Red Hat Certified System Administrator EX200 (EX200) — Questions 451525

527 questions total · 8pages · All types, answers revealed

Page 6

Page 7 of 8

Page 8
451
MCQhard

A server running RHEL 9 has an LVM logical volume /dev/vg00/lvol0 formatted with XFS, mounted at /data. The administrator needs to increase the file system size from 100GB to 150GB. Which command sequence should be used?

A.xfs_info /data; lvextend -L 150G /dev/vg00/lvol0
B.umount /data; lvextend -L +50G /dev/vg00/lvol0; mount /data; xfs_growfs /data
C.resize2fs /dev/vg00/lvol0
D.lvextend -L +50G /dev/vg00/lvol0; xfs_growfs /data
AnswerD

First extend the LV by 50GB, then grow the file system with xfs_growfs while it is mounted.

Why this answer

Option D is correct because it first extends the logical volume by the exact amount needed (+50G) using lvextend, then grows the XFS filesystem to match using xfs_growfs. XFS filesystems can be grown online (no unmount required), and xfs_growfs expands the filesystem to fill the available space in the logical volume.

Exam trap

The trap here is that candidates may assume all filesystems require unmounting before resizing (as with some older tools), or they may confuse XFS with ext4 and try to use resize2fs, or they may think xfs_info is a growth command instead of an info command.

How to eliminate wrong answers

Option A is wrong because xfs_info only displays filesystem information and does not perform any growth operation; the sequence lacks the actual grow command. Option B is wrong because unmounting the XFS filesystem is unnecessary and disruptive; xfs_growfs works on a mounted filesystem, and the -L +50G syntax is correct but the umount/mount steps are redundant and incorrect. Option C is wrong because resize2fs is the tool for ext2/3/4 filesystems, not XFS; using it on an XFS filesystem would fail or cause corruption.

452
MCQmedium

Refer to the exhibit. What is the most likely cause of the httpd service failure?

A.The httpd service is disabled.
B.The Apache configuration has a syntax error.
C.The /var/www/html directory does not exist.
D.SELinux context on /var/www/html/index.html is incorrect.
AnswerD

Correct: 'Permission denied' with access denied error is typical of SELinux denials.

Why this answer

The httpd service fails because SELinux enforces a security context on the web content files. If the context of /var/www/html/index.html is not set to httpd_sys_content_t, the Apache process (running under the httpd_t domain) is denied read access to the file, even if file permissions are correct. This causes the service to start but fail to serve the page, often logged as a 'Permission denied' error in /var/log/audit/audit.log.

Exam trap

The trap here is that candidates assume file permissions (e.g., 644) are the only access control, overlooking SELinux as a mandatory access control system that can block access even when traditional permissions are correct.

How to eliminate wrong answers

Option A is wrong because a disabled service would not attempt to start at all; the systemctl status would show 'disabled' but the service could still be started manually, and the failure here is during runtime. Option B is wrong because a syntax error in Apache configuration would cause the service to fail to start with a specific error message (e.g., 'Syntax error on line ...'), not a silent failure after starting. Option C is wrong because if /var/www/html did not exist, Apache would log a clear 'Directory not found' error and fail to serve content, but the service itself would start; the question implies the service fails entirely, not just content delivery.

453
MCQmedium

Refer to the exhibit. The service 'example.service' is created but fails to start. The administrator runs 'systemctl start example.service' and gets no output, but 'systemctl status example.service' shows 'active (exited)'. What is the most likely cause?

A.The script /usr/local/bin/example.sh exits immediately.
B.The Restart=on-failure directive is misconfigured.
C.The network.target dependency is not met.
D.The administrator forgot to run systemctl daemon-reload after starting.
AnswerA

Type=simple expects the main process to stay running.

Why this answer

When a service unit is configured with `Type=oneshot` (or the default `Type=simple` with a script that exits quickly), systemd reports the service as `active (exited)` after the main process finishes. The administrator sees no error output because the command `systemctl start` succeeded in launching the process, but the process itself (the script `/usr/local/bin/example.sh`) exits immediately, which is expected behavior for a oneshot service. The service is considered 'active' because it ran and exited cleanly, not because it remains running.

Exam trap

Red Hat often tests the distinction between `active (running)` and `active (exited)` to catch candidates who assume a service must remain running to be considered active, when in fact `Type=oneshot` services are designed to exit and still be marked as active.

How to eliminate wrong answers

Option B is wrong because `Restart=on-failure` only triggers a restart when the service unit exits with a non-zero exit code or is terminated by a signal; it does not change the fact that the script exits immediately, and the service would still show `active (exited)` after a successful run. Option C is wrong because `network.target` is a synchronization point that ensures network interfaces are configured before the service starts, but its failure would cause the service to fail to start entirely (e.g., `failed` state), not to show `active (exited)`. Option D is wrong because `systemctl daemon-reload` is required only after modifying unit files, not after starting a service; running it after `systemctl start` would have no effect on the service state.

454
MCQhard

Refer to the exhibit. A user bob exists with UID 1002 and GID 1002. The /etc/group shows a group bob with GID 1002 but no members listed. Bob tries to access a file owned by group 'bob' with permissions 640 and owner root. What will happen?

A.Bob will not be able to read the file because the group bob has no members.
B.Bob will be able to read the file because he is a member of the group bob.
C.Bob will be able to read the file if his primary group is bob, which it is.
D.Bob will be able to read the file only if he is explicitly listed in /etc/group.
AnswerC

Option C is correct; Bob's primary group is bob (GID 1002) as defined in /etc/passwd, so he is considered a member of the group bob for file access purposes.

455
MCQmedium

A cron job runs a script every hour and leaves many log files. The administrator wants to clean up log files older than 7 days in /var/log/myapp/. Which command should be added to a weekly cron job?

A.find /var/log/myapp -type f -atime +7 -delete
B.find /var/log/myapp -type f -mtime +7 -exec rm {} \;
C.find /var/log/myapp -type f -ctime +7 -delete
D.find /var/log/myapp -type f -mtime +7 -delete
AnswerD

Correctly finds files modified more than 7 days ago and deletes them.

Why this answer

Option D is correct because `-mtime +7` matches files whose modification time is older than 7 days, and `-delete` safely removes them. This is the most efficient and standard approach for cleaning up old log files in a cron job, as it avoids spawning a separate process for each file.

Exam trap

The trap here is that candidates often confuse `-atime`, `-ctime`, and `-mtime`, or think `-exec rm {} \;` is equivalent to `-delete`, when in fact `-delete` is the preferred, safer, and more efficient method for bulk file removal in cron jobs.

How to eliminate wrong answers

Option A is wrong because `-atime` checks access time, not modification time; log files may be accessed (e.g., read by monitoring tools) without being modified, so they could be deleted prematurely or not at all. Option B is wrong because while `-mtime +7` is correct, using `-exec rm {} \;` is inefficient and less safe than `-delete`; it forks a new `rm` process for each file, which is slower and can cause issues with special characters in filenames. Option C is wrong because `-ctime` checks inode change time (metadata changes like permissions or ownership), not the file's content modification time; log files might have unchanged metadata but old content, leading to incorrect cleanup.

456
MCQeasy

Which command sets the password maximum age for user 'bob' to 30 days?

A.chage -M 30 bob
B.passwd -x 30 bob
C.usermod -e 30 bob
D.chage -W 30 bob
AnswerA

chage -M sets the maximum password age.

Why this answer

The `chage -M 30 bob` command sets the maximum number of days a password is valid for user 'bob' to 30 days. The `-M` option in `chage` directly modifies the `PASS_MAX_DAYS` field in `/etc/shadow`, which controls password expiration. This is the standard Red Hat Enterprise Linux method for enforcing password aging policies.

Exam trap

The trap here is that candidates confuse `chage -M` (password max age) with `chage -W` (warning period) or `usermod -e` (account expiry), and may also mistakenly think `passwd` has a `-x` option for this purpose, when in fact `passwd` does not support `-x` on RHEL systems.

How to eliminate wrong answers

Option B is wrong because `passwd -x 30 bob` sets the maximum password age, but the `-x` option is not a standard `passwd` flag; `passwd` uses `-x` only in some older or non-standard implementations, and on RHEL 8/9 the correct command for this is `chage -M`, not `passwd`. Option C is wrong because `usermod -e 30 bob` sets the account expiration date (in YYYY-MM-DD format or days since epoch), not the password maximum age; `-e` controls when the account itself expires, not the password. Option D is wrong because `chage -W 30 bob` sets the warning period (in days) before password expiration, not the maximum age; `-W` defines how many days before expiry the user is warned, not the expiry duration.

457
MCQeasy

A user reports that a script in their home directory fails to execute. The script has permissions -rw-r--r-- and is owned by the user. Which command will allow execution for the owner?

A.chmod u+r script.sh
B.chmod a+x script.sh
C.chmod u+x script.sh
D.chmod u-x script.sh
AnswerC

Adds execute for owner.

Why this answer

The script currently has permissions `-rw-r--r--`, meaning the owner has read and write but not execute. To allow the owner to execute it, you need to add the execute permission for the owner only. `chmod u+x script.sh` adds the execute bit for the user (owner) without affecting group or others, which is the precise requirement.

Exam trap

Red Hat often tests the distinction between adding execute permission for the owner only versus adding it for all users, and the trap here is that candidates might choose `a+x` (option B) thinking it is the simplest solution, but the question explicitly asks for execution for the owner.

How to eliminate wrong answers

Option A is wrong because `chmod u+r script.sh` adds read permission for the owner, but the owner already has read access; it does not add execute permission. Option B is wrong because `chmod a+x script.sh` adds execute permission for all (owner, group, and others), which is excessive and not the minimal change requested. Option D is wrong because `chmod u-x script.sh` removes execute permission from the owner, which would make the script even less executable.

458
Multi-Selecthard

Which THREE statements about /etc/shadow are true? (Choose exactly 3)

Select 3 answers
A.Contains account expiration dates.
B.Contains the date of last password change.
C.Contains encrypted password hashes.
D.Is readable by all users.
E.Contains user ID numbers.
AnswersA, B, C

Option C is correct; /etc/shadow includes the account expiration date field.

Why this answer

Option A is correct because the /etc/shadow file stores account expiration dates in the ninth field (field 9), which is the number of days since the epoch until the account is disabled. This field is used by the system to enforce account aging policies, such as automatically locking accounts after a set period of inactivity.

Exam trap

Red Hat often tests the distinction between /etc/passwd and /etc/shadow, trapping candidates who think UIDs or group membership are in shadow, or that shadow is world-readable like passwd.

459
MCQhard

An administrator wants to ensure that when a user presses Ctrl+C during a long-running script, the script cleans up temporary files before exiting. Which approach should the script use?

A.Use 'trap' to catch SIGINT and run cleanup.
B.Use 'set -o ignoreeof' to ignore Ctrl+C.
C.Run the script in the background with '&'.
D.Use 'set -e' to exit on any error.
AnswerA

Trap can execute commands on signal.

Why this answer

The `trap` command in Bash allows a script to catch signals like SIGINT (sent when Ctrl+C is pressed) and execute a custom function or command before exiting. By setting `trap cleanup SIGINT`, the script can remove temporary files or perform other cleanup actions automatically, ensuring a graceful termination.

Exam trap

Red Hat often tests the distinction between signals like SIGINT (Ctrl+C) and EOF (Ctrl+D), leading candidates to confuse `ignoreeof` with signal handling.

How to eliminate wrong answers

Option B is wrong because `set -o ignoreeof` prevents the shell from exiting on Ctrl+D (EOF), not Ctrl+C, and does not handle signal-based interruption. Option C is wrong because running a script in the background with `&` does not change how Ctrl+C affects the script; it still receives SIGINT and exits without cleanup. Option D is wrong because `set -e` causes the script to exit immediately if any command fails, but it does not catch or handle the SIGINT signal from Ctrl+C.

460
Multi-Selecteasy

Which TWO of the following are true about creating simple shell scripts in Red Hat Enterprise Linux?

Select 2 answers
A.The shebang line (e.g., #!/bin/bash) is used to specify the interpreter.
B.Scripts must be stored in /usr/local/bin to be found by the shell.
C.The script file must have execute permission (chmod +x) to be run directly.
D.A script must be compiled before it can be run.
E.A script must have a .sh file extension to be executable.
AnswersA, C

The shebang line tells the system which interpreter to use.

Why this answer

Option A is correct because the shebang line (e.g., #!/bin/bash) tells the kernel which interpreter to use when executing the script. Without it, the shell may fall back to the default interpreter (often /bin/sh) or fail to run the script correctly. This is a fundamental requirement for any interpreted script in Linux.

Exam trap

Red Hat often tests the misconception that file extensions or specific directories are mandatory for script execution, when in fact the shebang line and execute permission are the only requirements.

461
MCQhard

The root filesystem is at 90% capacity. Which command increases available space without unmounting?

A.fstrim /
B.lvextend -L +5G /dev/mapper/vg_root-lv_root && xfs_growfs /
C.resize2fs /dev/mapper/vg_root-lv_root
D.lvextend -L +5G /dev/mapper/vg_root-lv_root
AnswerB

Correct: Extends the LV and grows the XFS filesystem.

Why this answer

Option B is correct because it first extends the logical volume with `lvextend -L +5G`, then grows the XFS filesystem online with `xfs_growfs /` to utilize the new space without unmounting. This is the proper procedure for XFS filesystems, which require `xfs_growfs` (not `resize2fs`) to expand while mounted.

Exam trap

Red Hat often tests the distinction between filesystem-specific resizing tools (xfs_growfs vs. resize2fs) and the need to run both the LVM extension and the filesystem grow command; the trap here is that candidates may think `lvextend` alone is sufficient or that `resize2fs` works on all filesystems.

How to eliminate wrong answers

Option A is wrong because `fstrim /` only discards unused blocks on SSD-backed filesystems to reclaim free space from the storage device, but it does not increase the actual capacity of the filesystem; it only optimizes existing free space. Option C is wrong because `resize2fs` is used for ext2/ext3/ext4 filesystems, not XFS; running it on an XFS filesystem will fail or cause corruption. Option D is wrong because `lvextend` alone extends the logical volume but does not resize the filesystem; without `xfs_growfs`, the additional space remains invisible to the filesystem and the root filesystem remains at 90% capacity.

462
MCQeasy

A user wants to set an environment variable named 'EDITOR' to the value '/usr/bin/vim' so that it is available in all future login sessions. Which file should the user add the export command to?

A.~/.bash_logout
B.~/.bash_profile
C./etc/bashrc
D.~/.bashrc
AnswerB

Environment variables for login shells are set in ~/.bash_profile.

Why this answer

The ~/.bash_profile file is executed for login shells, making it the correct place to set environment variables like EDITOR that should persist across all future login sessions. Adding 'export EDITOR=/usr/bin/vim' to this file ensures the variable is defined each time the user logs in.

Exam trap

Red Hat often tests the distinction between login and non-login shell startup files, and the trap here is that candidates mistakenly choose ~/.bashrc because they associate it with user-specific settings, not realizing it is not sourced by login shells.

How to eliminate wrong answers

Option A is wrong because ~/.bash_logout is executed when the user logs out, not at login, so it cannot set environment variables for future sessions. Option C is wrong because /etc/bashrc is a system-wide file that affects all users and is typically sourced by non-login shells, not the appropriate per-user file for login shell environment variables. Option D is wrong because ~/.bashrc is executed for interactive non-login shells (e.g., opening a terminal in a GUI), not for login shells, so it would not guarantee the variable is set in all future login sessions.

463
MCQmedium

An administrator wants to add 20GB of additional space to the root filesystem. The volume group vg01 has no free extents. Which action should be taken first?

A.Shrink the logical volume vg01-data and then extend vg01-root
B.Run vgextend vg01 /dev/sdc (assuming /dev/sdc is a new disk) but this command requires the PV to be created first
C.Use lvextend to extend the root logical volume into the free space of sdb1
D.Attach a new disk, create a physical volume on it, add it to vg01 with vgextend, then extend vg01-root
AnswerD

This is the correct sequence: add a new disk, pvcreate, vgextend, then lvextend to increase root.

Why this answer

Option D is correct because to extend the root filesystem when the volume group has no free extents, you must first add a new physical volume to the volume group. This involves attaching a new disk, creating a physical volume on it with `pvcreate`, adding it to vg01 with `vgextend`, and then using `lvextend` followed by `resize2fs` (or `xfs_growfs` for XFS) to extend the logical volume and filesystem. This sequence ensures the volume group has available extents before extending the logical volume.

Exam trap

The trap here is that candidates may think they can directly extend a logical volume into free space on a disk that is not part of the volume group, or they may forget that `vgextend` requires a physical volume to be created first with `pvcreate`.

How to eliminate wrong answers

Option A is wrong because shrinking a logical volume (e.g., vg01-data) is risky, requires unmounting and checking filesystem consistency, and is not the standard first step; the correct approach is to add new physical storage. Option B is wrong because `vgextend` requires an existing physical volume as an argument, and the command as written would fail since `/dev/sdc` has not been initialized with `pvcreate` first. Option C is wrong because `lvextend` cannot use free space from a partition like `/dev/sdb1` unless that partition is already a physical volume in the volume group; the root logical volume can only be extended into free extents within the same volume group.

464
Drag & Dropmedium

Put the steps to configure a new swap partition of 2 GiB on /dev/sdc1 and enable it in order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Swap configuration involves partitioning, formatting, enabling, and making persistent in fstab.

465
MCQeasy

To enforce that user passwords expire every 90 days and users are warned 7 days before expiration, which command sets these policies for user 'john'?

A.chage -m 90 -W 7 john
B.chage -M 90 -W 7 john
C.usermod -e 90 -f 7 john
D.passwd -x 90 -w 7 john
AnswerB

Correct flags for maximum age and warning.

Why this answer

The chage command with -M (maximum days) and -W (warning days) is correct. Option A uses -m (minimum) incorrectly. Option B uses wrong flags.

Option C uses -e (expiration date) which is not the same.

466
MCQmedium

After adding a new disk to a volume group, which command is used to extend a logical volume by 2GB?

A.vgextend vg /dev/sdb
B.resize2fs /dev/vg/lv
C.lvextend -L +2G /dev/vg/lv
D.pvcreate /dev/sdb
AnswerC

lvextend extends a logical volume by the given size.

Why this answer

Option C is correct because after adding a new disk to a volume group, the `lvextend -L +2G /dev/vg/lv` command extends the logical volume by exactly 2 GB. The `-L +2G` syntax specifies the additional size to add, and the target is the logical volume path. This is the standard LVM command for increasing logical volume size without specifying a physical extent range.

Exam trap

The trap here is that candidates confuse the commands for extending a logical volume (`lvextend`) with those for adding a disk to a volume group (`vgextend`) or initializing a disk (`pvcreate`), and they often forget that `resize2fs` operates on the filesystem, not the logical volume itself.

How to eliminate wrong answers

Option A is wrong because `vgextend vg /dev/sdb` adds a physical volume to a volume group, but it does not extend a logical volume; it only makes the new disk's space available to the volume group. Option B is wrong because `resize2fs /dev/vg/lv` resizes an ext2/ext3/ext4 filesystem, not the logical volume itself; it is used after extending the logical volume to make the filesystem aware of the new space. Option D is wrong because `pvcreate /dev/sdb` initializes the disk as a physical volume, but it does not extend a logical volume; it is a prerequisite step before adding the disk to a volume group.

467
MCQmedium

Refer to the exhibit. Why does the /etc/shadow file have no read permissions for any user?

A.Only root can read it, but the permissions are not displayed correctly.
B.The file is empty.
C.The file is a symbolic link.
D.The file is a character device.
AnswerA

Root can bypass permissions.

Why this answer

The /etc/shadow file stores hashed user passwords and must be readable only by root to prevent unauthorized access to password hashes. The displayed permissions (---------- 1 root root) indicate that no user, including root, has read access according to standard `ls -l` output, but this is misleading because root can always read the file regardless of permission bits due to Linux's superuser bypass (DAC override). The correct answer is A because root's ability to read the file is not reflected in the permission display, which only shows the file's mode bits.

Exam trap

Red Hat often tests the misconception that permission bits shown by `ls -l` are absolute and that root is bound by them, when in fact root can always read any file regardless of the mode.

How to eliminate wrong answers

Option B is wrong because an empty file would still show permissions (e.g., -rw-------) and a file size of 0, but the exhibit shows a non-zero file size (e.g., 1234 bytes) and the question implies the file contains password data. Option C is wrong because a symbolic link would display an 'l' as the first character in the permissions string (e.g., lrwxrwxrwx) and would point to another file, but the exhibit shows a '-' indicating a regular file. Option D is wrong because a character device would show a 'c' as the first character (e.g., crw-rw-rw-) and would have major/minor device numbers instead of a file size, but the exhibit shows a regular file with a size.

468
Multi-Selectmedium

A system administrator has added a new disk /dev/sdb to a Red Hat Enterprise Linux 9 server. The directory /data already exists. Which two steps must be performed to prepare the disk for mounting as an XFS file system at /data?

Select 2 answers
A.Run mkfs.xfs on the partition (e.g., mkfs.xfs /dev/sdb1)
B.Mount the partition to /data (mount /dev/sdb1 /data)
C.Create a partition on /dev/sdb (e.g., fdisk /dev/sdb)
D.Create the /data directory (mkdir -p /data)
E.Add an entry to /etc/fstab for the new mount
AnswersA, C

The filesystem must be created on the partition before mounting.

Why this answer

Option A is correct because after creating a partition on /dev/sdb, you must format it with the XFS file system using mkfs.xfs. This writes the XFS superblock and metadata structures to the partition, making it ready for mounting. Without this step, the partition has no file system and cannot be mounted.

Exam trap

The trap here is that candidates often think mounting or adding an fstab entry is a preparatory step, but the question specifically asks for steps to prepare the disk for mounting, which are partitioning and creating the file system.

469
MCQeasy

A system administrator needs to ensure that the user 'jdoe' cannot log in via SSH but can still use other services like FTP. Which approach should the administrator take?

A.Lock the user account with 'usermod -L jdoe'
B.Delete the user's password with 'passwd -d jdoe'
C.Remove the user's home directory
D.Change the user's shell to /sbin/nologin
AnswerD

/sbin/nologin prevents interactive login but allows non-login services like FTP.

Why this answer

Option D is correct because changing the user's shell to /sbin/nologin prevents interactive login via SSH (which requires a valid shell listed in /etc/shells) while still allowing non-interactive services like FTP, which typically do not check the user's shell. This approach specifically blocks SSH access without locking the account or affecting other authentication methods.

Exam trap

The trap here is that candidates often confuse account locking (usermod -L) with shell restriction, assuming that locking the account only affects SSH, when in fact it blocks all password-based authentication, including FTP and other services.

How to eliminate wrong answers

Option A is wrong because 'usermod -L' locks the account by placing an exclamation mark in the password hash field, which prevents all password-based authentication, including FTP, thus blocking the user from using other services. Option B is wrong because 'passwd -d' deletes the password, leaving the account with an empty password, which may allow login without a password (depending on PAM configuration) and does not specifically block SSH while allowing FTP. Option C is wrong because removing the home directory does not prevent SSH login; the user could still authenticate and log in, though they would have no home directory, potentially causing errors but not blocking access.

470
Matchingmedium

Match each package management command to its action.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Install a package with dependencies

Uninstall a package

Update all packages to latest versions

Show all installed packages

Why these pairings

DNF is the default package manager in RHEL 8/9.

471
MCQmedium

A developer needs to search for the string 'ERROR' in all files under /var/log, but wants to exclude files ending with '.gz'. Which command is correct?

A.grep -r --exclude='*.gz' 'ERROR' /var/log
B.grep -R --exclude='*.gz' 'ERROR' /var/log
C.grep -l 'ERROR' /var/log/*.gz
D.grep -v '*.gz' -r 'ERROR' /var/log
AnswerA

Correctly excludes .gz files.

Why this answer

Option A is correct because `grep -r` performs a recursive search through all files under /var/log, and the `--exclude='*.gz'` option tells grep to skip any files matching the glob pattern '*.gz'. This combination ensures that only non-compressed log files are searched for the string 'ERROR', meeting the requirement exactly.

Exam trap

Red Hat often tests the distinction between `--exclude` (which filters files by name) and `-v` (which inverts line matches), leading candidates to mistakenly use `-v` with a glob pattern to try to exclude files.

How to eliminate wrong answers

Option B is wrong because `grep -R` is equivalent to `grep -r` in most implementations, but the key issue is that the `--exclude` pattern is incorrectly quoted with single quotes inside double quotes or vice versa; however, the primary flaw is that `-R` is not a standard grep option (it is often used for dereferencing symlinks, but the correct recursive flag is `-r`). Option C is wrong because `grep -l 'ERROR' /var/log/*.gz` only lists files matching 'ERROR' that end with '.gz', which is the opposite of what is needed (it excludes non-.gz files). Option D is wrong because `grep -v '*.gz'` treats '*.gz' as a regex pattern to invert matches on lines, not as a file exclusion pattern, and the `-r` flag is misplaced after the pattern; this command would search recursively but exclude lines containing the literal string '*.gz', not files ending with '.gz'.

472
Multi-Selecthard

Which three actions enhance security for user accounts on a Red Hat Enterprise Linux system? (Choose three.)

Select 3 answers
A.Enforcing password complexity via pam_pwquality.
B.Disabling SSH root login by setting PermitRootLogin no.
C.Granting all users sudo access to run all commands.
D.Setting the password expiration to 0 days.
E.Using SSH key-based authentication instead of passwords.
AnswersA, B, E

Complexity reduces risk of weak passwords.

Why this answer

Passwort complexity, disabling SSH root login, and using SSH keys improve security. Setting password expiration to 0 disables expiration, which is insecure. Granting all users sudo access reduces security.

473
MCQeasy

A junior administrator needs to create a new Ext4 file system on the device /dev/sdb1. Which command should be used?

A.fdisk /dev/sdb1
B.parted /dev/sdb1
C.tune2fs /dev/sdb1
D.mkfs.ext4 /dev/sdb1
E.fsck /dev/sdb1
AnswerD

Correct: creates an ext4 filesystem.

Why this answer

The `mkfs.ext4` command is the standard utility for creating an ext4 filesystem on a block device. It formats the partition with the ext4 journaling filesystem, writing the superblock, inode table, and journal metadata. Option D is correct because it directly invokes the mke2fs program with the ext4 filesystem type.

Exam trap

The trap here is that candidates confuse partition management tools (fdisk, parted) with filesystem creation tools, or mistake maintenance utilities (tune2fs, fsck) for creation commands, leading them to select a wrong option that operates on a different layer of storage management.

How to eliminate wrong answers

Option A is wrong because `fdisk` is a partition table manipulation tool (MBR/GPT) and cannot create a filesystem; it only manages partitions on a disk, not on a partition like /dev/sdb1. Option B is wrong because `parted` is also a partition table editor, not a filesystem creation tool; it can resize or create partitions but not format them with a filesystem. Option C is wrong because `tune2fs` is used to adjust tunable filesystem parameters on an existing ext2/ext3/ext4 filesystem, not to create a new one.

Option E is wrong because `fsck` is a filesystem consistency check and repair tool, not a creation utility; it operates on an already-formatted filesystem.

474
MCQmedium

A filesystem reports 0% free space in df -h, but when checking the directory size with du -sh, it shows much less usage. What is the most likely cause?

A.Filesystem is corrupted
B.The disk has bad sectors
C.Deleted files still held open by processes
D.Filesystem is mounted with noexe
AnswerC

Open file handles prevent space reclamation.

Why this answer

When a file is deleted while a process still holds an open file descriptor to it, the file's data blocks remain allocated on disk and are not freed until the process closes the descriptor. The `df` command reports disk usage based on the filesystem's block allocation, which still counts those blocks as used, while `du` calculates usage by walking the directory tree and cannot see the deleted file's data, leading to the discrepancy.

Exam trap

Red Hat often tests the misconception that `df` and `du` should always match, leading candidates to suspect corruption or hardware failure, when the real cause is the classic 'deleted but open file' scenario.

How to eliminate wrong answers

Option A is wrong because filesystem corruption typically causes errors or inconsistencies in `df` or `du` output, not a specific mismatch where `df` shows 0% free while `du` shows less usage; corruption would likely produce I/O errors or unmountable filesystems. Option B is wrong because bad sectors are a hardware issue that causes read/write errors and data loss, not a discrepancy between `df` and `du`; the filesystem would still report allocated blocks correctly. Option D is wrong because the `noexec` mount option prevents execution of binaries on the filesystem but has no effect on disk space reporting or file allocation; it does not cause `df` to show full usage while `du` shows less.

475
MCQhard

A database container crashes repeatedly. The administrator wants to see the last 10 lines of the container's logs before it exited. Which command should be used?

A.podman logs --tail 10 <container>
B.podman logs -f <container>
C.podman logs --since 10m <container>
D.podman inspect <container>
AnswerA

Correct. Displays the last 10 lines of logs.

Why this answer

The `podman logs --tail 10 <container>` command retrieves the last 10 lines of the container's log output, which is exactly what the administrator needs to see the final log entries before the container exited. The `--tail` flag specifies the number of lines from the end of the log, making it ideal for troubleshooting a crash without viewing the entire log history.

Exam trap

The trap here is that candidates confuse `--tail` with `-f` (follow) or `--since`, thinking they all show recent logs, but only `--tail` precisely limits output to the last N lines of the container's entire log history.

How to eliminate wrong answers

Option B is wrong because `podman logs -f` follows (tails) the log output in real time, which is useful for live monitoring but does not show only the last 10 lines of the exited container's logs. Option C is wrong because `podman logs --since 10m` shows log entries from the last 10 minutes, which may include many lines or miss the final crash logs if the container exited more than 10 minutes ago. Option D is wrong because `podman inspect` returns detailed metadata about the container (e.g., configuration, state, mounts) but does not display log content.

476
MCQeasy

An administrator needs to add a 1GB swap partition on /dev/sdd1. Which series of commands accomplishes this?

A.mkswap /dev/sdd1 && echo '/dev/sdd1 swap swap defaults 0 0' >> /etc/fstab
B.mkfs.swap /dev/sdd1 && swapon /dev/sdd1
C.mkswap /dev/sdd1 && swapon /dev/sdd1
D.fdisk /dev/sdd, create partition, then mkswap /dev/sdd1, swapon /dev/sdd1, and add to /etc/fstab.
AnswerD

Correct procedure.

Why this answer

Option D is correct because it includes all necessary steps: first create the partition with fdisk (since /dev/sdd1 does not exist yet), then format it as swap with mkswap, activate it with swapon, and finally add an entry to /etc/fstab to ensure persistence across reboots. The other options omit the critical partition creation step or fail to make the swap permanent.

Exam trap

Red Hat often tests the requirement to create the partition first before formatting it as swap, leading candidates to mistakenly choose options that assume the partition already exists or skip the fstab entry for persistence.

How to eliminate wrong answers

Option A is wrong because it runs mkswap on /dev/sdd1 without first creating the partition, so the device node does not exist and the command will fail; also, while it adds an fstab entry, it does not activate the swap with swapon. Option B is wrong because mkfs.swap is not a valid command (the correct command is mkswap), and it lacks both partition creation and fstab persistence. Option C is wrong because it assumes /dev/sdd1 already exists and does not create the partition, nor does it add an entry to /etc/fstab, so the swap would not survive a reboot.

477
MCQhard

Refer to the exhibit. After re-adding the disk, the recovery process shows 0% progress and remains at 0. What is the most likely cause?

A.The array is in a degraded state and the recovery is waiting for the resync to start, but the event count is zero; the array may need to be forced to start recovery.
B.The recovery is complete because the data is already synchronized.
C.The device /dev/sdb1 was not properly removed; it still holds old metadata that conflicts.
D.The new disk /dev/sdb1 has a different size than the original, causing the recovery to stall.
AnswerA

Event count 0 and recovery stuck at 0% suggests the array isn't initiating resync; sometimes a 'mdadm --assemble --force' or 'mdadm --run' is needed.

478
Multi-Selectmedium

A system administrator wants to permanently allow incoming HTTP traffic on RHEL 9 using firewalld. Which two commands will achieve this? (Choose two.)

Select 2 answers
A.firewall-cmd --add-service=http
B.firewall-cmd --add-port=80/tcp --permanent
C.firewall-cmd --runtime-to-permanent
D.firewall-cmd --add-service=http && firewall-cmd --runtime-to-permanent
E.firewall-cmd --add-service=http --permanent
AnswersB, E

Permanently adds port 80/tcp.

Why this answer

Option B is correct because `--add-port=80/tcp --permanent` adds the rule to the permanent configuration, ensuring it persists across reboots. Option E is correct because `--add-service=http --permanent` achieves the same effect using the predefined service name for HTTP (port 80/tcp). Both commands modify the permanent zone configuration directly, which is required for a permanent rule.

Exam trap

The trap here is that candidates often forget the `--permanent` flag and assume runtime changes persist, or they incorrectly think `--runtime-to-permanent` alone adds the rule, when it only saves existing runtime rules.

479
Drag & Dropmedium

Order the steps to configure a new user 'jdoe' with UID 2000, home directory /home/jdoe, and secondary group 'staff'.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

User creation involves optional group creation, useradd with options, password, and verification.

480
MCQmedium

A user 'carol' is in group 'staff'. The directory /shared has permissions drwxrwx--- and group staff. Carol can create files but cannot delete other users' files. What is missing?

A.Change carol's umask
B.Set the setgid bit with 'chmod g+s /shared'
C.Change directory permissions to 770
D.Set the sticky bit with 'chmod +t /shared'
AnswerD

Sticky bit restricts deletion to file owners and root.

Why this answer

Option A is correct: setting the sticky bit (+t) on the directory prevents users from deleting files they do not own. Option B (setgid) affects group inheritance, not deletion. Option C is not about directory.

Option D is already not world-writable.

481
MCQeasy

A user wants to run a container that will restart automatically unless explicitly stopped by the administrator. Which podman run option should be used?

A.--restart=on-failure
B.--restart=always
C.--restart=unless-stopped
D.--restart=no
AnswerC

Correct. This ensures restart unless the container is explicitly stopped.

Why this answer

The `--restart=unless-stopped` policy ensures the container restarts automatically whenever it exits, unless the administrator explicitly stops it with `podman stop`. This matches the requirement exactly: the container will keep restarting even after system reboots or crashes, but will not restart if the admin manually stops it. The other policies either do not restart on manual stop (`always`) or only restart on non-zero exit codes (`on-failure`).

Exam trap

The trap here is that candidates often confuse `--restart=always` with `--restart=unless-stopped`, assuming 'always' means 'always unless I stop it', but in Podman (and Docker), `always` will restart the container even after a manual stop, which is not the behavior described in the question.

How to eliminate wrong answers

Option A is wrong because `--restart=on-failure` only restarts the container when it exits with a non-zero exit code (indicating an error), not when it exits cleanly or is stopped by the administrator. Option B is wrong because `--restart=always` restarts the container regardless of why it stopped, including if the administrator explicitly stops it with `podman stop`, which violates the requirement. Option D is wrong because `--restart=no` is the default and never restarts the container automatically after it exits.

482
MCQeasy

A server has been compromised, and the administrator suspects an unauthorized user account may have been created. Which file should be examined to list all local user accounts?

A./etc/shadow
B./etc/passwd
C./etc/shells
D./etc/login.defs
AnswerB

Option A is correct: /etc/passwd contains one line per user account, listing all local users.

Why this answer

The /etc/passwd file is the primary local user account database on Linux systems, listing all user accounts with fields such as username, UID, GID, GECOS, home directory, and login shell. Examining this file reveals every local user account, including any unauthorized ones that may have been created, because each account must have an entry here to be recognized by the system.

Exam trap

Red Hat often tests the misconception that /etc/shadow contains the list of user accounts, but it only stores password hashes and aging data; the actual account list is always in /etc/passwd.

How to eliminate wrong answers

Option A is wrong because /etc/shadow stores encrypted password hashes and password aging information, not the list of user accounts; it is a companion file to /etc/passwd but does not contain usernames by itself. Option C is wrong because /etc/shells lists valid login shells (e.g., /bin/bash, /bin/sh) and is used by chsh and FTP daemons to validate shell choices, not to enumerate user accounts. Option D is wrong because /etc/login.defs defines configuration defaults for user account creation (e.g., UID ranges, password aging parameters) but does not contain the actual list of user accounts.

483
Multi-Selectmedium

Which TWO commands can be used to display the contents of a compressed log file without decompressing it first?

Select 2 answers
A.bzless /var/log/messages.bz2
B.zcat /var/log/messages.gz
C.grep 'error' /var/log/messages.gz
D.vim /var/log/messages.gz
E.less /var/log/messages.gz
AnswersA, B

bzless can read bzip2-compressed files.

Why this answer

Option A is correct because `bzless` is a utility specifically designed to view bzip2-compressed files without decompressing them first. It decompresses the file on the fly and pipes the output to a pager, allowing you to scroll through the content. Similarly, option B is correct because `zcat` reads a gzip-compressed file and writes the decompressed data to standard output, effectively displaying the contents without permanently decompressing the file.

Exam trap

The trap here is that candidates often assume `less` or `grep` can handle compressed files natively, but they cannot; the correct approach is to use dedicated tools like `zcat`, `zless`, `bzcat`, or `bzless` that perform on-the-fly decompression.

484
MCQhard

A systems administrator is managing a RHEL 9 server that hosts a custom web application on Apache. The application writes log files to /var/log/myapp/ and runs as the apache user. The administrator has set the directory permissions to 755 and ownership to apache:apache. SELinux is in enforcing mode. Despite these settings, the application fails to write logs. The audit log contains multiple AVC denials with the message 'avc: denied { write } for pid=1234 comm="httpd" name="myapp.log" dev="dm-0" ino=5678 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file'. The administrator has verified that the file exists and that SElinux booleans related to httpd are at their default values. Which of the following steps should the administrator take to resolve the issue while maintaining security?

A.Run restorecon -R /var/log/myapp/ to restore the default SELinux context.
B.Set the SELinux boolean httpd_unified on to allow httpd_t to write to all types.
C.Change the context of the /var/log/myapp/ directory to var_log_t using chcon.
D.Use audit2allow to generate and install a custom policy module that permits httpd_t to write to files with a specific type (e.g., httpd_log_t).
AnswerD

audit2allow creates a tailored policy based on the denial, granting only the needed permissions while maintaining security.

Why this answer

Option D is correct because the AVC denial shows httpd_t is denied write access to a file with the var_log_t type. The proper solution is to create a custom SELinux policy module using audit2allow that permits httpd_t to write to files with a specific type (e.g., httpd_log_t), which confines the permission to only the necessary files and maintains security. This approach follows the principle of least privilege by not broadly relaxing SELinux controls.

Exam trap

The trap here is that candidates mistakenly think changing the context to var_log_t (the same type) or running restorecon will fix the denial, when the actual issue is the lack of an allow rule between httpd_t and the target type, requiring a custom policy module.

How to eliminate wrong answers

Option A is wrong because restorecon would restore the default SELinux context to var_log_t, which is the same type already on the file and is the cause of the denial; it does not grant write permission. Option B is wrong because setting httpd_unified on would allow httpd_t to write to all types, which is overly permissive and violates security best practices by disabling type enforcement for httpd. Option C is wrong because changing the context to var_log_t using chcon would set the same type that is already present and causing the denial; it does not resolve the permission issue.

485
MCQhard

Refer to the exhibit. The administrator wants to add an additional 5GB to the /mnt/data filesystem. There is no unpartitioned space on /dev/sdb. Which is the correct procedure?

A.Use resize2fs /dev/sdb1 to expand filesystem.
B.Add a new disk, create a physical volume, extend volume group, and extend logical volume.
C.Use fdisk to delete and recreate /dev/sdb1 with larger size, run partprobe, then xfs_growfs /mnt/data.
D.Use fdisk to delete and recreate /dev/sdb1 with larger size, then mount.
AnswerC

Correct steps for XFS on a partition.

Why this answer

Option C is correct because the filesystem on /mnt/data is XFS (as shown in the exhibit), and XFS cannot be shrunk; it can only be grown. Since there is no unpartitioned space on /dev/sdb, the partition itself must be resized. The correct procedure is to delete and recreate the partition with a larger size using fdisk, inform the kernel of the change with partprobe, and then grow the XFS filesystem with xfs_growfs /mnt/data.

Exam trap

Red Hat often tests the distinction between XFS and ext4 filesystem resizing commands; the trap here is that candidates familiar with ext4 might incorrectly choose resize2fs (Option A) or forget that XFS requires xfs_growfs after partition resizing, leading them to select Option D without the grow step.

How to eliminate wrong answers

Option A is wrong because resize2fs is used for ext2/ext3/ext4 filesystems, not XFS; using it on an XFS filesystem would fail. Option B is wrong because adding a new disk, creating a physical volume, extending the volume group, and extending a logical volume is the procedure for LVM-based filesystems, but the exhibit shows /dev/sdb1 is a standard partition, not an LVM logical volume. Option D is wrong because after deleting and recreating the partition with a larger size, you must run partprobe to update the kernel's partition table and then grow the filesystem with xfs_growfs; simply mounting does not resize the filesystem.

486
MCQeasy

Which command displays the UUID of all file systems on the system?

A.blkid
B.dumpe2fs -h
C.lsblk
D.fdisk -l
AnswerA

blkid shows UUID, file system type, and other attributes for all block devices.

Why this answer

The `blkid` command is the correct choice because it is specifically designed to locate and display block device attributes, including the UUID, filesystem type, and label, for all filesystems on the system. It reads data from the `/dev/disk/by-uuid/` directory and the `udev` database, making it the most direct and reliable tool for querying UUIDs without requiring root privileges for basic output.

Exam trap

Red Hat often tests the distinction between partition-level identifiers (shown by `fdisk -l` for GPT partition UUIDs) and filesystem-level UUIDs (shown by `blkid`), leading candidates to mistakenly choose `fdisk -l` when the question specifically asks for filesystem UUIDs.

How to eliminate wrong answers

Option B is wrong because `dumpe2fs -h` only displays filesystem information for ext2/ext3/ext4 filesystems, not for all filesystem types (e.g., XFS, Btrfs, or swap), and it requires a specific device argument rather than showing all filesystems system-wide. Option C is wrong because `lsblk` lists block devices and their mount points, but it does not display UUIDs by default; while it can show UUIDs with the `-f` or `-o UUID` options, the plain `lsblk` command omits UUIDs, making it incorrect for this specific requirement. Option D is wrong because `fdisk -l` is a partitioning tool that displays partition tables (e.g., MBR or GPT), not filesystem UUIDs; it shows partition UUIDs (for GPT) or partition types, but not the filesystem-level UUID that `blkid` reports.

487
MCQmedium

Refer to the exhibit. What is the most likely cause of this failure?

A.Another process is already bound to port 22.
B.The sshd service is not enabled.
C.SELinux is blocking the service.
D.The /etc/ssh/sshd_config file is missing.
AnswerA

The error 'Cannot bind any address' suggests port conflict.

Why this answer

Option B is correct. The error message 'Cannot bind any address' indicates that the port (22) is already in use by another process. Option A is wrong because the service is enabled.

Option C would show 'Permission denied' if SELinux were blocking. Option D would show configuration errors.

488
MCQhard

You are a system administrator for a company running Red Hat Enterprise Linux 8. A developer reports that a script which runs daily at 2 AM is failing. The script is located at /opt/scripts/backup.sh and is owned by root. The developer says the script runs fine when executed manually with './backup.sh' from the /opt/scripts directory. The script is scheduled via a root crontab entry: '0 2 * * * /opt/scripts/backup.sh'. However, the script fails because it cannot find a configuration file located at './config.ini'. What is the most likely cause and the correct solution?

A.Cron uses a different PATH. Modify the script to use absolute paths for all files, including config.ini.
B.The configuration file is missing. Copy config.ini to /root.
C.The cron job runs as a different user. Change the cron job to run as the developer's user.
D.The script is not executable. Run chmod +x /opt/scripts/backup.sh.
AnswerA

Absolute paths resolve the working directory issue.

Why this answer

The script fails because cron jobs run with a minimal environment, including a restricted PATH that typically does not include the script's directory. When the script uses a relative path like './config.ini', the cron job's working directory is not /opt/scripts (it defaults to the user's home directory, /root for root cron), so the file is not found. The correct solution is to modify the script to use absolute paths, such as /opt/scripts/config.ini, ensuring it works regardless of the cron environment.

Exam trap

The trap here is that candidates may assume the script's working directory is the same as the script's location, but cron sets the working directory to the user's home directory, not the script's directory.

How to eliminate wrong answers

Option B is wrong because the configuration file is not missing; it exists at /opt/scripts/config.ini, but the cron job cannot find it due to the working directory mismatch. Option C is wrong because the cron job already runs as root (the same user who owns the script and can execute it manually), so changing the user would not fix the relative path issue and could introduce permission problems. Option D is wrong because the script runs fine when executed manually with './backup.sh', which proves it is already executable; the issue is not about execute permissions.

489
MCQhard

An administrator has a logical volume 'lv_data' in a volume group 'vg_data' with a filesystem. The administrator needs to reduce the size of 'lv_data' by 2GB. Which sequence of commands should be performed?

A.umount, e2fsck -f, resize2fs, lvreduce
B.lvreduce, resize2fs, e2fsck, umount
C.resize2fs, lvreduce, umount, e2fsck
D.umount, lvreduce, resize2fs, e2fsck
AnswerA

Correct order: unmount, check, shrink filesystem, then shrink LV.

Why this answer

Option A is correct because reducing a logical volume with a filesystem requires a specific sequence: first unmount the filesystem to ensure no writes occur, then run e2fsck -f to force a filesystem check and ensure consistency, then use resize2fs to shrink the filesystem to the desired size, and finally lvreduce to shrink the logical volume itself. This order prevents data corruption by resizing the filesystem before the underlying block device.

Exam trap

Red Hat often tests the misconception that you can reduce the logical volume first and then shrink the filesystem, but the correct order is always filesystem first, then LV reduction, with unmount and fsck as prerequisites.

How to eliminate wrong answers

Option B is wrong because lvreduce is performed before resize2fs, which would shrink the logical volume while the filesystem still expects the original size, causing data corruption. Option C is wrong because resize2fs is attempted before unmounting the filesystem, which is not allowed on a mounted ext filesystem and will fail; additionally, lvreduce is done before e2fsck, risking corruption. Option D is wrong because lvreduce is performed before resize2fs, meaning the logical volume is reduced while the filesystem still occupies the original space, leading to data loss or corruption.

490
MCQeasy

Which file should be present in a directory to build a container image using 'podman build'?

A.docker-compose.yml
B.container.json
C.Dockerfile (or Containerfile)
D..dockerignore
AnswerC

podman build defaults to looking for Dockerfile or Containerfile.

Why this answer

The `podman build` command requires a Dockerfile or Containerfile in the build context directory to define the container image layers and instructions. Podman follows the OCI (Open Container Initiative) image specification and uses the Dockerfile format by default, making option C the only correct choice for building an image.

Exam trap

Red Hat often tests the distinction between files used for building images (Dockerfile/Containerfile) versus files used for orchestrating containers (docker-compose.yml) or excluding files (.dockerignore), leading candidates to mistakenly select A or D as required files.

How to eliminate wrong answers

Option A is wrong because docker-compose.yml is used by Docker Compose (or Podman Compose) to define multi-container applications, not for building a single container image. Option B is wrong because container.json is not a standard file recognized by Podman or Docker for image builds; it is not part of the OCI or Dockerfile specification. Option D is wrong because .dockerignore is an optional file that excludes files from the build context, but it is not required and cannot replace the Dockerfile or Containerfile as the build instruction source.

491
MCQhard

A system fails to boot with an error about a missing ext4 filesystem. From the rescue environment, which command should be run to attempt automatic repair of all filesystems?

A.fsck /dev/sda1
B.debugfs -R 'repair'
C.e2fsck -p
D.fsck -A -y
AnswerD

fsck -A checks all filesystems listed in /etc/fstab, and -y answers yes to all repairs.

Why this answer

Option D is correct because `fsck -A -y` automatically checks all filesystems listed in `/etc/fstab` (the `-A` flag) and answers 'yes' to any repair prompts (the `-y` flag), making it the most appropriate command for automatic repair of all filesystems from a rescue environment. The error indicates a missing ext4 filesystem, and this command will attempt to repair any ext4 (or other) filesystem issues without manual intervention.

Exam trap

The trap here is that candidates confuse `e2fsck -p` (which only repairs a single ext filesystem automatically) with `fsck -A -y` (which repairs all filesystems automatically), or they mistakenly think `debugfs` has a repair command, when it is actually a debugging tool, not a repair utility.

How to eliminate wrong answers

Option A is wrong because `fsck /dev/sda1` only checks a single partition (sda1), not all filesystems, and it does not automatically answer 'yes' to repair prompts, so it may stall or require manual input. Option B is wrong because `debugfs -R 'repair'` is not a valid command; `debugfs` is an interactive ext2/ext3/ext4 filesystem debugger, and it does not have a `-R 'repair'` option—it is used for low-level manipulation, not automatic repair. Option C is wrong because `e2fsck -p` automatically repairs ext2/ext3/ext4 filesystems without prompting, but it only operates on a single filesystem (the one specified, e.g., `e2fsck -p /dev/sda1`), not all filesystems; the `-p` flag is for preen mode, not for scanning all fstab entries.

492
MCQmedium

Based on the exhibit, how much free space is available in the volume group vg00?

A.19.98 GiB
B.10235 MiB
C.20.00 GiB
D.19.99 GiB
E.5115 MiB
AnswerA

Correct: matches Free PE size in vgdisplay.

Why this answer

The correct answer is A because the exhibit shows the Physical Volume (PV) size as 20.00 GiB, but the Volume Group (VG) vg00 has a Physical Extent (PE) size of 4.00 MiB, and the total PE count is 5115. The total usable capacity is 5115 PE × 4 MiB = 20460 MiB = 19.98 GiB (since 20460 ÷ 1024 = 19.98046875 GiB). This is the free space available in vg00, as no Logical Volumes (LVs) are allocated.

Exam trap

Red Hat often tests the distinction between raw PV size and usable VG space, trapping candidates who assume the PV size equals the VG free space without accounting for PE size and rounding.

How to eliminate wrong answers

Option B is wrong because 10235 MiB is exactly half of the total usable space (20460 MiB / 2), which might be a miscalculation if one mistakenly divides by 2 or confuses with a different metric. Option C is wrong because 20.00 GiB is the raw PV size, but the VG uses a PE size of 4 MiB, which introduces rounding and metadata overhead, so the actual free space is slightly less (19.98 GiB). Option D is wrong because 19.99 GiB is a rounding error; the precise calculation yields 19.98 GiB (20460 MiB / 1024 = 19.98046875 GiB).

Option E is wrong because 5115 MiB is the total number of PEs, not the free space in MiB; the free space in MiB is 20460 MiB (5115 PE × 4 MiB/PE).

493
MCQhard

Based on the exhibit, what is the most likely cause of the error?

A.The container registry is unreachable due to a firewall blocking port 443.
B.The image name is invalid.
C.The container registry is unreachable due to a network outage.
D.DNS resolution failure is preventing the registry hostname from being resolved.
AnswerD

Correct. The dial tcp: lookup ... timeout indicates DNS query failure.

Why this answer

Option C is correct because the error shows a DNS lookup failure (timeout on port 53). Option A would show connection refused. Option B would show timeout on port 443 or similar.

Option D would show 'image not found'.

494
MCQmedium

An administrator runs 'getenforce' and sees 'Enforcing'. They then run 'setenforce 0' but SELinux still denies access to a custom application. What is the most likely reason?

A.SELinux is in enforcing mode and the policy is misconfigured.
B.The application's SELinux context is incorrect and needs relabeling.
C.The issue is due to file permissions or ACLs, not SELinux.
D.The change requires a reboot to take effect.
AnswerC

In permissive mode, SELinux does not deny; thus the denial is from DAC.

Why this answer

Option C is correct because `setenforce 0` switches SELinux to permissive mode, which logs but does not enforce denials. If access is still denied after this command, the issue is not caused by SELinux enforcement but by traditional Linux file permissions (DAC) or ACLs. The administrator should check `ls -l` and `getfacl` to verify the file's ownership and permissions.

Exam trap

The trap here is that candidates assume any denial after `setenforce 0` must still be SELinux-related, overlooking that traditional Linux permissions (DAC) operate independently and can block access even when SELinux is permissive.

How to eliminate wrong answers

Option A is wrong because `setenforce 0` disables enforcing mode, so a misconfigured policy would not cause denials in permissive mode. Option B is wrong because an incorrect SELinux context would only cause denials in enforcing mode; in permissive mode, context mismatches are logged but not enforced, so the application would still run. Option D is wrong because `setenforce` takes effect immediately without requiring a reboot; SELinux runtime mode changes are instantaneous.

495
MCQhard

A sysadmin creates a script to rotate log files. The script uses 'find /var/log -type f -name "*.log" -mtime +30 -exec gzip {} \;' but some log files are not compressed. The script runs as root. What is the most likely reason some files remain uncompressed?

A.The log files are already compressed (.gz extension), and gzip fails silently
B.Another process deletes log files between find's detection and execution, causing 'find' to error on missing files
C.The script lacks proper quoting around {} which causes gzip to fail on files with spaces
D.The '-mtime +30' flag selects files newer than 30 days, so old files are excluded
AnswerB

A is correct. The 'find -exec' can fail if files are removed concurrently.

Why this answer

Option A is correct because the 'find' command with '-exec' will fail if any file in the list is deleted (rotated) during execution, causing the whole command to produce errors and skip subsequent files. Option B is wrong because compression failure is less likely. Option C is wrong because '-mtime +30' means older than 30 days, not newer.

Option D is wrong because 'gzip' handles spaces with proper quoting.

496
MCQeasy

A security policy requires user passwords to expire 60 days after last change. Which command sets this for user 'jdoe'?

A.usermod -f 60 jdoe
B.passwd -x 60 jdoe
C.chage -m 60 jdoe
D.chage -M 60 jdoe
AnswerD

Sets maximum password age to 60 days.

Why this answer

Option C (chage -M 60 jdoe) sets the maximum number of days between password changes. Option A (passwd -x 60 jdoe) is also valid but legacy; chage is preferred in RHCSA. Option B (usermod -f) sets inactivity period.

Option D (chage -m) sets minimum days.

497
Multi-Selectmedium

Which THREE filesystem types are natively supported in RHEL 8/9 for local storage? (Choose exactly three.)

Select 3 answers
A.vfat
B.ntfs
C.xfs
D.btrfs
E.ext4
AnswersA, C, E

vfat is supported for compatibility.

Why this answer

A is correct because vfat (FAT32) is natively supported in RHEL 8/9 for local storage, primarily for compatibility with UEFI boot partitions and removable media. The kernel includes the vfat module, and mkfs.vfat is available from the dosfstools package, allowing creation and mounting of FAT32 filesystems without additional software.

Exam trap

The trap here is that candidates often assume Btrfs is supported because it is common in Fedora or other distributions, but Red Hat explicitly deprecated and removed it from RHEL 8/9, making ext4 and XFS the correct choices alongside vfat for UEFI boot.

498
MCQhard

An administrator used the command useradd -D -f 10 to change the default inactivity period. What effect does this have on future user accounts?

A.The default group for new users will be changed to GID 10.
B.New user accounts will have a maximum password age of 10 days.
C.New user accounts will be disabled after 10 days of inactivity if the password has expired.
D.New user accounts will have a password expiration of 10 days.
AnswerC

Option B is correct; -f sets the number of days after password expiration until the account is disabled. A value of 10 means 10 days of inactivity after password expiry.

Why this answer

The `useradd -D -f 10` command modifies the default value for the `INACTIVE` field in `/etc/default/useradd`. This field sets the number of days after a password expires that the account will be disabled if the password is not changed. Option C correctly describes this behavior: new user accounts will be disabled after 10 days of inactivity following password expiration.

Exam trap

The trap here is confusing the `-f` (inactivity period after password expiration) with password aging (`-M` or `PASS_MAX_DAYS`), leading candidates to incorrectly select options B or D.

How to eliminate wrong answers

Option A is wrong because `-f` sets the inactivity period, not the default group; the default group is set with `-g` or `-G`. Option B is wrong because the maximum password age is controlled by the `PASS_MAX_DAYS` parameter in `/etc/login.defs`, not by the `-f` flag. Option D is wrong because the `-f` flag sets the inactivity period after password expiration, not the password expiration itself; password expiration is set with `-e` or via `chage -M`.

499
MCQhard

A company policy requires that all cron jobs run by non-root users must be logged to a specific file /var/log/usercron.log. The system administrator decides to use rsyslog to capture these messages. Which configuration directive should be added to /etc/rsyslog.conf or a file in /etc/rsyslog.d/ to achieve this?

A.user.* /var/log/usercron.log
B.cron.* /var/log/usercron.log
C.*.* /var/log/usercron.log
D.authpriv.* /var/log/usercron.log
AnswerB

The cron facility handles cron job messages.

Why this answer

Option B is correct because the cron facility in rsyslog captures messages generated by the cron daemon, including cron jobs run by non-root users. By adding the directive `cron.* /var/log/usercron.log` to the rsyslog configuration, all cron messages (regardless of priority) are logged to the specified file, satisfying the policy requirement.

Exam trap

The trap here is that candidates may confuse the `cron` facility with the `user` facility, mistakenly thinking user cron jobs are logged under `user.*` instead of the dedicated `cron` facility.

How to eliminate wrong answers

Option A is wrong because `user.*` captures messages from user-level processes (e.g., user applications), not from the cron daemon; cron jobs are logged under the `cron` facility, not `user`. Option C is wrong because `*.*` logs all syslog messages from every facility to the file, which is overly broad and violates the policy of logging only cron jobs; it would also clutter the log with unrelated system messages. Option D is wrong because `authpriv.*` captures authentication and security-related messages (e.g., sudo, login), not cron job logs; this would miss all cron activity.

500
MCQeasy

A user wants to run a command in the background after logging out of an SSH session. Which method ensures the process continues even after logout?

A.Run 'nohup command &' before logout
B.Run 'command', press Ctrl+Z, then type 'bg' and logout
C.Run 'command &' and then exit
D.Run 'command & disown' then logout
AnswerA

nohup ignores SIGHUP, allowing the process to continue.

Why this answer

Option A is correct because `nohup` ignores the SIGHUP signal that the shell sends to its child processes when the parent shell exits (e.g., upon logout). By running `nohup command &`, the command is placed in the background and will continue running even after the SSH session terminates, as it is immune to the hangup signal.

Exam trap

The trap here is that candidates often think `&` alone or `bg` is sufficient to keep a process running after logout, but they miss that the shell sends SIGHUP to all child processes (including background jobs) upon exit unless explicitly ignored with `nohup` or handled with `disown` in a shell that supports `huponexit` off.

How to eliminate wrong answers

Option B is wrong because suspending a job with Ctrl+Z and then resuming it in the background with `bg` does not protect the process from SIGHUP; when the shell exits, the background job will still receive SIGHUP and terminate. Option C is wrong because running `command &` alone does not prevent SIGHUP; the background job is still a child of the shell and will be killed when the shell exits. Option D is wrong because `disown` removes the job from the shell's job table, but it does not prevent the shell from sending SIGHUP to the process on logout; the process may still receive SIGHUP depending on the shell implementation (e.g., bash sends SIGHUP to disowned jobs by default unless `huponexit` is disabled).

501
MCQeasy

A system administrator needs to find all files in /var/log that have been modified in the last 2 hours. Which command should be used?

A.find /var/log -mmin -120
B.find /var/log -amin -120
C.find /var/log -mtime -0.08
D.find /var/log -cmin -120
AnswerA

Correctly finds files modified in the last 120 minutes.

Why this answer

Option A is correct because the `find` command with `-mmin -120` searches for files whose data was modified (changed content) within the last 120 minutes. This directly matches the requirement to find files modified in the last 2 hours in /var/log.

Exam trap

The trap here is confusing `-mmin` (modification time) with `-cmin` (change time) or `-amin` (access time), as candidates often misremember which flag tracks content changes versus metadata or access events.

How to eliminate wrong answers

Option B is wrong because `-amin -120` searches for files accessed (read) within the last 120 minutes, not modified. Option C is wrong because `-mtime -0.08` uses a fractional day value that is not precise for a 2-hour window; `-mtime` works in 24-hour increments and rounding can cause inaccuracies. Option D is wrong because `-cmin -120` searches for files whose status (metadata) changed within the last 120 minutes, which includes permission or ownership changes, not necessarily data modification.

502
MCQmedium

An administrator needs to compress a directory containing subdirectories and files into a single archive file, with maximum compression, and exclude all '*.tmp' files. Which command should be used?

A.tar -czvf archive.tar.gz --exclude='*.tmp' /path/to/dir
B.tar -czvf archive.tar.gz /path/to/dir --exclude='*.tmp'
C.tar -cjvf archive.tar.bz2 --exclude='*.tmp' /path/to/dir
D.tar -czvf archive.tar.gz /path/to/dir
AnswerA

Max compression with gzip (z), exclude pattern works.

Why this answer

Option A is correct because it uses `tar -czvf` to create a gzip-compressed archive with maximum compression (the `z` flag invokes gzip, which by default uses level 6; for maximum compression you would add `--gzip --level=9` or use `GZIP=-9`, but the question's 'maximum compression' is a common phrasing for gzip). The `--exclude='*.tmp'` option is placed before the source directory, which is the correct syntax for tar to apply the exclusion pattern to all files during archiving. This command compresses the directory into a single `.tar.gz` file while omitting all temporary files.

Exam trap

Red Hat often tests the positional requirement of `--exclude` relative to the source path — many candidates incorrectly place the exclude pattern after the directory, assuming tar will still apply it, but tar only honors exclusions that appear before the source argument.

How to eliminate wrong answers

Option B is wrong because the `--exclude` option is placed after the source directory `/path/to/dir`, which causes tar to ignore the exclusion pattern — tar processes positional arguments in order, and the exclude pattern must precede the source path to take effect. Option C is wrong because it uses `-j` for bzip2 compression instead of `-z` for gzip; while bzip2 can achieve higher compression ratios, the question specifies 'maximum compression' in the context of the commonly used gzip format, and the output file extension `.tar.bz2` does not match the expected `.tar.gz` archive. Option D is wrong because it omits the `--exclude='*.tmp'` option entirely, so all `*.tmp` files will be included in the archive, failing the requirement to exclude them.

503
MCQhard

The administrator wants to reduce the file system size to 40GB. Which command sequence should be used?

A.It is not possible to shrink an XFS file system
B.xfs_repair; lvreduce
C.umount /mnt/data; lvreduce -L 40G; mount; xfs_growfs
D.lvreduce -L 40G /dev/vg00/lvol0; xfs_growfs
AnswerA

XFS does not support shrinking. To reduce size, you must back up, recreate the LV and file system with the desired size, and restore.

Why this answer

XFS is a high-performance 64-bit journaling file system that does not support online or offline shrinking. Once an XFS file system is created, its size cannot be reduced; the only way to reclaim space is to back up the data, destroy the file system, recreate it at the desired size, and restore the data. Therefore, any attempt to shrink an XFS file system using lvreduce or similar tools will corrupt the file system.

Exam trap

Red Hat often tests the misconception that any file system can be shrunk using logical volume management tools like lvreduce, but XFS is a notable exception that requires full data migration to reduce its size.

How to eliminate wrong answers

Option A is correct because XFS does not support shrinking. Option B is wrong because xfs_repair is used to repair an XFS file system, not to prepare it for shrinking, and lvreduce would shrink the logical volume without shrinking the XFS file system, causing corruption. Option C is wrong because unmounting and using lvreduce to shrink the logical volume still attempts to shrink an XFS file system, which is impossible; the subsequent mount and xfs_growfs would only grow the file system, not fix the corruption.

Option D is wrong because lvreduce -L 40G shrinks the logical volume without shrinking the XFS file system, and xfs_growfs is used to expand an XFS file system, not to shrink it; this sequence would corrupt the file system.

504
MCQmedium

A containerized web server needs to persist logs outside the container. Which podman run option allows the administrator to specify a bind mount with mount propagation options?

A.--mount
B.--volume
C.--bind
D.-v
AnswerA

Correct. The --mount option allows specifying mount type, source, destination, and propagation.

Why this answer

Option A is correct because the `--mount` flag in `podman run` provides the most granular control over bind mounts, including the ability to specify mount propagation options (e.g., `shared`, `slave`, `private`) via the `propagation` parameter. This is essential for persisting container logs to the host filesystem while controlling how mount events are propagated between the container and the host.

Exam trap

The trap here is that candidates confuse `--volume`/`-v` with `--mount`, assuming both support the same options, but only `--mount` allows explicit mount propagation settings, which is a key differentiator tested in the EX200 exam.

How to eliminate wrong answers

Option B is wrong because `--volume` (or `-v`) in Podman creates a volume managed by Podman, not a bind mount, and does not support mount propagation options directly; it is designed for persistent storage managed by Podman's volume driver. Option C is wrong because `--bind` is not a valid `podman run` option; the correct syntax for bind mounts uses `--mount type=bind` or `-v` with a host path. Option D is wrong because `-v` (short form of `--volume`) can create bind mounts when a host path is specified, but it does not support mount propagation options; propagation can only be set via the `--mount` option.

505
MCQmedium

Refer to the exhibit. A junior admin runs this script as root, but it always prints 'httpd is running' even when httpd is stopped. What is the most likely cause?

A.The script is not executable and is run with `sh script.sh`, causing the shebang to be ignored.
B.The variable SERVICE is misspelled as "HTTPD" in the condition.
C.The `systemctl` command requires root privileges, and the script is run as a non-root user.
D.The script uses the test command `[` instead of directly using the command as the condition, causing the condition to always be true.
AnswerD

`[ systemctl ... ]` always evaluates to true because it tests the string.

Why this answer

Option D is correct because when a command is used as a condition inside `[ ]`, the `test` builtin evaluates the exit status of the command inside the brackets, not the command itself. In this script, `[ systemctl is-active httpd ]` always returns true (exit code 0) because `[` treats the string "systemctl" as a non-empty string, which is always true. The correct syntax is to use the command directly as the condition: `if systemctl is-active httpd; then`.

Exam trap

The trap here is that candidates mistakenly think the `[ ]` syntax is required for all conditions, not realizing that `[` is actually a command that evaluates its arguments as a test expression, not as a command to execute.

How to eliminate wrong answers

Option A is wrong because running a script with `sh script.sh` explicitly invokes the shell interpreter, so the shebang is irrelevant; the script will still execute correctly regardless of the shebang. Option B is wrong because the variable name `SERVICE` is not misspelled as "HTTPD" in the condition; the condition uses `systemctl is-active httpd` directly, not a variable. Option C is wrong because the script is run as root (as stated in the question), so root privileges are not an issue; the problem persists even with root.

506
MCQhard

Refer to the exhibit. The backup script runs every 5 minutes but generates errors. What is the most likely cause?

A.The script is owned by root.
B.The cron daemon is not running.
C.The script uses absolute paths.
D.The script is not executable.
AnswerD

The file permissions are 644, missing the execute bit (x). cron will attempt to run it but fail with permission denied.

Why this answer

The cron job fails because the script lacks execute permissions. Cron requires that scripts specified in crontab entries have the executable bit set (chmod +x) for the user under whose crontab the job runs. Without this, the cron daemon cannot spawn the script as a process, resulting in errors.

Exam trap

Red Hat often tests the distinction between file ownership and file permissions, where candidates mistakenly assume root ownership is the problem, but the actual issue is the missing executable bit that cron strictly enforces.

How to eliminate wrong answers

Option A is wrong because ownership by root does not prevent a script from executing; root ownership is common and cron can run root-owned scripts if the crontab belongs to root or the script has appropriate permissions. Option B is wrong because if the cron daemon were not running, no cron jobs would execute at all, not just this one script — the question states the script runs but generates errors, implying the daemon is active. Option C is wrong because using absolute paths is actually a best practice in cron scripts to avoid PATH issues; absolute paths do not cause execution errors.

507
MCQeasy

A Red Hat Enterprise Linux system has a second disk /dev/sdb with a single partition /dev/sdb1 that was formatted as XFS and mounted at /mnt/backup. The administrator wants to change the filesystem on /dev/sdb1 to ext4 without losing existing data. Which steps should be taken in order?

A.Unmount, mkfs.ext4 /dev/sdb1, then mount
B.Use xfs_admin to change type
C.Use fsck.ext4 to convert in place
D.Backup data, unmount, mkfs.ext4, remount, restore data
AnswerD

Preserves data by backing up and restoring after reformat.

Why this answer

Option D is correct because you cannot convert an XFS filesystem to ext4 in place; the only safe method is to back up the data, unmount the partition, create a new ext4 filesystem with mkfs.ext4, remount, and then restore the data. XFS and ext4 have fundamentally different on-disk structures (e.g., allocation groups vs. block groups, different journaling formats), so no in-place conversion tool exists.

Exam trap

The trap here is that candidates assume a filesystem can be 'converted' in place using a command like fsck or a tuning tool, when in fact only a backup-and-restore cycle is safe for changing between fundamentally different filesystem types like XFS and ext4.

How to eliminate wrong answers

Option A is wrong because running mkfs.ext4 on a partition that currently contains an XFS filesystem will overwrite the existing filesystem metadata, destroying all data without any conversion. Option B is wrong because xfs_admin is a tool for tuning XFS filesystem parameters (e.g., changing the UUID or label), not for changing the filesystem type to ext4. Option C is wrong because fsck.ext4 is a filesystem check and repair tool for ext4; it cannot convert an XFS filesystem to ext4, and attempting to run it on an XFS partition would fail or cause corruption.

508
MCQeasy

Refer to the exhibit. The administrator wants to create a single file system that spans the entire 20 GB disk /dev/sdb. All data on the disk can be discarded. Which steps are required to create an XFS file system on the whole disk?

A.Run mkfs.xfs /dev/sdb directly; it will overwrite the partition table and create a file system.
B.Use pvcreate /dev/sdb, then vgcreate, lvcreate, and format the logical volume with mkfs.xfs.
C.Run mkfs.xfs -f /dev/sdb; it will force creation of XFS on the whole disk without partition table.
D.Use fdisk to delete all partitions, create a new partition spanning the whole disk, then run mkfs.xfs on the new partition.
AnswerD

Correct procedure: remove partitions, create single partition, format with XFS.

Why this answer

Option D is correct because creating a file system directly on a whole block device (like /dev/sdb) without a partition table is not recommended and may cause issues with system tools and boot loaders. The proper procedure is to first create a single partition spanning the entire disk using fdisk (or parted), then format that partition (e.g., /dev/sdb1) with mkfs.xfs. This ensures a valid partition table is present, which is expected by most Linux utilities and the kernel.

Exam trap

Red Hat often tests the misconception that mkfs can be run directly on a whole disk (e.g., /dev/sdb) without a partition table, leading candidates to choose options A or C, but the correct Red Hat practice is to always create a partition first.

How to eliminate wrong answers

Option A is wrong because mkfs.xfs /dev/sdb will attempt to create a file system on the raw disk without a partition table, which is not a standard practice and can confuse tools like blkid or the kernel; it does not 'overwrite' the partition table in a safe or expected way. Option B is wrong because LVM (pvcreate, vgcreate, lvcreate) is unnecessary for a single disk spanning the entire space; it adds complexity and requires additional steps, and the question asks for a file system on the whole disk, not a logical volume. Option C is wrong because mkfs.xfs -f /dev/sdb forces creation on the raw disk, but still lacks a partition table; the -f flag only overwrites an existing file system, not the requirement for a partition table.

509
MCQhard

During a system audit, an administrator finds that a filesystem mounted at /srv/data with ext4 is not showing in /etc/fstab. Further investigation reveals that the underlying device is an LVM logical volume lv_data in vg_data. The administrator wants to ensure the filesystem is mounted at boot. He adds an entry to /etc/fstab using the device path /dev/vg_data/lv_data. On reboot, the system fails to mount the filesystem and enters emergency mode. The logical volume and filesystem are intact. What is the most likely reason for the failure?

A.The device path /dev/vg_data/lv_data is a symlink that may not be available; use /dev/mapper/vg_data-lv_data or UUID.
B.The mount point /srv/data does not exist.
C.The filesystem type specified in fstab is incorrect.
D.The logical volume is not activated at boot because lvm2-lvmetad is not running.
AnswerA

LVM symlinks under /dev/volume_group/ may not be ready at early boot; /dev/mapper/ is more reliable.

Why this answer

The device path /dev/vg_data/lv_data is a symbolic link created by LVM that may not be available early in the boot process because the device mapper nodes are not yet created. The correct approach is to use the stable /dev/mapper/vg_data-lv_data path or the filesystem UUID in /etc/fstab to ensure reliable mounting at boot.

Exam trap

The trap here is that candidates assume /dev/vg_data/lv_data is a stable device path, but it is actually a symlink that may not be available at boot time, leading them to overlook the correct /dev/mapper/ path or UUID.

How to eliminate wrong answers

Option B is wrong because the mount point /srv/data already exists (the filesystem was mounted there before the audit), and the system would fail with a different error if it didn't. Option C is wrong because the filesystem type ext4 is correct and would not cause a boot failure if specified properly; the issue is the device path, not the type. Option D is wrong because lvm2-lvmetad is a caching daemon for LVM metadata and is not required for logical volume activation at boot; activation is handled by lvm2-activation-generator and systemd.

510
MCQmedium

Refer to the exhibit. An administrator attempts to mount the partition but receives an error. Which command should be run first to resolve the issue?

A.xfs_repair /dev/sdc1
B.file -s /dev/sdc1
C.partprobe /dev/sdc
D.mkfs.xfs /dev/sdc1
AnswerB

The file command checks the actual filesystem type; the partition table shows xfs but maybe it's not created yet.

511
Multi-Selecthard

Which TWO methods are considered best practices for securing SSH access to a server? (Select exactly two.)

Select 2 answers
A.Disable root login by setting PermitRootLogin no.
B.Use only password authentication for simplicity.
C.Use key-based authentication with passphrase-protected keys.
D.Change the default SSH port to a high-numbered port.
E.Allow SSH access for all users in the system.
AnswersA, C

This prevents direct root SSH access, forcing admins to use sudo.

Why this answer

Option A is correct because disabling root login by setting `PermitRootLogin no` in `/etc/ssh/sshd_config` prevents direct SSH access as the root user, forcing administrators to log in as a regular user and then use `sudo` or `su` to escalate privileges. This reduces the attack surface by eliminating a high-value target for brute-force attacks and ensures all actions are auditable via the regular user's session.

Exam trap

Red Hat often tests the misconception that changing the default SSH port (option D) is a legitimate security measure, but in the EX200 exam, security through obscurity is never considered a best practice—only controls that enforce authentication and authorization are accepted.

512
MCQhard

Refer to the exhibit. The /proc/mdstat output shows a RAID1 array with two devices. One of the disks (/dev/sda1) fails. Which sequence of commands would be used to remove the failed disk and add a new replacement disk /dev/sdc1?

A.mdadm --fail /dev/md0 /dev/sda1; mdadm --remove /dev/md0 /dev/sda1; mdadm --add /dev/md0 /dev/sdc1
B.mdadm /dev/md0 --fail /dev/sda1; mdadm /dev/md0 --remove /dev/sda1; mdadm /dev/md0 --add /dev/sdc1
C.mdadm /dev/md0 --set-faulty /dev/sda1; mdadm /dev/md0 --remove /dev/sda1; mdadm /dev/md0 --add /dev/sdc1
D.mdadm /dev/md0 --remove /dev/sda1; mdadm /dev/md0 --add /dev/sdc1
E.mdadm /dev/md0 --replace /dev/sda1 --with /dev/sdc1
AnswerB

Correct. This is the proper sequence to replace a failed disk.

Why this answer

Option B is correct because it uses the proper mdadm syntax with the device name immediately after the command, followed by the action and the disk. The --fail flag marks the disk as faulty, --remove removes it from the array, and --add adds the new replacement disk. This sequence ensures the array remains in a degraded state before safely replacing the failed component.

Exam trap

Red Hat often tests the exact command syntax and flag order, and the trap here is that candidates confuse the valid flags (--fail vs --set-faulty) or assume --remove can be used directly without first marking the disk as failed.

How to eliminate wrong answers

Option A is wrong because it places the action flag before the array device, which is syntactically incorrect; mdadm requires the array device to come first, then the action. Option C is wrong because --set-faulty is not a valid mdadm flag; the correct flag is --fail. Option D is wrong because it attempts to remove the disk without first marking it as failed, which will fail if the disk is still active in the array.

Option E is wrong because --replace is not a standard mdadm operation for RAID1; it is used in RAID5/6 for device replacement and does not handle the required fail step.

513
MCQmedium

An administrator wants to allow user 'alice' to SSH into the server using key-based authentication only. Which configuration change is required?

A.Add alice's public key to ~alice/.ssh/authorized_keys and set PubkeyAuthentication yes in sshd_config.
B.Add alice's private key to /etc/ssh/authorized_keys.
C.Set PasswordAuthentication no in /etc/ssh/sshd_config and restart sshd.
D.Set PermitRootLogin prohibit-password.
AnswerA

This enables key-based authentication for alice.

Why this answer

The correct approach is to add alice's public key to her authorized_keys file and ensure PubkeyAuthentication is enabled. Option A disables password auth for all, but doesn't enable key auth. Option C is for root.

Option D places the private key incorrectly.

514
Multi-Selecteasy

Which TWO commands can be used to view the current disk usage of a filesystem?

Select 2 answers
A.blkid
B.du
C.fdisk
D.df
E.lsblk
AnswersB, D

du shows directory space usage.

Why this answer

The `du` command (disk usage) estimates file and directory space usage, allowing you to view disk usage at the file or directory level. The `df` command (disk free) reports the amount of available and used disk space on mounted filesystems, showing overall filesystem usage. Both are standard Linux tools for examining disk consumption.

Exam trap

Red Hat often tests the distinction between commands that show block device information (like `lsblk` or `blkid`) versus those that report actual disk usage (`du` and `df`), trapping candidates who confuse device listing with usage reporting.

515
MCQeasy

An administrator wants to edit a configuration file and ensure only the intended changes are saved. Which practice is recommended?

A.Copy the file to a temporary location, edit, and then overwrite
B.Use 'ls -l' to check the file size before and after editing
C.Edit the file in place with a backup using 'sed -i.bak'
D.Use 'git' to track changes and commit after editing
AnswerD

Git provides a history of changes and allows reverting.

Why this answer

Option D is correct because using 'git' to track changes and commit after editing provides a version control system that allows you to review, stage, and commit only the intended modifications. This ensures that unintended changes are not saved, as you can use 'git diff' to verify changes before committing and 'git checkout' to revert unwanted edits. Git is a standard tool for configuration management in Red Hat Enterprise Linux environments, aligning with the EX200 objective of using essential tools for system administration.

Exam trap

Red Hat often tests the misconception that creating a backup file (e.g., with 'sed -i.bak') is sufficient to ensure only intended changes are saved, but this ignores the need for a review and staging process that version control systems like Git provide.

How to eliminate wrong answers

Option A is wrong because copying the file to a temporary location, editing, and then overwriting does not provide a mechanism to verify that only intended changes are saved; it risks overwriting the original file with unintended modifications if the edit is not carefully reviewed. Option B is wrong because using 'ls -l' to check file size before and after editing only reveals size changes, not the content or correctness of edits, and cannot prevent unintended changes from being saved. Option C is wrong because 'sed -i.bak' creates a backup but edits the file in place without any staging or review step, so unintended changes are immediately written to the file and the backup only preserves the original state, not a way to selectively save intended changes.

516
Multi-Selecteasy

Which THREE of the following are valid steps to create and mount an XFS filesystem on a new disk /dev/sdb?

Select 3 answers
A.mkfs.xfs -f /dev/sdb
B.mount -t xfs /dev/sdb1 /mnt
C.mkfs.xfs /dev/sdb1
D.mount /dev/sdb1 /mnt
E.echo "/dev/sdb1 /mnt xfs defaults 0 0" >> /etc/fstab
AnswersB, C, E

Correct mount command specifying XFS type.

Why this answer

Option B is correct because the `mount -t xfs /dev/sdb1 /mnt` command explicitly specifies the XFS filesystem type with the `-t xfs` flag, ensuring the kernel uses the correct XFS driver to mount the filesystem. This is necessary when the filesystem type is not automatically detected or when you want to be explicit, which is a common requirement in exam scenarios.

Exam trap

The trap here is that candidates assume `mount /dev/sdb1 /mnt` (without `-t xfs`) is always sufficient, but Cisco tests the need for explicit filesystem type specification when the kernel's auto-detection might not reliably identify XFS.

517
MCQmedium

An administrator needs to create a new 500MB swap partition on a disk that already has an extended partition. The disk /dev/sda has partitions: /dev/sda1 (primary, /boot), /dev/sda2 (extended), /dev/sda5 (logical, swap, 2GB). The administrator wants to add another swap partition, but fdisk shows no free space. Which approach should be used?

A.Use LVM to create a logical volume for swap
B.Use a file-based swap file
C.Shrink the filesystem on /dev/sda1 to create free space
D.Delete /dev/sda5 and recreate it with larger size
AnswerB

Swap files can be created on a mounted filesystem without repartitioning.

Why this answer

Option B is correct because the disk has no free space (the extended partition consumes all remaining space after /dev/sda1, and logical partitions are contained within it). Adding a swap file is the simplest and safest approach: it does not require repartitioning, works with any filesystem, and is fully supported by systemd and swapon. The administrator can create a 500MB file, format it as swap with mkswap, and enable it with swapon.

Exam trap

The trap here is that candidates assume a new partition must be created, overlooking that swap files are a fully supported and simpler alternative when no free partition space exists.

How to eliminate wrong answers

Option A is wrong because the scenario does not mention LVM being in use; converting a non-LVM disk to LVM would require significant reconfiguration and is not the simplest solution. Option C is wrong because shrinking /dev/sda1 (a primary partition containing /boot) would not create free space outside the extended partition; the extended partition already occupies all remaining space, so any freed space would still be inside the extended partition and would require complex partition table manipulation. Option D is wrong because deleting /dev/sda5 and recreating it larger would still be limited by the size of the extended partition; it does not add a second swap partition, and it would destroy the existing swap without solving the need for additional swap space.

518
Multi-Selecthard

Which TWO commands show detailed information about a container image, including layers and configuration? (Choose TWO.)

Select 2 answers
A.podman ps -a
B.podman images <image>
C.podman history <image>
D.podman image tree <image>
E.podman inspect <image>
AnswersD, E

Displays image layer tree with size and details.

Why this answer

Option D is correct because `podman image tree <image>` displays the image's layer hierarchy, showing parent-child relationships and layer sizes. Option E is correct because `podman inspect <image>` returns detailed metadata in JSON format, including the image's configuration (e.g., environment variables, entrypoint) and layer digests. Both commands provide the detailed information about layers and configuration that the question asks for.

Exam trap

The trap here is that candidates often confuse `podman images` (which only lists basic image info) with `podman inspect` (which provides detailed configuration and layers), or they mistakenly think `podman history` shows layer details when it actually shows build command history.

519
Multi-Selectmedium

Which three of the following are valid methods to view the manual page for the 'ls' command? (Choose three)

Select 3 answers
A.help ls
B.man ls
C.whatis ls
D.info ls
E.ls --help
AnswersB, D, E

The man command displays the manual page for ls.

Why this answer

Option B is correct because the 'man' command is the primary method for viewing manual pages in Linux. Running 'man ls' displays the full manual page for the 'ls' command, including its description, options, and usage details.

Exam trap

Red Hat often tests the distinction between commands that provide full manual pages ('man', 'info') versus those that give brief summaries ('--help', 'whatis'), and the trap here is that candidates may mistakenly think 'help' or 'whatis' are valid methods for viewing the full manual page.

520
MCQeasy

Consider the script in the exhibit. The script is run in a directory containing 'a.txt' and 'b.txt' but also has a subdirectory 'backup' with .txt files. What will be the output?

A.An error because the for loop cannot iterate over files with spaces
B.Line counts for .txt files in 'backup' only
C.Line counts for 'a.txt' and 'b.txt' only
D.Line counts for all .txt files including those in 'backup'
AnswerC

C is correct.

Why this answer

Option C is correct because the wildcard '*.txt' only matches files in the current directory, not subdirectories. It will count lines in 'a.txt' and 'b.txt' only. Option A is wrong because it does not include backup files.

Option B is wrong because it would count subdirectory files only if the glob expanded to them, which it does not. Option D is wrong because the script will run without error.

521
MCQeasy

An administrator wants to add the user 'jane' to the supplementary groups 'wheel' and 'docker' without removing her from other groups. Which command should be used?

A.groupmems -a jane -g wheel,docker
B.usermod -aG wheel,docker jane
C.usermod -a -G wheel,docker jane
D.usermod -G wheel,docker jane
AnswerB

The -aG option appends the specified groups to the user's existing supplementary groups.

Why this answer

Option B is correct because the `usermod -aG` command appends the user 'jane' to the supplementary groups 'wheel' and 'docker' without removing her from any existing supplementary groups. The `-a` (append) flag must be used with `-G` to avoid overwriting the current group membership list, which is the default behavior of `-G` alone.

Exam trap

The trap here is that candidates often forget that `usermod -G` without `-a` overwrites all supplementary groups, leading them to choose option D, which would remove the user from any groups not listed, such as 'users' or other custom groups.

How to eliminate wrong answers

Option A is wrong because `groupmems` is used to manage members of a single group (e.g., add/remove users from one group at a time) and does not support specifying multiple groups in a comma-separated list; it would fail or behave unexpectedly. Option C is wrong because `-a -G` is syntactically valid but functionally identical to `-aG`; however, the option order `-a -G` is non-standard and may cause parsing issues on some systems, making it less reliable than the combined `-aG` form. Option D is wrong because `usermod -G wheel,docker jane` without the `-a` flag will replace all supplementary groups for 'jane' with only 'wheel' and 'docker', removing her from any other groups she belongs to, which violates the requirement to not remove her from other groups.

522
MCQhard

A junior administrator configured a new network interface (ens224) with a static IP address using a configuration file in /etc/sysconfig/network-scripts/ifcfg-ens224. After restarting the network service, the interface comes up but does not get the IP address. The administrator runs 'ip addr show ens224' and sees no IP address assigned. The interface is listed as DOWN. The administrator then runs 'ifup ens224' manually, which succeeds, and the IP address appears. What is the most likely cause?

A.The ONBOOT directive is set to no in the ifcfg file.
B.The network service is not enabled to start at boot.
C.The interface name does not match the device file.
D.There is a conflict with NetworkManager managing the interface.
AnswerA

When ONBOOT=no, the interface is not activated automatically; manual ifup works because the config is valid.

Why this answer

Option A is correct. The ONBOOT directive controls whether the interface is brought up automatically at boot or upon network service restart. Setting ONBOOT=no prevents automatic activation, but manual ifup works because the configuration is otherwise correct.

Option B is less likely because the network service was restarted, and if ONBOOT=yes, it would have activated the interface. Option C would cause a different error (interface not found). Option D could cause issues, but if NetworkManager is managing the interface, manual ifup might not work as expected, or the configuration would be ignored.

523
MCQhard

A company requires that SSH access from the external network (10.0.1.0/24) only be allowed to port 2222, and all other incoming traffic on the firewall should be dropped. Which firewalld rule should be applied to the external zone?

A.firewall-cmd --zone=external --add-service=ssh --permanent
B.firewall-cmd --zone=external --add-port=2222/tcp --permanent
C.firewall-cmd --zone=external --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" service name="ssh" accept' --permanent
D.firewall-cmd --zone=external --add-rich-rule='rule family="ipv4" source address="10.0.1.0/24" port port="2222" protocol="tcp" accept' --permanent
AnswerD

This restricts SSH to port 2222 from the specified subnet.

Why this answer

Option D is correct because it uses a rich rule to explicitly allow incoming TCP traffic on port 2222 from the 10.0.1.0/24 source network, which matches the requirement. The default target for the external zone is 'drop', so only explicitly permitted traffic is allowed; this rule ensures SSH on port 2222 is accepted while all other incoming traffic is dropped.

Exam trap

The trap here is that candidates often confuse the 'service name' with a custom port, selecting Option C which uses the SSH service (port 22) instead of the required port 2222, or they forget to restrict the source address as in Option B.

How to eliminate wrong answers

Option A is wrong because it adds the standard SSH service (port 22/tcp) to the external zone, not port 2222, and does not restrict the source to 10.0.1.0/24. Option B is wrong because it opens port 2222/tcp to all sources, not just the 10.0.1.0/24 network, violating the source restriction requirement. Option C is wrong because it references the SSH service name (port 22/tcp) instead of port 2222, and the source address is specified but the service is incorrect.

524
MCQhard

An organization uses a shell script that runs daily via cron on a central management server to archive logs from 50 remote Red Hat Enterprise Linux servers. The script uses `scp` with SSH key-based authentication (passwordless) to transfer files. Recently, after a security team rotated the SSH host keys on all remote servers, the script started failing with 'Host key verification failed' errors. The administrator needs to restore automated log transfers without compromising security. The remote servers are in a controlled internal network, and the management server's `~/.ssh/known_hosts` file is not centrally managed. Which course of action should the administrator take?

A.Add the -o StrictHostKeyChecking=no option to the scp command in the script.
B.Use ssh-keyscan to retrieve the new host keys and add them to the management server's known_hosts file.
C.Modify the sshd_config on each remote server to disable host key checking.
D.Replace scp with rsync in the script, as rsync uses a different authentication method.
AnswerB

Correct: updates known_hosts with new keys, re-establishing trust securely.

Why this answer

Option B is correct because using `ssh-keyscan` to retrieve the new host keys and add them to the management server's `known_hosts` file is the proper method to update host keys without disabling security. This approach maintains SSH host key verification, which prevents man-in-the-middle attacks, while allowing the script to authenticate the remote servers after the key rotation.

Exam trap

The trap here is that candidates may think disabling host key checking (Option A) is an acceptable quick fix, but Cisco tests the understanding that `StrictHostKeyChecking=no` is a security risk and that the correct approach is to update the `known_hosts` file with the new keys using `ssh-keyscan`.

How to eliminate wrong answers

Option A is wrong because adding `-o StrictHostKeyChecking=no` disables host key verification entirely, which compromises security by making the system vulnerable to man-in-the-middle attacks; it is a dangerous workaround, not a fix. Option C is wrong because modifying `sshd_config` on remote servers to disable host key checking is a server-side change that does not address the client-side `known_hosts` mismatch and also weakens SSH security globally. Option D is wrong because `rsync` uses the same SSH transport and authentication mechanism as `scp`, so it would still fail with the same 'Host key verification failed' error; it does not use a different authentication method.

525
MCQhard

Refer to the exhibit. The script produces the error shown. What is the most likely cause?

A.The = operator should be == for string comparison.
B.The string 'value' contains spaces.
C.The script is missing a valid shebang.
D.The variable $var is empty or unset.
AnswerD

An empty variable leads to a missing operand error in [ ].

Why this answer

Option A is correct: if $var is empty or unset, the test becomes [ = value ], which is a unary operator error. Option B is incorrect because the string 'value' has no spaces. Option C is incorrect because = is valid for string comparison inside single brackets.

Option D is incorrect because the shebang is present.

Page 6

Page 7 of 8

Page 8

All pages