that uses its own scheduling logic, not cron syntax; it correctly triggers rotation once per week.

97
Multi-Selecthard

A containerized application requires persistent storage and must be able to run with SELinux enforcing. The administrator runs a container with the volume mount: `podman run -v /host/data:/container/data:Z myimage`. Which TWO statements are true about this configuration?

Select 2 answers
A.The SELinux context of files in /host/data remains unchanged.
B.The /host/data directory is created automatically if it does not exist.
C.The volume mount persists after the container is removed.
D.The container cannot write to /container/data if SELinux is enforcing.
E.Files in /host/data will be relabeled with a container-specific SELinux context.
AnswersC, E

Bind mounts persist independent of container lifecycle.

Why this answer

Option C is correct because the `-v` flag with a bind mount persists the data in `/host/data` on the host filesystem even after the container is removed. The `:Z` flag tells Podman to relabel the host directory with a container-specific SELinux context, which is why Option E is also correct. This ensures the container can write to the mount point even when SELinux is enforcing.

Exam trap

The trap here is that candidates confuse the `:Z` (relabel for single container) and `:z` (relabel for shared use) flags, or assume SELinux enforcing always blocks writes, missing that the `:Z` flag explicitly enables write access by relabeling.

98
MCQeasy

A user reports that they cannot log in to a RHEL 9 system. The administrator checks /etc/passwd and finds the user's shell is set to /sbin/nologin. What is the most likely cause?

A.The SSH service is not running.
B.The user account has been locked by pam_tally2.
C.The user's password has expired.
D.The user account is intentionally disabled for login.
AnswerD

/sbin/nologin prevents interactive login.

Why this answer

The /sbin/nologin shell is a valid shell entry that, when set as a user's login shell, prevents interactive login by immediately exiting with a message that the account is not available. This is a standard method for disabling login for system accounts (e.g., daemon, bin) or intentionally disabling a user account while keeping the account and its files intact. Option D correctly identifies that the user account is intentionally disabled for login.

Exam trap

The trap here is that candidates may confuse the /sbin/nologin shell with account locking or password expiration, not realizing that the shell setting is a deliberate, static configuration to disable interactive login without affecting password state or authentication attempts.

How to eliminate wrong answers

Option A is wrong because the SSH service not running would affect all SSH connections, not just a single user, and the shell setting in /etc/passwd is independent of SSH service status. Option B is wrong because pam_tally2 locks an account after failed login attempts by setting a lock flag in /etc/shadow or /var/log/faillog, not by changing the user's shell to /sbin/nologin. Option C is wrong because an expired password would prompt the user to change their password upon login (via PAM modules like pam_unix), but the shell would still be a valid interactive shell like /bin/bash; the user would not be immediately rejected with a nologin message.

99
MCQeasy

A system administrator wants to allow incoming HTTPS traffic on the default zone of firewalld. Which command should be used?

A.firewall-cmd --add-port=443/tcp --zone=public --permanent
B.firewall-cmd --enable-service=https
C.firewall-cmd --add-rule=allow https
D.firewall-cmd --add-service=https --permanent
AnswerD

Correctly adds the HTTPS service to the default zone and persists the change.

Why this answer

Option D is correct because the `--add-service=https` option adds the predefined HTTPS service (port 443/tcp) to the firewalld configuration. The `--permanent` flag ensures the rule persists across reboots. By default, the command applies to the default zone if no zone is specified, which matches the requirement to allow HTTPS traffic on the default zone.

Exam trap

The trap here is that candidates often confuse `--add-port` with `--add-service` or forget that omitting `--zone` applies the rule to the default zone, leading them to incorrectly specify a zone or use invalid command syntax.

How to eliminate wrong answers

Option A is wrong because `--add-port=443/tcp` adds a raw port rule, but the `--zone=public` explicitly sets the zone to 'public' rather than using the default zone; the question requires the default zone, not a specific zone. Option B is wrong because `--enable-service=https` is not a valid firewalld command; the correct syntax uses `--add-service` or `--remove-service`. Option C is wrong because `--add-rule=allow https` is not a valid firewalld option; firewalld uses `--add-rich-rule` for custom rules, and the syntax 'allow https' is incorrect.

100
MCQmedium

A user named jdoe is receiving 'Permission denied' errors when trying to access a file owned by root with permissions 644. The user is a member of the root group. What is the most likely cause?

A.The directory containing the file lacks execute permission for the group or others.
B.The file's group owner is not root.
C.The file's read permission is not granted to the root group.
D.The user needs to be added to the root group again.
AnswerA

Option A is correct: even if file permissions allow read, the user must have execute permission on the directory to traverse it. The directory likely has no execute for group/others.

Why this answer

The file has permissions 644, meaning the owner (root) has read/write, and the group (root) and others have read-only access. Since jdoe is a member of the root group, the file's group read permission should allow access. However, to traverse a directory and access any file within it, the user needs execute (x) permission on that directory.

If the directory lacks execute for the group or others, jdoe will get 'Permission denied' even if the file permissions are correct.

Exam trap

The trap here is that candidates focus solely on file permissions (644) and overlook that directory execute permission is required for file access, leading them to incorrectly suspect group membership or file group ownership issues.

How to eliminate wrong answers

Option B is wrong because the file's group owner is root (as stated in the scenario), and the user jdoe is a member of the root group, so group ownership is correct. Option C is wrong because the file's permissions 644 grant read (4) to the group, so the root group does have read permission. Option D is wrong because the user is already a member of the root group; re-adding them would not resolve a directory permission issue.

101
Multi-Selecteasy

Which TWO commands can be used to display SELinux contexts of files? (Choose two.)

Select 2 answers
A.stat -c %C
B.chcon -l
C.id -Z
D.ls -Z
E.getenforce
AnswersA, D

Displays SELinux context with %C format.

Why this answer

The `stat -c %C` command displays the SELinux security context of a file by using the `%C` format specifier, which outputs the security context string. The `ls -Z` command also shows SELinux contexts for files in a directory listing, with the `-Z` flag specifically requesting security context information. Both commands are standard tools for viewing SELinux labels on files.

Exam trap

The trap here is that candidates confuse commands that display process or system-wide SELinux status (like `id -Z` and `getenforce`) with those that display file contexts, leading them to select options that show user or enforcement mode instead of file labels.

102
MCQhard

A system administrator wants to run a container as a systemd service that restarts automatically after a system reboot. Which approach follows Red Hat best practices?

A.Create a cron job that checks if the container is running and starts it if not.
B.Create a sysvinit script that calls podman commands.
C.Add 'podman run ...' to /etc/rc.local.
D.Use 'podman generate systemd --new --name mycontainer' and enable the generated service.
AnswerD

This generates a proper systemd unit file with correct dependencies and restart behavior.

Why this answer

Option D is correct because `podman generate systemd --new --name mycontainer` creates a systemd unit file that defines the container as a transient service with `Restart=always` and `WantedBy=multi-user.target`, ensuring the container starts automatically after a reboot. This approach aligns with Red Hat best practices for managing containers as systemd services, leveraging systemd's native dependency and restart capabilities rather than relying on legacy or non-standard methods.

Exam trap

The trap here is that candidates may think any method that runs a command at boot (like cron or rc.local) is sufficient, but Red Hat specifically tests that systemd is the standard service manager in RHEL 8/9 and that `podman generate systemd` is the recommended way to create persistent container services with proper restart and dependency handling.

How to eliminate wrong answers

Option A is wrong because a cron job that polls for container status introduces unnecessary latency, race conditions, and complexity; it does not integrate with systemd's dependency-based startup ordering or provide reliable restart-on-failure behavior. Option B is wrong because sysvinit scripts are legacy in RHEL 8/9, which uses systemd as the default init system; using sysvinit bypasses systemd's native container management features and is not a supported Red Hat best practice. Option C is wrong because `/etc/rc.local` is executed after most services have started, offers no dependency management, and is considered a legacy workaround; it does not provide the restart policy or lifecycle control that systemd units offer.

103
MCQmedium

A system administrator needs to create a point-in-time backup of a logical volume 'lv_home' that is currently mounted. Which LVM feature should be used?

A.lvreduce
B.lvchange
C.lvextend
D.lvcreate -s
E.pvmove
AnswerD

Correct. lvcreate with -s creates a snapshot of the LV.

Why this answer

Option D is correct because the 'lvcreate -s' command creates a snapshot of a logical volume, which provides a point-in-time backup without unmounting the volume. Snapshots are a native LVM feature that allow consistent backups of mounted filesystems by capturing the state of the logical volume at the moment the snapshot is created.

Exam trap

The trap here is that candidates may confuse 'lvcreate -s' with other LVM commands like 'lvreduce' or 'lvextend', mistakenly thinking those can create backups, or they may assume that a mounted volume must be unmounted before any backup operation, which is not required with LVM snapshots.

How to eliminate wrong answers

Option A is wrong because 'lvreduce' reduces the size of a logical volume, which is unrelated to creating backups and can cause data loss if not done carefully. Option B is wrong because 'lvchange' modifies attributes of an existing logical volume (e.g., activation, permissions) and does not create point-in-time copies. Option C is wrong because 'lvextend' increases the size of a logical volume, which is used for capacity expansion, not backup creation.

Option E is wrong because 'pvmove' moves physical extents from one physical volume to another within a volume group, which is used for storage migration or maintenance, not for creating backups.

104
MCQhard

A server has a requirement that all users in the 'finance' group must have a password aging policy that forces password change every 90 days. Which approach best achieves this for existing users?

A.Set PASS_MAX_DAYS 90 in /etc/login.defs
B.Edit /etc/shadow and change the fifth field for all users
C.Configure pam_pwquality.so to enforce password age
D.Write a script to run 'chage -M 90' for each user in the finance group
AnswerD

This directly sets the maximum password age for each existing user in the group.

Why this answer

Option D is correct because `chage -M 90` sets the maximum password age for a specific user, and by scripting it to apply to all members of the 'finance' group, you directly enforce the 90-day policy on existing users. This approach works regardless of the default settings in `/etc/login.defs`, which only affect new users, and avoids the manual and error-prone editing of `/etc/shadow`.

Exam trap

The trap here is that candidates often confuse `/etc/login.defs` as applying to all users (including existing ones), when in fact it only sets defaults for new user creation via `useradd`.

How to eliminate wrong answers

Option A is wrong because `/etc/login.defs` only sets default values for newly created users; it does not retroactively apply to existing users. Option B is wrong because manually editing the fifth field in `/etc/shadow` is fragile, error-prone, and not a supported or recommended administrative practice; the `chage` command is the proper tool for this task. Option C is wrong because `pam_pwquality.so` is a module for password quality/complexity checks (e.g., length, character classes), not for enforcing password aging policies like maximum days between changes.

105
MCQeasy

Refer to the exhibit. A security analyst reviews the journal output for sshd.service. Which of the following best describes the observed pattern of events?

A.The system is under a denial-of-service attack because the connections are being closed before authentication.
B.The SSH service is malfunctioning and dropping connections due to a configuration error.
C.Multiple hosts are attempting to connect to the SSH service simultaneously, causing connection errors.
D.The system experienced a brute-force attack on the root account originating from IP 192.168.1.100, which eventually succeeded.
AnswerD

The logs show multiple failed attempts followed by a successful login from the same IP.

Why this answer

The journal output shows repeated failed authentication attempts for the root user from IP 192.168.1.100, followed by a successful login. This pattern is characteristic of a brute-force attack where an attacker tries many passwords until one works. The final 'Accepted password for root' line confirms the attack succeeded, making D correct.

Exam trap

Red Hat often tests the distinction between a denial-of-service attack (which would show connections dropped before authentication) and a brute-force attack (which shows repeated failed authentications followed by a success), leading candidates to confuse the two patterns.

How to eliminate wrong answers

Option A is wrong because the connections are not being closed before authentication; they are completing authentication (both failed and eventually accepted). Option B is wrong because there is no evidence of a configuration error; the SSH service is functioning normally by processing and logging authentication attempts. Option C is wrong because the events are sequential from a single IP, not simultaneous from multiple hosts, and the errors are authentication failures, not connection errors.

106
Matchingmedium

Match each file system type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Default file system for RHEL 8/9 with journaling and support for large files

High-performance 64-bit journaling file system, default for /boot in RHEL 7

Copy-on-write file system with snapshots and compression (available in RHEL 8/9)

Used for virtual memory, typically as a partition or file

Why these pairings

These are common file systems used in RHEL systems.

107
MCQmedium

Refer to the exhibit. An administrator needs to create a new logical volume named 'data' of size 3GB. Which command should be used?

A.lvcreate -n data -L 3G vg01
B.lvcreate -n data -L 3G vg00
C.lvcreate -n data -L 3G /dev/sda1
D.lvcreate -n data -l 100 vg01
E.lvcreate -n data -l 100 vg00
AnswerA

Correct. vg01 has 5GB free, sufficient for the LV.

Why this answer

Option A is correct because the `lvcreate` command with `-n data` names the logical volume 'data', `-L 3G` sets its size to 3 gigabytes, and `vg01` specifies the volume group that contains the physical volumes. This matches the requirement exactly, assuming the volume group `vg01` exists and has sufficient free extents.

Exam trap

Red Hat often tests the distinction between the `-L` (size in units) and `-l` (number of extents) options, and the requirement to specify a volume group name rather than a device path, to catch candidates who confuse LVM syntax with standard partition commands.

How to eliminate wrong answers

Option B is wrong because it specifies `vg00` instead of `vg01`, which does not match the volume group referenced in the exhibit (the exhibit shows `vg01`). Option C is wrong because `lvcreate` requires a volume group name, not a device path like `/dev/sda1`; using a device path would attempt to create a logical volume directly on a physical volume, which is invalid syntax. Option D is wrong because `-l 100` allocates 100 logical extents, not a fixed size of 3GB; the size in extents depends on the extent size of the volume group, which may not equal 3GB.

Option E is wrong because it uses `-l 100` (extents, not a fixed size) and specifies `vg00` instead of `vg01`.

108
MCQhard

Refer to the exhibit. After extending the logical volume, why does the df output still show 5.0G?

A.The lvextend command failed silently.
B.The filesystem type is ext4 and requires resize2fs.
C.The mount point /data is not accessible.
D.The filesystem needs to be resized with xfs_growfs.
AnswerD

For XFS, after lvextend, you must run xfs_growfs to resize the filesystem to use the new space.

109
Matchingmedium

Match each command to its function in managing storage.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Partition table manipulator for MBR and GPT

Create a volume group in LVM

Create an ext4 file system on a partition

Attach a file system to a directory

Why these pairings

These commands are essential for storage management in RHEL.

110
MCQhard

A storage administrator is asked to increase the size of an ext4 filesystem mounted at /data. The underlying logical volume /dev/mapper/vg01-lv01 is currently 10GB and the volume group has 5GB of free extents. After extending the logical volume by 2GB using lvextend -L +2G /dev/mapper/vg01-lv01, what command must be run to resize the filesystem?

A.resize2fs /dev/mapper/vg01-lv01
B.lvextend -r -L +2G /dev/mapper/vg01-lv01
C.xfs_growfs /data
D.fsck -f /dev/mapper/vg01-lv01
AnswerA

resize2fs is the correct tool to resize an ext4 filesystem to match the enlarged logical volume.

Why this answer

After extending the logical volume with `lvextend`, the filesystem does not automatically recognize the new space. For ext4 filesystems, the `resize2fs` command must be run to resize the filesystem to use the additional logical volume capacity. This command can be executed online (while the filesystem is mounted) and will expand the filesystem to fill the available space in the logical volume.

Exam trap

The trap here is that candidates may confuse filesystem-specific resize commands (resize2fs for ext4 vs. xfs_growfs for XFS) or assume that `lvextend` automatically resizes the filesystem without the `-r` flag.

How to eliminate wrong answers

Option B is wrong because `lvextend -r` automatically resizes the filesystem during the LV extension, but the question states the administrator already ran `lvextend` without the `-r` flag, so a separate resize command is required. Option C is wrong because `xfs_growfs` is used for XFS filesystems, not ext4; using it on an ext4 filesystem would fail. Option D is wrong because `fsck -f` performs a filesystem consistency check and repair, not a resize operation; it does not change the filesystem size.

111
MCQmedium

Based on the exhibit, which device is used for swap?

A./dev/mapper/vg00-home
B./dev/sda2
C.The UUID deadbeef-cafe-babe-0000-000000000000
D.The UUID abcdef01-2345-6789-abcd-ef0123456789
E.The UUID 12345678-1234-1234-1234-123456789abc
AnswerC

Correct: swap entry.

Why this answer

Option C is correct because the exhibit shows a swap partition with the UUID deadbeef-cafe-babe-0000-000000000000. In Red Hat Enterprise Linux, swap devices are identified by their UUID in /etc/fstab, and the 'sw' or 'swap' keyword in the mount options column confirms this. The other UUIDs correspond to non-swap filesystems or are not present in the exhibit.

Exam trap

Red Hat often tests the distinction between device names (like /dev/sda2) and UUIDs, and candidates may mistakenly choose a device name or a UUID from a non-swap filesystem because they overlook the 'swap' keyword in the fstab options column.

How to eliminate wrong answers

Option A is wrong because /dev/mapper/vg00-home is a logical volume typically used for the /home filesystem, not swap; it would have a filesystem type like xfs or ext4, not swap. Option B is wrong because /dev/sda2 is a device name, not a UUID, and the exhibit explicitly shows UUIDs for swap identification; using a device name would be less reliable and not match the exhibit's format. Option D is wrong because the UUID abcdef01-2345-6789-abcd-ef0123456789 is not listed in the exhibit as a swap device; it likely belongs to another filesystem.

Option E is wrong because the UUID 12345678-1234-1234-1234-123456789abc is not present in the exhibit and does not correspond to any swap entry.

112
Matchingmedium

Match each networking term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automatically assigns IP addresses to hosts

Resolves hostnames to IP addresses

Translates private IPs to public IPs

Combines multiple network interfaces for redundancy or throughput

Why these pairings

These are fundamental networking concepts in RHEL.

113
MCQeasy

A user reports they cannot log in to a Linux system. Their account was recently created. The administrator checks /etc/passwd and sees the entry: jsmith:x:1001:1001::/home/jsmith:/sbin/nologin. What is the likely issue?

A.The user is locked due to expired password
B.The home directory does not exist
C.The user is not in any supplementary groups
D.The user's shell is set to /sbin/nologin which prevents login
AnswerD

/sbin/nologin shell disables login.

Why this answer

Option B is correct because the shell is set to /sbin/nologin, which prevents any login. Option A is plausible but not the direct cause. Option C would require checking other fields.

Option D is not relevant to login ability.

114
MCQeasy

After creating a new partition on /dev/sdc, the administrator runs 'partprobe' to inform the kernel of the change. What is the primary purpose of partprobe?

A.To create a filesystem label
B.To repair a damaged partition table
C.To format the partition with a filesystem
D.To make the kernel re-read the partition table
AnswerD

Correct: partprobe updates kernel partition table.

Why this answer

The `partprobe` command is used to inform the operating system kernel of changes to the partition table without requiring a system reboot. After creating a new partition on `/dev/sdc`, running `partprobe` makes the kernel re-read the partition table from the disk, ensuring the new partition is recognized and accessible. This is essential for the kernel to update its in-memory representation of the disk's partitions.

Exam trap

The trap here is that candidates often confuse `partprobe` with `partx` or `mkfs`, mistakenly thinking it formats or repairs partitions, when its sole purpose is to synchronize the kernel's partition table with the disk's actual partition layout.

How to eliminate wrong answers

Option A is wrong because creating a filesystem label is done with commands like `e2label` or `tune2fs`, not `partprobe`. Option B is wrong because repairing a damaged partition table is typically performed with tools like `gdisk` or `fdisk` in recovery mode, not `partprobe`. Option C is wrong because formatting a partition with a filesystem is accomplished using commands like `mkfs.ext4` or `mkfs.xfs`, not `partprobe`.

115
MCQmedium

A developer reports that a container running a custom web application is failing to start on a Red Hat Enterprise Linux 8 host. The container image is built from a Dockerfile that uses 'EXPOSE 8080'. The host firewall is enabled. Which action is most likely required to allow external access to the application?

A.Start the container with the '-p 8080:8080' option to publish the port.
B.Open port 8080 in the host firewall using firewall-cmd.
C.Disable the host firewall to allow all incoming traffic.
D.Ensure the container image includes an EXPOSE instruction for port 8080.
AnswerA

Publishing the container port with '-p' makes it accessible through the host.

Why this answer

The container image's EXPOSE 8080 instruction is metadata that documents the intended port but does not actually publish it. To make the container's port 8080 accessible from the host's network, you must use the '-p 8080:8080' option when starting the container with 'podman run' or 'docker run'. This creates a port mapping from the host's port 8080 to the container's port 8080, allowing external traffic to reach the application.

Exam trap

The trap here is that candidates often confuse the EXPOSE instruction (which is just metadata) with actual port publishing, leading them to think the port is automatically accessible or that firewall changes are the primary fix.

How to eliminate wrong answers

Option B is wrong because the host firewall is not the primary issue; even if port 8080 is opened in the firewall, the container's port is not mapped to the host, so traffic cannot reach the container. Option C is wrong because disabling the firewall is an insecure and unnecessary step; the correct approach is to publish the port while keeping the firewall enabled and properly configured. Option D is wrong because the EXPOSE instruction is already present in the Dockerfile and does not affect runtime port publishing; it only serves as documentation.

116
MCQeasy

Refer to the exhibit. Which command will ensure cron jobs run automatically at system boot?

A.systemctl reenable crond
B.systemctl start crond
C.systemctl enable crond
D.systemctl unmask crond
AnswerC

Enables the service to start at boot.

Why this answer

The `systemctl enable crond` command creates the necessary symlinks in the systemd unit configuration to ensure the `crond` service starts automatically at boot. This is the correct method to enable a service for automatic startup in a systemd-based Red Hat Enterprise Linux system.

Exam trap

The trap here is that candidates often confuse `systemctl start` (immediate start) with `systemctl enable` (boot-time start), or think that `systemctl unmask` alone is sufficient to make a service start at boot.

How to eliminate wrong answers

Option A is wrong because `systemctl reenable crond` is used to re-create the symlinks for the service, typically after modifying the unit file, but it does not ensure the service is enabled for boot if it was already disabled. Option B is wrong because `systemctl start crond` only starts the service immediately in the current session, without configuring it to start automatically at boot. Option D is wrong because `systemctl unmask crond` removes a mask that prevents the service from being started manually or automatically, but it does not enable the service for boot; the service must still be enabled separately.

117
MCQeasy

Which command creates an XFS filesystem on /dev/nvme0n1p1 and sets the label to 'data'?

A.mkfs.xfs -l data /dev/nvme0n1p1
B.mkfs.xfs -f /dev/nvme0n1p1
C.mkfs.xfs -L data /dev/nvme0n1p1
D.mkfs.xfs -n data /dev/nvme0n1p1
AnswerC

Correct.

Why this answer

Option C is correct because the `-L` flag in `mkfs.xfs` is used to set the filesystem label. The command `mkfs.xfs -L data /dev/nvme0n1p1` creates an XFS filesystem on the specified partition and assigns it the label 'data'.

Exam trap

The trap here is confusing the `-L` (label) flag with the `-l` (log) flag, as they look similar but have completely different functions in XFS, and candidates often misremember the option letter from other filesystem tools.

How to eliminate wrong answers

Option A is wrong because the `-l` flag in `mkfs.xfs` is used to specify log device or log parameters, not the label; using `-l data` would attempt to set a log parameter named 'data', which is invalid. Option B is wrong because the `-f` flag forces overwrite of an existing filesystem but does not set a label; it would create an unlabeled filesystem. Option D is wrong because the `-n` flag in `mkfs.xfs` is used to specify naming (directory) parameters, not the filesystem label; `-n data` would attempt to set a naming option, not the label.

118
MCQhard

Refer to the exhibit. What effect does the value INACTIVE=-1 have on newly created user accounts?

A.The account expires immediately.
B.Passwords never expire.
C.Account is disabled if password expires but user does not log in within -1 days (immediately).
D.The password inactivity period is disabled.
AnswerD

Option C is correct; INACTIVE=-1 disables the inactivity period, so the account will not be disabled after password expiration.

Why this answer

The `INACTIVE=-1` setting in the `useradd -D` or `/etc/default/useradd` configuration disables the password inactivity period. This means that after a password expires, the account will not be locked due to inactivity, effectively turning off the inactivity timer. The value -1 is a special sentinel that indicates no inactivity period is enforced.

Exam trap

Red Hat often tests the distinction between password expiration (`PASS_MAX_DAYS`) and the inactivity period (`INACTIVE`), trapping candidates who confuse the two or misinterpret -1 as 'immediate' rather than 'disabled'.

How to eliminate wrong answers

Option A is wrong because `INACTIVE=-1` does not cause immediate account expiration; account expiration is controlled by the `EXPIRE` field or `-e` option, not the inactivity setting. Option B is wrong because password expiration is controlled by `PASS_MAX_DAYS` (e.g., in `/etc/login.defs`), not by the inactivity period; `INACTIVE` only affects what happens after a password expires. Option C is wrong because a negative value (-1) disables the inactivity check entirely; it does not mean 'immediately' — the account is not disabled at all due to inactivity when set to -1.

119
Multi-Selecteasy

A systems administrator needs to list all currently defined firewall rules in firewalld, including rules for all zones. Which TWO commands can be used to accomplish this? (Choose exactly two.)

Select 2 answers
A.firewall-cmd --list-all-zones
B.iptables -L
C.systemctl status firewalld
D.firewall-cmd --get-default-zone
E.firewall-cmd --list-all
AnswersA, E

Lists rules for all zones, which includes all defined rules.

Why this answer

Option A is correct because `firewall-cmd --list-all-zones` displays all firewall rules for every zone in firewalld, including default and custom zones. Option E is correct because `firewall-cmd --list-all` shows all rules for the default zone, which is a subset of the full rule set; however, the question asks for 'all currently defined firewall rules in firewalld, including rules for all zones,' and while `--list-all` alone only covers the default zone, it is still a valid command to list rules for that zone, and combined with the context of the question (which requires exactly two answers), it is accepted as a correct choice because it does list rules (for the default zone) and is a standard firewalld command.

Exam trap

The trap here is that candidates might think `iptables -L` is equivalent to listing firewalld rules, but firewalld uses a zone-based abstraction and its own command set, so `iptables -L` shows raw kernel rules that may not reflect firewalld's configuration, and `systemctl status` or `--get-default-zone` are status/info commands, not rule-listing commands.

120
MCQmedium

A filesystem is reported as 'read-only' after a system crash. The admin runs fsck and sees 'clean' status. What is the most likely reason it remains read-only?

A.fsck cannot fix errors on ext4 filesystems.
B.The filesystem is still mounted; fsck cannot fix it while mounted.
C.The filesystem is XFS, and fsck does not repair XFS.
D.fsck detected errors but did not fix them automatically.
AnswerD

fsck -y or manual repair needed.

Why this answer

Option D is correct because when fsck reports a filesystem as 'clean' but the system still shows it as read-only, it typically means fsck detected errors during the check but did not automatically repair them. By default, fsck runs in non-interactive mode on boot and may require the '-y' flag or manual intervention to apply fixes. The 'clean' status can be misleading if the journal indicates no corruption, but underlying metadata inconsistencies remain unaddressed.

Exam trap

The trap here is that candidates assume 'clean' means no errors exist, but fsck can report 'clean' while still leaving unaddressed errors that force the filesystem to remain read-only for safety.

How to eliminate wrong answers

Option A is wrong because fsck can fix errors on ext4 filesystems; it is specifically designed to check and repair ext2/3/4 filesystems. Option B is wrong because the question states the admin runs fsck after a system crash, implying the filesystem is not mounted (or fsck would refuse to run with a warning); even if mounted read-only, fsck can still check it, but the issue here is that fsck did not apply repairs. Option C is wrong because the filesystem is reported as ext4 (fsck is run and shows 'clean'), not XFS; XFS uses xfs_repair, not fsck, and the question explicitly mentions fsck.

121
MCQhard

An auditor requires that all failed SSH login attempts be logged to a separate file /var/log/ssh_failures. Which configuration is needed in /etc/rsyslog.conf or /etc/rsyslog.d/?

A.authpriv.err /var/log/ssh_failures
B.sshd.* /var/log/ssh_failures
C.authpriv.* /var/log/ssh_failures
D.auth.* /var/log/ssh_failures
AnswerA

This logs only error-level authpriv messages, which includes failed SSH.

Why this answer

Option A is correct because SSH authentication failures are logged by the `authpriv` facility with severity `err` or higher. The `authpriv.err` selector in rsyslog matches messages from the `authpriv` facility with a severity of `err` and above (including `crit`, `alert`, `emerg`), which covers failed SSH login attempts. This directs those messages to `/var/log/ssh_failures` as required.

Exam trap

The trap here is that candidates confuse the `auth` and `authpriv` facilities or think `sshd.*` is a valid selector, when in fact SSH authentication uses `authpriv` and only specific severity levels like `err` are needed for failures.

How to eliminate wrong answers

Option B is wrong because `sshd.*` is not a valid rsyslog facility; SSH logging uses the `authpriv` facility, not a service-specific facility name. Option C is wrong because `authpriv.*` logs all messages from the `authpriv` facility at any severity, including successful logins and informational messages, which would clutter the separate file with irrelevant data. Option D is wrong because `auth.*` logs all messages from the `auth` facility, which includes system authentication events like console logins and sudo, not just SSH failures, and may miss some SSH-specific messages that go to `authpriv`.

122
MCQeasy

A junior administrator is tasked with finding all files in the /var/log directory that have been modified within the last 24 hours and are owned by the 'root' user. The administrator runs the command: find /var/log -user root -mtime 0. However, the command returns no output, even though there are files that meet the criteria. What is the most likely issue with the find command?

A.The /var/log path is not accessible; the administrator should use sudo.
B.The -user root argument is invalid; it should be -uid 0.
C.The find command requires the -type f argument to search for files only.
D.The -mtime 0 argument is incorrect; it should be -mtime -1 to find files modified in the last 24 hours.
AnswerD

Correct: -mtime -1 finds files modified less than 24 hours ago; -mtime 0 finds files exactly 24 hours ago.

Why this answer

Option D is correct because `-mtime 0` matches files modified exactly 24 hours ago (i.e., between 0 and 24 hours ago, but not including the current 24-hour window). To find files modified within the last 24 hours (i.e., less than 24 hours ago), the correct argument is `-mtime -1`, which matches files modified less than 1 day ago. The administrator's command returns no output because no files have a modification time that falls exactly in the 24-hour-old window.

Exam trap

The trap here is that candidates confuse `-mtime 0` with 'modified within the last 24 hours' when it actually means 'modified exactly 24 hours ago', leading them to choose a different wrong option or think the command is correct.

How to eliminate wrong answers

Option A is wrong because the `/var/log` directory is typically accessible by any user for reading file metadata; the issue is not about permissions but the `-mtime` logic. Option B is wrong because `-user root` is a valid and correct argument; `-uid 0` would also work but is not required, and the command's failure is not due to the user specification. Option C is wrong because `-type f` is not required to find files; `find` searches for all entry types (files, directories, symlinks) by default, and the problem is not about filtering to files only.

123
MCQeasy

An administrator wants to add an additional swap partition of 2GB on device /dev/sdb1. Which set of commands should be used to enable swap and make it persistent across reboots?

A.parted /dev/sdb set 1 swap on
B.swapadd /dev/sdb1
C.mkswap /dev/sdb1; swapon /dev/sdb1; echo '/dev/sdb1 swap swap defaults 0 0' >> /etc/fstab
D.mkfs.ext4 /dev/sdb1; mount /dev/sdb1 /swap
E.None of the above
AnswerC

Correct. This sequence prepares, activates, and persists swap.

Why this answer

Option C is correct because it follows the proper sequence to prepare and activate a swap partition on /dev/sdb1. First, `mkswap` initializes the partition as a swap area by writing a swap signature. Then `swapon` activates it immediately.

Finally, adding an entry to /etc/fstab ensures the swap is automatically enabled at boot, making it persistent across reboots.

Exam trap

Red Hat often tests the distinction between filesystem creation (`mkfs.*`) and swap initialization (`mkswap`), and the trap here is that candidates may confuse `swapon` with a non-existent command like `swapadd` or think `parted` can enable swap directly.

How to eliminate wrong answers

Option A is wrong because `parted` does not have a 'swap on' subcommand; swap is enabled via `mkswap` and `swapon`, not through a parted flag. Option B is wrong because `swapadd` is not a valid Linux command; the correct command to activate swap is `swapon`. Option D is wrong because `mkfs.ext4` creates an ext4 filesystem, which is not suitable for swap; swap requires a raw partition formatted with `mkswap`, and mounting it is not how swap is used.

Option E is wrong because option C is correct.

124
MCQhard

Refer to the exhibit. A web server is serving content from /var/www/html. SELinux is in enforcing mode. The web client reports 'Forbidden'. What is the most likely cause?

A.The file is owned by root, and Apache runs as apache user, so it cannot read.
B.The directory /var/www/html may have incorrect context or permissions preventing Apache from listing files.
C.The file permissions are 644, which restricts access.
D.The file has an incorrect SELinux context; it should be httpd_user_content_t.
AnswerB

Directory context or permissions are a common cause of forbidden errors.

Why this answer

The file itself has correct context and permissions (644). The issue is likely that the directory /var/www/html has incorrect context or permissions, preventing Apache from reading files within it. Option A suggests wrong context (file context is correct).

Option B: 644 is readable. Option C: ownership does not matter with 644.

125
Drag & Dropmedium

Put the steps to configure NFS server to export /nfsshare to a specific client in order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

NFS export configuration involves creating the directory, editing /etc/exports, exporting, and starting services.

126
Multi-Selecthard

Which TWO commands can be used to list block devices and their attributes? (Choose exactly two.)

Select 2 answers
A.fdisk -l
B.lsblk
C.du
D.df
E.blkid
AnswersB, E

Lists block devices with details.

Why this answer

B (lsblk) is correct because it lists all block devices (e.g., /dev/sda, /dev/nvme0n1) and displays their attributes such as size, type, mount point, and model in a tree-like format by reading the sysfs filesystem. E (blkid) is correct because it shows block device attributes like UUID, filesystem type, and LABEL by querying the libblkid library, which reads metadata directly from the device.

Exam trap

Red Hat often tests the distinction between commands that list block devices (lsblk, blkid) versus commands that manage partitions (fdisk) or report filesystem usage (df, du), causing candidates to confuse 'block device attributes' with 'partition table' or 'disk usage' information.

127
MCQhard

A system administrator is troubleshooting a cron job that runs a script as root. The script is located at /root/scripts/backup.sh and has permissions 755. The cron job is defined in /etc/crontab with the line: 0 2 * * * root /root/scripts/backup.sh. However, the script does not run at the scheduled time. The administrator checks the cron logs and finds no errors. The administrator then runs the script manually as root and it executes successfully. What is the most likely cause of the cron job not running?

A.The cron job line uses absolute path to the script but the script requires an environment variable that is not set in cron's minimal environment.
B.The script is not executable by the root user.
C.The cron daemon is not running.
D.The /etc/crontab file does not allow running scripts from /root.
AnswerA

Cron runs with a sparse environment. The script may depend on variables like PATH or custom variables that are not exported.

Why this answer

Option A is correct because cron jobs run with a minimal environment, typically lacking user-specific environment variables like PATH, HOME, or custom variables set in shell startup files. The script at /root/scripts/backup.sh may rely on an environment variable (e.g., a database password or directory path) that is defined in root's interactive shell but not in cron's environment. When run manually as root, the variable is available, but cron does not source /root/.bashrc or /root/.bash_profile, causing the script to fail silently or not execute as expected.

Exam trap

Red Hat often tests the misconception that file permissions or cron daemon status are the primary causes of cron job failures, when in reality the minimal cron environment and missing environment variables are the subtle but frequent issue.

How to eliminate wrong answers

Option B is wrong because the script has permissions 755, which includes execute permission for the owner (root), so it is executable by root. Option C is wrong because if the cron daemon were not running, the cron logs would typically show an error or the job would not be logged at all; the administrator found no errors in the logs, indicating the daemon is active. Option D is wrong because /etc/crontab has no restriction on running scripts from /root; the root user can execute scripts from any directory, and the cron job specifies the user 'root' explicitly.

128
MCQhard

A user is unable to delete a file named '-f' in the current directory. Which command will successfully remove it?

A.rm \-f
B.rm -- -f
C.rm -f
D.rm "-f"
AnswerB

-- ends option parsing, so -f is treated as a filename.

Why this answer

Option B is correct because the '--' double dash signals the end of command options to most Linux utilities, including rm. This allows rm to interpret '-f' as a literal filename rather than the '--force' option, enabling its deletion.

Exam trap

The trap here is that candidates assume quoting or escaping the dash will prevent option parsing, but only the '--' separator reliably tells rm to stop interpreting arguments as options.

How to eliminate wrong answers

Option A is wrong because 'rm \-f' escapes the hyphen with a backslash, but rm still interprets '-f' as the force option, not a filename. Option C is wrong because 'rm -f' is the standard force-delete option, which does not target a file named '-f' and will fail or delete unintended files. Option D is wrong because 'rm "-f"' uses quotes, but the shell still passes the string '-f' as an argument, which rm interprets as the force option, not a filename.

129
MCQhard

A company runs a web application on a Red Hat Enterprise Linux 8 server. The application is served by Apache HTTPD, and it requires read/write access to a custom directory /var/www/app_data. The SELinux context for the directory is set to httpd_sys_rw_content_t. Apache runs in enforcing mode. Recently, a new feature was added that requires Apache to connect to a database on the same server via a Unix socket. The database serves on /var/run/mysqld/mysqld.sock. After the feature deployment, the web application fails to connect to the database. The error logs show permission denied on the socket file. The socket file has permissions 660 and is owned by mysql:mysql. SELinux audit logs show AVC denials for httpd_t trying to connect to mysqld_var_run_t. Which of the following solutions should the administrator implement to allow Apache to read the database socket while maintaining security?

A.Change the SELinux context of the socket file to httpd_sys_rw_content_t using chcon.
B.Enable the SELinux boolean httpd_can_network_connect_db using setsebool -P httpd_can_network_connect_db on.
C.Enable the SELinux boolean httpd_can_connect_db using setsebool -P httpd_can_connect_db on.
D.Use semanage to add a context mapping for the socket file to httpd_var_run_t and set the httpd to permissive mode.
AnswerC

This boolean allows Apache to connect to local database sockets.

Why this answer

The correct solution is to enable the SELinux boolean httpd_can_connect_db. This boolean allows Apache to connect to a local database socket. Option A changes context to a file type for content, not sockets.

Option C is for network databases. Option D disables SELinux enforcement partially, which reduces security.

130
MCQeasy

A system administrator needs to view the last 10 lines of the log file /var/log/messages in real time as new lines are added. Which command should be used?

A.tail -f /var/log/messages
B.less /var/log/messages
C.head -n 10 /var/log/messages
D.cat /var/log/messages
AnswerA

tail -f outputs the last 10 lines and updates in real time.

Why this answer

The `tail -f /var/log/messages` command displays the last 10 lines of the file by default and then continues to output new lines as they are appended, providing real-time monitoring. The `-f` (follow) option keeps the file open and polls for changes, making it the correct tool for live log watching.

Exam trap

Red Hat often tests the distinction between `tail -f` and `tail` without `-f`, where candidates mistakenly think `tail` alone provides real-time updates, or confuse `head` and `tail` for viewing the end of a file.

How to eliminate wrong answers

Option B is wrong because `less` is a pager that shows the file content page by page but does not automatically follow new lines in real time (unless used with `+F` mode, which is not specified). Option C is wrong because `head -n 10` only shows the first 10 lines, not the last 10, and does not follow updates. Option D is wrong because `cat` dumps the entire file to stdout and exits, providing no real-time monitoring capability.

131
MCQhard

A developer needs to compile software from source and install it under /opt/custom. To avoid affecting the system package manager, which approach should be used?

A.Compile and install with default paths, then use 'make uninstall' to remove
B.Compile with './configure --prefix=/opt/custom' and use 'checkinstall' to create an RPM
C.Compile with './configure --prefix=/usr' and then install
D.Compile with './configure --prefix=/opt/custom' and then 'make install'
AnswerD

Keeps installation isolated in /opt/custom.

Why this answer

Option D is correct because using `./configure --prefix=/opt/custom` sets the installation root to `/opt/custom`, which keeps the compiled software completely separate from the system-managed directories (e.g., `/usr`, `/usr/local`). Running `make install` then installs all files under this custom prefix, ensuring the system package manager (RPM/YUM/DNF) is not affected by the manual installation.

Exam trap

Red Hat often tests the misconception that `--prefix=/usr/local` is safe, but the trap here is that `/usr/local` can still be managed by the system package manager in some configurations, and the only way to guarantee no interference is to use a completely separate directory like `/opt/custom`.

How to eliminate wrong answers

Option A is wrong because compiling with default paths (typically `/usr/local`) still places files in a location that may conflict with system-managed packages, and `make uninstall` is unreliable (many Makefiles do not support it or leave residual files). Option B is wrong because `checkinstall` creates an RPM that, when installed, registers the software with the system package manager, which defeats the goal of avoiding package manager interference. Option C is wrong because `--prefix=/usr` installs directly into the system-managed directory, which can overwrite or conflict with RPM-managed files and corrupt the package database.

132
MCQeasy

A technician needs to create a new group named 'developers' with GID 5000. Which command accomplishes this?

A.groupadd -r developers
B.useradd -g developers
C.groupadd developers
D.groupadd -g 5000 developers
AnswerD

This correctly creates the group with the specified GID.

Why this answer

Option D is correct because the `groupadd -g 5000 developers` command explicitly sets the GID to 5000 for the new group named 'developers'. The `-g` option specifies the numeric group ID, which is required to meet the technician's exact requirement.

Exam trap

The trap here is that candidates may confuse `groupadd -r` (system group) with creating a group with a specific GID, or they may think `useradd -g` creates a group, when it actually assigns a user to an existing group.

How to eliminate wrong answers

Option A is wrong because `groupadd -r` creates a system group with a GID in the system range (typically below 1000), not a custom GID of 5000. Option B is wrong because `useradd -g developers` creates a new user and assigns them to an existing group named 'developers', but it does not create a new group. Option C is wrong because `groupadd developers` creates the group with an automatically assigned GID (usually the next available above 1000), not the specific GID 5000.

133
MCQeasy

An administrator needs to configure a service to start automatically at boot and also start it immediately without rebooting. Which single command accomplishes both tasks?

A.systemctl start httpd.service
B.systemctl enable httpd.service
C.systemctl enable --now httpd.service
D.systemctl reenable httpd.service
AnswerC

Enables and starts the service in one step.

Why this answer

Option C is correct because `systemctl enable --now httpd.service` combines the `enable` action (creating symlinks for automatic start at boot) with the `start` action (immediately launching the service) in a single command. This is the precise method in systemd to achieve both goals without rebooting.

Exam trap

The trap here is that candidates often confuse `enable` with `start`, thinking `enable` alone also starts the service, or they choose `start` alone, forgetting that boot persistence requires a separate `enable` step.

How to eliminate wrong answers

Option A is wrong because `systemctl start httpd.service` only starts the service immediately but does not configure it to start automatically at boot; it lacks the `enable` action. Option B is wrong because `systemctl enable httpd.service` only configures the service to start at boot but does not start it immediately; it requires a separate `start` command or a reboot. Option D is wrong because `systemctl reenable httpd.service` is used to recreate the enable symlinks (e.g., after a unit file change) but does not start the service; it neither starts it immediately nor guarantees a fresh enable for boot.

134
MCQmedium

After extending the logical volume to 500G, why does df still show 250G?

A.The mount point is incorrect.
B.The physical volume is full.
C.The filesystem was not resized after extending the LV.
D.The logical volume extension failed.
AnswerC

Need to run resize2fs or xfs_growfs.

Why this answer

Option C is correct because extending a logical volume (LV) with `lvextend` only increases the block device size; the filesystem on top must be resized separately using `resize2fs` (for ext4) or `xfs_growfs` (for XFS). Without this step, the filesystem still sees the original size, so `df` reports 250G instead of 500G.

Exam trap

Red Hat often tests the misconception that extending the logical volume automatically resizes the filesystem, leading candidates to think the extension itself is sufficient.

How to eliminate wrong answers

Option A is wrong because the mount point is irrelevant; `df` reports the filesystem size regardless of the mount point path. Option B is wrong because a full physical volume (PV) would prevent extending the LV, but the question states the extension was performed to 500G, implying sufficient PV space. Option D is wrong because the LV extension succeeded (the LV now has 500G capacity), but the filesystem was not resized to match.

135
MCQhard

A system has two logical volumes in the same volume group: 'lv_prod' (100% used) and 'lv_backup' (20% used). The administrator wants to allocate 5 GiB from 'lv_backup' to 'lv_prod' without unmounting any filesystems. Is this possible and why?

A.Yes, use lvreduce and lvextend while mounted; ext4 supports online shrinking.
B.No, because LVM does not allow freeing extents from an LV while it is active.
C.No, because ext4 filesystems cannot be shrunk online; they must be unmounted.
D.Yes, use lvresize to move extents between LVs directly.
AnswerC

Correct: ext4 requires unmount for shrink.

Why this answer

Option C is correct because ext4 filesystems do not support online shrinking; they must be unmounted before reducing the logical volume. Since the administrator wants to shrink lv_backup (which is only 20% used) to free 5 GiB, the ext4 filesystem on that LV must be unmounted first. Without unmounting, the lvreduce operation would fail, making the scenario impossible as described.

Exam trap

The trap here is that candidates confuse LVM's ability to resize logical volumes online (which is true for both growth and reduction at the LVM layer) with the filesystem's ability to shrink online, forgetting that ext4 requires unmounting for shrink operations.

How to eliminate wrong answers

Option A is wrong because ext4 does not support online shrinking; lvreduce on an ext4 filesystem requires the filesystem to be unmounted first, so the statement that ext4 supports online shrinking is false. Option B is wrong because LVM does allow freeing extents from an LV while it is active (the LV can be reduced online), but the filesystem on top (ext4) does not support online shrinking, so the limitation is at the filesystem level, not LVM. Option D is wrong because lvresize cannot move extents directly between LVs; it can only resize individual LVs, and extents must be freed from one LV and then allocated to another using separate lvreduce and lvextend steps, and the filesystem must be unmounted for the shrink.

136
MCQmedium

Refer to the exhibit. Which entry is most likely to cause the system to fail to boot if the NFS server is unavailable?

A.The third entry (/home)
B.The fourth entry (/mnt)
C.The second entry (/boot)
D.The first entry (/)
AnswerB

NFS mount without _netdev option; network may not be ready, causing boot delay or failure.

Why this answer

Option B is correct because the /mnt entry in /etc/fstab is configured with the default mount options, which include the _netdev option being absent. Without _netdev, the system will attempt to mount the NFS filesystem during the boot process before the network is fully operational. If the NFS server is unavailable, the mount will fail, and because the default mount behavior for non-root filesystems in /etc/fstab is to cause a boot failure if the mount fails (unless the 'nofail' option is specified), the system will drop into emergency mode and fail to complete the boot process.

Exam trap

Red Hat often tests the misconception that any NFS mount in /etc/fstab will cause a boot failure if the server is unavailable, but the trap here is that only mounts without the _netdev or nofail options will cause the system to fail to boot, and candidates may overlook the absence of these options in the default /mnt entry.

How to eliminate wrong answers

Option A is wrong because /home is a local filesystem (typically on a local disk or LVM), not a network filesystem, so its availability does not depend on the NFS server. Option C is wrong because /boot is a critical local filesystem that must be mounted early in the boot process; it is never an NFS mount in standard Red Hat Enterprise Linux configurations, and its failure would be due to local disk issues, not NFS server unavailability. Option D is wrong because the root filesystem (/) is mounted by the kernel or initramfs before /etc/fstab is processed, and its entry in /etc/fstab is typically ignored or used for remount options; a failure of the root entry in fstab does not cause a boot failure in the same way as a missing NFS server.

137
MCQeasy

A new Linux administrator needs to read the manual page for the 'ls' command but also wants to search for the word 'color' within the manual. Which command accomplishes this?

A.man -k color
B.man ls and then type /color
C.man ls | grep color
D.man color
AnswerB

Within man, / searches for the string.

Why this answer

Option B is correct because the man command opens the manual page for 'ls', and typing '/color' within the pager (usually less) performs an interactive forward search for the string 'color'. This allows the administrator to read the manual and search for the term in one session.

Exam trap

The trap here is that candidates may confuse 'man -k' (keyword search in manual page descriptions) with searching within a specific manual page, or they may think piping to grep is equivalent to the interactive search inside the man pager.

How to eliminate wrong answers

Option A is wrong because 'man -k color' searches the manual page name and short description (whatis database) for the keyword 'color', not within the content of a specific manual page. Option C is wrong because 'man ls | grep color' pipes the formatted output of the man page to grep, which searches for 'color' but does not allow interactive reading of the manual; it also may miss matches due to formatting escape sequences. Option D is wrong because 'man color' attempts to open a manual page named 'color', which does not exist as a standard command, and does not search within the 'ls' manual.

138
Multi-Selectmedium

Which TWO of the following are valid methods to set a user's password expiration date?

Select 2 answers
A.chage -M 90 username
B.useradd -e 2025-12-31 username
C.chage -E 2025-12-31 username
D.usermod -e 2025-12-31 username
E.passwd -e username
AnswersC, D

Sets the account expiration date.

Why this answer

Options A and C are correct. chage -E sets the account expiration date, and usermod -e also sets the account expiration date. passwd -e forces password change at next login, does not set expiration. chage -M sets maximum password age, not expiration date. useradd -e only works at user creation.

139
MCQhard

A server has an LVM volume group 'vg_data' with a logical volume 'lv_data' formatted as ext4. The administrator needs to increase the filesystem size by 2 GB without unmounting. Which set of commands should be used?

A.lvresize -L +2G /dev/vg_data/lv_data && xfs_growfs /mountpoint
B.lvextend -L +2G /dev/vg_data/lv_data
C.umount /dev/vg_data/lv_data && lvextend -L +2G /dev/vg_data/lv_data && mount /dev/vg_data/lv_data /mountpoint
D.lvextend -L +2G /dev/vg_data/lv_data && resize2fs /dev/vg_data/lv_data
AnswerD

Correct: lvextend extends the LV, then resize2fs grows the filesystem online.

Why this answer

Option D is correct because the filesystem is ext4, which supports online resizing. The `lvextend` command first expands the logical volume by 2 GB, and then `resize2fs` grows the ext4 filesystem to fill the newly allocated space—all without unmounting.

Exam trap

The trap here is that candidates often confuse the filesystem-specific resize commands—using `xfs_growfs` for ext4 or forgetting to run any filesystem resize command after extending the logical volume.

How to eliminate wrong answers

Option A is wrong because `xfs_growfs` is used for XFS filesystems, not ext4; using it on an ext4 filesystem would fail. Option B is wrong because it only extends the logical volume but does not resize the filesystem, leaving the extra space unusable. Option C is wrong because it unnecessarily unmounts and remounts the filesystem; ext4 supports online resizing, so unmounting is not required and adds downtime.

140
MCQeasy

Which command displays the UUID of a filesystem on /dev/sda1?

A.blkid /dev/sda1
B.df -h
C.mount
D.fdisk -l /dev/sda
AnswerA

Correct: blkid reports UUID and other attributes.

Why this answer

The `blkid` command is specifically designed to locate and print block device attributes, including the UUID (Universally Unique Identifier) of a filesystem. Running `blkid /dev/sda1` queries the device's superblock and outputs the UUID, filesystem type, and other metadata, making it the correct tool for this task.

Exam trap

The trap here is that candidates confuse `blkid` with `fdisk` or `df`, assuming partition tools or mount commands can reveal filesystem UUIDs, when in fact only `blkid` (or `lsblk -f`) directly queries the filesystem superblock for this attribute.

How to eliminate wrong answers

Option B is wrong because `df -h` displays disk space usage for mounted filesystems (human-readable sizes), not UUIDs or low-level device attributes. Option C is wrong because `mount` shows currently mounted filesystems and their mount options, but it does not display the UUID of a device unless the device was mounted by UUID (and even then, it shows the mount source, not a direct UUID query). Option D is wrong because `fdisk -l /dev/sda` lists partition tables (sectors, sizes, types) for the entire disk, but it does not show filesystem UUIDs; it only shows partition UUIDs (PTUUID) and partition type GUIDs on GPT disks, not the filesystem UUID stored in the superblock.

141
Multi-Selecthard

Which THREE of the following are valid methods to identify a block device in /etc/fstab?

Select 3 answers
A.by-path
B.LABEL
C.PARTUUID
D.UUID
E./dev/sda1
AnswersB, D, E

Filesystem label is also commonly used.

Why this answer

LABEL is a valid method to identify a block device in /etc/fstab because the kernel can resolve filesystem labels (set with e2label or tune2fs) to the corresponding block device at mount time. This allows administrators to refer to a filesystem by its human-readable label, which remains stable even if the device name changes (e.g., from /dev/sda1 to /dev/sdb1).

Exam trap

Red Hat often tests the misconception that all udev by-* symlinks (like by-path or by-id) are valid fstab identifiers, but only UUID, LABEL, PARTUUID, and PARTLABEL are supported in the fstab format, while by-path is a udev symlink not parsed by mount.

142
MCQhard

Refer to the exhibit. A user 'alice' is unable to write to /data directory. What is the most likely reason?

A.The directory permissions restrict access
B.The filesystem is nearly full
C.The directory is owned by root and alice is not root
D.The directory has ACLs preventing access
AnswerA

Permissions are 700 (owner only) and alice is not root.

Why this answer

The correct answer is A because the exhibit (not shown here) likely displays directory permissions such as 'drwxr-xr-x' or 'drwx------' that do not grant write access to the user 'alice'. In Linux, the write permission (w) on a directory controls whether a user can create, delete, or rename files within it. Since 'alice' lacks write permission on /data, she cannot write to it, regardless of ownership or filesystem space.

Exam trap

The trap here is that candidates often assume ownership by root (Option C) is the sole reason for denial, overlooking that permissions (Option A) are the actual gatekeeper; Cisco tests whether you understand that 'root ownership' does not block a non-root user if the 'others' permission allows write.

How to eliminate wrong answers

Option B is wrong because a nearly full filesystem would produce a 'No space left on device' error, not a permission denied error; the question describes inability to write due to permissions, not capacity. Option C is wrong because directory ownership by root does not inherently prevent 'alice' from writing if the directory's permissions grant write access to others (e.g., 'drwxrwxrwx') or if 'alice' is in a group with write permission; the exhibit likely shows restrictive permissions, not just ownership. Option D is wrong because ACLs (Access Control Lists) could also restrict access, but the question asks for the 'most likely' reason, and standard Unix permissions are the default and more common cause; ACLs would require explicit 'setfacl' configuration, which is less typical in basic scenarios.

143
MCQmedium

A system administrator writes the script shown. The /etc directory contains .conf files with spaces in their names (e.g., "my config.conf"). What is the most accurate description of the script's behavior?

A.The script will correctly process all .conf files, including those with spaces.
B.The script will only process the first .conf file and then exit.
C.The script will not execute because of a syntax error.
D.The script will split filenames with spaces into multiple words, causing errors.
AnswerD

Correct: command substitution with ls and no quotes causes word splitting.

Why this answer

Option D is correct because the script uses a for loop with `for file in /etc/*.conf`, which relies on shell globbing. When the glob expands, filenames with spaces (e.g., "my config.conf") are treated as separate words due to word splitting, causing the loop to iterate over each word rather than each file. This results in errors when commands like `echo` or `cp` receive broken paths.

Exam trap

Red Hat often tests the misconception that globbing automatically handles spaces, when in fact unquoted expansions cause word splitting that breaks filenames with spaces.

How to eliminate wrong answers

Option A is wrong because the script does not handle filenames with spaces; word splitting breaks them into multiple arguments. Option B is wrong because the loop does not exit after the first file; it continues iterating over all expanded words, but each iteration may fail due to incorrect filenames. Option C is wrong because there is no syntax error in the script; the for loop syntax is valid, and the issue is a runtime behavior problem with word splitting.

144
Multi-Selectmedium

Which TWO of the following are valid reasons to use LVM in a Red Hat Enterprise Linux environment?

Select 2 answers
A.Improved disk I/O performance over direct partitions
B.Ability to resize logical volumes without repartitioning
C.Support for snapshots for backup purposes
D.Simplification of disk partitioning by removing the need for partitions
E.Ability to create RAID arrays without mdadm
AnswersB, C

LVM allows online resizing of logical volumes, which is a major advantage.

Why this answer

Option B is correct because LVM allows you to resize logical volumes (LVs) online or offline without needing to repartition the underlying disk, which is a key advantage over traditional partitions. Option C is correct because LVM provides snapshot functionality, which creates a point-in-time copy of a logical volume for consistent backups or testing, without requiring additional backup software.

Exam trap

The trap here is that candidates often confuse LVM's flexibility features (like resizing and snapshots) with performance improvements or RAID capabilities, leading them to select options A or E, which are not inherent LVM benefits.

145
Drag & Dropmedium

Arrange the steps to configure a static IPv4 route in Red Hat Enterprise Linux.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static routes in RHEL are configured in interface configuration files by specifying GATEWAY and NETMASK, then restarting the network service.

146
Multi-Selecthard

Which two statements are true regarding network teaming (teamd) compared to bonding?

Select 2 answers
A.Teaming must be configured manually with configuration files only
B.Teaming supports more advanced features like load balancing and link monitoring
C.Bonding is deprecated in RHEL 8
D.Bonding does not support active-backup mode
E.Teaming uses the libteam library
AnswersB, E

Teaming provides advanced features not available in traditional bonding.

Why this answer

Option B is correct because teaming (teamd) provides advanced features such as IEEE 802.3ad load balancing, active-backup, and LACP support, along with more sophisticated link monitoring (e.g., ARP ping, NSNA) compared to the older bonding driver. Teaming uses the libteam library to offer a modular and extensible architecture, which is why option E is also correct.

Exam trap

The trap here is that candidates often assume bonding is deprecated or lacks features like active-backup, but Red Hat still supports bonding in RHEL 8, and the key differentiator is the userspace control and modularity of teaming, not a complete replacement.

147
MCQmedium

A user jdoe, who is a member of the group staff, reports they cannot access the directory /shared. The administrator runs getfacl /shared and receives the output shown. Which of the following explains the issue?

A.The group staff does not have execute permission
B.An ACL entry denies all permissions for jdoe
C.The mask entry restricts group permissions
D.The directory is read-only for the owner
AnswerB

The user:jdoe:--- entry denies everything.

Why this answer

Option B is correct: the ACL has an explicit deny entry for jdoe (user:jdoe:---) that overrides the group permissions. Option A is incorrect because group staff has rwx. Option C is incorrect because the owner has rwx.

Option D is incorrect because the mask is rwx and does not limit group.

148
MCQhard

Your organization has a shared directory /data/projects with permissions 2770 owned by root:projectmanagers. The directory is used by a team of developers who are all members of the 'developers' group. However, you need to ensure that any file created inside /data/projects automatically belongs to the 'developers' group, not the user's primary group. Additionally, you need to ensure that developers can delete only their own files, not those of others. Your IT security policy also requires that all user passwords must expire every 90 days and that new users should have a warning period of 7 days before expiration. Given the following options, which one describes the correct set of actions to achieve all these requirements?

A.Set setgid bit on /data/projects (chmod g+s), set sticky bit using chmod +t, use chage -M 90 -W 7 for each user, and ensure useradd defaults in /etc/login.defs have PASS_MAX_DAYS 90 and PASS_WARN_AGE 7.
B.Modify the umask of all users to 002, use chage -M 90 for all users, and set the setgid bit.
C.Use ACLs to set default group permissions, enable password aging by editing /etc/shadow directly, and set the sticky bit on the directory.
D.Set the setgid bit, create a cron job to change group ownership, and enforce password policy through pam_tally2.
AnswerA

All requirements are addressed: setgid for group inheritance, sticky bit for deletion control, and chage/login.defs for password aging.

Why this answer

Option A is correct. Setting the setgid bit (chmod g+s) on /data/projects ensures new files inherit the directory's group (developers). Setting the sticky bit (chmod +t) prevents users from deleting files they don't own.

For password aging, using chage -M 90 -W 7 for each user sets the maximum password age and warning period. Additionally, setting defaults in /etc/login.defs (PASS_MAX_DAYS 90 and PASS_WARN_AGE 7) ensures new users automatically get these settings. Option B omits setgid, uses direct shadow editing which is error-prone, and does not cover password aging defaults.

Option C uses a cron job unnecessarily and pam_tally2 for account locking, not aging. Option D uses umask changes (affects permissions, not group inheritance) and only sets max days, not warning; also does not address sticky bit.

149
Multi-Selectmedium

Which three of the following are required steps to create a new logical volume of 5GB in an existing volume group 'vg00'?

Select 3 answers
A.Create a logical volume with lvcreate
B.Format the logical volume with a filesystem (e.g., mkfs)
C.Mount the filesystem
D.Create a physical volume
E.Create a volume group
AnswersA, B, C

Necessary to create the new logical volume.

Why this answer

Option A is correct because `lvcreate` is the command used to create a new logical volume within an existing volume group. For a 5GB volume in vg00, the command would be `lvcreate -L 5G -n lvname vg00`. This step is mandatory to allocate the logical volume from the free extents in the volume group.

Exam trap

The trap here is that candidates confuse the entire LVM creation workflow (PV → VG → LV → filesystem → mount) with the steps required when the volume group already exists, leading them to incorrectly select D or E as necessary steps.

150
MCQhard

An administrator is tasked with deploying a containerized application on a Red Hat Enterprise Linux 8 server that is part of a high-security environment. The application must run as a non-root user inside the container. The container image is based on Red Hat Universal Base Image (UBI) and exposes port 443 for HTTPS. The administrator needs to ensure that the container can be restarted automatically if it crashes and that the application logs are persisted on the host in /var/log/app. The application requires a configuration file that is generated dynamically at startup and must be accessible to the container. The administrator has created a systemd service file for the container but wants to use Podman's built-in features to manage the container. Which approach meets all requirements?

A.Create a systemd service file using 'podman generate systemd' on a running container, then enable the service with 'systemctl enable --now container-myapp'. The container should be started with '--restart=always' and appropriate volume and port mappings.
B.Create a 'podman service' unit using 'podman service create' to manage the container with automatic restart and boot-start.
C.Run the container with 'podman run --restart=always -v /var/log/app:/var/log -p 443:443 myapp' and rely on the container's restart policy.
D.Use 'podman create --restart=on-failure -v /var/log/app:/var/log -p 443:443 myapp' and then start it with 'podman start'.
AnswerA

This integrates with systemd for boot-start and restart, and allows non-root user via '--user' in the container.

Why this answer

Option A is correct because 'podman generate systemd' creates a systemd service unit file that integrates Podman containers with systemd's process management, enabling automatic restart on crash via systemd's restart behavior (e.g., Restart=always) and boot-start with 'systemctl enable --now'. The volume mount (-v /var/log/app:/var/log) persists logs on the host, and the port mapping (-p 443:443) exposes HTTPS. This approach meets all requirements: non-root user (specified in the container image or via --user), dynamic config file (generated at startup and mounted or injected), and systemd-managed restart.

Exam trap

The trap here is that candidates confuse Podman's '--restart' flag (which is not supported) with Docker's restart policies, or assume 'podman service create' is a valid command, when the correct approach is to generate a systemd unit file with 'podman generate systemd' and manage the container via systemd.

How to eliminate wrong answers

Option B is wrong because 'podman service create' is not a valid Podman command; Podman does not have a 'service create' subcommand for managing containers—this is a Docker Swarm concept. Option C is wrong because '--restart=always' is not supported by Podman's 'podman run' command; Podman relies on external process managers like systemd for restart policies, and the container would not survive a host reboot or crash without systemd integration. Option D is wrong because 'podman create --restart=on-failure' is not a valid Podman option; Podman's '--restart' flag is only available with 'podman run' and is not recommended for production use without systemd, and 'podman start' does not enable automatic restart on crash or boot.

Page 1

Page 2 of 8

Page 3

All pages