Red Hat Certified System Administrator EX200 (EX200) — Questions 151225

527 questions total · 8pages · All types, answers revealed

Page 2

Page 3 of 8

Page 4
151
MCQeasy

A system administrator needs to find all files modified in the last 24 hours under /var/log. Which command accomplishes this?

A.find /var/log -ctime -1
B.find /var/log -atime -1
C.find /var/log -mmin 1440
D.find /var/log -mtime -1
AnswerD

-mtime -1 finds files modified in the last 24 hours.

Why this answer

Option D is correct because `find /var/log -mtime -1` searches for files under `/var/log` whose modification time (`mtime`) is less than 1 day ago (i.e., modified within the last 24 hours). The `-mtime` flag checks the last modification time of file content, which is the standard criterion for 'modified' files.

Exam trap

The trap here is confusing `-mtime -1` (modified within the last 24 hours) with `-mtime 1` (modified exactly 1 day ago) or with `-ctime` (metadata change), leading candidates to pick options that check the wrong timestamp or an exact time rather than a range.

How to eliminate wrong answers

Option A is wrong because `-ctime -1` checks the last change time of file metadata (inode change), not the modification of file content; this includes permission or ownership changes, not just content edits. Option B is wrong because `-atime -1` checks the last access time (read time), which is unrelated to file modification and can be misleading due to access caching. Option C is wrong because `-mmin 1440` checks for files modified exactly 1440 minutes ago (i.e., exactly 24 hours ago), not within the last 24 hours; the `-mmin` flag with a positive number matches files modified exactly that many minutes ago, not a range.

152
MCQmedium

After configuring sudo, a user reports: 'sudo: unable to open /etc/sudoers: Permission denied'. The admin checks the file permissions and sees '-rw-r-----' owned by root:root. What is the most likely cause?

A.The file is owned by the wrong user.
B.The sudo binary is missing the setuid bit.
C.The file permissions are too permissive (0640 instead of 0440).
D.SELinux is blocking access.
AnswerC

Sudo verifies that /etc/sudoers has strict permissions; 0640 includes write for owner, which is not allowed.

Why this answer

Option C is correct because the sudoers file requires strict permissions of 0440 (owner read, group read) to be considered secure by sudo. The current permissions of 0640 (owner read/write, group read) are too permissive, as they grant write access to the owner (root), which violates sudo's security model. When sudo detects that /etc/sudoers has permissions other than 0440, it refuses to open the file and reports 'Permission denied' to prevent potential tampering.

Exam trap

The trap here is that candidates assume 'Permission denied' always means the user lacks read access, but sudo specifically rejects files with write permissions for root to enforce its security policy, not because the user cannot read the file.

How to eliminate wrong answers

Option A is wrong because the file is owned by root:root, which is the correct ownership for /etc/sudoers; the issue is with permissions, not ownership. Option B is wrong because the sudo binary's setuid bit is unrelated to this error; the error message specifically references /etc/sudoers, not the sudo executable, and a missing setuid bit would cause a different error like 'sudo: must be setuid root'. Option D is wrong because SELinux would produce a different error message (e.g., 'Permission denied' with an AVC denial logged in audit.log) and the file permissions are the direct cause here; SELinux is not indicated by the given permission string.

153
Matchingmedium

Match each SELinux mode to its behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SELinux policy is enforced and denials are logged

Policy is not enforced but denials are logged

SELinux is turned off completely

Why these pairings

SELinux modes control how security policies are applied.

154
MCQeasy

A system administrator is trying to compress the contents of the directory /home/user/project into a tarball named project_backup.tar.gz using the command: tar -czf project_backup.tar.gz /home/user/project. The command completes without errors, but when the administrator tries to list the contents of the tarball using tar -tzf project_backup.tar.gz, it shows a leading slash (/) in the paths, like /home/user/project/file1. The administrator wants to create the tarball with relative paths instead. What change should be made to the tar command?

A.Use tar -czf project_backup.tar.gz --absolute-names /home/user/project
B.Use tar -czf project_backup.tar.gz -P /home/user/project
C.Use tar -czf project_backup.tar.gz -C /home/user project
D.Use tar -czf project_backup.tar.gz -h /home/user/project
AnswerC

The -C option changes to /home/user and then archives the 'project' directory, resulting in relative paths.

Why this answer

Option C is correct because the `-C` option changes the working directory to `/home/user` before archiving, so the argument `project` is interpreted as a relative path. This strips the leading slash and stores paths like `project/file1` instead of absolute paths. The `-C` option is the standard way to create tarballs with relative paths in a single command.

Exam trap

Red Hat often tests the `-C` option as the correct way to create tarballs with relative paths, and the trap here is that candidates mistakenly think `-P` or `--absolute-names` removes leading slashes, when in fact they preserve them.

How to eliminate wrong answers

Option A is wrong because `--absolute-names` (or `-P`) preserves absolute paths, which is the opposite of what the administrator wants. Option B is wrong because `-P` is the short form of `--absolute-names` and also preserves leading slashes, not removes them. Option D is wrong because `-h` (or `--dereference`) follows symlinks and archives the files they point to, but does not affect path stripping or relative path creation.

155
Multi-Selecteasy

Which TWO commands can be used to create a filesystem on a new partition? (Choose two.)

Select 2 answers
A.mount /dev/sdb1 /mnt
B.mkfs /dev/sdb1
C.parted /dev/sdb
D.mkfs.ext4 /dev/sdb1
E.fdisk /dev/sdb
AnswersB, D

mkfs creates a filesystem (default ext2).

Why this answer

B is correct because `mkfs` is the generic command to create a filesystem on a partition. D is correct because `mkfs.ext4` is a specific variant of `mkfs` that creates an ext4 filesystem. Both commands write the filesystem metadata to the partition, making it ready for mounting.

Exam trap

The trap here is that candidates confuse partition management commands (fdisk, parted) with filesystem creation commands (mkfs), or think that mounting a partition will automatically create a filesystem on it.

156
MCQmedium

An administrator receives an alert that a process named 'apache2' is consuming excessive CPU. The administrator needs to identify the PID of the process and then change its priority to the lowest possible value (least favorable scheduling). Which sequence of commands should be used?

A.pidof apache2; renice -n 20 -p <PID>
B.pidof apache2; renice -n 19 -p <PID>
C.ps -C apache2 -o pid=; renice -n -20 -p <PID>
D.ps aux | grep apache2; nice -n 19 <PID>
AnswerB

pidof gives PID, renice -n 19 sets low priority.

Why this answer

Option B is correct because `pidof apache2` retrieves the PID of the apache2 process, and `renice -n 19 -p <PID>` sets the priority to the lowest possible (least favorable) scheduling value. In Linux, `renice` accepts nice values from -20 (highest priority) to 19 (lowest priority), so 19 is the correct value for the least favorable scheduling.

Exam trap

Red Hat often tests the exact range of nice values (0-19 for non-root users, -20 to 19 for root) and the distinction between `nice` (for starting processes) and `renice` (for changing priority of running processes), leading candidates to confuse the two or use out-of-range values.

How to eliminate wrong answers

Option A is wrong because it uses `renice -n 20`, but the valid nice range is -20 to 19; a value of 20 is out of range and will be rejected or clamped. Option C is wrong because it uses `renice -n -20`, which sets the highest priority (most favorable scheduling), not the lowest. Option D is wrong because `nice` is used to start a new process with a given priority, not to change the priority of an existing process; also, the syntax `nice -n 19 <PID>` is incorrect as `nice` expects a command, not a PID.

157
MCQhard

Based on the exhibit, what is the most likely cause of the failure?

A.The SSH daemon is already running on another port.
B.Another process is already listening on port 22.
C.The sshd configuration file has a syntax error.
D.The service is not enabled.
AnswerB

Directly matches the error message.

Why this answer

Option B is correct because the status message explicitly says 'Address already in use', indicating another process is listening on the same port (port 22). Option A is ambiguous; the port conflict is precise. Option C would produce a different error.

Option D is incorrect because the service is enabled.

158
Multi-Selecteasy

Which TWO of the following are valid methods to enforce password complexity requirements on a Red Hat Enterprise Linux 9 system?

Select 2 answers
A.Using the pam_cracklib module
B.Using the passwd command with --stdin
C.Using the chage command
D.Editing the /etc/shadow file manually
E.Using the pam_pwquality module
AnswersA, E

pam_cracklib is the legacy module, still available and functional for password complexity.

Why this answer

Password complexity on RHEL 9 is enforced via PAM modules. The pam_pwquality module (replacement for pam_cracklib) and pam_cracklib itself are the standard tools. The other options do not directly enforce complexity.

159
MCQmedium

A web server is running in enforcing mode with SELinux, but Apache cannot read content in a custom directory /web. The directory has been labeled correctly with httpd_sys_content_t. However, access is still denied. What is the most likely cause?

A.SELinux boolean httpd_enable_homedirs is off.
B.The httpd process is running in permissive mode.
C.The directory has incorrect permissions of 700.
D.The files are labeled with default_t.
AnswerC

Permissions 700 deny access to others, including Apache.

Why this answer

The most likely cause is incorrect permissions on the directory. SELinux context is correct, so the issue is likely file permissions (e.g., 700). Option B relates to homedirs, C would be wrong label, D would allow everything.

160
MCQeasy

Refer to the exhibit. The SSH service has been running for 2 weeks. An administrator wants to restart the service without interrupting existing SSH connections. Which command should they use?

A.systemctl reload sshd
B.systemctl stop sshd; systemctl start sshd
C.kill -HUP 1234
D.systemctl restart sshd
AnswerA

Reload sends SIGHUP, causing sshd to reload configuration without interrupting existing connections.

Why this answer

Option A is correct because `systemctl reload sshd` sends a SIGHUP signal to the SSH daemon, instructing it to reload its configuration file without terminating existing connections. This is the standard method for applying configuration changes to services that support graceful reloads, such as sshd, which maintains persistent sessions by only re-reading its configuration and not restarting the process.

Exam trap

The trap here is that candidates confuse `reload` with `restart`, assuming both achieve the same result, but `restart` terminates all active connections while `reload` preserves them, and Red Hat often tests this distinction to catch those who overlook the 'without interrupting' requirement.

How to eliminate wrong answers

Option B is wrong because `systemctl stop sshd; systemctl start sshd` first stops the service, which kills all active SSH sessions, and then starts it again, causing disruption to users. Option C is wrong because `kill -HUP 1234` assumes PID 1234 is the sshd process, but this is unreliable; the PID may change after a restart, and using a hardcoded PID without verification can target the wrong process or fail entirely. Option D is wrong because `systemctl restart sshd` stops the service completely before starting it, which terminates all existing SSH connections, unlike a reload.

161
Matchingmedium

Match each user/group management command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Create a new user account

Modify an existing user account

Create a new group

Set or change a user's password

Why these pairings

These commands manage users and groups in RHEL.

162
MCQhard

An administrator accidentally deleted the group 'sales' which is the primary group of several users. What is the immediate effect on those users?

A.Their files will show a missing GID in directory listings
B.The system will recreate the group automatically
C.Their primary group will be changed to their UID
D.They will be unable to log in
AnswerA

The group is gone, so the numeric GID appears instead of a group name.

Why this answer

Option A is correct: after deleting a group, files owned by that group show the numeric GID, and ls -l will display the GID instead of group name. Users can still log in and their primary group remains set to the old GID in /etc/passwd. Option B is false.

Option C is false because the primary group GID is not automatically changed. Option D is false.

163
MCQhard

A system administrator is configuring a new RHEL 9 server with two 500GB SSDs. The requirement: create a 200GB XFS filesystem for /srv/data that is resilient to disk failure. The admin decides to create a RAID 1 (mirror) using mdadm with partitions on each disk: /dev/sda1 and /dev/sdb1, each 200GB. He creates the partitions with fdisk, then runs: mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1. The array is created and synced. He then creates a physical volume, volume group, and logical volume on top of /dev/md0, formats with XFS, and mounts. Later, a disk fails. After replacing the failed disk, he recreates the partition with identical size and runs: mdadm /dev/md0 --add /dev/sdb1. The command fails with 'Device /dev/sdb1 is busy'. What is the most likely cause?

A.The replacement disk was not initialized with an mdadm superblock before adding.
B.The kernel still sees the old partition table; need to run partprobe to reread the partition table.
C.The /dev/md0 array is still in a clean state and does not need the disk yet.
D.The /dev/sdb1 partition is already part of another md array.
AnswerB

After recreating partition, the kernel may still have old info; partprobe updates it.

Why this answer

Option B is correct because after replacing a failed disk and recreating the partition, the kernel's in-memory partition table still reflects the old state. The `mdadm --add` command fails with 'Device busy' because the kernel sees the old partition layout and may still hold references to the old partition. Running `partprobe` (or `partx -a`) forces the kernel to reread the partition table from the disk, clearing the stale state and allowing the new partition to be added to the RAID array.

Exam trap

The trap here is that candidates often assume the 'Device busy' error means the disk is already in use by another array or process, when in fact it is a stale partition table cache that prevents the kernel from recognizing the new partition.

How to eliminate wrong answers

Option A is wrong because mdadm does not require a separate superblock initialization on the replacement partition; the `--add` command will write the superblock automatically when the partition is added to the array. Option C is wrong because even if the array is in a clean state (e.g., degraded but functional), it still accepts a new disk to restore redundancy; the 'Device busy' error is unrelated to array state. Option D is wrong because there is no indication that /dev/sdb1 is part of another array; the error is due to the kernel's stale partition table, not membership in another md device.

164
Multi-Selecteasy

Which TWO of the following are valid ways to make a shell script executable?

Select 2 answers
A.bash script.sh
B.chmod 755 script.sh
C.. script.sh
D.chmod u+x script.sh
E.chmod +x script.sh
AnswersB, E

B is correct: sets rwxr-xr-x.

Why this answer

Option A and B are correct. 'chmod +x script.sh' adds execute permission, and 'chmod 755 script.sh' sets rwxr-xr-x. Option C is wrong because '. script.sh' sources the script but does not set execute permission. Option D is wrong because 'chmod u+x' is a subset of +x but still valid; however, the question asks for two, and A and B are the most common.

Option E is wrong because 'bash script.sh' runs without execute bit.

165
MCQeasy

Which file contains the list of filesystems to be mounted at system startup?

A./etc/fstab
B./etc/rc.local
C./etc/filesystems
D./etc/mtab
AnswerA

/etc/fstab defines persistent filesystem mounts.

Why this answer

The /etc/fstab file is the system configuration file that defines static filesystem information, including devices, mount points, filesystem types, mount options, dump frequency, and fsck pass order. During system startup, the mount -a command (typically run by systemd or init scripts) reads /etc/fstab to mount all filesystems listed there, making it the definitive source for automatic mounting at boot.

Exam trap

Red Hat often tests the distinction between /etc/fstab (static boot-time configuration) and /etc/mtab (dynamic current mount state), leading candidates to confuse the two because both contain mount information.

How to eliminate wrong answers

Option B is wrong because /etc/rc.local is a legacy script executed at the end of the boot process for custom commands, not a file that lists filesystems to be mounted; it is not read by the mount command for automatic mounting. Option C is wrong because /etc/filesystems is a deprecated file that lists supported filesystem types (e.g., ext4, xfs) for the mount command to probe, not a list of filesystems to mount at startup. Option D is wrong because /etc/mtab is a dynamically updated file showing currently mounted filesystems, maintained by the mount command, and is not used for boot-time mounting; it is often a symlink to /proc/mounts on modern systems.

166
MCQhard

A server has a software RAID 5 array /dev/md0. One of its disks fails. The administrator wants to replace it without rebooting. Which command should be used to mark the disk as failed?

A.mdadm --fault /dev/md0 /dev/sdb
B.echo faulty > /sys/block/md0/md/dev-sdb/state
C.mdadm --set-faulty /dev/md0 /dev/sdb
D.mdadm --fail /dev/md0 /dev/sdb
AnswerD

Correct: mdadm --manage with --fail.

Why this answer

The correct command to mark a disk as failed in a software RAID array without rebooting is `mdadm --fail /dev/md0 /dev/sdb`. This command tells the md driver to mark the specified disk as faulty, which triggers the RAID 5 array to degrade and allows the failed disk to be removed and replaced while the system remains online.

Exam trap

The trap here is that candidates confuse the valid `--fail` option with the non-existent `--fault` or `--set-faulty` options, or they incorrectly think the sysfs method is the standard command-line approach expected in the EX200 exam.

How to eliminate wrong answers

Option A is wrong because `mdadm --fault` is not a valid mdadm option; the correct option is `--fail` or `--set-faulty`. Option B is wrong because while writing 'faulty' to the sysfs attribute `/sys/block/md0/md/dev-sdb/state` can mark a disk as faulty, the correct string to write is 'faulty' (not 'faulty' with a typo, but the path uses 'dev-sdb' which is correct; however, the syntax shown is a valid alternative, but the question asks for the command, and this is a sysfs manipulation, not the standard mdadm command expected in the EX200 exam). Option C is wrong because `mdadm --set-faulty` is not a valid mdadm option; the correct option is `--fail`.

167
MCQhard

Refer to the exhibit. An administrator sees that a user from 192.168.1.101 cannot connect to the SSH server. Based on the log, what is the most probable cause?

A.The client's host key type is not supported by the server
B.The server's firewall is blocking the connection
C.The SSH service is not running
D.The client's IP is blacklisted
AnswerA

The log shows negotiation failure due to missing host key type.

Why this answer

Option A is correct. The log clearly states 'no matching host key type found'. This indicates the client offers host key types that the server does not support.

Option B is possible but not indicated in the log. Option C is unlikely because the service accepted connections from other IPs. Option D is not shown.

168
MCQeasy

Which file contains the hashed passwords for local user accounts?

A./etc/security/passwd
B./etc/passwd
C./etc/shadow
D./etc/gshadow
AnswerC

This is the file that stores hashed passwords.

Why this answer

The /etc/shadow file stores hashed passwords for local user accounts, along with password aging and expiration information. It is readable only by root (or privileged processes) to prevent unauthorized access to password hashes, unlike /etc/passwd which is world-readable.

Exam trap

Red Hat often tests the distinction between /etc/passwd (world-readable, stores user info but not hashes) and /etc/shadow (restricted, stores hashes), exploiting the common misconception that passwords are still in /etc/passwd.

How to eliminate wrong answers

Option A is wrong because /etc/security/passwd does not exist in standard Linux; it may be confused with /etc/security/opasswd (used by pam_pwhistory) or /etc/security/limits.conf, but none store hashed passwords. Option B is wrong because /etc/passwd historically stored password hashes but now uses an 'x' placeholder; it is world-readable and would expose hashes, so modern systems moved hashes to /etc/shadow. Option D is wrong because /etc/gshadow stores hashed passwords for group accounts (for group administrators), not for local user accounts.

169
MCQeasy

A user needs to view the last 15 lines of a log file that is constantly being updated. Which command should they use?

A.tail -n 15 /var/log/messages
B.tail -f /var/log/messages
C.cat /var/log/messages
D.head -15 /var/log/messages
AnswerA

Shows last 15 lines.

Why this answer

Option A is correct because the `tail -n 15 /var/log/messages` command displays the last 15 lines of the specified log file without following it. This meets the requirement to view the last 15 lines of a file that is constantly being updated, as it provides a static snapshot of the most recent entries.

Exam trap

The trap here is that candidates often confuse `tail -f` (which follows the file in real time) with `tail -n` (which shows a specific number of lines from the end), leading them to choose option B when the requirement is for a static view of the last lines.

How to eliminate wrong answers

Option B is wrong because `tail -f /var/log/messages` continuously follows the file, displaying new lines as they are appended, which does not limit the output to the last 15 lines and is not suitable for a one-time view. Option C is wrong because `cat /var/log/messages` outputs the entire file content, which is impractical for viewing only the last 15 lines, especially in a large log file. Option D is wrong because `head -15 /var/log/messages` displays the first 15 lines, not the last 15 lines, which is the opposite of what the user needs.

170
MCQmedium

A system administrator needs to create a shell script that checks if the user 'jdoe' exists in the system and, if not, creates the user with a home directory. The script should also verify that the creation was successful. Which of the following script snippets correctly implements this logic?

A.if grep -q '^jdoe:' /etc/passwd; then echo 'Exists'; else useradd 'jdoe' && echo 'Created'; fi
B.if id 'jdoe' &>/dev/null; then echo 'Exists'; else useradd -m 'jdoe' && echo 'Created' || echo 'Failed'; fi
C.if ! id 'jdoe' &>/dev/null; then useradd -m 'jdoe'; else echo 'Exists'; fi
D.[ -z $(id 'jdoe' 2>/dev/null) ] && useradd -m 'jdoe' && echo 'Created'
AnswerB

Correctly checks existence, creates with home dir, and verifies.

Why this answer

Option B is correct because it uses `id` to check for the user's existence (redirecting output to /dev/null to suppress messages), then uses `useradd -m` to create the user with a home directory. The `&&` and `||` operators ensure that success or failure of the creation is explicitly reported, fulfilling the requirement to verify successful creation.

Exam trap

Red Hat often tests the misconception that grepping /etc/passwd is sufficient for user existence checks, but the trap here is that modern systems may use remote authentication sources, so `id` is the correct command to query all NSS sources.

How to eliminate wrong answers

Option A is wrong because it greps /etc/passwd for '^jdoe:', which can produce false negatives if the user exists in LDAP or other NSS sources, and it does not create a home directory (missing -m). Option C is wrong because it does not verify that the creation was successful; it only runs useradd without checking its exit status. Option D is wrong because the `[ -z ... ]` test is unreliable (the command substitution may produce unexpected output or errors), and it does not handle the case where the user already exists (it would attempt to create the user again, which would fail).

171
MCQeasy

A critical service must restart automatically after a crash. Which systemd directive should be added to the [Service] section of the service unit file?

A.OnFailure=
B.Requires=
C.Restart=always
D.Wants=
AnswerC

Sets the service to restart after exit, including crashes.

Why this answer

Option A (Restart=always) is correct because it configures the service to restart automatically on failure. Option B (OnFailure=) invokes another unit on failure, not restart. Option C (Wants=) and Option D (Requires=) are dependency directives.

172
MCQmedium

A user reports that the Apache web server cannot serve the file /var/www/html/index.html on a RHEL 9 system when SELinux is in enforcing mode. Given the exhibit output, what is the most likely cause?

A.The firewalld service is blocking HTTP traffic on port 80.
B.The file is owned by root and Apache cannot read it.
C.The file permissions do not allow the apache user to read the file.
D.The SELinux context of the file is incorrect for web serving.
AnswerD

The context user_home_t is not allowed for httpd_t; it should be httpd_sys_content_t.

Why this answer

Option D is correct because the default SELinux context for files served by Apache in /var/www/html is `httpd_sys_content_t`. If the file has a different context (e.g., `unconfined_u:object_r:admin_home_t:s0`), SELinux will deny Apache read access even if standard Linux permissions are permissive. The `ls -Z` output would reveal the mismatch, and `restorecon -v /var/www/html/index.html` would fix it.

Exam trap

The trap here is that candidates often focus on file permissions or ownership (options B and C) because they are familiar from non-SELinux systems, but the question explicitly states SELinux is in enforcing mode, which overrides DAC permissions when a type mismatch exists.

How to eliminate wrong answers

Option A is wrong because firewalld blocking HTTP traffic would prevent remote clients from reaching the server, but the user reports the server cannot serve the file locally, and SELinux enforcing mode is the stated condition. Option B is wrong because file ownership by root does not inherently prevent Apache from reading it; Apache runs as the apache user and can read files owned by root if permissions allow (e.g., 644). Option C is wrong because the exhibit output (not shown here but implied) would show standard permissions like 644, which grant read access to the apache user; the issue is SELinux, not DAC permissions.

173
Multi-Selectmedium

Which TWO commands can be used to check the UUID of a filesystem on /dev/sda1?

Select 2 answers
A.e2label /dev/sda1
B.findmnt /dev/sda1
C.lsblk -o UUID /dev/sda1
D.blkid /dev/sda1
E.file -s /dev/sda1
AnswersC, D

Displays UUID.

Why this answer

The `blkid` command directly queries the UUID of a block device from the libblkid cache or by reading the filesystem superblock, and `lsblk -o UUID` filters the lsblk output to show only the UUID column for the specified device. Both commands reliably retrieve the UUID of /dev/sda1.

Exam trap

The trap here is that candidates confuse `e2label` (which only handles labels) with UUID retrieval, or assume `findmnt` shows UUIDs by default when it actually requires explicit column selection.

174
MCQhard

Refer to the exhibit. Which command would free up the most space immediately?

A.yum clean all
B.rm -rf /var/log/*
C.journalctl --vacuum-size=500M
D.logrotate -f /etc/logrotate.conf
AnswerC

Reduces journal log size to 500MB, freeing significant space.

Why this answer

Option C (journalctl --vacuum-size=500M) reduces the size of systemd journal logs in /var/log/journal, which is a major contributor. Option A deletes all logs including necessary ones. Option B rotates logs but may not free space if old logs are not deleted.

Option D clears package cache, not in /var/log.

175
MCQhard

A script uses 'read' to get user input and then performs an action based on the input. However, when the script is piped (e.g., './script.sh | othercommand'), the read command does not wait for input and the script continues with empty variable. How can this be fixed?

A.Use 'stdbuf -i0' before the script invocation to set stdin unbuffered
B.Use 'exec < /dev/tty' at the start of the script
C.Use 'read input < /dev/tty' instead of just 'read input'
D.Use 'read -t 0 input' to force immediate read
AnswerC

B is correct. This reads directly from the terminal.

Why this answer

Option B is correct because redirecting 'read' from /dev/tty forces it to read from the terminal even if stdin is a pipe. Option A is wrong because 'stdbuf' might not help with 'read'. Option C is wrong because 'read -t' sets a timeout, not a cure.

Option D is wrong because changing stdin for the whole script would break piping.

176
MCQeasy

Refer to the exhibit. An administrator runs lsblk and sees the above output. The administrator wants to mount /dev/sdb1 at /mnt/data. What should be done first?

A.Create the directory /mnt/data and then run mount
B.Run mount /dev/sdb1 /mnt/data
C.Run partprobe to detect the partition
D.Run mkfs.xfs /dev/sdb1
E.Edit /etc/fstab and add an entry
AnswerA

Correct. The mount point must exist before mounting.

Why this answer

Before mounting a filesystem, the mount point directory must exist. Option A correctly instructs to create /mnt/data with mkdir -p /mnt/data and then run mount /dev/sdb1 /mnt/data. Without the directory, the mount command will fail with a 'mount point does not exist' error.

Exam trap

Red Hat often tests the prerequisite of creating the mount point directory, tricking candidates who assume mount will create it automatically or who jump to formatting or fstab editing without verifying the directory exists.

How to eliminate wrong answers

Option B is wrong because it attempts to mount to a non-existent directory /mnt/data, which will fail. Option C is wrong because partprobe is used to inform the kernel of partition table changes, but the partition /dev/sdb1 already appears in lsblk output, so it is already detected. Option D is wrong because mkfs.xfs would create a new filesystem, potentially destroying existing data; the question only asks to mount the partition, not format it.

Option E is wrong because editing /etc/fstab is for persistent mounts across reboots, but the immediate step before mounting is to ensure the mount point exists.

177
MCQmedium

Given the exhibit, which statement is true about the file /project/report.txt?

A.Any user can read report.txt
B.Alice can write to report.txt
C.The file's group is wheel
D.Alice cannot write to report.txt because she is not the owner
AnswerB

Alice is a member of the staff group, which has read and write permissions on the file.

Why this answer

The exhibit shows that the file /project/report.txt has permissions -rw-rw-r--, owner alice, and group project. Alice is the owner, so she has the owner permissions (rw-), which include write access. Therefore, option B is correct because Alice can write to the file.

Exam trap

Red Hat often tests the misconception that only the owner can write to a file, but the correct interpretation depends on the permission bits; here, the owner has write permission, so Alice can write.

How to eliminate wrong answers

Option A is wrong because the file's 'other' permissions are r--, meaning users other than the owner and group members can only read, not write. Option C is wrong because the file's group is 'project', not 'wheel'. Option D is wrong because Alice is the owner of the file, and the owner permissions grant her write access, so she can write to the file.

178
MCQhard

A user executes the script shown in the exhibit with './export_script.sh' and then runs 'echo $MY_VAR' in the same terminal. The output is empty. Why does this happen?

A.The script lacks execute permissions
B.The script runs in a sub-shell, so exported variables are not available to the parent shell
C.The 'export' command is incorrectly placed after the variable assignment
D.The variable name should be in uppercase for it to be inherited
AnswerB

B is correct.

Why this answer

Option B is correct because exporting a variable in a sub-process (the script) does not affect the parent shell's environment. Option A is wrong because 'export' is used correctly syntactically. Option C is wrong because the script is executable and runs.

Option D is wrong because the variable is set and exported in the script's environment.

179
MCQmedium

A system administrator runs 'mount -a' and receives an error: 'mount: /mnt/nfs: mount point does not exist'. The /etc/fstab entry is: server:/export /mnt/nfs nfs defaults 0 0. What is the most likely cause?

A.The directory /mnt/nfs does not exist
B.The 'defaults' option does not include '_netdev'
C.The filesystem type should be 'nfs4'
D.The NFS server is unreachable
AnswerA

Correct: The mount point must exist before mounting.

Why this answer

The error message 'mount: /mnt/nfs: mount point does not exist' explicitly indicates that the directory /mnt/nfs is missing. The 'mount -a' command processes all entries in /etc/fstab, and for each filesystem, it requires the mount point directory to exist before the mount can succeed. Since the directory is absent, the mount fails immediately, regardless of the NFS server status or filesystem type.

Exam trap

Red Hat often tests the distinction between mount point existence errors and network connectivity errors, trapping candidates who assume the issue is with NFS configuration or server reachability when the error message clearly points to a missing local directory.

How to eliminate wrong answers

Option B is wrong because the '_netdev' option is used to indicate that the filesystem requires network access, which is relevant for systemd ordering but does not affect the mount point existence check; the error is about a missing directory, not network dependency. Option C is wrong because 'nfs' is a valid filesystem type that auto-negotiates the NFS version (including NFSv4) with the server; specifying 'nfs4' is not required and would not resolve a missing mount point. Option D is wrong because an unreachable NFS server would produce a different error, such as 'mount.nfs: Connection timed out' or 'No route to host', not a 'mount point does not exist' error.

180
MCQeasy

A system administrator has created a new group named 'ops'. The administrator wants to add the existing user 'alice' to this group as a supplementary group without affecting her current group memberships. Which command should be used?

A.usermod -aG ops alice
B.usermod -G ops alice
C.groupadd ops alice
D.usermod -g ops alice
AnswerA

The -aG flag appends the user to the supplementary group 'ops' while preserving existing group memberships.

Why this answer

Option A is correct because the `-a` (append) flag combined with `-G` (supplementary groups) in `usermod` adds the user 'alice' to the 'ops' group without removing her from any existing supplementary groups. Without `-a`, the `-G` flag alone would replace the user's current supplementary group list with only the specified groups, which would remove her from any other groups she already belongs to.

Exam trap

The trap here is that candidates often forget the `-a` flag and choose `usermod -G ops alice`, mistakenly thinking it adds the user to the group, when in fact it replaces all supplementary group memberships.

How to eliminate wrong answers

Option B is wrong because `usermod -G ops alice` without the `-a` flag sets the user's supplementary groups to exactly 'ops', overwriting and removing all other supplementary group memberships. Option C is wrong because `groupadd` creates a new group, not a user; the syntax `groupadd ops alice` is invalid and would fail or be misinterpreted. Option D is wrong because `usermod -g ops alice` changes the user's primary group (the group listed in /etc/passwd) to 'ops', not a supplementary group, and would alter the default group ownership for files created by alice.

181
Multi-Selectmedium

An administrator is configuring a new filesystem for a database server that requires high performance and reliability. Which two features should be considered when choosing between ext4 and XFS? (Choose two.)

Select 2 answers
A.Ext4 supports larger files than XFS
B.XFS is optimized for parallel I/O
C.Ext4 has better online resizing capabilities
D.Ext4 supports subvolume snapshots
E.XFS has robust metadata integrity features
AnswersB, E

XFS is designed for high performance with parallel I/O workloads.

Why this answer

B is correct because XFS is designed for high-performance, parallel I/O workloads, using allocation groups that allow concurrent operations, making it ideal for database servers. E is correct because XFS employs checksums in its metadata (since RHEL 7) and self-healing capabilities via the reflink feature, providing robust integrity against corruption.

Exam trap

Red Hat often tests the misconception that ext4 is superior for all general-purpose workloads, but the trap here is that candidates overlook XFS's parallel I/O optimization and metadata integrity features, which are specifically required for high-performance database servers.

182
MCQmedium

Which command is used to display all block devices that have a filesystem of type XFS?

A.lsblk -f
B.findmnt -t xfs
C.blkid -t TYPE=xfs
D.df -t xfs
AnswerC

blkid -t filters by filesystem type.

Why this answer

The `blkid -t TYPE=xfs` command queries the libblkid library to list all block devices whose filesystem type is exactly XFS. It directly filters by the TYPE attribute, making it the most precise tool for this specific task.

Exam trap

The trap here is that candidates confuse commands that show mounted filesystems (findmnt, df) with commands that scan all block devices (blkid, lsblk), leading them to pick an option that only lists mounted XFS filesystems instead of all block devices with an XFS filesystem.

How to eliminate wrong answers

Option A is wrong because `lsblk -f` displays all block devices with their filesystem information (including type, label, UUID), but it does not filter by filesystem type; it shows everything, requiring manual inspection to find XFS devices. Option B is wrong because `findmnt -t xfs` lists mounted filesystems of type XFS, not all block devices with an XFS filesystem (unmounted devices are excluded). Option D is wrong because `df -t xfs` reports disk space usage for mounted XFS filesystems only, not all block devices with an XFS filesystem.

183
MCQhard

Which of the following is true regarding shrinking logical volumes?

A.You can reduce a volume while it is mounted if you use resize2fs
B.XFS filesystems cannot be shrunk
C.Reducing an LVM volume is a simple process
D.Ext4 filesystems support online shrinking
AnswerB

XFS can only be grown, not shrunk.

Why this answer

B is correct because XFS filesystems do not support shrinking. The XFS design is based on allocation groups and a log-structured metadata layout that makes online or offline shrinking infeasible without significant filesystem restructuring. This is a fundamental limitation of XFS, unlike ext4 which can be shrunk offline.

Exam trap

Red Hat often tests the misconception that all filesystems can be shrunk similarly, but the trap here is that XFS is fundamentally unshrinkable, and candidates confuse online resizing (which XFS supports for growth) with shrinking.

How to eliminate wrong answers

Option A is wrong because resize2fs can only shrink ext2/3/4 filesystems while unmounted; shrinking a mounted ext4 filesystem is not supported and will cause corruption. Option C is wrong because reducing an LVM volume is not a simple process; it requires multiple steps: unmounting the filesystem, running fsck, shrinking the filesystem with resize2fs (for ext4), then reducing the logical volume with lvreduce, and finally remounting. Option D is wrong because ext4 filesystems do not support online shrinking; they can only be shrunk when unmounted, and resize2fs requires the filesystem to be offline for shrink operations.

184
MCQhard

A system administrator wants to allow user 'jdoe' to execute any command as root via sudo without being prompted for a password, but only from the host 'client1.example.com'. Which sudoers rule achieves this?

A.jdoe client1.example.com=(root) NOPASSWD: ALL
B.jdoe client1.example.com=(root) ALL
C.jdoe ALL=(root) NOPASSWD: ALL
D.jdoe ALL=(root) ALL
AnswerA

Correct syntax: user host_list=(runas) TAG: command.

Why this answer

Option A is correct because the sudoers rule 'jdoe client1.example.com=(root) NOPASSWD: ALL' specifies the user 'jdoe', the host 'client1.example.com' as the source host from which the command is run, the target user '(root)', the NOPASSWD tag to skip password authentication, and the command 'ALL' to allow any command. This matches the requirement exactly: passwordless root access restricted to a specific client host.

Exam trap

The trap here is that candidates often forget the NOPASSWD tag when passwordless access is required, or they use 'ALL' for the host list instead of specifying the exact hostname, assuming 'ALL' means 'all commands' rather than 'all hosts'.

How to eliminate wrong answers

Option B is wrong because it omits the NOPASSWD tag, so 'jdoe' would still be prompted for a password when running sudo commands from client1.example.com. Option C is wrong because it uses 'ALL' as the host specification, allowing the rule to apply from any host, not just client1.example.com. Option D is wrong because it both omits the NOPASSWD tag and uses 'ALL' for the host, allowing password-protected sudo from any host.

185
Multi-Selectmedium

Which TWO methods correctly create a variable containing the number of regular files in the current directory (excluding . and ..)?

Select 2 answers
A.count=$(ls -1A | wc -l)
B.count=$(find . -maxdepth 1 -type f -printf '.' | wc -c)
C.count=$(stat -c%F * | grep -c 'regular file')
D.count=$(ls -1 | wc -l)
E.count=$(find . -maxdepth 1 -type f | wc -l)
AnswersB, E

Prints a dot per file; wc -c counts dots, immune to spaces/newlines in filenames.

Why this answer

Option B uses find with -type f to count files, correctly handling filenames with spaces. Option D uses find with -printf to print a character per file, then wc -c counts characters. Option A includes directories.

Option C uses ls -1A which shows all entries including directories. Option E uses stat but misses hidden files due to glob * not including dot files.

186
Multi-Selecteasy

Which two commands can be used to create a new partition on a disk without erasing existing partitions? (Choose two.)

Select 2 answers
A.mkswap
B.fdisk
C.dd
D.parted
E.wipefs
AnswersB, D

Correct. fdisk can add partitions interactively.

Why this answer

The `fdisk` command is a disk partitioning tool that allows you to create, delete, and modify partitions on a disk without erasing existing partitions, as long as there is unallocated space. It operates on the MBR or GPT partition table and writes changes only when explicitly saved, preserving existing partition entries.

Exam trap

The trap here is that candidates may confuse `mkswap` or `wipefs` as partition-creation tools because they are commonly used in storage setup workflows, but neither actually creates a partition entry in the partition table.

187
MCQmedium

A technician runs 'mkfs.xfs /dev/sdb1' and later mounts it. The file system is reported as having a block size of 1024 bytes. What is the most likely reason?

A.The administrator used the -b size=1024 option.
B.The block size setting was ignored due to a kernel limitation.
C.The default block size for XFS is 1024 bytes.
D.The partition size is less than 1GB, so mkfs.xfs automatically used a 1024-byte block size.
AnswerD

XFS reduces block size for small file systems to improve space efficiency.

Why this answer

Option D is correct because mkfs.xfs automatically selects a 1024-byte block size when the underlying partition is smaller than 1 GB. This is a built-in heuristic in the XFS filesystem to optimize metadata overhead and space utilization on small volumes. The technician did not specify a block size, so the tool applied this default behavior based on partition size.

Exam trap

Red Hat often tests the misconception that XFS always uses a 4096-byte block size, leading candidates to overlook the automatic block size reduction on small partitions.

How to eliminate wrong answers

Option A is wrong because the technician did not use the -b size=1024 option; the question states the command was run without any block size argument. Option B is wrong because there is no kernel limitation that ignores or overrides the block size setting; the kernel fully supports the specified block size. Option C is wrong because the default block size for XFS is 4096 bytes, not 1024 bytes; the 1024-byte block size is only used automatically for partitions smaller than 1 GB.

188
Multi-Selectmedium

Which THREE commands are used to manage SELinux file security contexts? (Select exactly three.)

Select 3 answers
A.setenforce
B.chcon
C.selinux
D.semanage fcontext
E.restorecon
AnswersB, D, E

Changes the SELinux context of a file.

Why this answer

chcon changes context manually, restorecon restores default context, and semanage fcontext manages file context definitions. setenforce toggles enforcing/permissive, and selinux is not a command.

189
Multi-Selectmedium

Which THREE of the following are common practices to improve the reliability of shell scripts?

Select 3 answers
A.Always quote variable expansions unless word splitting is intended
B.Use 'echo "Error"' for error messages without redirection
C.Include 'set -u' to abort on unset variables
D.Include 'set -e' at the top of the script to exit on error
E.Use 'cat' to read files line by line in while loops
AnswersA, C, D

C is correct.

Why this answer

Options A, B, and C are correct. A: Using 'set -e' exits on error. B: Using 'set -u' treats unset variables as errors.

C: Quoting variables prevents word splitting. Option D is wrong because using 'cat' inside loops is inefficient; use I/O redirection. Option E is wrong because using 'echo' for errors is not ideal; use '>&2' to redirect to stderr.

190
MCQeasy

A system administrator needs to create a file system on a new 10GB partition /dev/sdb1 for use with a database that requires high reliability and supports snapshots. Which file system type should be chosen?

A.xfs
B.ext4
C.vfat
D.btrfs
AnswerA

XFS is the default file system in RHEL 9, supports snapshots via LVM, and is optimized for large files.

Why this answer

XFS is the correct choice because it is a high-performance, 64-bit journaling file system that supports snapshots via LVM or external tools, and is designed for large files and partitions. For a database requiring high reliability and snapshot capabilities, XFS provides robust data integrity features and is the default file system in Red Hat Enterprise Linux 8 and later, making it the recommended option for this scenario.

Exam trap

The trap here is that candidates may choose btrfs because it natively supports snapshots, but the EX200 exam expects XFS as the default RHEL file system for high-reliability production use, and btrfs is not covered as a standard option in the exam objectives.

How to eliminate wrong answers

Option B (ext4) is wrong because while ext4 is a reliable journaling file system, it does not natively support snapshots; snapshots require LVM or other external mechanisms, and ext4 is less optimized for very large partitions and high-concurrency database workloads compared to XFS. Option C (vfat) is wrong because vfat is a simple, non-journaling file system designed for compatibility with legacy systems and removable media; it lacks journaling, reliability features, and snapshot support, making it unsuitable for a database. Option D (btrfs) is wrong because although btrfs supports snapshots and checksumming, it is not the default file system in RHEL and is considered less mature for production database use; the EX200 exam focuses on XFS as the standard choice for high-reliability scenarios.

191
Multi-Selecteasy

Which TWO commands can be used to create a new directory that will serve as a mount point?

Select 2 answers
A.install -d /mnt/newmount
B.touch /mnt/newmount
C.ln -s /mnt /mnt/newmount
D.mkdir /mnt/newmount
E.ln /mnt /mnt/newmount
AnswersA, D

Creates directory.

Why this answer

Option A is correct because `install -d /mnt/newmount` creates the directory `/mnt/newmount` if it does not already exist, setting it up as a mount point. Option D is correct because `mkdir /mnt/newmount` is the standard command to create a directory, which can then be used as a mount point for a filesystem.

Exam trap

Red Hat often tests the distinction between creating a file (`touch`) and creating a directory (`mkdir` or `install -d`), leading candidates to mistakenly think any new filesystem object can serve as a mount point.

192
Multi-Selectmedium

Which THREE statements about container storage in podman are correct? (Choose THREE.)

Select 3 answers
A.Podman volumes can only be managed by podman volume commands, not manually.
B.The --storage-opt flag can be used to set options for the container's writable layer.
C.Rootless containers cannot use the overlay filesystem driver.
D.Bind mounts mount a host directory into the container.
E.Container images are stored in layers, each representing a set of filesystem changes.
AnswersB, D, E

Allows advanced storage configuration.

Why this answer

Option B is correct because the `--storage-opt` flag in Podman allows you to pass options directly to the container's storage driver, such as setting the size of the container's writable layer (e.g., `--storage-opt size=10G`). This is a feature of the container storage stack (containers/storage) that Podman uses, enabling fine-grained control over the writable layer's behavior without affecting the image layers.

Exam trap

Red Hat often tests the misconception that rootless containers cannot use overlay filesystems, but in modern Linux kernels (5.11+) with `userxattr` or via `fuse-overlayfs`, rootless overlay is fully supported.

193
Multi-Selecteasy

Which TWO commands can be used to add a user to an existing supplementary group without removing them from other groups?

Select 2 answers
A.groupmod -a user group
B.usermod -a -G group user
C.usermod -g group user
D.usermod -G group user
E.gpasswd -a user group
AnswersB, E

The -a option appends to existing supplementary groups.

Why this answer

Options A and B are correct. usermod -a -G group user appends the group to existing supplementary groups. gpasswd -a user group adds the user to the group. Option C replaces all supplementary groups. Option D is not a valid command.

Option E changes the primary group.

194
MCQmedium

The administrator wants to mount a new filesystem on /dev/sdb1 with the label 'backup' and mount it at /mnt/backup. Which commands achieve this?

A.parted /dev/sdb mkpart primary xfs 0% 100% && mkfs.xfs -L backup /dev/sdb1
B.mkfs.xfs /dev/sdb1 && xfs_admin -L backup /dev/sdb1 && mount -L backup /mnt/backup
C.mkfs.xfs -L backup /dev/sdb1 && mount /dev/sdb1 /mnt/backup
D.mkfs.ext4 -L backup /dev/sdb1 && echo '/dev/sdb1 /mnt/backup ext4 defaults 0 0' >> /etc/fstab
AnswerC

Correct: Creates XFS with label and mounts.

Why this answer

Option C is correct because it first creates an XFS filesystem with the label 'backup' on /dev/sdb1 using mkfs.xfs -L backup, then mounts the device directly to /mnt/backup with mount /dev/sdb1 /mnt/backup. This sequence properly formats the partition and mounts it without requiring additional steps or incorrect commands.

Exam trap

The trap here is that candidates may confuse the need to create a partition first (Option A) or use ext4 (Option D), or they may think that setting a label after mkfs and mounting by label (Option B) is valid, but the correct sequence is to create the filesystem with the label and then mount by device path.

How to eliminate wrong answers

Option A is wrong because parted does not create a filesystem; it only creates a partition, and the mkpart command syntax is incomplete (missing filesystem type and partition type). Option B is wrong because xfs_admin -L backup cannot change the label of an XFS filesystem that is already mounted or without the filesystem being unmounted first, and mount -L backup uses the label but the label hasn't been set correctly before mounting. Option D is wrong because it creates an ext4 filesystem instead of XFS, and while it adds an fstab entry, it does not actually mount the filesystem immediately, failing the requirement to mount it at /mnt/backup.

195
MCQhard

An administrator wants to add the two 2G disks (sdc and sdd) as physical volumes, extend the 'data' logical volume in volume group 'vg' by 2G, and grow the filesystem. Which sequence of commands should be used?

A.pvcreate /dev/sdc /dev/sdd; vgextend vg /dev/sdc /dev/sdd; lvresize -L 2G /dev/vg/lv_data; xfs_growfs /data
B.pvcreate /dev/sdc /dev/sdd; vgextend vg /dev/sdc /dev/sdd; lvextend -L +2G /dev/vg/lv_data; resize2fs /dev/vg/lv_data
C.pvcreate /dev/sdc /dev/sdd; vgextend vg /dev/sdc; vgextend vg /dev/sdd; lvextend -L +2G /dev/vg/lv_data; xfs_growfs /dev/vg/lv_data
D.pvcreate /dev/sdc /dev/sdd; vgextend vg /dev/sdc /dev/sdd; lvextend -L +2G /dev/vg/lv_data; xfs_growfs /data
AnswerD

Correct sequence: create PVs, extend VG, extend LV by 2G, grow XFS filesystem.

Why this answer

Option D is correct because it follows the correct sequence: create physical volumes on both disks, extend the volume group with both disks in a single command, extend the logical volume by exactly 2G using the `+` sign, and then grow the XFS filesystem using `xfs_growfs` with the mount point `/data`. The `+` in `lvextend -L +2G` is critical to add 2G rather than resize to 2G total, and `xfs_growfs` requires the mount point (or a block device) for XFS filesystems.

Exam trap

The trap here is that candidates often confuse the `-L` option with and without the `+` sign, and mistakenly use `resize2fs` for XFS filesystems, or use `lvresize` instead of `lvextend` without the correct syntax for adding space.

How to eliminate wrong answers

Option A is wrong because `lvresize -L 2G` (without the `+`) would resize the logical volume to exactly 2G, not add 2G, and it uses `lvresize` instead of `lvextend` (though functionally similar, the intent is extension). Option B is wrong because it uses `resize2fs` which is for ext2/3/4 filesystems, not XFS; the filesystem on `/data` is XFS, so `xfs_growfs` must be used. Option C is wrong because it splits the `vgextend` into two separate commands (which is redundant but not incorrect), but more critically it uses `xfs_growfs /dev/vg/lv_data` with the block device path instead of the mount point; while `xfs_growfs` can accept a block device, the mount point is the standard and safer approach, and the question explicitly states 'grow the filesystem' which implies using the mount point.

196
MCQeasy

A script contains: lines=$(wc -l /etc/passwd); echo $((lines+1)). The output is unexpected. What is the problem?

A.lines contains a string including the filename, not just a number.
B.wc -l requires the -c option to count correctly.
C.The script has a syntax error in the echo command.
D.$((...)) cannot read a variable from command substitution.
AnswerA

wc -l outputs 'number filename', so lines is not a pure integer.

Why this answer

Option A is correct because wc -l output includes the filename, making $lines a string such as '45 /etc/passwd', which cannot be used in arithmetic. Option B is incorrect because -c counts characters. Option C is misleading; $((...)) works on integers.

Option D is wrong because the syntax is valid.

197
Multi-Selecteasy

Which TWO commands can be used to view recent systemd journal logs for the current boot?

Select 2 answers
A.journalctl -p err
B.journalctl --list-boots
C.journalctl -b
D.journalctl --boot
E.journalctl --since today
AnswersC, D

Shorthand for --boot.

Why this answer

Options A and B are both correct. 'journalctl --boot' and 'journalctl -b' are equivalent and show logs from the current boot. Option C shows logs from today only, not limited to current boot. Option D lists available boots but does not display logs.

Option E filters by priority level.

198
MCQhard

A system administrator wants to monitor all files in /var/log that are currently being written to by processes. Which command shows file descriptors that are open for writing by any process?

A.inotifywait -m /var/log
B.lsof +D /var/log | grep -E '(REG|DIR).*[0-9]+[w]'
C.fuser -v /var/log
D.lsof /var/log
AnswerB

lsof +D recursively lists open files in directory, and the grep filters for regular files with write access.

Why this answer

Option B is correct because `lsof +D /var/log` lists all open file descriptors under the /var/log directory recursively, and the `grep` pattern `(REG|DIR).*[0-9]+[w]` filters for regular files or directories with a write file descriptor (the 'w' in the file descriptor mode column). This directly shows which files are currently being written to by any process.

Exam trap

The trap here is that candidates often pick `inotifywait` (option A) because it monitors writes in real-time, but the question asks for files *currently being written to* (current state), not future events, and `lsof` is the correct tool for listing open descriptors.

How to eliminate wrong answers

Option A is wrong because `inotifywait -m /var/log` monitors filesystem events (like writes) in real-time but does not show currently open file descriptors; it only reports events as they happen, not the current state. Option C is wrong because `fuser -v /var/log` shows processes using the /var/log directory itself (as a file or mount point), not the individual files within it that are open for writing. Option D is wrong because `lsof /var/log` without the `+D` flag only lists open file descriptors for the /var/log directory itself, not recursively for all files inside it.

199
MCQmedium

Refer to the exhibit. An administrator needs to free up space in the /backup filesystem. Which of the following actions would be MOST effective?

A.Increase the size of the logical volume
B.Remove unnecessary files in /backup
C.Delete old log files in /var/log
D.Use lvreduce to shrink the logical volume
AnswerB

Directly removing unneeded files from the mounted /backup filesystem frees space.

Why this answer

Option B is correct because the most direct way to free up space in the /backup filesystem is to remove unnecessary files stored there. This action immediately reclaims available space without altering the underlying logical volume or affecting other filesystems.

Exam trap

The trap here is that candidates may confuse freeing space in a filesystem with managing the underlying logical volume, leading them to choose lvreduce or lvextend instead of the simple file removal that directly addresses the space shortage.

How to eliminate wrong answers

Option A is wrong because increasing the size of the logical volume (e.g., with lvextend) does not free up space; it consumes additional free space from the volume group, potentially worsening the shortage. Option C is wrong because deleting old log files in /var/log frees space in the /var filesystem, not in /backup, unless /var/log is mounted under /backup, which is not indicated. Option D is wrong because using lvreduce to shrink the logical volume reduces the available space in /backup, which is the opposite of freeing up space and could cause data loss if the filesystem is not resized first.

200
MCQhard

Refer to the exhibit. A web server runs as user 'apache'. The directory /var/www/html is owned by root:root with permissions 755. The administrator wants to allow the user 'webuser' to upload files to /var/www/html via SFTP. Which step is necessary to achieve this?

A.Change webuser's shell to /bin/bash to allow SFTP login
B.Change group ownership of /var/www/html to a group that includes webuser and add group write permission
C.Change the SELinux context of /var/www/html to httpd_sys_rw_content_t
D.Set an ACL on /var/www/html to grant webuser write access
AnswerB

This gives webuser write access via group membership.

Why this answer

Option B is correct because the directory /var/www/html is owned by root:root with permissions 755, meaning only root can write. To allow webuser to upload files via SFTP, the directory needs group write permission. Changing the group ownership to a group that includes webuser and adding group write permission (e.g., chgrp webgroup /var/www/html && chmod g+w /var/www/html) grants the necessary write access without altering ownership or security contexts.

Exam trap

The trap here is that candidates may overthink and choose ACLs (Option D) as a 'modern' solution, but the question tests the fundamental Linux permission model where group write permission is the simplest and most direct method, especially when the directory is already group-owned by root and needs a new group.

How to eliminate wrong answers

Option A is wrong because changing webuser's shell to /bin/bash is not required for SFTP; SFTP uses the SSH subsystem and works with any valid shell, but the default shell (often /sbin/nologin) can still allow SFTP if configured in sshd_config (e.g., Subsystem sftp internal-sftp). Option C is wrong because the SELinux context httpd_sys_rw_content_t is used for read-write access by the Apache HTTP server, not for SFTP uploads by a non-Apache user; the correct context for SFTP uploads would be public_content_rw_t or similar, but the question does not mention SELinux enforcement. Option D is wrong because setting an ACL on /var/www/html to grant webuser write access would work technically, but the question asks for a step 'necessary' to achieve the goal; the simpler and more standard approach is to use group ownership and permissions, and ACLs are not required unless the directory must remain owned by root:root with 755 permissions for other users.

201
MCQhard

You maintain a script that performs a long-running task and must clean up temporary files if the script is interrupted. The script uses: #!/bin/bash tempfile=$(mktemp) trap "rm -f $tempfile" EXIT # long task sleep 100 You notice that if the script receives SIGINT (Ctrl+C), the temporary file is not removed. Investigation shows that the trap on EXIT is not executed on SIGINT. Which modification should be made?

A.Move the trap inside a subshell: (trap ... EXIT; long task).
B.Change `trap ... EXIT` to `trap ... 0`.
C.Add `set -e` at the beginning of the script.
D.Add a trap for INT: `trap "rm -f $tempfile; exit" INT`.
AnswerD

This catches SIGINT and performs cleanup then exits.

Why this answer

Option B is correct because adding a separate trap for INT ensures cleanup on Ctrl+C. Option A (adding 'set -e') does not help. Option C using 'EXIT' with 0 is same as EXIT; not triggered on SIGINT.

Option D putting the trap in a subshell would only affect the subshell.

202
MCQeasy

A security policy requires that all files in /home have the default SELinux context for user home directories. Which command recursively restores the default context?

A.restorecon -Rv /home
B.semanage fcontext -a -t user_home_t /home
C.chcon -Rv default_t /home
D.setfiles -Rv /home
AnswerA

Restores default SELinux contexts recursively.

Why this answer

Option A is correct because `restorecon -Rv /home` recursively resets the SELinux context of all files under `/home` to the default type defined in the SELinux policy for user home directories (typically `user_home_t`). The `-R` flag enables recursion, and `-v` provides verbose output, ensuring compliance with the security policy requirement.

Exam trap

The trap here is that candidates often confuse `restorecon` with `chcon` or `semanage fcontext`, mistakenly thinking that adding a rule with `semanage` or manually setting a context with `chcon` is sufficient, when in fact only `restorecon` (or `setfiles`) applies the policy-defined default context to existing files.

How to eliminate wrong answers

Option B is wrong because `semanage fcontext -a -t user_home_t /home` adds a new default context rule to the SELinux policy database, but it does not immediately apply the context to existing files; a subsequent `restorecon` or `setfiles` is needed to actually relabel the files. Option C is wrong because `chcon -Rv default_t /home` manually sets the context to `default_t`, which is not the correct default type for user home directories (the correct type is `user_home_t`), and `chcon` does not use the policy database, so changes are not persistent after a full relabel. Option D is wrong because `setfiles -Rv /home` is used to relabel files based on a file context specification file (usually `/etc/selinux/targeted/contexts/files/file_contexts`), but it requires root and is typically used for initial labeling or after policy changes, not for simply restoring the default context as `restorecon` does; `setfiles` is more complex and not the standard command for this routine task.

203
MCQeasy

An administrator needs to add a new 20GB disk /dev/sdb to a RHEL 9 server and mount it permanently at /data. The disk is unpartitioned. Which sequence of commands correctly accomplishes this?

A.fdisk /dev/sdb → mkfs.ext4 /dev/sdb1 → mount /dev/sdb1 /data
B.mkfs.ext4 /dev/sdb → mount /dev/sdb /data
C.parted /dev/sdb → mkfs.ext4 /dev/sdb1 → mount /dev/sdb1 /data
D.fdisk /dev/sdb → mkfs.ext4 /dev/sdb1 → echo '/dev/sdb1 /data ext4 defaults 0 0' >> /etc/fstab → mount -a
AnswerD

Creates partition, filesystem, persistent mount, and mounts all.

Why this answer

Option D is correct because it follows the proper sequence for adding a new unpartitioned disk: create a partition with fdisk, format the partition with mkfs.ext4, add an entry to /etc/fstab for permanent mounting, and then use mount -a to mount all filesystems from fstab. This ensures the disk is mounted persistently across reboots, which is required by the question.

Exam trap

The trap here is that candidates often forget the fstab step for permanent mounting, assuming mount alone makes it persistent, or they attempt to format the whole disk without partitioning, which is not the standard procedure for a new disk in RHEL.

How to eliminate wrong answers

Option A is wrong because it omits the critical step of adding the mount to /etc/fstab, so the mount is not permanent; after reboot, /data would not be mounted. Option B is wrong because it attempts to create a filesystem directly on the whole disk (/dev/sdb) without partitioning, which is not standard practice and may cause issues with tools expecting a partition table; also, it lacks the fstab entry for permanent mounting. Option C is wrong because while parted can create partitions, the sequence shown does not include creating the partition (only launching parted) and then directly formatting /dev/sdb1, which does not exist; additionally, it lacks the fstab entry.

204
MCQeasy

During boot, a custom application fails because the /data file system is not mounted. Upon investigation, the administrator sees an error 'UUID=abc123 not found' in the logs. Which command should the administrator use to correct the /etc/fstab entry?

A.blkid /dev/sdb1
B.mount -a
C.xfs_info /dev/sdb1
D.fdisk -l /dev/sdb1
E.lsblk -f /dev/sdb1
AnswerA

Correct: displays UUID for use in fstab.

Why this answer

The error 'UUID=abc123 not found' indicates that the /etc/fstab entry for /data references a UUID that does not match any block device. The administrator needs to find the correct UUID of the actual partition (e.g., /dev/sdb1) and update the fstab entry. The `blkid /dev/sdb1` command displays the UUID (and filesystem type) of that specific device, allowing the administrator to copy the correct UUID into /etc/fstab.

Exam trap

Red Hat often tests the distinction between commands that display partition table information (fdisk) versus those that display filesystem metadata (blkid, lsblk -f), and candidates mistakenly choose `fdisk -l` or `lsblk -f` because they see 'UUID' in the output, but `blkid` is the direct, intended tool for retrieving a UUID to fix an fstab entry.

How to eliminate wrong answers

Option B is wrong because `mount -a` attempts to mount all filesystems listed in /etc/fstab, but if the UUID is incorrect, it will fail again — it does not fix the UUID mismatch. Option C is wrong because `xfs_info /dev/sdb1` displays XFS filesystem geometry and superblock details, not the UUID; it is used for tuning or checking XFS metadata, not for retrieving a UUID. Option D is wrong because `fdisk -l /dev/sdb1` shows partition table information (start/end sectors, type) for a specific partition, but it does not display the filesystem UUID; it is a partitioning tool, not a filesystem UUID tool.

Option E is wrong because `lsblk -f /dev/sdb1` lists filesystem information including UUID for all block devices, but it is a listing command; while it could show the UUID, the question asks for the command to 'correct the /etc/fstab entry' — `blkid` is the standard, precise tool for retrieving the UUID of a specific device to use in fstab, whereas `lsblk -f` is more for overview and does not output in a format as directly usable for fstab editing.

205
MCQmedium

A cron job fails to run. Which command should the administrator use to verify the cron daemon is active?

A.systemctl status cron
B.systemctl status crond
C.systemctl list-units --type=service
D.service crond status
AnswerB

'systemctl status crond' correctly shows the status of the cron daemon.

Why this answer

'systemctl status crond' checks the status of the cron daemon. Option B is incorrect because the service name is 'crond', not 'cron'. Option C uses 'service' which is legacy.

Option D checks for systemd units but not specifically cron.

206
MCQhard

An administrator needs to list the permissions, owner, group, and filenames of all files in /var/log, including hidden files, in a human-readable format. Which command does this?

A.ls -lh /var/log
B.ls -la /var/log
C.ls -ld /var/log
D.ls -lah /var/log
AnswerD

Combines -l (long), -a (all), -h (human-readable) to meet all requirements.

Why this answer

Option D is correct because `ls -lah /var/log` combines the `-l` (long format), `-a` (show all files including hidden ones), and `-h` (human-readable sizes) flags. This meets all requirements: listing permissions, owner, group, filenames, and hidden files with sizes in KiB/MiB/GiB.

Exam trap

The trap here is that candidates may forget the `-a` flag for hidden files or the `-h` flag for human-readable sizes, assuming `-l` alone provides enough detail, or they might mistakenly choose `-ld` thinking it lists directory contents.

How to eliminate wrong answers

Option A is wrong because `ls -lh /var/log` omits the `-a` flag, so hidden files (those starting with a dot) are not listed. Option B is wrong because `ls -la /var/log` includes hidden files but lacks the `-h` flag, so file sizes are displayed in raw bytes rather than human-readable format. Option C is wrong because `ls -ld /var/log` uses the `-d` flag, which lists only the directory itself (its metadata) and not its contents.

207
MCQmedium

A server's firewall is managed by firewalld. The admin adds a rule to allow HTTPS traffic to the public zone, but clients still cannot connect. What is the most likely cause?

A.The rule was added with --permanent but firewall-cmd --reload was not run.
B.The rule must be added as a rich rule, not a simple service.
C.The default zone is not set to public.
D.firewalld is just a wrapper for iptables, so iptables rules must be cleared.
AnswerA

Permanent rules do not affect runtime until reload.

Why this answer

Option A is correct because when a rule is added with the `--permanent` flag in firewalld, it is written to the configuration files but not applied to the runtime firewall. Until `firewall-cmd --reload` is executed, the runtime configuration remains unchanged, so the new rule allowing HTTPS traffic is not active. Clients cannot connect because the firewall is still blocking HTTPS based on the old runtime rules.

Exam trap

The trap here is that candidates often assume adding a rule with `--permanent` immediately takes effect, forgetting that firewalld requires a reload or the `--runtime-to-permanent` approach to synchronize changes.

How to eliminate wrong answers

Option B is wrong because HTTPS traffic can be added as a simple service using `firewall-cmd --add-service=https`; rich rules are not required for standard services like HTTPS. Option C is wrong because the rule was explicitly added to the public zone, so the default zone setting is irrelevant; the rule applies to the public zone regardless of whether it is the default. Option D is wrong because firewalld manages its own runtime and permanent configurations independently of iptables; clearing iptables rules would disrupt firewalld's state and is not necessary or recommended.

208
MCQhard

A systems administrator installs a custom hardware device driver kernel module named 'mydevice' on a RHEL 9 system. The module is built and placed in /lib/modules/$(uname -r)/extra/. The administrator loads it manually with modprobe mydevice and it works. However, after a system reboot, the module is not loaded. The administrator checks that the device is present at boot time. Which step should be taken to ensure the module loads automatically at boot?

A.Add the line 'install mydevice /sbin/modprobe --ignore-install mydevice' to /etc/modprobe.d/load.conf
B.Rebuild the initramfs with 'dracut --force --add mydevice'
C.Add the line 'load mydevice' to /etc/rc.local and ensure rc.local is executable.
D.Run 'echo mydevice > /etc/modules-load.d/mydevice.conf'
AnswerD

Placing the module name in a file under /etc/modules-load.d/ causes systemd to load it at boot.

Why this answer

Option D is correct because writing the module name to a file in /etc/modules-load.d/ ensures systemd loads the module automatically at boot. The modules-load.d mechanism is the standard RHEL 9 method for specifying kernel modules to be loaded early in the boot process, before the root filesystem is fully available.

Exam trap

The trap here is that candidates confuse the initramfs rebuild (dracut) with the simpler modules-load.d mechanism, thinking all kernel modules must be baked into the initramfs to load at boot, when in fact only modules needed before root is mounted require that treatment.

How to eliminate wrong answers

Option A is wrong because the 'install' directive in modprobe.d is used to override the default installation command for a module, not to specify automatic loading at boot; it would only affect manual modprobe invocations. Option B is wrong because rebuilding the initramfs with dracut --add mydevice is unnecessary for a module already installed in /lib/modules/.../extra/; initramfs is for modules needed during early boot (e.g., storage drivers), and adding a device driver that is not required for mounting root is wasteful and not the standard method. Option C is wrong because /etc/rc.local is a legacy mechanism that runs after the system is fully booted, not during early kernel module loading; it is also not enabled by default on RHEL 9 and would load the module too late for device initialization.

209
MCQmedium

An administrator has an XFS filesystem on a logical volume /dev/vg_data/lv_data mounted at /data. To extend the filesystem by 10GB, which sequence of commands is correct?

A.lvextend -L +10G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
B.xfs_growfs /data; lvextend -L +10G /dev/vg_data/lv_data
C.resize2fs /dev/vg_data/lv_data; lvextend -L +10G /dev/vg_data/lv_data
D.lvextend -L +10G /dev/vg_data/lv_data; xfs_growfs /data
AnswerD

First extend the logical volume, then grow the XFS filesystem.

Why this answer

Option D is correct because for XFS filesystems, the logical volume must be extended first with `lvextend`, then the filesystem must be grown online using `xfs_growfs` with the mount point as the argument. XFS does not support shrinking and requires this specific order; `resize2fs` is only for ext2/3/4 filesystems.

Exam trap

Red Hat often tests the misconception that `resize2fs` works for all filesystem types, or that the order of operations (extend LV vs. grow filesystem) is interchangeable, leading candidates to choose options that use the wrong tool or reverse the sequence.

How to eliminate wrong answers

Option A is wrong because `resize2fs` is used for ext2/3/4 filesystems, not XFS; using it on an XFS filesystem will fail. Option B is wrong because `xfs_growfs` must be run after extending the logical volume, not before; running it first will have no effect since the underlying block device hasn't been enlarged. Option C is wrong because `resize2fs` is incorrect for XFS, and the logical volume must be extended before the filesystem resize operation.

210
MCQhard

A Red Hat Enterprise Linux 9 system enforces a security policy that user accounts must be disabled after 90 days of inactivity. The system administrator has configured /etc/shadow accordingly with the proper fields. User 'bob' has been on leave for 95 days. When bob returns and tries to log in, he is unable to do so. The administrator checks the shadow file and sees that bob's password expiration date has passed and the account is locked due to inactivity (the inactivity period has exceeded). The administrator wants to immediately reactivate bob's account without changing the password, and also wants to set the account to expire in 30 days from now (relative to the current date). Which set of commands should the administrator run to achieve this goal?

A.chage -E $(date -d +30days +%Y-%m-%d) bob; chage -I -1 bob
B.usermod -e 2024-12-31 bob; passwd -S bob
C.chage -d 0 bob; usermod -L bob
D.usermod -e $(date -d +30days +%Y-%m-%d) bob; passwd -u bob
AnswerA

Correct: chage -E sets new expiration date; chage -I -1 disables the inactivity period lock, reactivating the account.

Why this answer

Option B is correct. The chage -E command sets the account expiration date, and the -I option sets the inactivity period; setting -I to -1 disables the inactivity lock. This reactivates the account and sets a new expiration date 30 days from now.

Option A is incorrect because usermod -e cannot accept a relative date without shell expansion, and passwd -u only unlocks the password, not the account inactivity lock. Option C is incorrect because it uses a hardcoded date and passwd -S only shows status; it does not reactivate. Option D is incorrect; chage -d 0 forces immediate password change and usermod -L locks the account, which is the opposite of what is needed.

211
MCQmedium

A system administrator needs to ensure that a specific kernel module 'usb_storage' is not loaded automatically during boot on a RHEL 9 system. Which configuration file should be modified to blacklist this module?

A.Add 'blacklist usb_storage' to /etc/modules-load.d/usb_storage.conf
B.Add 'install usb_storage /bin/false' to /etc/sysconfig/modules/
C.Add 'blacklist usb_storage' to /etc/modprobe.d/blacklist.conf
D.Add 'blacklist usb_storage' to /etc/init.d/rc.local
AnswerC

This is the standard location for blacklisting modules.

Why this answer

Option C is correct because on RHEL 9, the recommended way to prevent a kernel module from loading automatically is to add a 'blacklist' directive in a file under /etc/modprobe.d/. The file /etc/modprobe.d/blacklist.conf is a conventional location for such blacklist entries. When modprobe processes this file, it will ignore the specified module during boot and when loading modules manually, effectively preventing usb_storage from being loaded.

Exam trap

The trap here is that candidates confuse /etc/modules-load.d/ (used for loading modules) with /etc/modprobe.d/ (used for module configuration including blacklisting), leading them to choose Option A.

How to eliminate wrong answers

Option A is wrong because /etc/modules-load.d/ is used to list modules that should be loaded at boot, not to blacklist them; adding 'blacklist usb_storage' there would have no effect. Option B is wrong because /etc/sysconfig/modules/ is not a standard directory for module blacklisting; the 'install usb_storage /bin/false' directive, if placed in a modprobe.d file, would override the module's installation, but the path given is incorrect. Option D is wrong because /etc/init.d/rc.local is a legacy script for local startup commands and is not designed for kernel module blacklisting; it would run too late in the boot process and is not the proper mechanism for preventing module loading.

212
MCQmedium

Based on the exhibit, which statement about the container 'webserver' is true?

A.Container port 80 is mapped to host port 8080.
B.The container uses the host network.
C.Container port 8080 is mapped to host port 80.
D.No port mapping exists.
AnswerA

Correct. The output shows container port 80/tcp with HostPort 8080.

Why this answer

The exhibit shows the container 'webserver' with port mapping '0.0.0.0:8080->80/tcp'. This indicates that host port 8080 is mapped to container port 80, meaning traffic arriving at the host on port 8080 is forwarded to port 80 inside the container. Therefore, option A is correct.

Exam trap

The trap here is that candidates often confuse the order of port mapping, thinking the first number is the container port and the second is the host port, when in fact the syntax is `host_port:container_port`.

How to eliminate wrong answers

Option B is wrong because the container uses bridge networking by default (as seen by the port mapping syntax), not host networking; host networking would show '--network host' and no port mapping. Option C is wrong because it reverses the mapping: the exhibit shows host port 8080 to container port 80, not container port 8080 to host port 80. Option D is wrong because the exhibit explicitly shows a port mapping (0.0.0.0:8080->80/tcp), so port mapping does exist.

213
MCQmedium

A user wants to display the contents of a file in reverse line order. Which command should be used?

A.tail -r file
B.sort -r file
C.rev file
D.tac file
AnswerD

tac is cat reversed, prints lines in reverse order.

Why this answer

The `tac` command is the standard Linux utility for displaying a file in reverse line order. It reads the file from the last line to the first, effectively reversing the line sequence. This is the correct tool for the task described.

Exam trap

The trap here is that candidates may confuse `tac` with `tail` or `rev`, or incorrectly assume `sort -r` reverses line order, when in fact `tac` is the specific command for reversing line order in a file.

How to eliminate wrong answers

Option A is wrong because `tail -r` is not a valid command in standard Linux; `tail` displays the last lines of a file, and the `-r` flag is not supported. Option B is wrong because `sort -r` sorts lines in reverse alphabetical order, not reverse line order. Option C is wrong because `rev` reverses the characters within each line, not the order of lines themselves.

214
MCQmedium

A system administrator needs to restore the default SELinux security context on all files under /var/www/html after a misconfiguration. Which command should be used?

A.setfiles -R /var/www/html
B.restorecon -R /var/www/html
C.fixfiles -R /var/www/html
D.chcon -R -t httpd_sys_content_t /var/www/html
AnswerB

Recursively restores default SELinux contexts.

Why this answer

The `restorecon -R /var/www/html` command restores the default SELinux security contexts on all files under /var/www/html by reading the file contexts defined in the SELinux policy (typically from /etc/selinux/targeted/contexts/files/file_contexts). The `-R` flag ensures recursive operation, making it the correct tool to fix misconfigured contexts without manually specifying a type.

Exam trap

The trap here is that candidates confuse `restorecon` with `chcon` or `setfiles`, thinking that manually setting the type with `chcon` is equivalent to restoring the default context, but `chcon` does not consult the policy and can set an incorrect type if the path's default context differs from the specified type.

How to eliminate wrong answers

Option A is wrong because `setfiles` is used to verify or set file contexts based on a file context specification file, but it requires a specification file argument (e.g., `setfiles -c /etc/selinux/targeted/policy/policy.31 file_contexts /var/www/html`) and is not the standard command for restoring contexts on a live system; it is more commonly used for initial labeling or relabeling after policy changes. Option C is wrong because `fixfiles` is a higher-level script that can restore contexts, but its `-R` option is not valid; `fixfiles` uses `-F` to force restoration or `-R` to remove files from the restore list, and the correct syntax for recursive restore is `fixfiles restore /var/www/html` or `fixfiles -R /var/www/html` is not a standard usage. Option D is wrong because `chcon -R -t httpd_sys_content_t /var/www/html` manually sets the type to `httpd_sys_content_t`, which may not match the default context defined in the policy (e.g., `httpd_sys_content_t` is correct for static content, but the default context could be `httpd_sys_rw_content_t` for writable directories or other types depending on the path); this approach bypasses the policy and can lead to further misconfiguration.

215
MCQeasy

Which systemctl command configures a service to start automatically at boot without starting it now?

A.systemctl set-default service
B.systemctl start service
C.systemctl enable service
D.systemctl reenable service
AnswerC

Enables the service to start at boot without starting it currently.

Why this answer

Option B (systemctl enable service) creates the necessary symlinks to start at boot. Option A starts it immediately. Option C reenables.

Option D sets default target.

216
MCQmedium

Based on the exhibit, which mount point is mounted with the 'noexec' option?

A./data
B./
C./var
D./tmp
E./boot
AnswerD

Correct: shown as ext4,noexec.

Why this answer

The /tmp mount point is configured with the 'noexec' option, as shown in the exhibit (e.g., in /etc/fstab or the output of mount or findmnt). This prevents execution of binaries directly from the /tmp filesystem, which is a common security hardening practice to mitigate the risk of attackers running malicious scripts or binaries from a world-writable directory.

Exam trap

Red Hat often tests the 'noexec' option on /tmp because candidates may overlook that /tmp is a separate mount point in many Red Hat Enterprise Linux installations, and they might incorrectly assume it inherits the root filesystem's mount options.

How to eliminate wrong answers

Option A is wrong because /data is not listed in the exhibit as having 'noexec'; it likely uses default exec permissions. Option B is wrong because / (root) typically does not have 'noexec' set, as it would break system binaries and scripts. Option C is wrong because /var is usually mounted with default exec permissions to allow services to run scripts or binaries from /var.

Option E is wrong because /boot is mounted without 'noexec' to allow kernel and bootloader updates that require execution of binaries.

217
MCQmedium

Which shell built-in can be used to read user input during script execution?

A.read
B.printf
C.cat
D.echo
AnswerA

read reads a line of input and assigns it to a variable.

Why this answer

Option B is correct because the 'read' built-in reads a line from standard input into a variable. Option A (echo) outputs, not reads. Option C (printf) formats output.

Option D (cat) reads files, not user input.

218
MCQmedium

An administrator wants to temporarily disable the firewalld service for troubleshooting. Which command will stop the service and prevent it from starting on subsequent boots?

A.systemctl stop --now firewalld
B.systemctl mask firewalld
C.systemctl stop firewalld
D.systemctl disable firewalld
E.systemctl disable --now firewalld
AnswerE

Stops and disables the service in one command.

Why this answer

Option E is correct because `systemctl disable --now firewalld` both stops the service immediately (via `--now`) and disables it from starting automatically on subsequent boots. This meets the requirement of temporarily disabling the service for troubleshooting while preventing it from starting after reboot.

Exam trap

The trap here is that candidates often confuse `disable` with `mask` or forget that `stop` alone does not affect boot-time behavior, leading them to choose options that either stop the service without disabling it or permanently block it with mask.

How to eliminate wrong answers

Option A is wrong because `systemctl stop --now firewalld` stops the service immediately but does not disable it, so it will start again on the next boot. Option B is wrong because `systemctl mask firewalld` creates a symlink to /dev/null, which prevents the service from being started manually or automatically, but it is a permanent action that is difficult to reverse and not appropriate for temporary troubleshooting. Option C is wrong because `systemctl stop firewalld` stops the service only for the current session; it will restart on the next boot.

Option D is wrong because `systemctl disable firewalld` prevents the service from starting on boot but does not stop it immediately, so the service remains running until manually stopped.

219
MCQeasy

You are a junior administrator at a company that uses Red Hat Enterprise Linux 8. The HR department has a shared directory /hr/data that should be accessible to all members of the 'hr' group. The directory is currently owned by root:root with permissions 755. You need to configure the system so that new files created in /hr/data are automatically owned by the group 'hr' and the group has read-write permissions. Additionally, you need to ensure that user 'jane' (who is a member of 'hr') can create files in the directory. However, after adding 'jane' to the 'hr' group, she still cannot create files, receiving 'Permission denied'. Which of the following is the best course of action to resolve this issue?

A.Change the directory permissions to 2775 and set the SGID bit using chmod 2775 /hr/data
B.Change the directory ownership to jane:hr
C.Use sudo to grant 'jane' full access to the directory
D.Set the sticky bit on the directory using chmod +t /hr/data
AnswerA

Correct: 2775 sets SGID and group write, ensuring new files inherit group ownership and group can write.

Why this answer

Option A is correct. The directory needs to have the SGID bit set (chmod g+s) so that new files inherit the group ownership, and group write permission must be granted (chmod g+w). Setting permissions to 2775 sets both the SGID bit and group write permissions.

Option B is incorrect because granting sudo access is unnecessary and a security risk. Option C is incorrect because changing ownership to jane:hr would not enforce group ownership for new files and would break other users' access. Option D is incorrect; the sticky bit (chmod +t) is used to prevent users from deleting others' files, not to manage group permissions or inheritance.

220
Multi-Selecthard

Which THREE of the following practices are recommended when creating simple shell scripts in a Red Hat Enterprise Linux environment to ensure reliability, security, and maintainability?

Select 3 answers
A.Use #!/bin/sh for compatibility, even if bash-specific features are needed.
B.Quote variables when used in commands, e.g., "$file" instead of $file.
C.Start the script with a shebang line, e.g., #!/bin/bash.
D.Include set -e at the beginning of the script to exit on any error.
E.Always run scripts by invoking the interpreter directly (e.g., bash script.sh) instead of making them executable.
AnswersB, C, D

Prevents unintended word splitting and pathname expansion.

Why this answer

Option B is correct because quoting variables (e.g., "$file") prevents word splitting and glob expansion, which can cause commands to operate on unexpected arguments or filenames with spaces. This is a fundamental shell scripting best practice that directly improves reliability and security by preserving the intended value of the variable.

Exam trap

The trap here is that candidates may think using #!/bin/sh is always safer for compatibility, but they overlook that it can break scripts relying on bash-specific features, and they may also believe invoking the interpreter directly is always acceptable, ignoring the portability and clarity benefits of an executable script with a shebang.

221
MCQhard

You are managing a Red Hat Enterprise Linux 8 server that hosts backup scripts. A user named 'backup' (UID 1005) is a member of the 'backup' group. The directory /var/backups is owned by root:backup with permissions 775. The 'backup' user needs to create files in this directory. However, when the user attempts to create a file, they receive 'Permission denied'. You verify that 'backup' is indeed listed in the backup group in /etc/group. The user's current shell was started after their last login. Which of the following is the most likely cause and solution?

A.The directory lacks the setgid bit; set it with 'chmod g+s /var/backups'.
B.The user needs to log out and log back in to refresh their group membership.
C.The user's umask is too restrictive, preventing file creation. Change the umask to 002.
D.The user should use 'newgrp backup' to switch to the backup group temporarily.
AnswerB

The user was added to the group after their current session started; the new group is not active until a new login occurs.

Why this answer

The user 'backup' is already a member of the 'backup' group in /etc/group, but the current shell session was started before the group membership was added or refreshed. On Linux, group membership is determined at login time by the PAM modules; simply adding a user to a group does not affect already running processes. The user must log out and log back in (or start a new login shell) to acquire the new group membership via the initgroups() system call, which populates the process's supplementary group list.

Exam trap

The trap here is that candidates often think the setgid bit or umask is the issue, but the real problem is that group membership changes do not apply to existing login sessions—a fundamental Linux behavior that Red Hat EX200 frequently tests.

How to eliminate wrong answers

Option A is wrong because the setgid bit (chmod g+s) would cause new files to inherit the group of the directory, but the user already has group write permission via the 775 permissions; the issue is that the user's process does not have the 'backup' group in its supplementary groups, not that the directory lacks setgid. Option C is wrong because umask only affects the default permissions of newly created files, not the ability to create files at all; even with a restrictive umask (e.g., 077), the user could still create files if they had write permission, but they would be created with no group/other permissions. Option D is wrong because 'newgrp backup' would work to switch the user's effective group to 'backup' temporarily, but it is not the most likely cause or the best solution; the question asks for the most likely cause and solution, and the standard fix is to log out and log back in to refresh group membership for all future sessions.

222
MCQeasy

A DevOps engineer needs to run a container that stores persistent data in a location managed by Podman, ensuring the data survives container removal and can be easily backed up. Which approach should the engineer use?

A.Use a bind mount (e.g., --volume /host/data:/container/data)
B.Use the --rm flag when running the container
C.Use a Podman volume (e.g., --volume myvol:/container/data)
D.Use a tmpfs mount (e.g., --tmpfs /container/data)
AnswerC

Podman volumes are fully managed by Podman, persist across container lifecycles, and are easy to back up or migrate.

Why this answer

Option C is correct because Podman volumes are managed by Podman itself, storing data in a dedicated directory (typically under /var/lib/containers/storage/volumes). This ensures data persists independently of the container lifecycle, survives container removal, and can be easily backed up using commands like `podman volume backup` or by copying the volume directory. Unlike bind mounts, Podman volumes are fully managed, avoiding permission issues and providing a clean abstraction for persistent storage.

Exam trap

The trap here is that candidates confuse bind mounts (Option A) with Podman volumes, assuming both are equally managed, but bind mounts require explicit host path management and lack Podman's lifecycle commands, making them less suitable for automated backup and portability scenarios tested in EX200.

How to eliminate wrong answers

Option A is wrong because a bind mount directly maps a host directory into the container, which ties the data to a specific host path and requires manual management of permissions and backups; it does not leverage Podman's managed storage layer. Option B is wrong because the `--rm` flag automatically removes the container and its writable layer upon exit, but it does not affect volumes or persistent data; it is used for ephemeral containers, not for ensuring data survival. Option D is wrong because a tmpfs mount stores data in the host's memory (RAM), which is volatile and lost when the container stops or the host reboots; it is not suitable for persistent data that must survive container removal.

223
MCQmedium

An administrator needs to schedule a script to run every Monday, Wednesday, and Friday at 2:30 PM. Which cron expression should be used?

A.30 14 * * 1,3,5
B.30 14 * * 1-5
C.14 30 * * 1,3,5
D.30 14 * * 0,2,4
AnswerA

Correct: 30th minute, 14th hour, every day of month, every month, on Monday (1), Wednesday (3), Friday (5).

Why this answer

Option A is correct because cron uses five fields (minute, hour, day-of-month, month, day-of-week). 2:30 PM is 14:30 in 24-hour format, so minute=30 and hour=14. The day-of-week field uses 0-7 (0 and 7 = Sunday), with Monday=1, Wednesday=3, Friday=5. The asterisks for day-of-month and month mean 'every day' and 'every month', so the expression `30 14 * * 1,3,5` runs the script at 2:30 PM on Monday, Wednesday, and Friday.

Exam trap

Red Hat often tests the 24-hour time format and the correct ordering of minute and hour fields, causing candidates to swap them (as in Option C) or to confuse the day-of-week numbering (Sunday=0 vs Monday=1) as seen in Option D.

How to eliminate wrong answers

Option B is wrong because `1-5` in the day-of-week field specifies Monday through Friday (days 1,2,3,4,5), which includes Tuesday and Thursday, not just Monday, Wednesday, and Friday. Option C is wrong because the fields are reversed: `14 30` would mean minute=14 and hour=30, which is invalid (hour 30 does not exist) and would never run at 2:30 PM. Option D is wrong because `0,2,4` in the day-of-week field corresponds to Sunday (0), Tuesday (2), and Thursday (4), which is the wrong set of days.

224
MCQeasy

An administrator wants to display a list of all currently logged-in users. Which command is most appropriate?

A.who
B.w
C.last
D.users
AnswerA

Displays currently logged-in users.

Why this answer

The `who` command displays a list of currently logged-in users along with their terminal, login time, and originating host. It is the most straightforward and appropriate command for this specific task, as it directly queries the system's utmp database to show active sessions.

Exam trap

The trap here is that candidates often confuse `w` (which shows additional process information) with `who` for a simple user listing, or mistakenly think `last` shows current users because it lists login records.

How to eliminate wrong answers

Option B is wrong because `w` shows detailed information about currently logged-in users, including their current process and CPU usage, but it is more verbose than needed for simply listing users. Option C is wrong because `last` displays a history of previous logins and logouts from the wtmp file, not currently logged-in users. Option D is wrong because `users` prints only the usernames of currently logged-in users, but it does not show terminal or login time details, making it less comprehensive than `who` for a full list.

225
Multi-Selectmedium

Which TWO statements are true about systemd services in RHEL 9? (Choose exactly two.)

Select 2 answers
A.'systemctl list-units --type=service' lists all service units.
B.'systemctl enable' starts the service immediately.
C.'systemctl status' shows whether a service is running.
D.'systemctl mask' disables a service but allows manual start.
E.'systemctl disable' stops the service immediately.
AnswersA, C

This lists loaded service units.

Why this answer

Option A is correct because 'systemctl list-units --type=service' filters the output to show only service units, which are the primary unit type for managing daemons and background processes. Option C is correct because 'systemctl status' displays the current state of a unit, including whether it is active (running), inactive (stopped), or in another state like failed.

Exam trap

The trap here is that candidates often confuse 'enable' with 'start' and 'disable' with 'stop', or think 'mask' is a softer form of disable that still permits manual activation.

Page 2

Page 3 of 8

Page 4

All pages