Red Hat Certified System Administrator EX200 (EX200) — Questions 301375

527 questions total · 8pages · All types, answers revealed

Page 4

Page 5 of 8

Page 6
301
MCQmedium

The administrator wants to remount /mnt/data with the noexec option. Which command is correct?

A.Edit /etc/fstab to add noexec and reboot
B.mount -o remount,noexec /dev/sdb1 /mnt/data
C.umount /mnt/data && mount -o noexec /dev/sdb1 /mnt/data
D.mount -o remount,noexec /mnt/data
AnswerD

Correct: remounts with additional option noexec.

Why this answer

Option D is correct because the `mount -o remount,noexec /mnt/data` command changes the mount options of an already mounted filesystem without needing to unmount it first. The `remount` option applies the new `noexec` flag to the existing mount point, preventing execution of binaries on that filesystem. This is the standard and safest way to modify mount options on a live system.

Exam trap

Red Hat often tests the distinction between `remount` (which modifies options on a live mount) and the incorrect habit of specifying the device name with `remount`, leading candidates to choose Option B because they think the device must be included.

How to eliminate wrong answers

Option A is wrong because editing `/etc/fstab` and rebooting is unnecessarily disruptive; the `remount` option exists to apply changes without a reboot. Option B is wrong because the syntax `mount -o remount,noexec /dev/sdb1 /mnt/data` includes the device name, which is not required with `remount` and can cause the command to fail if the device is busy or if the mount point is not uniquely associated with that device; the correct syntax omits the device. Option C is wrong because unmounting and remounting is an extra step that can fail if the filesystem is in use, whereas `remount` avoids this risk by modifying options in place.

302
MCQmedium

A database server requires a filesystem that supports very large files (over 2TB) and online defragmentation. Which filesystem type should be used?

A.ext4
B.vfat
C.swap
D.xfs
E.btrfs
AnswerD

Correct. XFS handles large files and offers online defragmentation.

Why this answer

XFS is the correct choice because it supports filesystem sizes up to 8 exabytes and individual file sizes up to 8 exabytes, easily exceeding the 2TB requirement. It also supports online defragmentation via the `xfs_fsr` command, allowing defragmentation while the filesystem is mounted and in use.

Exam trap

Red Hat often tests the misconception that ext4 is the default or most capable filesystem for large files, but the trap here is that ext4 does not support online defragmentation, while XFS is the default in RHEL 8/9 and explicitly supports both large files and online defragmentation.

How to eliminate wrong answers

Option A is wrong because ext4 supports individual file sizes up to 16TB (with 4k blocks) but does not support online defragmentation; defragmentation requires unmounting or using `e4defrag` with limitations. Option B is wrong because vfat (FAT32) has a maximum file size of 4GB and no defragmentation support, making it unsuitable for large files. Option C is wrong because swap is a dedicated swap space, not a general-purpose filesystem, and does not support files or defragmentation.

Option E is wrong because btrfs supports large files and online defragmentation, but it is not the standard choice for Red Hat Enterprise Linux (RHEL) 8/9; XFS is the default and recommended filesystem for such workloads in the EX200 exam context.

303
MCQeasy

Which command checks if a specific systemd service is currently running?

A.systemctl is-active
B.systemctl status
C.systemctl list-units
D.systemctl show
AnswerA

Returns 'active' or 'inactive' directly.

Why this answer

Option B (systemctl is-active) returns active or inactive for a service. Option A (systemctl status) shows more information but also indicates state. Option C (systemctl list-units) lists all units.

Option D (systemctl show) displays unit properties.

304
MCQhard

An administrator needs to ensure that a specific LVM logical volume is automatically mounted at boot with the 'noexec' option. Which configuration file and entry should be used?

A./etc/fstab: /dev/vg/lv /mnt ext4 noexec 0 0
B./etc/rc.d/rc.local: mount /dev/vg/lv /mnt -o noexec
C./etc/fstab: /dev/vg/lv /mnt ext4 defaults,noexec 0 0
D./etc/rc.local: mount -o noexec /dev/vg/lv /mnt
AnswerC

Correct fstab entry.

Why this answer

Option C is correct because /etc/fstab is the standard configuration file for defining filesystem mount points and options that are applied automatically at boot. The entry specifies the logical volume device, mount point, filesystem type, and mount options including 'noexec' to prevent execution of binaries on that filesystem. The 'defaults' keyword ensures standard mount behavior is applied before the 'noexec' option overrides the exec permission.

Exam trap

The trap here is that candidates often confuse the purpose of /etc/fstab with boot scripts like rc.local, or they forget that mount options in fstab must be comma-separated and include 'defaults' to ensure all standard options are explicitly set before overriding them.

How to eliminate wrong answers

Option A is wrong because the mount options field is missing the 'defaults' keyword or any other base options; while 'noexec' alone is syntactically valid, the entry omits the required comma-separated list format and does not include 'defaults' which is typically expected for clarity and to avoid missing default mount behaviors. Option B is wrong because /etc/rc.d/rc.local is a legacy script that runs at the end of the boot process, not a configuration file for automatic boot-time mounting; using a mount command there is unreliable and not the standard method for persistent mount definitions. Option D is wrong because /etc/rc.local is a script, not a configuration file for fstab-style entries, and the mount command syntax shown does not include the required device and mount point in the correct order for a persistent boot-time mount.

305
MCQeasy

Refer to the exhibit. An administrator is unable to write to /tmp because the filesystem is full. What is the most likely cause?

A.The /tmp is a separate filesystem
B.There is a filesystem quota enabled
C.The /boot partition is too small
D.The root filesystem is nearly full at 90% usage
AnswerD

/tmp is part of root; with only 5.2GB free, it may be full.

Why this answer

The exhibit shows that the root filesystem (/) is at 90% usage, while /tmp is not a separate filesystem but a directory under the root. Since /tmp resides on the root filesystem, when the root filesystem is nearly full, there is no space left for writing to /tmp, causing the write failure.

Exam trap

Red Hat often tests the misconception that /tmp is always a separate filesystem, leading candidates to overlook the root filesystem's usage as the cause of write failures.

How to eliminate wrong answers

Option A is wrong because if /tmp were a separate filesystem, it would have its own usage percentage shown in the df output; the exhibit does not list /tmp as a separate mount point, so it is part of the root filesystem. Option B is wrong because there is no indication of a filesystem quota being enabled; quotas are typically shown with commands like `repquota` or `quota`, and the df output does not reflect quota limits. Option C is wrong because the /boot partition being too small would not affect the ability to write to /tmp, as /boot is a separate filesystem used for boot files and does not share space with /tmp.

306
Multi-Selecteasy

Which TWO are correct ways to check the SELinux context of a file named 'test.txt'? (Choose exactly two.)

Select 2 answers
A.ls -Z test.txt
B.ls -l test.txt
C.sestatus
D.getenforce
E.stat test.txt
AnswersA, E

ls -Z shows SELinux context.

Why this answer

Option A is correct because `ls -Z` displays the SELinux security context of files, including user, role, type, and sensitivity level. The `-Z` option is specifically designed to show SELinux context information for files and processes.

Exam trap

Red Hat often tests the distinction between commands that show SELinux status (`sestatus`, `getenforce`) versus commands that show file-level SELinux context (`ls -Z`, `stat`), trapping candidates who confuse system-wide status with per-file attributes.

307
MCQmedium

Refer to the exhibit. A host in the 192.168.1.0/24 network is unable to access a web service running on this server on port 8080. What is the most likely reason?

A.The service http is not defined for port 8080.
B.The rich rule only allows http (port 80), not the custom port 8080.
C.The zone is internal and has a default target of drop.
D.The interface eth1 is not added to the zone.
AnswerB

Port 8080 is not covered by the http service.

Why this answer

The rich rule only allows HTTP (port 80) from that source. The service is running on port 8080, which is not allowed. Option B: default target is 'default' which typically allows traffic, not drop.

Option C: http service is defined but for port 80. Option D: interface is added.

308
MCQmedium

An administrator needs to terminate a hung process with PID 3456 that does not respond to 'kill -15 3456'. Which signal should be used next?

A.kill -9 3456
B.kill -15 3456
C.kill -19 3456
D.kill -1 3456
AnswerA

Forceful kill; cannot be caught.

Why this answer

Option A is correct because kill -9 (SIGKILL) is the signal of last resort for a process that does not respond to SIGTERM (kill -15). SIGKILL cannot be caught, blocked, or ignored by the process; it forces immediate termination by the kernel. Since the process is hung and unresponsive to SIGTERM, SIGKILL is the appropriate next step.

Exam trap

Red Hat often tests the distinction between signals that can be caught/ignored (SIGTERM, SIGHUP) and those that cannot (SIGKILL, SIGSTOP), and candidates may mistakenly choose SIGSTOP (kill -19) thinking it will terminate the process, when it actually only suspends it.

How to eliminate wrong answers

Option B is wrong because kill -15 (SIGTERM) was already attempted and the process did not respond; repeating the same signal will not change the outcome. Option C is wrong because kill -19 (SIGSTOP) suspends a process rather than terminating it, which would leave the hung process in a stopped state, not resolve the issue. Option D is wrong because kill -1 (SIGHUP) typically causes a process to reread its configuration or terminate gracefully, but it is not a guaranteed termination signal and may be ignored or handled by the process, similar to SIGTERM.

309
MCQmedium

An administrator notices that the /tmp directory is filling up quickly. They want to find all files in /tmp that are larger than 100 MB and owned by user 'ftp', then delete them. The administrator runs: find /tmp -type f -size 100M -user ftp -exec rm {} \;. However, this command deletes only files that are exactly 100 MB, not larger. Which find expression should be used instead?

A.find /tmp -type f -size 100M -user ftp -exec rm {} \;
B.find /tmp -type f -size +100M -user ftp -exec rm {} \;
C.find /tmp -type f -size +100M ! -size 100M -user ftp -exec rm {} \;
D.find /tmp -type f -size +100M -size -100M -user ftp -exec rm {} \;
AnswerB

The + prefix means greater than the specified size, so +100M selects files larger than 100 MB.

Why this answer

Option B is correct because the `find` command uses `+` before a size value to match files larger than that size, not exactly equal. The original command omitted the `+`, so it matched only files exactly 100 MB. Adding `+100M` correctly selects files larger than 100 MB.

Exam trap

Red Hat often tests the subtle difference between exact size matching and size range matching using the `+` and `-` prefixes, trapping candidates who assume `-size 100M` means 'greater than or equal to' instead of 'exactly equal to'.

How to eliminate wrong answers

Option A is wrong because `-size 100M` matches files exactly 100 MB, not larger, so it fails to delete files exceeding that size. Option C is wrong because `-size +100M ! -size 100M` is redundant and incorrect; `-size +100M` already excludes files exactly 100 MB, and the negation adds no benefit while potentially causing confusion. Option D is wrong because `-size +100M -size -100M` is contradictory and matches no files, as a file cannot be both larger than 100 MB and smaller than 100 MB simultaneously.

310
Multi-Selecthard

Which THREE actions are required to enable a non-root user to run containers using Podman on Red Hat Enterprise Linux 8?

Select 3 answers
A.Ensure the user has a running systemd user instance (loginctl enable-linger).
B.Configure subordinate UID and GID ranges for the user in /etc/subuid and /etc/subgid.
C.Add the user to the 'docker' group to access the Docker socket.
D.Enable user namespaces in the kernel if not already enabled.
E.Grant the user sudo privileges to run podman commands.
AnswersA, B, D

Enables systemd --user for managing containers.

Why this answer

Option A is correct because `loginctl enable-linger` ensures that the user's systemd user instance starts at boot and remains running after the user logs out. This is required for Podman to manage containers using systemd user services, such as auto-starting containers with `podman generate systemd`.

Exam trap

The trap here is that candidates may think adding a user to the 'docker' group is required for Podman, but Podman uses a different architecture (no daemon, no socket) and relies on user namespaces and subordinate ID ranges for rootless operation.

311
MCQhard

A company runs a critical web application in a container on a Red Hat Enterprise Linux 9 server. The container is started via a systemd service called 'webapp.service'. The service unit file was generated using 'podman generate systemd --new --name webapp'. Recently, after a kernel update and reboot, the service fails to start the container. The administrator runs 'systemctl status webapp.service' and sees 'Active: failed (Result: exit-code)' and 'Process: 1234 ExecStart=/usr/bin/podman run ... (code=exited, status=125)'. The administrator also checks 'journalctl -u webapp.service' and sees: 'Error: unable to start container: container create failed: OCI runtime error: container_linux.go:380: starting container process caused: exec: "/usr/bin/app.sh": stat /usr/bin/app.sh: no such file or directory'. The container image was built locally using a Containerfile that includes 'COPY app.sh /usr/bin/app.sh'. The administrator verifies the image is present locally. What should the administrator do to resolve this issue?

A.Disable SELinux with setenforce 0 and restart the service.
B.Remove the systemd service and regenerate it with 'podman generate systemd --new --name webapp'.
C.Manually create the /usr/bin/app.sh file inside the container using podman exec.
D.Rebuild the container image using 'podman build -t webapp .' to ensure the app.sh file is included, then restart the service.
AnswerD

Rebuilding the image creates a new image with the file, which will be used when the service starts the container.

Why this answer

Option D is correct because the error indicates that the container image is missing the `/usr/bin/app.sh` file, even though the `COPY` instruction was in the Containerfile. The most likely cause is that the image was built before the `app.sh` script was added to the build context, or the build was incomplete. Rebuilding the image with `podman build -t webapp .` ensures the file is properly included in the image layers, resolving the OCI runtime error.

Exam trap

The trap here is that candidates may confuse a missing file inside the container image with a host-level issue (SELinux, service unit, or runtime environment) and overlook the need to rebuild the image with the correct build context.

How to eliminate wrong answers

Option A is wrong because the error is a missing file inside the container, not a SELinux denial; disabling SELinux would not fix the missing binary and introduces a security risk. Option B is wrong because the systemd service unit is correctly generated and the issue is with the container image content, not the service definition; regenerating the unit would not add the missing file. Option C is wrong because `podman exec` requires a running container, but the container fails to start, so you cannot exec into it; even if you could, manual creation would be overwritten on restart and is not a proper fix.

312
MCQeasy

An administrator needs to ensure that the httpd service starts automatically after a system reboot and is set to start immediately without rebooting. Which command should be used?

A.systemctl set-default httpd
B.systemctl add httpd
C.systemctl enable --now httpd
D.systemctl start --enable httpd
AnswerC

Enables the service and starts it immediately.

Why this answer

Option C is correct because `systemctl enable --now httpd` both creates the necessary symlinks to start the httpd service automatically at boot (enable) and starts the service immediately (--now) without requiring a reboot. This combines two operations into one command, satisfying both requirements in the question.

Exam trap

The trap here is that candidates may confuse `systemctl enable` (for boot persistence) with `systemctl start` (for immediate execution), or misremember the `--now` flag as `--enable`, leading them to pick a syntactically invalid option like D or a non-existent subcommand like B.

How to eliminate wrong answers

Option A is wrong because `systemctl set-default` sets the default target (e.g., multi-user.target), not a service; it has no effect on httpd. Option B is wrong because `systemctl add` is not a valid systemctl subcommand; the correct command for enabling a service is `systemctl enable`. Option D is wrong because `systemctl start --enable httpd` uses an invalid option order; the correct syntax is `systemctl enable --now httpd`, and `--enable` is not a valid flag for `systemctl start`.

313
MCQhard

During a security audit, an administrator needs to list all TCP ports on which the system is listening, showing only the port numbers and the associated process names. Which command best achieves this?

A.netstat -tulpn
B.nmap -sT localhost
C.sudo ss -tlnp
D.lsof -i TCP:1-65535
AnswerC

Modern tool; shows listening TCP ports with process info.

Why this answer

Option C is correct because `sudo ss -tlnp` lists TCP listening sockets with numeric port numbers and process names. The `-t` flag filters for TCP, `-l` shows only listening sockets, `-n` displays numeric addresses/ports (avoiding DNS resolution), and `-p` reveals the process name. This command requires root privileges to see process information, hence `sudo`.

Exam trap

The trap here is that candidates often default to `netstat -tulpn` (Option A) because it is familiar, but Red Hat EX200 emphasizes `ss` as the modern replacement, and the question specifically asks for only TCP ports and process names, making `-u` (UDP) and the lack of `-l` (listening only) in the default `netstat` command incorrect.

How to eliminate wrong answers

Option A is wrong because `netstat -tulpn` lists both TCP and UDP sockets (due to `-u`), which is not requested, and it shows all sockets (including non-listening) unless combined with `-l`; also, `netstat` is deprecated in many distributions in favor of `ss`. Option B is wrong because `nmap -sT localhost` performs a TCP connect scan against the local host, which is an active scanning technique that may alter system state and does not simply list listening ports; it also requires root for certain scan types and does not show process names. Option D is wrong because `lsof -i TCP:1-65535` lists all open TCP file descriptors across the entire port range, which includes both listening and established connections, and it does not filter to only listening sockets without additional flags like `-sTCP:LISTEN`.

314
Multi-Selecthard

Which three commands can be used to display overall memory usage information?

Select 3 answers
A.free
B.uptime
C.top
D.ps aux
E.vmstat
AnswersA, C, E

Displays total, used, and free memory.

Why this answer

Options A, B, and C are correct. free shows memory summary. vmstat shows memory and more. top includes memory usage. ps aux shows per-process memory. uptime shows load averages only.

315
MCQeasy

A system administrator is setting up storage for a new application server. The application requires two separate filesystems: one for the database (needs to be at least 10GiB) and one for logs (needs at least 5GiB). The server has a single 20GiB disk /dev/sda. The administrator plans to use LVM and a single volume group 'vg_app'. They create physical volume on /dev/sda, create the volume group, and then create two logical volumes: 'lv_db' of 10GiB and 'lv_logs' of 5GiB. They format lv_db as ext4 and lv_logs as xfs, and mount them at /db and /logs respectively. After rebooting, the system fails to mount /logs. What is the most likely cause?

A.The logical volume 'lv_logs' overlaps with 'lv_db'.
B.The /logs entry is missing from /etc/fstab.
C.The physical volume /dev/sda is not recognized by LVM after reboot.
D.The volume group 'vg_app' is not automatically activated.
AnswerB

Without an fstab entry, the filesystem won't mount automatically at boot.

Why this answer

The most likely cause is that the /logs entry is missing from /etc/fstab. After reboot, the system relies on /etc/fstab to mount filesystems automatically. Since the administrator created and mounted the filesystem manually, but did not add an entry for /logs in /etc/fstab, the mount fails on reboot.

The database mount may succeed if it was added, but the logs mount fails due to the missing fstab entry.

Exam trap

Red Hat often tests the misconception that LVM volumes are automatically mounted after creation, when in fact only the logical volumes are activated; the filesystem mount must be explicitly configured in /etc/fstab.

How to eliminate wrong answers

Option A is wrong because logical volumes in the same volume group do not overlap; LVM allocates distinct extents to each LV, so 'lv_db' and 'lv_logs' occupy separate non-overlapping regions on the physical volume. Option C is wrong because the physical volume /dev/sda is automatically recognized by LVM after reboot if the PV was created and the volume group was active; LVM stores metadata on the disk itself, so it persists across reboots. Option D is wrong because volume groups are automatically activated by default via the lvm2 systemd service or init script, unless explicitly deactivated or filtered in lvm.conf; a single VG on a single disk will activate normally.

316
Multi-Selecteasy

Which TWO statements about the /etc/shadow file are true? (Select exactly two.)

Select 2 answers
A.Contains hashed passwords for local users.
B.Contains the user's UID.
C.Is used to store encrypted group passwords.
D.Is readable by all users.
E.Contains password aging information such as minimum and maximum days.
AnswersA, E

This is the primary purpose of /etc/shadow.

Why this answer

The /etc/shadow file contains password hashes and password aging information. It is not world-readable; only root and members of the shadow group can read it (though default permissions vary).

317
Drag & Dropmedium

Arrange the steps to configure a logical volume snapshot named 'snap_lv_data' of logical volume 'lv_data'.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Snapshots are created with -s flag, mounted, and removed after use.

318
MCQhard

An administrator needs to add a 2GB swap file to a system that already has swap partitions. Which set of commands will create and activate the swap file correctly?

A.fallocate -l 2G /swapfile; mkswap /swapfile; swapon /swapfile
B.mkfile 2G /swapfile; mkswap /swapfile; swapon /swapfile
C.dd if=/dev/zero of=/swapfile bs=1M count=2048; mkswap /swapfile; swapon /swapfile
D.touch /swapfile; truncate -s 2G /swapfile; mkswap /swapfile; swapon /swapfile
AnswerA

Efficiently creates the file and activates swap.

Why this answer

Option A is correct because `fallocate` pre-allocates a 2GB file efficiently without writing data blocks, then `mkswap` sets up the swap signature, and `swapon` activates it. This is the recommended method for creating swap files on modern Linux systems, as it avoids the overhead of writing zeros with `dd`.

Exam trap

Red Hat often tests the difference between `fallocate` (fast, pre-allocates) and `dd` (slow, writes zeros) to see if candidates know the efficient method, and the trap is that `dd` works but is not the best practice for the exam's context.

How to eliminate wrong answers

Option B is wrong because `mkfile` is not a standard Linux command (it exists on some BSD systems) and will fail on RHEL/CentOS. Option C is wrong because while `dd` can create the swap file, it is unnecessarily slow and writes every block, which is inefficient compared to `fallocate`; however, it would technically work, but the question asks for the 'correct' set, and `fallocate` is the modern, preferred method. Option D is wrong because `touch` creates an empty file and `truncate` sets its size, but the file is sparse (holes) and may cause swap to fail or behave unexpectedly due to filesystem support issues; `mkswap` requires a non-sparse file.

319
MCQeasy

An administrator is configuring an NFS mount in /etc/fstab to mount from server:/export to /mnt/data. The mount must use the 'hard' and 'nosuid' options. Which line is correct?

A.server:/export /mnt/data nfs defaults,noexec,nodev 0 0
B.server:/export /mnt/data nfs nosuid,hard,defaults 0 0
C.server:/export /mnt/data ext4 defaults 0 0
D.server:/export /mnt/data nfs suid,soft 0 0
E.server:/export /mnt/data nfs nosuid,hard 0 0
AnswerE

Correct: specifies required options.

Why this answer

Option E is correct because it specifies the NFS filesystem type and includes both required mount options: 'nosuid' (disallows set-user-identifier/set-group-identifier bits) and 'hard' (retries NFS requests indefinitely until the server responds). The syntax follows the correct /etc/fstab format: <server>:/<export> <mountpoint> <fstype> <options> <dump> <pass>.

Exam trap

Red Hat often tests the misconception that 'defaults' can be combined with other options without conflict, but in reality 'defaults' includes 'suid', which directly contradicts the required 'nosuid' option.

How to eliminate wrong answers

Option A is wrong because it uses 'noexec' and 'nodev' instead of the required 'nosuid' and 'hard' options, and it omits 'hard' entirely. Option B is wrong because it includes 'defaults' after 'nosuid,hard', which is redundant and may cause unexpected behavior (defaults includes 'suid', conflicting with 'nosuid'). Option C is wrong because it specifies 'ext4' as the filesystem type, which is incorrect for an NFS mount.

Option D is wrong because it uses 'suid' (the opposite of the required 'nosuid') and 'soft' (which can cause silent data corruption on NFS timeouts) instead of 'hard'.

320
Multi-Selectmedium

Which TWO statements about systemd journal and rsyslog are correct?

Select 2 answers
A.rsyslog reads log messages directly from the journal files in /var/log/journal.
B.The command 'journalctl --list-boots' lists only the current boot's journal entries.
C.The command 'journalctl -u sshd.service' outputs the same as 'tail -f /var/log/messages' for SSH logs.
D.The journal stores logs in a structured binary format, allowing filtering by fields like _UID or _SYSTEMD_UNIT.
E.The journal can forward log messages to rsyslog by setting ForwardToSyslog=yes in /etc/systemd/journald.conf.
AnswersD, E

journald uses structured logging with various metadata fields.

Why this answer

Option D is correct because the systemd journal stores log data in a structured binary format (using the journald protocol), which allows filtering by specific fields such as _UID, _SYSTEMD_UNIT, or _COMM. This enables precise queries via journalctl, unlike plain-text log files.

Exam trap

The trap here is that candidates confuse the journal's structured binary format with plain-text log files, or assume rsyslog reads journal files directly, when in fact forwarding is configured via journald.conf.

321
MCQmedium

A container running a web server exits immediately after starting. The administrator runs 'podman logs <container>' and sees 'Error: listen tcp :80: bind: address already in use'. What is the most likely cause and solution?

A.The host port 80 is occupied; use -p 8080:80 to map a different host port.
B.SELinux is preventing the container from binding to the port; set enforce to permissive.
C.The container does not have network access; add --network host.
D.The firewall is blocking outbound connections; disable firewalld.
AnswerA

Error clearly states address already in use; remapping host port resolves it.

Why this answer

The error 'address already in use' indicates that port 80 on the host is already occupied by another process. By default, Podman maps container port 80 to host port 80. Using `-p 8080:80` maps the container's port 80 to an unused host port 8080, resolving the conflict without changing the container's internal configuration.

Exam trap

Red Hat often tests the misconception that SELinux or firewall rules are the cause of port binding errors, when in fact the error message 'address already in use' explicitly points to a port conflict that must be resolved by changing the host port mapping.

How to eliminate wrong answers

Option B is wrong because SELinux does not produce 'address already in use' errors; it would generate AVC denial messages, and setting it to permissive is unnecessary and insecure for this issue. Option C is wrong because the container already has network access (it attempted to bind), and `--network host` would share the host's network stack, which would still conflict with the occupied port 80. Option D is wrong because the firewall does not cause 'address already in use' errors; it blocks traffic at the network layer, not bind operations, and disabling it would not free the occupied port.

322
MCQhard

Refer to the exhibit. The filesystem /var/www/html is mounted, but after a reboot, the directory is empty. What is the most likely cause?

A.The filesystem type is incorrectly specified as ext4 in fstab
B.The mount point /var/www/html does not exist after reboot
C.The device path /dev/vg_data/lv_web is not persistent across reboots
D.The logical volume is not activated at boot because the volume group is not set to auto-activate
AnswerD

Correct. If the VG is not auto-activated, the LV device is not available, causing mount to fail at boot.

Why this answer

The /etc/fstab entry uses /dev/vg_data/lv_web, which is a device mapper path. If the logical volume is not activated before the mount, it may not be available. However, the most common issue is that the filesystem is mounted but the content is missing because the mount point is overlaid by another filesystem or the content is on a different logical volume.

Actually, the exhibit shows a fresh filesystem with no data. If after reboot it's empty, it means the filesystem is mounted correctly but the data is not persistent? Wait, the filesystem was just created, so it's empty. The question might be that the administrator expected data to be there? Let me adjust: The exhibit shows creating and mounting, then fstab entry.

After reboot, the directory is empty. The most likely cause is that the logical volume is not activated at boot because the volume group is not automatically activated. In Red Hat, by default, volume groups are activated at boot.

But if the VG is on a remote storage or if there is a delay, it might not be available. However, a common issue is that the fstab entry uses the device mapper path but the system may use different names. Actually, the correct answer is that the filesystem is not mounted at boot because the mount point is not created? No, /var/www/html exists.

Another possibility: the fstab entry uses the device path but the device is not available at the time of mounting. The most likely cause is that the logical volume is not activated before the mount. In systemd, there is a dependency.

But perhaps the simpler answer is that the filesystem type is ext4 but the kernel module is not loaded? Unlikely. Let me think of a typical EX200 scenario: After creating a filesystem and adding to fstab, the system may not mount it at boot if the mount point is used by another filesystem or if there is a UUID conflict. However, the exhibit uses device path, not UUID.

The issue might be that the mount point /var/www/html is a directory that already contains files from a previous mount? But the filesystem is new, so empty. After reboot, the directory is empty because the new filesystem is mounted, but the old data (if any) is hidden. But the question says "the directory is empty", implying it should have data.

Perhaps the administrator expected data from a previous filesystem? The exhibit only shows creation of a new filesystem. So the most likely cause is that the filesystem was created but no data was copied. That seems too trivial.

Let me change the stem: After reboot, the mount fails and the directory is empty. The most likely cause is that the logical volume is not activated. But the exhibit shows the mount command worked.

After reboot, if the LV is not activated, the mount fails, and the directory would be empty (since it's a regular directory). So the correct answer is that the volume group is not auto-activated. However, in Red Hat, by default, volume groups are activated.

To make it not activate, you would set auto_activation_volume_list. But that's advanced. Perhaps the answer is that the fstab entry uses the wrong device path because the LV name changed? LVM names are persistent.

Another common issue: the fstab entry uses /dev/vg_data/lv_web but the system may use /dev/mapper/vg_data-lv_web. Both are acceptable. I think the most plausible is that the volume group is not activated at boot.

Let me craft options accordingly.

323
Multi-Selecteasy

Which TWO commands can be used to view the kernel ring buffer?

Select 2 answers
A.journalctl -f
B.dmesg
C.cat /var/log/messages
D.systemctl status
E.journalctl -k
AnswersB, E

dmesg displays the kernel ring buffer.

Why this answer

The kernel ring buffer stores kernel-related messages, such as hardware driver and boot messages. The `dmesg` command is specifically designed to print or control this buffer, making it a direct and correct tool for viewing kernel ring buffer messages.

Exam trap

The trap here is that candidates may confuse general log viewing commands (like `journalctl -f` or `cat /var/log/messages`) with the specific tools designed to read the kernel ring buffer, or forget that `journalctl -k` is the systemd-native way to access kernel messages.

324
MCQhard

You are a Red Hat administrator at a company that runs a critical database server. The server has a single 500GB SSD (/dev/sda) with a default partition layout: /boot (1GB), swap (8GB), and / (491GB) using LVM. The database stores data in /var/lib/mysql, which is on the root logical volume. Recently, the /var/lib/mysql directory has been growing rapidly and is now at 95% usage. The server has an additional 1TB HDD (/dev/sdb) installed but not configured. You need to provide additional storage to /var/lib/mysql without downtime. The database is currently running and must remain accessible. You have root access via SSH. Which of the following is the best course of action?

A.Create a physical volume on /dev/sdb, create a new volume group named vgdb, create a logical volume lvdb of 900GB, format with XFS, mount temporarily at /mnt, copy /var/lib/mysql to /mnt using rsync while the database is running, then unmount and remount at /var/lib/mysql after updating /etc/fstab and stopping the database momentarily.
B.Add /dev/sdb as a physical volume, extend the root volume group, extend the root logical volume, and grow the filesystem. Then move /var/lib/mysql to a new directory on the extended space.
C.Use lvreduce to shrink the root LV by 10GB, then lvextend to create a new LV for /var/lib/mysql, format with ext4, mount, and copy data.
D.Partition /dev/sdb with a single partition, format with ext4, mount at /var/lib/mysql, and copy the data. Then update /etc/fstab.
AnswerA

Correct: uses LVM, creates dedicated storage, and migrates data with minimal downtime.

Why this answer

Option A is correct because it uses LVM to create a dedicated logical volume on the new disk, allowing the database data to be migrated without downtime. By using rsync while the database is running, the data remains accessible, and only a brief stop is needed for the final sync and remount. This approach avoids modifying the root filesystem and ensures the database service is interrupted minimally.

Exam trap

The trap here is that candidates may think extending the root volume group and logical volume is simpler, but they overlook that the root filesystem itself is not the bottleneck—the specific directory /var/lib/mysql needs dedicated space without risking the root filesystem's integrity.

How to eliminate wrong answers

Option B is wrong because extending the root logical volume and filesystem does not isolate /var/lib/mysql onto its own storage; the entire root filesystem would still be at risk of filling up, and moving data within the same filesystem does not solve the capacity issue. Option C is wrong because shrinking the root LV (lvreduce) on a live XFS filesystem is not supported without unmounting and risks data corruption; also, creating a new LV from the freed space would still leave the root filesystem constrained. Option D is wrong because mounting a new ext4 filesystem directly at /var/lib/mysql while the database is running would overwrite the existing data directory, causing immediate data loss and service disruption; the data must be copied after mounting elsewhere.

325
MCQhard

A complex script uses 'trap' to handle signals. The admin writes 'trap '' SIGINT' to ignore Ctrl+C, but later in the script they want to re-enable the default behavior. Which command restores the default behavior for SIGINT?

A.trap - SIGINT
B.trap : SIGINT
C.trap 2
D.trap SIGINT
AnswerA

D is correct. The dash removes the trap.

Why this answer

Option D is correct because 'trap - SIGINT' removes the trap and restores default behavior. Option A is wrong because 'trap : SIGINT' sets a no-op trap, not default. Option B is wrong because 'trap 2' is not valid.

Option C is wrong because 'trap SIGINT' without '-' sets a trap to execute the signal name as a command, which is incorrect.

326
MCQeasy

A junior admin receives a ticket: 'The /var partition is filling up quickly. The server has an extra 100GB disk /dev/sdb. The /var filesystem is on logical volume lv_var in volume group vg_system. Currently, vg_system has no free extents. The admin's plan: create a new physical volume on /dev/sdb, extend vg_system, extend lv_var, and resize the filesystem. He runs: pvcreate /dev/sdb; vgextend vg_system /dev/sdb; lvextend -L+100G /dev/vg_system/lv_var; resize2fs /dev/vg_system/lv_var. The system reports error: 'resize2fs: Invalid argument while trying to open /dev/vg_system/lv_var'. What is the most likely mistake?

A.He should have used lvresize instead of lvextend.
B.He forgot to run partprobe after pvcreate.
C.The lvextend command failed because vg_system has no free extents.
D.He used resize2fs instead of xfs_growfs because /var is typically XFS.
AnswerD

RHEL 8/9 defaults to XFS; resize2fs is for ext filesystems.

Why this answer

Option D is correct because the error 'resize2fs: Invalid argument while trying to open /dev/vg_system/lv_var' indicates that the filesystem on lv_var is not ext2/3/4 but likely XFS. RHEL 8/9 defaults to XFS for /var, and XFS requires xfs_growfs (which operates on a mount point, not a block device) instead of resize2fs. Using resize2fs on an XFS filesystem produces this exact error.

Exam trap

The trap here is that candidates assume all Linux filesystems use resize2fs, but EX200 tests the RHEL default of XFS, which requires xfs_growfs and a mount point argument, not a block device.

How to eliminate wrong answers

Option A is wrong because lvextend and lvresize are functionally equivalent for extending a logical volume; lvextend is a subset of lvresize and does not cause the error. Option B is wrong because partprobe is unnecessary after pvcreate on a whole disk (no partition table); pvcreate directly writes LVM metadata to /dev/sdb, and the kernel recognizes it without partprobe. Option C is wrong because the lvextend command would have failed with a 'no free extents' error before reaching resize2fs; the admin successfully extended lv_var (as shown by the error occurring at resize2fs), meaning vgextend provided free extents.

327
Multi-Selecthard

Which THREE of the following are valid options for mounting an ext4 filesystem with specific mount options in /etc/fstab?

Select 3 answers
A.noexec
B.relatime
C.noatime
D.suid
E.nodev
AnswersA, C, E

Valid mount option.

Why this answer

The `noexec` option prevents execution of binaries on the mounted filesystem, which is a common security hardening measure. It is a valid mount option for ext4 and can be specified in /etc/fstab.

Exam trap

Red Hat often tests the distinction between options that enable a feature (like suid) versus those that disable it (like nosuid), and candidates may confuse valid options with the ones that are actually correct in a multi-select question.

328
MCQeasy

A system administrator is troubleshooting a RHEL 9 server that fails to boot and drops into emergency mode. The system console shows an error about mounting /dev/sdb1 on /data. The administrator enters emergency mode, checks /etc/fstab, and sees the line: /dev/sdb1 /data ext4 defaults 0 0. The /data directory exists but /dev/sdb1 is a partition on an external USB drive that was removed. The administrator needs the system to boot normally without the USB drive and plans to fix the mount configuration later. Which course of action should the administrator take?

A.Remove the line from /etc/fstab and run systemctl daemon-reload, then reboot.
B.Add the nofail option to the fstab line, then reboot.
C.Delete the /data directory and reboot.
D.Use a text editor to insert '#' at the beginning of the /dev/sdb1 line in /etc/fstab, then reboot.
AnswerD

Commenting the line prevents the mount attempt; system will boot normally.

Why this answer

Option D is correct because commenting out the /dev/sdb1 line in /etc/fstab with '#' prevents systemd from attempting to mount the missing device during boot, allowing the system to boot normally into multi-user.target. This is a safe, reversible change that does not delete the mount point or alter the filesystem, and it preserves the original configuration for later restoration.

Exam trap

The trap here is that candidates may think removing the line or adding nofail is the correct fix, but they overlook that the system is already in emergency mode and the immediate goal is to boot normally with minimal changes, making a simple comment-out the safest and most reversible action.

How to eliminate wrong answers

Option A is wrong because removing the line from /etc/fstab and running systemctl daemon-reload does not take effect until the next reboot; however, the immediate boot failure is caused by systemd's mount unit for /data failing, and removing the line alone does not address the current emergency mode state—though it would work after reboot, it is less reversible and not the minimal fix. Option B is wrong because adding the nofail option to the fstab line requires editing the file and rebooting, but the system is already in emergency mode; while nofail would prevent future boot failures, it does not resolve the immediate need to boot without the USB drive, and it permanently changes the mount behavior rather than temporarily disabling the entry. Option C is wrong because deleting the /data directory does not fix the mount failure; systemd still attempts to mount /dev/sdb1 on /data, and the missing device will cause the same error, plus deleting the directory may cause data loss if it contains important files.

329
Multi-Selectmedium

Which TWO commands can be used to view the contents of a compressed file named 'archive.tar.gz' without extracting it?

Select 2 answers
A.gzip -d archive.tar.gz
B.tar -tzf archive.tar.gz
C.gunzip -c archive.tar.gz
D.tar -xf archive.tar.gz
E.zcat archive.tar.gz | tar -t
AnswersB, E

Lists contents of tar.gz.

Why this answer

Option B is correct because `tar -tzf archive.tar.gz` lists the contents of a gzip-compressed tar archive without extracting it. The `-t` option tells tar to list the table of contents, `-z` filters the archive through gzip decompression, and `-f` specifies the archive file. This command reads the archive metadata directly without writing any files to disk.

Exam trap

The trap here is that candidates confuse decompression commands (like `gunzip -c`) with listing commands, or they assume `tar -xf` can list contents because of the `-x` (extract) flag, but `-x` always writes files unless combined with `-t` which overrides it to list mode.

330
MCQeasy

A technician needs to configure a static IPv4 address on a RHEL 9 network interface 'enp1s0' using NetworkManager. Which command should be used to set the IP address?

A.nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24
B.nmtui edit enp1s0 --ipv4 192.168.1.100/24
C.ip addr add 192.168.1.100/24 dev enp1s0
D.ifconfig enp1s0 192.168.1.100 netmask 255.255.255.0
AnswerA

This makes a persistent change via NetworkManager.

Why this answer

Option A is correct because `nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24` is the proper NetworkManager command to set a static IPv4 address on a RHEL 9 interface. This command modifies the connection profile for 'enp1s0' by setting the `ipv4.addresses` property to the specified address and prefix length, which is the standard method for persistent static IP configuration via NetworkManager.

Exam trap

The trap here is that candidates often confuse temporary runtime commands (like `ip addr add` or deprecated `ifconfig`) with persistent configuration tools required by NetworkManager, or they misuse `nmtui` syntax expecting inline arguments instead of its interactive interface.

How to eliminate wrong answers

Option B is wrong because `nmtui edit enp1s0 --ipv4 192.168.1.100/24` is not a valid syntax; `nmtui` is an interactive text user interface and does not accept command-line arguments like `--ipv4` — it must be run interactively or with subcommands like `nmtui edit` without inline IP assignment. Option C is wrong because `ip addr add 192.168.1.100/24 dev enp1s0` only adds the IP address temporarily to the kernel's network stack; it does not persist across reboots and does not use NetworkManager, so it is not the correct tool for a persistent static configuration. Option D is wrong because `ifconfig` is deprecated in RHEL 9 and does not integrate with NetworkManager; it also only sets the address temporarily and lacks persistent configuration capabilities.

331
MCQhard

A company has a RHEL 9 server that hosts a critical application. The server has two network interfaces: enp1s0 (192.168.1.100/24) and enp2s0 (10.0.0.100/24). The default gateway is 192.168.1.1. The application listens on a TCP port 8080 and should be accessible from both networks. Recently, the administrator noticed that clients on the 10.0.0.0/24 network can ping the server's 10.0.0.100 address but cannot connect to port 8080. Clients on 192.168.1.0/24 can connect fine. The firewall is configured with the default zone (public) and the service 'http' is allowed, but port 8080 is not specifically allowed. The administrator checks 'firewall-cmd --list-all' and sees that only services 'ssh' and 'http' are listed. The application is running and listening on 0.0.0.0:8080. What is the most likely cause and the correct course of action?

A.Disable SELinux to allow the application to accept connections.
B.Add a firewall rule to open TCP port 8080 in the public zone using 'firewall-cmd --add-port=8080/tcp --permanent' and reload.
C.Change the application to listen only on the 10.0.0.100 interface.
D.Add a static route for the 10.0.0.0/24 network via the 10.0.0.1 gateway.
AnswerB

The firewall is blocking port 8080; adding the rule allows traffic.

Why this answer

The firewall is blocking incoming connections to port 8080 because only services 'ssh' (port 22) and 'http' (port 80) are allowed in the public zone. Since the application listens on 0.0.0.0:8080, it is reachable from both networks at the IP level, but the firewall drops packets destined for port 8080. Adding a permanent rule to open TCP port 8080 and reloading the firewall configuration resolves the issue.

Exam trap

The trap here is that candidates assume the application is unreachable due to a routing or SELinux issue, overlooking the fact that the firewall's default zone only allows explicitly listed services and ports, and that 'http' does not cover port 8080.

How to eliminate wrong answers

Option A is wrong because SELinux does not block network ports by default; it enforces mandatory access control on processes, and disabling it is unnecessary and insecure—the problem is firewall-related, not SELinux. Option C is wrong because the application already listens on 0.0.0.0 (all interfaces), and restricting it to 10.0.0.100 would break connectivity for clients on the 192.168.1.0/24 network. Option D is wrong because clients on 10.0.0.0/24 can already ping the server's 10.0.0.100 address, indicating routing is functional; the issue is a firewall rule, not a missing static route.

332
MCQhard

An administrator wants to encrypt a new partition /dev/sdc1 using LUKS. Which command sequence is correct?

A.mkfs.ext4 /dev/sdc1; cryptsetup luksFormat /dev/sdc1; cryptsetup open /dev/sdc1 secret; mount /dev/mapper/secret /mnt
B.cryptsetup open /dev/sdc1 secret; mkfs.ext4 /dev/mapper/secret; cryptsetup luksFormat /dev/mapper/secret; mount /dev/mapper/secret /mnt
C.cryptsetup luksFormat /dev/sdc1; mkfs.ext4 /dev/sdc1; cryptsetup open /dev/sdc1 secret; mount /dev/mapper/secret /mnt
D.cryptsetup open /dev/sdc1 secret; cryptsetup luksFormat /dev/mapper/secret; mkfs.ext4 /dev/mapper/secret; mount /dev/mapper/secret /mnt
E.cryptsetup luksFormat /dev/sdc1; cryptsetup open /dev/sdc1 secret; mkfs.ext4 /dev/mapper/secret; mount /dev/mapper/secret /mnt
AnswerE

Correct. This is the proper sequence for LUKS encryption.

Why this answer

Option E is correct because the proper sequence for encrypting a new partition with LUKS is: first initialize the LUKS header on the block device with `cryptsetup luksFormat`, then open the encrypted device to create a mapping under `/dev/mapper/`, then create a filesystem on the mapped device (not the raw block device), and finally mount the mapped device. This ensures the filesystem is built on top of the encrypted layer, not on the unencrypted partition.

Exam trap

Red Hat often tests the misconception that you can create a filesystem directly on the raw partition after `luksFormat` (Option C) or that you should open the device before formatting it with LUKS (Option B), leading candidates to confuse the order of operations for LUKS encryption.

How to eliminate wrong answers

Option A is wrong because it creates a filesystem on the raw `/dev/sdc1` before LUKS encryption, which would leave the filesystem unencrypted and the subsequent `luksFormat` would overwrite it. Option B is wrong because it attempts to open a LUKS device that hasn't been formatted yet (`cryptsetup open` before `luksFormat`), and then tries to `luksFormat` the mapper device instead of the raw block device. Option C is wrong because it creates a filesystem directly on `/dev/sdc1` after `luksFormat`, which would destroy the LUKS header and leave data unencrypted.

Option D is wrong because it opens a non-existent LUKS container (no `luksFormat` first) and then tries to `luksFormat` the mapper device, which is not the correct target for initialization.

333
MCQeasy

An administrator needs to enable swap on a newly created partition /dev/sdc1. Which two commands should be executed in order?

A.mkswap /dev/sdc1; mount /dev/sdc1
B.swapon /dev/sdc1; mkswap /dev/sdc1
C.swapon /dev/sdc1; mount /dev/sdc1
D.mkfs.swap /dev/sdc1; swapon /dev/sdc1
E.mkswap /dev/sdc1; swapon /dev/sdc1
AnswerE

Correct: formats then activates swap.

Why this answer

Option E is correct because enabling swap on a new partition requires first formatting it as swap space with `mkswap`, then activating it with `swapon`. The `mkswap` command writes a swap signature to the partition, and `swapon` enables the kernel to use it as swap. Without `mkswap`, the partition lacks the proper swap filesystem structure and cannot be used for swapping.

Exam trap

The trap here is that candidates confuse the order of operations or mistakenly think `mount` can be used for swap, or that `mkfs.swap` is a valid command, when in fact swap requires `mkswap` followed by `swapon` and never uses `mount`.

How to eliminate wrong answers

Option A is wrong because `mount` cannot mount a swap partition; swap is not a regular filesystem and must be activated with `swapon`, not mounted. Option B is wrong because `swapon` is executed before `mkswap`, which fails since the partition has no swap signature yet; the order must be reversed. Option C is wrong because `swapon` on an unformatted partition fails, and `mount` is invalid for swap.

Option D is wrong because `mkfs.swap` is not a valid command; the correct command to create a swap filesystem is `mkswap`.

334
Multi-Selecteasy

Which TWO commands can mount an ISO file /tmp/rhel.iso to /mnt/iso?

Select 2 answers
A.mount -o loop /tmp/rhel.iso /mnt/iso
B.isomount /tmp/rhel.iso /mnt/iso
C.mount -t iso9660 -o loop /tmp/rhel.iso /mnt/iso
D.losetup /tmp/rhel.iso && mount /dev/loop0 /mnt/iso
E.mount /tmp/rhel.iso /mnt/iso
AnswersA, C

Correct: mount with -o loop automatically sets up a loop device.

Why this answer

Option A is correct because the `mount -o loop` command creates a loop device to access the ISO file as a block device, allowing it to be mounted to /mnt/iso. This is the standard method for mounting ISO files without specifying a filesystem type, as the kernel auto-detects iso9660.

Exam trap

The trap here is that candidates may think `mount` can directly handle a file without the loop option (Option E), or they may confuse `losetup` syntax (Option D) with the correct procedure, leading to errors in a real exam scenario.

335
Drag & Dropmedium

Order the steps to create a new LVM logical volume of 5 GiB named 'lv_data' in volume group 'vg_data'.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

LVM creation follows: PV, VG, LV, then filesystem and mount.

336
MCQhard

An administrator needs to ensure that a mounted NFS filesystem is not accessible to users without proper Kerberos authentication, even if the NFS server exports with no_root_squash. Which mount options should be used in /etc/fstab?

A.sec=krb5i,soft
B.sec=sys,ro
C.sec=krb5,noexec
D.sec=krb5p,hard
AnswerD

krb5p provides authentication and encryption; hard ensures the mount persists.

Why this answer

Option D is correct because `sec=krb5p` enforces Kerberos authentication with full encryption of NFS traffic, ensuring that only users with valid Kerberos tickets can access the filesystem. The `hard` mount option ensures persistent retries if the server becomes unreachable, which is standard for critical NFS mounts. This combination prevents unauthorized access even if the server uses `no_root_squash`, as Kerberos authentication is enforced at the RPC layer.

Exam trap

The trap here is that candidates often confuse `sec=krb5` (authentication only) with `sec=krb5p` (full encryption), or assume `sec=sys` is sufficient for security, ignoring that `no_root_squash` bypasses UID-based restrictions.

How to eliminate wrong answers

Option A is wrong because `sec=krb5i` provides integrity checking but not encryption, and `soft` can cause silent data corruption on NFS timeouts, making it unsuitable for secure, reliable mounts. Option B is wrong because `sec=sys` uses traditional AUTH_SYS (UID/GID-based) authentication, which is vulnerable to spoofing and does not enforce Kerberos; `ro` only restricts write access, not read access by unauthorized users. Option C is wrong because `sec=krb5` provides Kerberos authentication without encryption (only for the initial handshake), and `noexec` prevents execution of binaries but does not address authentication or encryption requirements.

337
MCQmedium

A developer runs the script shown in the exhibit and always sees 'Success' printed, even when the previous command fails. What is the most likely cause?

A.The [[ ]] syntax always evaluates to true
B.The $? variable is only set after external commands, not builtins
C.The $? variable captures the exit status of the [[ command, not the intended command
D.The $? variable always returns 0 in a conditional
AnswerC

A is correct.

Why this answer

Option A is correct because $? is the exit status of the last command, which is the [[ command itself, not the command before the script. The [[ command returns 0 because the comparison is syntactically correct. Option B is wrong because $? is not the script's PID.

Option C is wrong because [[ ]] does not return the negation. Option D is wrong because $? is set correctly but for the wrong command.

338
MCQhard

An ext4 filesystem on a logical volume has been extended with lvextend, but df -h still shows the old size. Which command must be run to make the filesystem aware of the new size?

A.lvextend -r
B.fsadm resize
C.resize2fs
D.xfs_growfs
AnswerC

Resizes the ext4 filesystem to match the logical volume size.

Why this answer

Option D (resize2fs) is correct for ext4 filesystems. Option A (xfs_growfs) is for XFS. Option B (lvextend -r) would have performed the resize automatically if used initially.

Option C (fsadm resize) is alternative but less common.

339
MCQeasy

A RHEL 8 system has an ext4 filesystem on /dev/sdb1 mounted at /backup. The admin runs out of space and wants to extend the filesystem. He adds a new disk /dev/sdc, creates a partition /dev/sdc1 (all space), adds it to LVM by creating a PV and extending the VG that contains the LV for /backup. He then extends the logical volume with lvextend -L+20G /dev/vg_backup/lv_backup. The command succeeds, but the filesystem still shows the old size. What did he forget to do?

A.Reboot the system to recognize the new space.
B.Resize the filesystem using resize2fs.
C.Run lvchange -ay to activate the logical volume.
D.Unmount the filesystem before extending the LV.
AnswerB

The LV is larger, but the filesystem must be resized to use the space.

Why this answer

When extending an LVM logical volume, the `lvextend` command only expands the logical volume's block device, not the filesystem residing on it. After extending the LV, the admin must run `resize2fs` (for ext4) to resize the filesystem to match the new LV size. Without this step, the kernel still sees the old filesystem metadata, so `df -h` reports the original size.

Exam trap

The trap here is that candidates assume `lvextend` automatically resizes the filesystem, but it only extends the logical volume; a separate filesystem resize command is required for non-LVM-aware filesystems like ext4.

How to eliminate wrong answers

Option A is wrong because rebooting is unnecessary; the kernel recognizes the new LV size immediately after `lvextend`, but the filesystem itself must be resized with `resize2fs`. Option C is wrong because `lvchange -ay` activates the LV, but the LV is already active (the `lvextend` succeeded), so this command is irrelevant. Option D is wrong because ext4 filesystems can be resized online (mounted) with `resize2fs`; unmounting is not required for extending, only for shrinking.

340
MCQmedium

An administrator needs to pass environment variables from the host to a container without exposing them in the command line. Which method should be used?

A.--env
B.--env-file
C.--secret
D.-e
AnswerB

Correct. It reads variables from a file, avoiding command line exposure.

Why this answer

Option B (--env-file) is correct because it allows environment variables to be passed to a container by reading them from a file, avoiding exposure in the command line or process list. This method is secure as the file can be restricted with file permissions, and the variables are not visible in commands like `ps aux` or shell history.

Exam trap

Red Hat often tests the distinction between `--env`/`-e` and `--env-file`, where candidates mistakenly choose `-e` because it is the most common flag, overlooking the security requirement to avoid command-line exposure.

How to eliminate wrong answers

Option A is wrong because `--env` is a valid flag for setting environment variables but it requires the variable to be specified directly in the command line, which exposes it to process listings and shell history. Option C is wrong because `--secret` is not a valid Docker or Podman flag for passing environment variables; secrets are managed via dedicated secret mechanisms (e.g., Docker secrets or Podman secrets) and are not used for general environment variable injection. Option D is wrong because `-e` is a shorthand for `--env` and similarly exposes the variable value in the command line, failing the requirement to avoid exposure.

341
Multi-Selecthard

Which THREE options are valid when creating a new partition with the 'parted' command? (Choose three.)

Select 3 answers
A.Setting the partition's UUID
B.Setting the partition's bootable flag
C.Setting the partition's name (GPT only)
D.Mounting the partition to a directory
E.Setting the partition type (e.g., ext4)
AnswersB, C, E

parted can toggle flags like boot.

Why this answer

Option B is correct because the 'parted' command can set the bootable flag on a partition using the 'set' command (e.g., 'set 1 boot on'). This flag is used by legacy BIOS bootloaders to identify the active partition, and it is a standard operation in MBR and GPT partition tables.

Exam trap

The trap here is that candidates confuse setting the partition type label (e.g., 'ext4') in parted with actually formatting the partition, or they assume parted can mount or assign UUIDs, which are filesystem-level tasks outside parted's scope.

342
MCQeasy

A junior admin needs to ensure that the 'apache' user (UID 48) cannot log in via SSH or console. Which command achieves this?

A.usermod -s /sbin/nologin apache
B.passwd -l apache
C.chage -l apache
D.usermod -e 1 apache
AnswerA

Sets shell to nologin, blocking interactive login.

Why this answer

Option A is correct because setting the user's login shell to `/sbin/nologin` prevents the user from obtaining an interactive shell via SSH or console login. When the user attempts to log in, the system executes `/sbin/nologin`, which prints a polite message and exits immediately, effectively denying shell access while leaving other services (e.g., Apache) functional.

Exam trap

The trap here is that candidates often confuse password locking (`passwd -l`) with shell restriction, not realizing that SSH key authentication or console login via `su` bypasses password locks, while changing the shell to `/sbin/nologin` blocks all interactive login methods.

How to eliminate wrong answers

Option B is wrong because `passwd -l apache` locks the user's password, preventing password-based authentication, but it does not prevent SSH key-based authentication or console login via other methods (e.g., su, sudo). Option C is wrong because `chage -l apache` lists the user's password aging information; it does not modify any setting that would block login. Option D is wrong because `usermod -e 1 apache` sets the account expiration date to January 1, 1970 (epoch), which disables the account entirely, but this is an overly aggressive approach that also prevents the Apache service from running as that user, whereas the requirement is only to prevent interactive login.

343
MCQmedium

A technician is configuring a new Red Hat Enterprise Linux 9 server with multiple disks. They need to create a RAID 1 array using /dev/sda and /dev/sdb for the /boot partition. Which tool can create the RAID array and enable booting from it?

A.Use mdadm to create a RAID1 device and install GRUB on both disks
B.Use parted to create a RAID array directly by specifying the RAID level
C.Use fdisk to create a RAID partition and then format with ext4
D.Use LVM to create a mirrored logical volume for /boot
AnswerA

mdadm creates the RAID array; GRUB can be installed on each disk's MBR to allow booting from either disk.

Why this answer

Option A is correct because mdadm is the standard Linux tool for creating software RAID arrays, including RAID 1 (mirroring). For the /boot partition, which must be readable by the bootloader, GRUB must be installed on both disks in the RAID 1 array to ensure bootability if one disk fails. mdadm creates the RAID device, and GRUB can then be installed on each disk's MBR or GPT partition.

Exam trap

The trap here is that candidates may think LVM mirroring is acceptable for /boot, but Red Hat exams emphasize that /boot must not use LVM or complex RAID levels; only RAID 1 with mdadm and GRUB on both disks is supported for bootability.

How to eliminate wrong answers

Option B is wrong because parted is a partition editor and cannot create RAID arrays; it can only create partitions, not configure RAID levels. Option C is wrong because fdisk can create RAID partitions (by setting the partition type to fd for Linux RAID), but it cannot create the RAID array itself; formatting with ext4 alone does not provide mirroring. Option D is wrong because LVM mirrored logical volumes are not recommended for /boot; the bootloader (GRUB) cannot read LVM metadata reliably, and /boot must reside on a non-LVM, non-RAID (or simple RAID 1) partition for boot compatibility.

344
Multi-Selecthard

Which THREE are valid methods to configure network bonding in RHEL 9? (Choose exactly three.)

Select 3 answers
A.Using a configuration file in /etc/NetworkManager/system-connections/.
B.Using nmcli to create a bond connection.
C.Using nmtui interactive interface.
D.Using the teamd service.
E.Editing /etc/sysconfig/network-scripts/ifcfg-bond0 directly.
AnswersA, B, C

NetworkManager stores connections there.

Why this answer

Option A is correct because in RHEL 9, NetworkManager stores connection profiles in `/etc/NetworkManager/system-connections/`. You can manually create a bond configuration file in this directory with the proper key-value pairs (e.g., `type=bond`, `bond.options=mode=1,miimon=100`), and NetworkManager will read it on restart or reload. This is a valid method for configuring network bonding.

Exam trap

The trap here is that candidates familiar with RHEL 7 or 8 may still expect `ifcfg-*` files or `teamd` to be valid, but RHEL 9 has fully removed both, making only NetworkManager-based methods (files, nmcli, nmtui) correct.

345
Multi-Selecthard

Which THREE of the following are common steps to configure a system to automatically mount an NFS share at boot?

Select 3 answers
A.Run 'mount -a' after boot
B.Ensure nfs-utils is installed
C.Use autofs
D.Configure /etc/exports
E.Add an entry to /etc/fstab
AnswersB, C, E

The nfs-utils package provides necessary utilities for NFS client.

Why this answer

B is correct because the NFS client functionality in Red Hat Enterprise Linux is provided by the nfs-utils package. Without this package installed, the system lacks the necessary tools (such as mount.nfs and rpcbind) to mount NFS shares, making it impossible to configure automatic mounting at boot.

Exam trap

Red Hat often tests the misconception that /etc/exports is a client-side configuration file, when in fact it is strictly a server-side file used to define exported directories, not client-side automount settings.

346
MCQeasy

A developer is running Podman as a non-root user on a Red Hat Enterprise Linux 8 system. The developer successfully runs a container, but notices that after logging out of the SSH session, the container stops. The developer wants the container to continue running even after disconnecting from the SSH session. The container is a simple web server that listens on port 8080. The developer has already enabled lingering for the user account using 'loginctl enable-linger'. However, the container still stops upon logout. What additional step should the developer take to ensure the container persists after logout?

A.Add the --restart=always flag to the podman run command
B.Use podman run --detach to run the container in the background
C.Use podman run -d to run the container in detached mode
D.Create a systemd user service by running 'podman generate systemd --new --name mywebcontainer' and then enable and start the service with 'systemctl --user enable --now container-mywebcontainer.service'
AnswerD

Generating a systemd user service allows the container to be managed independently of the user session; enabling lingering ensures the user's systemd instance persists, and the service keeps the container running after logout.

Why this answer

Option D is correct because even with lingering enabled, a container started directly via `podman run` is tied to the user's login session and will be terminated when the session ends. To make the container persist independently of the SSH session, it must be managed as a systemd user service. The `podman generate systemd --new` command creates a systemd unit file that can be enabled with `systemctl --user`, ensuring the container starts automatically and continues running after logout.

Exam trap

The trap here is that candidates confuse `--detach` or `-d` with making a container persistent, when in fact those flags only detach the container from the terminal, not from the user's login session; the container still stops when the session ends unless it is managed by systemd.

How to eliminate wrong answers

Option A is wrong because `--restart=always` is a Docker flag, not a Podman flag; Podman uses `--restart` with policies like `always` or `on-failure`, but even if used, it only restarts the container if it exits, not if the user session ends. Option B is wrong because `--detach` (or `-d`) runs the container in the background but still ties it to the user's login session; when the SSH session ends, the container is killed because it is a child of the shell session. Option C is wrong for the same reason as Option B: `-d` is synonymous with `--detach` and does not decouple the container from the user's login session; it only detaches the container from the terminal, not from the session lifecycle.

347
MCQhard

A system has a logical volume that is thinly provisioned. The thin pool has a size of 100GB and the thin volume has a virtual size of 500GB. The administrator notices that the thin pool has only 5GB of data written so far. Which command will display the current data usage of the thin volume?

A.df -h /dev/mapper/vg01-thinvol
B.lsblk /dev/mapper/vg01-thinvol
C.lvdisplay /dev/vg01/thinvol
D.lvs -o lv_name,data_percent
AnswerD

lvs with data_percent shows the percentage of the thin pool that has been allocated by the thin volume.

Why this answer

Option D is correct because the `lvs -o lv_name,data_percent` command specifically displays the percentage of the thin pool that has been consumed by the thinly provisioned logical volume. For thin volumes, the `data_percent` field reports the actual data usage relative to the thin pool's capacity, which is exactly what the administrator needs to see the current 5GB usage against the 100GB pool.

Exam trap

The trap here is that candidates confuse filesystem-level usage (shown by `df`) with thin pool-level data usage, leading them to pick `df -h` which incorrectly reports the virtual size instead of the actual consumed space.

How to eliminate wrong answers

Option A is wrong because `df -h` shows filesystem usage from the perspective of the mounted filesystem, not the thin pool's data usage; it would report the virtual size (500GB) as the total capacity, not the actual 5GB of data written. Option B is wrong because `lsblk` displays block device attributes like size, type, and mount point, but it does not provide thin pool-specific metrics such as data percentage or actual consumption. Option C is wrong because `lvdisplay` shows general logical volume properties (e.g., size, status) but does not include the `data_percent` field; that field is only available via `lvs` with specific output columns.

348
MCQeasy

An administrator wants to gracefully terminate a process with PID 12345. Which command should be used?

A.kill -STOP 12345
B.kill -9 12345
C.kill -KILL 12345
D.kill -TERM 12345
AnswerD

SIGTERM requests graceful termination.

Why this answer

Option D is correct because `kill -TERM` (or `kill -15`) sends the SIGTERM signal, which requests a process to terminate gracefully. This allows the process to perform cleanup tasks (e.g., closing files, releasing resources) before exiting, making it the standard way to stop a process politely.

Exam trap

Red Hat often tests the distinction between signals that allow graceful termination (SIGTERM) versus those that force immediate termination (SIGKILL), and candidates frequently confuse `kill -9` as the 'standard' way to stop a process, missing the 'graceful' requirement in the question.

How to eliminate wrong answers

Option A is wrong because `kill -STOP` sends SIGSTOP, which pauses (suspends) the process rather than terminating it; the process remains in a stopped state and can be resumed with SIGCONT. Option B is wrong because `kill -9` sends SIGKILL, which forcefully terminates the process without allowing any cleanup, which is not graceful. Option C is wrong because `kill -KILL` is equivalent to `kill -9` (SIGKILL), which also forcefully kills the process and does not permit graceful shutdown.

349
Multi-Selectmedium

Which TWO commands can be used to create a logical volume using all available free space in a volume group?

Select 2 answers
A.lvcreate --size 20G vgdata lvdata
B.lvcreate -l 100%FREE -n lvdata vgdata
C.lvcreate -L 20G -n lvdata vgdata
D.lvcreate -l 100%VG -n lvdata vgdata
E.lvcreate -L 100%FREE -n lvdata vgdata
AnswersB, D

Uses all free extents.

Why this answer

Option B is correct because the `-l 100%FREE` flag allocates all available unassigned physical extents in the volume group to the new logical volume, which is the precise way to use all free space. Option D is also correct because `-l 100%VG` allocates 100% of the total physical extents in the volume group, which effectively uses all free space if no other logical volumes exist; if other logical volumes exist, it will fail or resize them, but in the context of 'all available free space,' it is a valid method when the VG has no other allocations.

Exam trap

Red Hat often tests the distinction between `-l` (extents/percentage) and `-L` (fixed size) flags, and candidates mistakenly use `-L 100%FREE` thinking it works like the `-l` percentage syntax.

350
Multi-Selecteasy

Which TWO commands can be used to display the current date and time in a format like '2023-10-05 14:30:00'?

Select 2 answers
A.date '+%Y-%m-%d %H:%M:%S'
B.cal
C.timedatectl
D.date -Iseconds
E.hwclock
AnswersA, D

Formats date as required.

Why this answer

Option A is correct because the `date` command with the format string `'+%Y-%m-%d %H:%M:%S'` explicitly outputs the current date and time in the requested 'YYYY-MM-DD HH:MM:SS' format. The `%Y`, `%m`, `%d`, `%H`, `%M`, and `%S` specifiers correspond to the year, month, day, hour, minute, and second respectively, giving precise control over the output.

Exam trap

Red Hat often tests the distinction between commands that display time in a raw format versus those that require explicit formatting; candidates may mistakenly choose `timedatectl` because it shows the current time, but it does not output in the exact 'YYYY-MM-DD HH:MM:SS' format without additional parsing.

351
MCQhard

A system administrator tries to mount a filesystem but receives the error: 'mount: /dev/sdb1 is already mounted or /data busy'. The filesystem is not listed in the mount output. What is the most likely cause?

A.The kernel does not have the filesystem driver loaded
B.The mount point /data is in use by a process
C.The device is already mounted on another mount point
D.The filesystem is corrupted
AnswerB

A process using the directory prevents mounting.

Why this answer

The error message 'mount: /dev/sdb1 is already mounted or /data busy' indicates that the mount point /data is currently in use by a process, preventing the mount operation. Even though the filesystem is not listed in the mount output, a process may have an open file descriptor or be using /data as its current working directory, which keeps the directory busy. The 'lsof' or 'fuser' commands can be used to identify the offending process.

Exam trap

Red Hat often tests the distinction between 'device busy' (device already mounted elsewhere) and 'mount point busy' (directory in use), leading candidates to incorrectly assume the device is already mounted when the error actually points to the mount point being active.

How to eliminate wrong answers

Option A is wrong because if the kernel lacked the filesystem driver, the error would be something like 'mount: unknown filesystem type' or 'mount: /dev/sdb1: can't read superblock', not a 'busy' message. Option C is wrong because if the device were already mounted on another mount point, it would appear in the mount output (e.g., via 'mount' or 'findmnt'), and the error would typically say 'device is busy' or 'already mounted', but the specific mention of '/data busy' points to the mount point, not the device. Option D is wrong because a corrupted filesystem would produce errors like 'mount: /dev/sdb1: can't read superblock' or 'mount: wrong fs type, bad option, bad superblock', not a 'busy' condition.

352
Multi-Selecthard

Which TWO commands are valid for resizing an XFS file system? (Choose exactly two.)

Select 2 answers
A.xfs_admin -L /mnt
B.xfs_growfs /mnt
C.resize2fs /dev/sda1
D.xfs_growfs -D 10g /mnt
E.xfs_repair /dev/sda1
AnswersB, D

Grows the file system to the maximum available space.

Why this answer

Option B is correct because `xfs_growfs` is the dedicated command for resizing (growing) an XFS file system while it is mounted. It expands the file system to fill the available space in the underlying device or logical volume, making it the primary tool for XFS resizing operations.

Exam trap

Red Hat often tests the distinction between file system-specific tools, so the trap here is that candidates confuse `resize2fs` (for ext4) with `xfs_growfs` (for XFS), or mistakenly think `xfs_admin` can resize the file system when it only manages labels and UUIDs.

353
Multi-Selectmedium

Which TWO of the following are required to create an XFS file system on LVM?

Select 2 answers
A.Create a volume group
B.Create a physical volume
C.Run xfs_admin on the LV
D.Run mkfs.xfs on the LV
E.Create a logical volume
AnswersD, E

mkfs.xfs creates the file system on the LV.

Why this answer

D is correct because the `mkfs.xfs` command is used to create an XFS file system on a block device, such as a logical volume (LV). After the LV is created from a volume group, you must format it with a file system before it can be mounted and used. Without running `mkfs.xfs`, the LV has no file system structure.

Exam trap

Red Hat often tests the distinction between file system creation (`mkfs.xfs`) and file system administration (`xfs_admin`), trapping candidates who confuse the two commands or think that creating the LV alone is sufficient for mounting.

354
MCQeasy

A company needs to create a user account for a temporary contractor who will work for exactly 90 days. The account must be automatically disabled after 90 days. Which command should the administrator use?

A.useradd -f 90 contractor
B.useradd -e $(date -d '+90 days' +%Y-%m-%d) contractor
C.useradd -e 90 contractor
D.useradd -f 90 -e 0 contractor
AnswerB

Option A correctly uses the -e option to set the account expiration date to 90 days from now using the date command.

Why this answer

Option B is correct because the `-e` (expiration date) option sets the date on which the user account will be disabled. Using `$(date -d '+90 days' +%Y-%m-%d)` dynamically calculates the exact date 90 days from today in YYYY-MM-DD format, which meets the requirement for automatic disable after exactly 90 days.

Exam trap

The trap here is confusing the `-e` (account expiration date) option with a number of days, when it actually requires a specific date in YYYY-MM-DD format, and confusing `-f` (inactive days after password expiry) with account expiration.

How to eliminate wrong answers

Option A is wrong because the `-f` option sets the number of days after a password expires until the account is permanently disabled (inactive), not the account expiration date itself; it does not disable the account after 90 days from creation. Option C is wrong because the `-e` option expects a date in YYYY-MM-DD format, not a number of days; passing `90` will be interpreted as an invalid date and the account will not be set to expire. Option D is wrong because `-f 90` sets the inactivity period to 90 days after password expiry, and `-e 0` sets the account expiration date to January 1, 1970 (epoch), which disables the account immediately, not after 90 days.

355
MCQmedium

A Red Hat Enterprise Linux 9 server has an LVM volume group 'vg01' that contains two physical volumes: /dev/sda2 and /dev/sdb1. After a reboot, the system fails to activate the volume group. The administrator runs 'pvdisplay' and sees one physical volume as 'unknown device'. What is the most likely cause?

A.The physical volume is corrupted and needs to be restored from backup
B.The LVM filter in /etc/lvm/lvm.conf is excluding /dev/sdb1
C.The filesystem on the logical volume has become corrupted, preventing LVM metadata access
D.The UUID of the physical volume has changed due to a disk replacement
AnswerB

The filter (e.g., filter = ['r|/dev/sdb1|']) can cause the PV to be unknown because LVM does not scan it.

Why this answer

The LVM filter in /etc/lvm/lvm.conf controls which devices LVM scans during activation. If the filter excludes /dev/sdb1, LVM will not recognize that physical volume, causing the volume group to fail activation. The 'unknown device' status indicates LVM cannot access the device metadata, not that the device is missing or corrupted.

Exam trap

The trap here is that candidates often assume 'unknown device' means hardware failure or corruption, when in reality it is usually a configuration issue like an incorrect LVM filter or missing device-mapper entries.

How to eliminate wrong answers

Option A is wrong because a corrupted physical volume would typically show I/O errors or fail to read metadata, not appear as 'unknown device' — LVM would still detect the device but report corruption. Option C is wrong because filesystem corruption on the logical volume does not prevent LVM from accessing the physical volume metadata; LVM activation occurs at the block level, independent of the filesystem. Option D is wrong because a UUID change due to disk replacement would cause LVM to see a new device with a different UUID, not mark the existing device as 'unknown' — the 'unknown device' label means LVM cannot read the device at all, not that the UUID mismatches.

356
MCQeasy

A junior administrator is tasked with setting up SELinux contexts on a Red Hat Enterprise Linux 9 server to allow Apache HTTPD to read and write to a custom directory /var/www/customcontent. The directory already exists and contains several files. The administrator has confirmed that the httpd service is running and SELinux is in enforcing mode. After changing the context to httpd_sys_content_t using chcon, the web server can read files but cannot write to the directory. The administrator needs to fix this without disabling SELinux or changing the mode to permissive. Which of the following is the correct next step?

A.Set the SELinux boolean httpd_enable_homedirs to on using setsebool.
B.Run restorecon -R -v /var/www/customcontent after setting the default context with semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/customcontent(/.*)?'
C.Change the context to httpd_sys_content_t using chcon -R -t httpd_sys_content_t /var/www/customcontent
D.Run semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/customcontent(/.*)?' without running restorecon.
AnswerB

Sets the type to httpd_sys_rw_content_t and applies it recursively.

Why this answer

The directory already has the httpd_sys_content_t type, which allows reading but not writing. To enable write access, the correct type is httpd_sys_rw_content_t. Option B correctly uses semanage fcontext to set the default context to this type and then runs restorecon to apply it persistently, ensuring Apache can both read and write.

Exam trap

The trap here is that candidates may think setting the context with chcon or semanage alone is sufficient, but they overlook the need to run restorecon to apply the new default context to existing files, or they confuse httpd_sys_content_t (read-only) with httpd_sys_rw_content_t (read-write).

How to eliminate wrong answers

Option A is wrong because the httpd_enable_homedirs boolean controls access to user home directories, not to /var/www/customcontent, and does not grant write permissions to custom content directories. Option C is wrong because it sets the context to httpd_sys_content_t, which is read-only; the administrator already confirmed this type allows reading but not writing, so repeating the same action does not fix the write issue. Option D is wrong because running semanage fcontext without restorecon only sets the default context in the policy but does not apply it to the existing files and directories; the files retain their current context, so write access is not granted.

357
Multi-Selecthard

Which TWO of the following are required steps when migrating a logical volume from one physical volume to another in the same volume group?

Select 2 answers
A.Delete and recreate the logical volume on the new physical volume
B.Add the new physical volume to the volume group with vgextend if not already present
C.Remove the source physical volume from the volume group with vgreduce after migration
D.Use pvmove to relocate the physical extents from the source to the target PV
E.Extend the logical volume to include the new physical volume
AnswersC, D

Once data is moved, the old PV can be removed from the VG.

Why this answer

Option C is correct because after using pvmove to relocate all physical extents from the source physical volume to the target, you must remove the source PV from the volume group using vgreduce to clean up the volume group metadata and free the device for other use. This step ensures the volume group no longer references the now-empty source PV.

Exam trap

Red Hat often tests the misconception that you must extend the logical volume (Option E) or delete/recreate it (Option A) to move data between PVs, when in fact pvmove handles the migration transparently without LV modification.

358
MCQhard

After being added to a new supplementary group with usermod -aG, a user logs out and back in but still cannot access files owned by that group. Which command should the user run to verify current effective group membership?

A.newgrp -c 'groups'
B.id
C.groups $(whoami)
D.usermod -g
AnswerB

Option A is correct: the id command displays the current real and effective group IDs, which reflect the session's actual groups.

Why this answer

The `id` command without arguments displays the real and effective user and group IDs, including all supplementary group memberships. After a user is added to a new group with `usermod -aG`, the change takes effect only in new login sessions; running `id` confirms whether the current shell has actually inherited the new group. Option B is correct because it directly shows the effective group membership for the current process.

Exam trap

The trap here is that candidates assume `groups` or `groups $(whoami)` always shows the effective groups of the current shell, but those commands can display cached or database-level information rather than the kernel-level group list that `id` reliably reports.

How to eliminate wrong answers

Option A is wrong because `newgrp -c 'groups'` is not a valid syntax; `newgrp` is used to start a new shell with a different primary group, not to list groups, and the `-c` option is not supported in that way. Option C is wrong because `groups $(whoami)` runs the `groups` command for the username returned by `whoami`, which may reflect the user's group membership from the user database but does not necessarily show the effective groups of the current shell session if the session was started before the group change. Option D is wrong because `usermod -g` is used to change a user's primary group, not to verify current group membership; it requires root privileges and modifies the user database, not the running session.

359
MCQeasy

To allow a user to run a specific program with root privileges without providing the root password, which configuration file should be modified?

A./etc/passwd
B./etc/security/limits.conf
C./etc/sudoers
D./etc/sysconfig/sshd
AnswerC

Sudoers file defines sudo privileges.

Why this answer

The /etc/sudoers file controls sudo privileges. The other files are not for this purpose.

360
MCQhard

The administrator attempts to run 'xfs_growfs /dev/vg00/lvol1' but receives an error. What is the most likely cause?

A.The file system is not XFS
B.Unmet dependencies
C.The volume group is full
D.The logical volume is not mounted
AnswerD

xfs_growfs requires the file system to be mounted. The attribute for lvol1 does not include 'o', indicating it is not open (mounted).

Why this answer

The `xfs_growfs` command requires the XFS filesystem to be mounted in order to resize it. If the logical volume `/dev/vg00/lvol1` is not mounted, the kernel cannot access the filesystem's superblock and allocation group information, causing the command to fail with an error such as 'XFS filesystem not mounted' or 'No such file or directory'.

Exam trap

The trap here is that candidates often assume `xfs_growfs` works like `resize2fs` for ext4, which can resize unmounted filesystems, but XFS requires the filesystem to be mounted for online growth, and the error message may be misinterpreted as a missing package or wrong filesystem type.

How to eliminate wrong answers

Option A is wrong because the command `xfs_growfs` is specifically designed for XFS filesystems; if the filesystem were not XFS, the error would typically be 'wrong fs type' or the command would not be found, but the question states the command runs and receives an error, implying the filesystem is XFS. Option B is wrong because `xfs_growfs` is a standalone utility from the `xfsprogs` package and does not have runtime dependencies that would cause a failure during execution; unmet dependencies would prevent installation, not command execution. Option C is wrong because a full volume group would prevent extending the logical volume, but `xfs_growfs` only resizes the filesystem to match the already-extended logical volume; the error occurs before any resize attempt, and the volume group's free space is irrelevant if the logical volume itself is not mounted.

361
MCQeasy

Which command creates a 2GB logical volume named 'lvdata' in the volume group 'vgdata'?

A.lvcreate -L 2G -n lvdata vgdata
B.lvcreate -n vgdata -L 2G lvdata
C.lvcreate -n lvdata -s 2G vgdata
D.lvcreate -l 2G -n lvdata vgdata
AnswerA

Correct syntax.

Why this answer

Option A is correct because the `lvcreate` command with `-L 2G` specifies the size in gigabytes, `-n lvdata` sets the logical volume name, and `vgdata` is the volume group in which the logical volume is created. This syntax follows the standard LVM2 command structure for creating a logical volume of a specified size within an existing volume group.

Exam trap

The trap here is confusing the `-L` (size in units) and `-l` (number of extents) flags, leading candidates to incorrectly use `-l` with a size suffix, which is syntactically invalid in LVM2.

How to eliminate wrong answers

Option B is wrong because the arguments are reversed: `-n vgdata` incorrectly assigns the volume group name as the logical volume name, and `lvdata` is placed as the volume group argument, which would cause a syntax error or create a logical volume in the wrong context. Option C is wrong because `-s 2G` is used for creating a snapshot (`-s` flag) or specifying a size in a different context, not for creating a standard logical volume with a size of 2GB; the correct flag for size is `-L`. Option D is wrong because `-l 2G` uses the lowercase `-l` flag, which expects extents (number of logical extents), not a size in gigabytes; using `-l` with a unit like `G` is invalid and would result in an error.

362
MCQeasy

A sysadmin wants to allow user 'alice' to run all commands as root via sudo. Which line should be added to /etc/sudoers?

A.alice ALL=(root) ALL
B.alice localhost=(ALL) ALL
C.alice ALL=(ALL) ALL
D.%alice ALL=(ALL) ALL
AnswerC

This gives alice permission to run any command as any user on any host.

Why this answer

Option C is correct because the sudoers entry 'alice ALL=(ALL) ALL' grants user 'alice' the ability to run any command as any user (including root) on any host. The first 'ALL' specifies any host, '(ALL)' allows running commands as any target user (defaulting to root when no user is specified), and the final 'ALL' permits any command. This is the standard syntax for full sudo privileges.

Exam trap

Red Hat often tests the distinction between user and group entries in sudoers, where the '%' prefix indicates a group, causing candidates to mistakenly select '%alice' thinking it applies to the user 'alice'.

How to eliminate wrong answers

Option A is wrong because 'alice ALL=(root) ALL' restricts alice to only run commands as the root user, not as any other user (e.g., alice could not run commands as 'apache' or 'nobody'). Option B is wrong because 'alice localhost=(ALL) ALL' limits the host to 'localhost' only, meaning the rule applies only when the command is run on the machine named 'localhost', not on any host. Option D is wrong because '%alice ALL=(ALL) ALL' uses a '%' prefix, which defines a user group named 'alice' rather than the user 'alice' herself; this would grant privileges to all members of the 'alice' group, not to the individual user.

363
MCQeasy

Which single command shows the UUID of a filesystem on /dev/sdb1?

A.df -h
B.mount
C.blkid /dev/sdb1
D.fdisk -l
AnswerC

blkid displays UUID and filesystem type.

Why this answer

The `blkid /dev/sdb1` command queries the libblkid library to read the filesystem metadata directly from the block device, displaying attributes including the UUID (Universally Unique Identifier) stored in the superblock. This is the standard, single-purpose command to retrieve the UUID of a specific partition.

Exam trap

The trap here is that candidates often confuse partition table tools like `fdisk` with filesystem metadata tools, or assume `mount` shows UUIDs by default, when in fact only `blkid` (or `lsblk -f`) directly queries the filesystem superblock for the UUID.

How to eliminate wrong answers

Option A is wrong because `df -h` shows human-readable disk space usage for mounted filesystems, not UUIDs. Option B is wrong because `mount` (without options) lists currently mounted filesystems and their mount points, but does not display UUIDs unless combined with `-l` or `-U` flags, and even then it is not the direct command for UUID retrieval. Option D is wrong because `fdisk -l` lists partition tables (sizes, types, start/end sectors) but does not show filesystem UUIDs, which are stored in the filesystem superblock, not the partition table.

364
MCQhard

A system administrator needs to ensure that a specific process continues to run even if it crashes. The process is started by a systemd service unit. Which approach ensures the process is automatically restarted by systemd, with a delay of 30 seconds after each crash, and does not count restarts towards the failure limit?

A.Restart=always, RestartSec=30, StartLimitIntervalSec=0, StartLimitBurst=0
B.Restart=on-failure and RestartSec=30
C.Restart=always, RestartSec=30, StartLimitIntervalSec=0
D.Restart=always and RestartSec=30
AnswerA

These settings disable the restart rate limit and ensure the service restarts every 30 seconds regardless of crash behavior.

Why this answer

Option A is correct because it combines `Restart=always` to restart the process unconditionally, `RestartSec=30` to introduce a 30-second delay between restarts, and `StartLimitIntervalSec=0` with `StartLimitBurst=0` to disable the start rate limiting entirely. This ensures the service restarts indefinitely after each crash without ever being considered as having failed, which matches the requirement exactly.

Exam trap

The trap here is that candidates often assume `Restart=always` alone is sufficient to restart indefinitely, forgetting that systemd's default start rate limiting (5 restarts within 10 seconds) will eventually stop the service unless explicitly disabled with both `StartLimitIntervalSec=0` and `StartLimitBurst=0`.

How to eliminate wrong answers

Option B is wrong because `Restart=on-failure` only restarts the service when it exits with a non-zero exit code or is terminated by a signal, not for all crashes (e.g., clean exit with code 0 would not trigger a restart), and it lacks the explicit disabling of start rate limits, so repeated restarts could eventually be counted toward the failure limit. Option C is wrong because while it sets `Restart=always` and `RestartSec=30`, it only sets `StartLimitIntervalSec=0` but does not set `StartLimitBurst=0`; by default, `StartLimitBurst` is 5, so after 5 restarts within the default interval (which is 10 seconds if `StartLimitIntervalSec` is not explicitly set to 0), systemd would stop the service and mark it as failed. Option D is wrong because it omits both `StartLimitIntervalSec=0` and `StartLimitBurst=0`, leaving the default start rate limiting active (5 restarts within 10 seconds), which would cause systemd to stop restarting the service after the burst limit is exceeded.

365
MCQhard

After adding the last line to /etc/fstab, the system fails to boot with an error. What is the most likely cause?

A.The UUID for /boot is invalid
B.The mount point /mydata does not exist
C.The device /dev/sdb1 is not formatted
D.The filesystem type ext4 is incorrect for /dev/sdb1
AnswerB

The exhibit shows the mount point /mydata, and it is explicitly stated that this directory does not exist. Systemd will fail to mount.

Why this answer

When a mount point directory specified in /etc/fstab does not exist, the systemd mount unit will fail during boot because the mount operation cannot find the target directory. This is a common misconfiguration: the fstab entry references /mydata, but the directory has not been created with mkdir. The boot process halts with an error indicating the mount point is missing, not that the device or filesystem is invalid.

Exam trap

The trap here is that candidates often focus on device or filesystem issues (UUID, formatting, type) and overlook the simple prerequisite that the mount point directory must exist, which is a fundamental step tested in the EX200.

How to eliminate wrong answers

Option A is wrong because an invalid UUID for /boot would cause a different error (e.g., 'UUID=... does not exist') and would prevent the root filesystem from mounting, not specifically a missing mount point error. Option C is wrong because an unformatted device would produce a 'wrong fs type, bad option, bad superblock' error, not a 'mount point does not exist' error. Option D is wrong because an incorrect filesystem type (e.g., ext4 on an XFS partition) would also yield a 'wrong fs type' error, not a missing directory error.

366
Multi-Selecteasy

Which TWO options to podman run can be used to persist data outside the container? (Select exactly two.)

Select 2 answers
A.--mount
B.--read-only
C.--tmpfs
D.-v
E.--squash
AnswersA, D

Also creates mounts, with more options.

Why this answer

The `--mount` option (A) and `-v` (D) are both used to mount host directories or volumes into a container, allowing data to persist outside the container's writable layer. `--mount` provides a more explicit syntax for specifying mount type, source, and destination, while `-v` is a shorter alias for `--volume` that also binds host paths or named volumes. Both ensure data survives container removal.

Exam trap

Red Hat often tests the distinction between ephemeral storage options like `--tmpfs` and persistent storage options like `--mount`/`-v`, and candidates mistakenly select `--tmpfs` thinking it persists data because it is writable, but it is memory-backed and lost on container stop.

367
Multi-Selecteasy

Which two statements about SELinux modes are correct? (Choose two.)

Select 2 answers
A.Permissive mode denies actions but does not log.
B.Permissive mode logs violations but does not deny actions.
C.Enforcing mode only logs violations but does not deny.
D.Enforcing mode logs violations and denies actions.
E.Disabled mode completely disables SELinux without requiring a reboot.
AnswersB, D

Correct description of permissive mode.

Why this answer

Option B is correct because SELinux permissive mode allows all actions but logs any violations that would have been denied in enforcing mode. Option D is correct because enforcing mode both logs violations and denies actions that violate the SELinux policy, providing full security enforcement.

Exam trap

The trap here is that candidates often confuse permissive mode with logging-only behavior, forgetting that permissive mode does not deny actions, while enforcing mode both logs and denies, and that disabling SELinux requires a reboot, not just a runtime change.

368
MCQmedium

You are the system administrator for a small company. A developer, Alice, needs to restart the web server (httpd.service) on server 'web1.example.com' without being prompted for a password. She should also be able to run any command as root on that server, but only from the server itself (not remotely). Currently, Alice can SSH into the server using her SSH key, but when she runs 'sudo systemctl restart httpd', she is prompted for her password. You have verified that Alice is in the 'wheel' group. The sudoers file currently has the line '%wheel ALL=(ALL) ALL'. You want to modify sudoers to satisfy the requirement with minimal privilege. Which action should you take?

A.Add 'alice web1.example.com=(root) NOPASSWD: ALL' to /etc/sudoers.d/alice.
B.Add 'alice web1.example.com=(root) NOPASSWD: /usr/bin/systemctl restart httpd' to /etc/sudoers.d/alice.
C.Add 'alice web1.example.com=(root) /usr/bin/systemctl restart httpd' to /etc/sudoers.d/alice.
D.Change '%wheel ALL=(ALL) ALL' to '%wheel ALL=(ALL) NOPASSWD: ALL' in /etc/sudoers.
AnswerB

Minimal: only allows the needed command without password.

Why this answer

Option B is correct because it grants Alice passwordless sudo access specifically to the command `/usr/bin/systemctl restart httpd` on the host `web1.example.com` as root, meeting the requirement with minimal privilege. The `NOPASSWD:` tag is essential to bypass the password prompt, and the host restriction ensures the rule applies only when Alice is on that server.

Exam trap

The trap here is that candidates often forget the `NOPASSWD:` tag when the requirement explicitly says 'without being prompted for a password', leading them to choose Option C, which grants the command but still requires authentication.

How to eliminate wrong answers

Option A is wrong because it grants Alice passwordless sudo access to ALL commands as root on web1.example.com, which exceeds the minimal privilege requirement (she only needs to restart httpd). Option C is wrong because it lacks the `NOPASSWD:` tag, so Alice would still be prompted for a password when running the command. Option D is wrong because it modifies the wheel group rule to allow all wheel members passwordless sudo for all commands, which is excessive and violates the principle of least privilege.

369
Multi-Selectmedium

Which TWO statements are true regarding container images and containers in Podman?

Select 2 answers
A.A container can only be created from an image that is stored locally.
B.A container is a running or stopped instance of an image with a writable layer.
C.A container image is a read-only template used to create containers.
D.When a container is stopped, its writable layer is automatically removed.
E.A container image must be built using a Dockerfile.
AnswersB, C

Correct: containers have a writable layer on top of the image.

Why this answer

Option B is correct because a container in Podman is an instantiation of an image that adds a writable layer on top of the image's read-only layers. This writable layer persists changes made during the container's runtime, even after the container is stopped, unless explicitly removed.

Exam trap

Red Hat often tests the misconception that a container's writable layer is ephemeral and automatically deleted when the container stops, but in Podman (and Docker) the writable layer persists until the container is explicitly removed.

370
MCQeasy

To mount an ext4 filesystem with the noatime option and remount read-only on errors, which file should be edited?

A./etc/mtab
B./etc/sysconfig/network
C./etc/fstab
D./etc/rc.d/rc.local
AnswerC

Permanent mount options are configured in /etc/fstab.

Why this answer

Option C (/etc/fstab) is the filesystem table that defines mount options. Option A (/etc/mtab) shows currently mounted filesystems. Option B is unrelated.

Option D is a startup script.

371
MCQmedium

A containerized application writes logs to stdout. The administrator wants to view only the last 50 lines of logs from a container named 'app1'. Which command accomplishes this?

A.podman logs --lines 50 app1
B.podman logs app1
C.podman logs -n 50 app1
D.podman logs --tail 50 app1
AnswerD

--tail specifies number of lines from the end.

Why this answer

The `podman logs --tail 50 app1` command is correct because `--tail` is the Podman option to specify the number of lines from the end of the log to display. This directly fulfills the requirement to view only the last 50 lines of logs from the container named 'app1'.

Exam trap

The trap here is that candidates may confuse `--tail` with `--lines` or `-n`, which are common in other tools like `tail` or `kubectl logs`, but Podman specifically uses `--tail` for this purpose.

How to eliminate wrong answers

Option A is wrong because `--lines` is not a valid option for `podman logs`; Podman uses `--tail` to specify the number of lines from the end. Option B is wrong because `podman logs app1` without any options displays all logs from the container, not just the last 50 lines. Option C is wrong because `-n` is not a valid shorthand for `--tail` in `podman logs`; the correct shorthand is `-t` for timestamps, and `-n` is not recognized for line count.

372
MCQeasy

Which command displays the current working directory?

A.pwd
B.ls
C.dir
D.cd
AnswerA

pwd prints the full pathname of the current directory.

Why this answer

The `pwd` command stands for 'print working directory' and is the standard Linux/Unix command to display the absolute path of the current directory. It is part of the GNU Core Utilities and is the correct tool for this task in the Red Hat Enterprise Linux environment tested in EX200.

Exam trap

Red Hat often tests the distinction between commands that navigate (`cd`), list contents (`ls`), and display the current path (`pwd`), and candidates may confuse `cd` with `pwd` because both are commonly used together in shell navigation.

How to eliminate wrong answers

Option B is wrong because `ls` lists the contents of a directory, not the current working directory path. Option C is wrong because `dir` is a command typically used in Windows or DOS environments to list directory contents, and it is not a standard command in Linux for displaying the working directory. Option D is wrong because `cd` is used to change the current working directory, not to display it.

373
MCQmedium

A system has a disk that may be failing. Which tool can be used to check the health of a SATA disk using SMART monitoring?

A.fsck
B.dd
C.smartctl
D.badblocks
AnswerC

smartctl is the correct tool to check SMART attributes for disk health.

Why this answer

smartctl is the correct tool because it directly interfaces with the Self-Monitoring, Analysis, and Reporting Technology (SMART) built into modern SATA and ATA drives. It can query the drive's internal health metrics, such as reallocated sector counts and temperature, to predict potential failure. The other options do not access SMART data.

Exam trap

Red Hat often tests the distinction between file system tools (fsck), block-level utilities (dd, badblocks), and hardware monitoring tools (smartctl), leading candidates to confuse disk surface testing with SMART health checks.

How to eliminate wrong answers

Option A is wrong because fsck (file system check) operates on the file system layer, not on the underlying disk hardware, and cannot read SMART attributes. Option B is wrong because dd is a low-level data copy and conversion tool; it can read/write raw disk blocks but has no capability to query SMART health data. Option D is wrong because badblocks scans for physical bad sectors by performing read/write tests, but it does not access the drive's internal SMART logs or predictive failure indicators.

374
MCQhard

A system has two 500GB disks in a RAID1 (mirror) using mdadm. One disk fails. After replacement, what is the correct procedure to restore redundancy?

A.Run 'mdadm --manage /dev/md0 --add /dev/sdb'
B.Remove the failed disk with 'mdadm /dev/md0 --fail /dev/sdb1' then add new.
C.Run 'mdadm --assemble --scan' to rebuild the array automatically.
D.Use sfdisk to copy partition table from /dev/sda to /dev/sdb, then 'mdadm --manage /dev/md0 --add /dev/sdb1'
AnswerD

Correct steps.

Why this answer

Option D is correct because when replacing a failed disk in a RAID1 array managed by mdadm, the new disk must have a partition table that matches the surviving disk. Using sfdisk to copy the partition table from /dev/sda to /dev/sdb ensures that the partition layout (e.g., partition type 0xFD for Linux RAID autodetect) is identical, which is required before adding the partition (e.g., /dev/sdb1) to the array with mdadm --manage --add. Simply adding the raw disk without a proper partition table would fail because mdadm expects a partition with the correct RAID superblock and partition type.

Exam trap

The trap here is that candidates assume adding a new disk directly with 'mdadm --add' is sufficient, overlooking the critical prerequisite of having an identical partition table on the replacement disk, which is a common oversight in RAID recovery procedures.

How to eliminate wrong answers

Option A is wrong because 'mdadm --manage /dev/md0 --add /dev/sdb' attempts to add the entire disk device, but mdadm requires a partition (e.g., /dev/sdb1) that has a valid partition table and RAID superblock; adding a raw disk without a partition table will not work and may corrupt the array. Option B is wrong because 'mdadm /dev/md0 --fail /dev/sdb1' is used to mark an existing device as failed, but the question states the disk has already failed; the failed device should be removed with 'mdadm --remove' after marking it failed, and the new disk still needs a partition table before adding, which this option omits. Option C is wrong because 'mdadm --assemble --scan' is used to reassemble an existing array from its components after a system reboot or if the array is stopped, not to add a replacement disk to an already active array; it does not handle the partition table requirement for a new disk.

375
Multi-Selectmedium

Which TWO commands can be used to add the user 'alice' to the supplementary group 'developers'?

Select 2 answers
A.gpasswd -a alice developers
B.useradd -g developers alice
C.usermod -aG developers alice
D.groupmod -a alice developers
E.usermod -g developers alice
AnswersA, C

-a adds user to group.

Why this answer

Option A is correct because `gpasswd -a alice developers` adds the user 'alice' to the supplementary group 'developers' by appending her to the group's member list in /etc/group. Option C is correct because `usermod -aG developers alice` appends 'alice' to the supplementary group 'developers' without removing her from other supplementary groups, which is the intended behavior for adding a user to an additional group.

Exam trap

The trap here is that candidates confuse the `-g` (primary group) and `-G` (supplementary groups) options of `usermod`, and forget that without the `-a` flag, `usermod -G` replaces all supplementary group memberships instead of appending.

Page 4

Page 5 of 8

Page 6

All pages