CCNA Deploy Configure Systems Questions

72 questions · Deploy Configure Systems topic · All types, answers revealed

1
MCQeasy

An administrator needs to set up an automount point for NFS shares from server nfs.example.com:/exports/backup. The mount point should be /backup and should mount on access. Which configuration is correct?

A.Install autofs and create /etc/auto.master.d/backup.autofs with the same content
B.Use systemd-mount with automount options
C.Add to /etc/auto.master: /backup /etc/auto.backup and in /etc/auto.backup: backup -fstype=nfs4 nfs.example.com:/exports/backup
D.Add an entry to /etc/fstab: nfs.example.com:/exports/backup /backup nfs4 defaults 0 0
AnswerC

Correct autofs configuration: master file points to map file.

Why this answer

Option C is correct because it defines an autofs indirect map: the master map entry /backup /etc/auto.backup tells autofs to use /etc/auto.backup as the map for the /backup mount point, and the map entry backup -fstype=nfs4 nfs.example.com:/exports/backup specifies that accessing /backup/backup triggers an NFSv4 mount of the remote export. This configuration mounts the share on demand (automount) rather than at boot or via fstab.

Exam trap

The trap here is that candidates confuse static fstab mounts (which mount at boot) with automount behavior, or they misidentify the correct autofs map file syntax and location, often expecting a single file or a different extension.

How to eliminate wrong answers

Option A is wrong because /etc/auto.master.d/backup.autofs is not a valid autofs configuration file; autofs uses master map files (e.g., /etc/auto.master) and indirect/direct map files (e.g., /etc/auto.backup), not .autofs extension files. Option B is wrong because systemd-mount with automount options is a systemd-native mechanism that does not integrate with autofs; the question specifically asks for an automount point using autofs, not systemd units. Option D is wrong because adding an entry to /etc/fstab with defaults 0 0 mounts the share at boot time (or on mount -a), not on access; automount requires autofs or systemd automount units, not a static fstab entry.

2
MCQmedium

A system administrator needs to ensure that a web server running Apache httpd starts automatically after a system reboot. Which command should the administrator use to enable the httpd service?

A.systemctl daemon-reload
B.systemctl start httpd
C.systemctl reenable httpd
D.systemctl enable httpd
AnswerD

Enables the service to start at boot.

Why this answer

Option D is correct because `systemctl enable httpd` creates the necessary symlinks in the systemd unit configuration directories (e.g., `/etc/systemd/system/multi-user.target.wants/`) to ensure the httpd service starts automatically at boot. This is the standard method for enabling a service in a Red Hat Enterprise Linux 8/9 environment using systemd.

Exam trap

The trap here is that candidates confuse `systemctl start` (immediate runtime start) with `systemctl enable` (persistent boot-time activation), or they invent a non-existent command like `systemctl reenable` instead of using the correct `systemctl enable`.

How to eliminate wrong answers

Option A is wrong because `systemctl daemon-reload` reloads the systemd manager configuration, scanning for new or changed unit files, but does not enable any service for automatic startup. Option B is wrong because `systemctl start httpd` immediately starts the service in the current session but does not configure it to persist across reboots. Option C is wrong because `systemctl reenable httpd` is not a valid systemd command; the correct command to re-enable a service is `systemctl enable httpd` (which is idempotent) or `systemctl disable httpd` followed by `systemctl enable httpd`.

3
MCQhard

Refer to the exhibit. A web server must also accept HTTPS traffic on port 8443. Which command should the administrator run to permanently open this port?

A.firewall-cmd --add-service=8443/tcp --permanent
B.firewall-cmd --add-port=8443/tcp
C.firewall-cmd --add-port=8443/tcp --permanent && firewall-cmd --reload
D.firewall-cmd --add-port=8443/tcp --zone=public
AnswerC

This adds the port permanently and reloads the firewall to apply changes.

Why this answer

The correct command adds port 8443/tcp permanently and reloads the firewall. Option B lacks --permanent and reload. Option C adds the port without --permanent.

Option D uses --add-service incorrectly.

4
MCQhard

A RHEL 9 system has a second disk /dev/sdb that needs to be partitioned with a single partition using all space, formatted with XFS, and mounted persistently at /data. The administrator uses fdisk to create the partition /dev/sdb1. Which filesystem creation command should be used?

A.mkfs.xfs /dev/sdb1
B.mke2fs /dev/sdb1
C.mkfs -t ext4 /dev/sdb1
D.mkfs.ext4 /dev/sdb1
AnswerA

Creates XFS filesystem.

Why this answer

The correct command is mkfs.xfs /dev/sdb1 because the question specifies that the partition must be formatted with XFS. The mkfs.xfs command is the dedicated tool for creating an XFS filesystem on a block device. It directly invokes the mkfs.xfs utility, which writes the XFS superblock and metadata structures to the partition.

Exam trap

The trap here is that candidates often confuse mkfs.xfs with generic mkfs commands or ext-family tools, assuming any mkfs variant will work, but the exam specifically tests knowledge of the correct filesystem-specific command for XFS.

How to eliminate wrong answers

Option B is wrong because mke2fs is a legacy command for creating ext2/ext3/ext4 filesystems, not XFS. Option C is wrong because mkfs -t ext4 creates an ext4 filesystem, not XFS. Option D is wrong because mkfs.ext4 is a convenience wrapper for creating ext4 filesystems, not XFS.

5
MCQeasy

A user reports that they cannot start a service. Which command would an administrator use to view the service's journal logs since last boot?

A.journalctl -b
B.journalctl -u service -b
C.journalctl service
D.dmesg | grep service
AnswerB

This combination correctly shows logs for the service since last boot.

Why this answer

Option B is correct because `journalctl -u service -b` combines the `-u` flag to filter logs for a specific systemd unit (the service) with the `-b` flag to show only logs from the current boot. This is the precise command an administrator would use to view a service's journal logs since the last system start, directly addressing the user's inability to start the service.

Exam trap

The trap here is that candidates often forget the `-u` flag is mandatory to filter for a specific service unit, mistakenly thinking `journalctl service` is valid, or they confuse `journalctl -b` (all logs since boot) with the more targeted command needed for service-specific troubleshooting.

How to eliminate wrong answers

Option A is wrong because `journalctl -b` shows all journal logs since the last boot, but without the `-u` flag it does not filter for a specific service, making it impractical for troubleshooting a single service. Option C is wrong because `journalctl service` is invalid syntax; `journalctl` requires the `-u` flag to specify a unit name, otherwise it treats 'service' as a non-existent option or argument. Option D is wrong because `dmesg | grep service` displays kernel ring buffer messages, which are primarily hardware and driver-related, not the detailed service logs from systemd-journald, and it does not filter by boot session.

6
MCQmedium

A junior system administrator configures rsyslog on a RHEL 9 server to forward logs to a remote centralized log server. They add the line *.* @192.168.1.100:514 to /etc/rsyslog.conf and restart rsyslog with systemctl restart rsyslog. Local logging works fine, but the remote server does not receive any logs. The administrator checks the local firewall and confirms that UDP port 514 is open outbound. They also verify network connectivity using nc. What is the most likely cause?

A.The systemd unit for rsyslog is masked, preventing it from running.
B.The remote rsyslog server is not listening on UDP port 514.
C.The SELinux boolean rsyslog_remote is disabled, blocking outbound syslog.
D.The configuration should use @@ for TCP instead of @ for UDP.
AnswerC

SELinux blocks rsyslog from sending network traffic if boolean is off; enabling it resolves the issue.

Why this answer

Option C is correct because on RHEL 9, SELinux enforces a targeted policy that blocks rsyslog from making outbound network connections by default. The boolean `rsyslog_remote` controls this behavior; when disabled, SELinux denies the outbound syslog traffic even though the local firewall allows it. The administrator must enable this boolean with `setsebool -P rsyslog_remote on` to allow rsyslog to forward logs via UDP or TCP.

Exam trap

The trap here is that candidates focus on network-level troubleshooting (firewall, connectivity) and overlook SELinux, which is a mandatory access control layer that can block outbound connections even when the firewall is open.

How to eliminate wrong answers

Option A is wrong because if the systemd unit for rsyslog were masked, the `systemctl restart rsyslog` command would fail with an error, and local logging would not work. Option B is wrong because the administrator verified network connectivity with `nc`, which would fail if the remote server were not listening on UDP 514, and the question states local logging works fine, implying the remote server is reachable. Option D is wrong because the `@` directive correctly specifies UDP transport; using `@@` would switch to TCP, which is not required and would not fix the SELinux block.

7
Drag & Dropmedium

Order the steps to configure SELinux to allow Apache to read files in a custom directory /webcontent.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

SELinux configuration involves setting proper file context for Apache to access custom directories.

8
MCQhard

A Red Hat Enterprise Linux 9 system has a logical volume 'lv_data' in the volume group 'vg_data' that needs to be resized from 10G to 15G. The underlying physical volumes have enough free space. Which sequence of commands correctly resizes the logical volume and the ext4 filesystem?

A.lvextend -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
B.resize2fs /dev/vg_data/lv_data; lvextend -L 15G /dev/vg_data/lv_data
C.lvextend -L 15G /dev/vg_data/lv_data; xfs_growfs /dev/vg_data/lv_data
D.lvreduce -L 15G /dev/vg_data/lv_data; resize2fs /dev/vg_data/lv_data
AnswerA

This is the correct order for ext4.

Why this answer

Option A is correct because to resize an ext4 filesystem on a logical volume, you must first extend the logical volume with `lvextend -L 15G /dev/vg_data/lv_data` to allocate the additional 5G from the volume group, then use `resize2fs /dev/vg_data/lv_data` to grow the filesystem to fill the enlarged block device. This order ensures the underlying block device has sufficient capacity before the filesystem resize operation.

Exam trap

The trap here is that candidates often confuse the filesystem-specific resize commands, mistakenly using `xfs_growfs` for ext4 (option C) or reversing the order of operations (option B), failing to recognize that LVM resizing must precede filesystem resizing.

How to eliminate wrong answers

Option B is wrong because `resize2fs` is run before `lvextend`, which would fail as the filesystem cannot be resized beyond the current logical volume size of 10G. Option C is wrong because `xfs_growfs` is used for XFS filesystems, not ext4; using it on an ext4 filesystem would either fail or produce incorrect results. Option D is wrong because `lvreduce` shrinks the logical volume, which is the opposite of the required operation (resizing from 10G to 15G), and would reduce capacity instead of increasing it.

9
MCQeasy

A user reports that they cannot log in to a RHEL 9 system. The administrator checks /etc/passwd and finds the user's shell is set to /sbin/nologin. What is the most likely cause?

A.The SSH service is not running.
B.The user account has been locked by pam_tally2.
C.The user's password has expired.
D.The user account is intentionally disabled for login.
AnswerD

/sbin/nologin prevents interactive login.

Why this answer

The /sbin/nologin shell is a valid shell entry that, when set as a user's login shell, prevents interactive login by immediately exiting with a message that the account is not available. This is a standard method for disabling login for system accounts (e.g., daemon, bin) or intentionally disabling a user account while keeping the account and its files intact. Option D correctly identifies that the user account is intentionally disabled for login.

Exam trap

The trap here is that candidates may confuse the /sbin/nologin shell with account locking or password expiration, not realizing that the shell setting is a deliberate, static configuration to disable interactive login without affecting password state or authentication attempts.

How to eliminate wrong answers

Option A is wrong because the SSH service not running would affect all SSH connections, not just a single user, and the shell setting in /etc/passwd is independent of SSH service status. Option B is wrong because pam_tally2 locks an account after failed login attempts by setting a lock flag in /etc/shadow or /var/log/faillog, not by changing the user's shell to /sbin/nologin. Option C is wrong because an expired password would prompt the user to change their password upon login (via PAM modules like pam_unix), but the shell would still be a valid interactive shell like /bin/bash; the user would not be immediately rejected with a nologin message.

10
MCQeasy

A system administrator wants to allow incoming HTTPS traffic on the default zone of firewalld. Which command should be used?

A.firewall-cmd --add-port=443/tcp --zone=public --permanent
B.firewall-cmd --enable-service=https
C.firewall-cmd --add-rule=allow https
D.firewall-cmd --add-service=https --permanent
AnswerD

Correctly adds the HTTPS service to the default zone and persists the change.

Why this answer

Option D is correct because the `--add-service=https` option adds the predefined HTTPS service (port 443/tcp) to the firewalld configuration. The `--permanent` flag ensures the rule persists across reboots. By default, the command applies to the default zone if no zone is specified, which matches the requirement to allow HTTPS traffic on the default zone.

Exam trap

The trap here is that candidates often confuse `--add-port` with `--add-service` or forget that omitting `--zone` applies the rule to the default zone, leading them to incorrectly specify a zone or use invalid command syntax.

How to eliminate wrong answers

Option A is wrong because `--add-port=443/tcp` adds a raw port rule, but the `--zone=public` explicitly sets the zone to 'public' rather than using the default zone; the question requires the default zone, not a specific zone. Option B is wrong because `--enable-service=https` is not a valid firewalld command; the correct syntax uses `--add-service` or `--remove-service`. Option C is wrong because `--add-rule=allow https` is not a valid firewalld option; firewalld uses `--add-rich-rule` for custom rules, and the syntax 'allow https' is incorrect.

11
MCQeasy

Refer to the exhibit. Which command will ensure cron jobs run automatically at system boot?

A.systemctl reenable crond
B.systemctl start crond
C.systemctl enable crond
D.systemctl unmask crond
AnswerC

Enables the service to start at boot.

Why this answer

The `systemctl enable crond` command creates the necessary symlinks in the systemd unit configuration to ensure the `crond` service starts automatically at boot. This is the correct method to enable a service for automatic startup in a systemd-based Red Hat Enterprise Linux system.

Exam trap

The trap here is that candidates often confuse `systemctl start` (immediate start) with `systemctl enable` (boot-time start), or think that `systemctl unmask` alone is sufficient to make a service start at boot.

How to eliminate wrong answers

Option A is wrong because `systemctl reenable crond` is used to re-create the symlinks for the service, typically after modifying the unit file, but it does not ensure the service is enabled for boot if it was already disabled. Option B is wrong because `systemctl start crond` only starts the service immediately in the current session, without configuring it to start automatically at boot. Option D is wrong because `systemctl unmask crond` removes a mask that prevents the service from being started manually or automatically, but it does not enable the service for boot; the service must still be enabled separately.

12
MCQeasy

A technician needs to create a new group named 'developers' with GID 5000. Which command accomplishes this?

A.groupadd -r developers
B.useradd -g developers
C.groupadd developers
D.groupadd -g 5000 developers
AnswerD

This correctly creates the group with the specified GID.

Why this answer

Option D is correct because the `groupadd -g 5000 developers` command explicitly sets the GID to 5000 for the new group named 'developers'. The `-g` option specifies the numeric group ID, which is required to meet the technician's exact requirement.

Exam trap

The trap here is that candidates may confuse `groupadd -r` (system group) with creating a group with a specific GID, or they may think `useradd -g` creates a group, when it actually assigns a user to an existing group.

How to eliminate wrong answers

Option A is wrong because `groupadd -r` creates a system group with a GID in the system range (typically below 1000), not a custom GID of 5000. Option B is wrong because `useradd -g developers` creates a new user and assigns them to an existing group named 'developers', but it does not create a new group. Option C is wrong because `groupadd developers` creates the group with an automatically assigned GID (usually the next available above 1000), not the specific GID 5000.

13
MCQeasy

An administrator needs to configure a service to start automatically at boot and also start it immediately without rebooting. Which single command accomplishes both tasks?

A.systemctl start httpd.service
B.systemctl enable httpd.service
C.systemctl enable --now httpd.service
D.systemctl reenable httpd.service
AnswerC

Enables and starts the service in one step.

Why this answer

Option C is correct because `systemctl enable --now httpd.service` combines the `enable` action (creating symlinks for automatic start at boot) with the `start` action (immediately launching the service) in a single command. This is the precise method in systemd to achieve both goals without rebooting.

Exam trap

The trap here is that candidates often confuse `enable` with `start`, thinking `enable` alone also starts the service, or they choose `start` alone, forgetting that boot persistence requires a separate `enable` step.

How to eliminate wrong answers

Option A is wrong because `systemctl start httpd.service` only starts the service immediately but does not configure it to start automatically at boot; it lacks the `enable` action. Option B is wrong because `systemctl enable httpd.service` only configures the service to start at boot but does not start it immediately; it requires a separate `start` command or a reboot. Option D is wrong because `systemctl reenable httpd.service` is used to recreate the enable symlinks (e.g., after a unit file change) but does not start the service; it neither starts it immediately nor guarantees a fresh enable for boot.

14
MCQmedium

Refer to the exhibit. Which entry is most likely to cause the system to fail to boot if the NFS server is unavailable?

A.The third entry (/home)
B.The fourth entry (/mnt)
C.The second entry (/boot)
D.The first entry (/)
AnswerB

NFS mount without _netdev option; network may not be ready, causing boot delay or failure.

Why this answer

Option B is correct because the /mnt entry in /etc/fstab is configured with the default mount options, which include the _netdev option being absent. Without _netdev, the system will attempt to mount the NFS filesystem during the boot process before the network is fully operational. If the NFS server is unavailable, the mount will fail, and because the default mount behavior for non-root filesystems in /etc/fstab is to cause a boot failure if the mount fails (unless the 'nofail' option is specified), the system will drop into emergency mode and fail to complete the boot process.

Exam trap

Red Hat often tests the misconception that any NFS mount in /etc/fstab will cause a boot failure if the server is unavailable, but the trap here is that only mounts without the _netdev or nofail options will cause the system to fail to boot, and candidates may overlook the absence of these options in the default /mnt entry.

How to eliminate wrong answers

Option A is wrong because /home is a local filesystem (typically on a local disk or LVM), not a network filesystem, so its availability does not depend on the NFS server. Option C is wrong because /boot is a critical local filesystem that must be mounted early in the boot process; it is never an NFS mount in standard Red Hat Enterprise Linux configurations, and its failure would be due to local disk issues, not NFS server unavailability. Option D is wrong because the root filesystem (/) is mounted by the kernel or initramfs before /etc/fstab is processed, and its entry in /etc/fstab is typically ignored or used for remount options; a failure of the root entry in fstab does not cause a boot failure in the same way as a missing NFS server.

15
MCQhard

Refer to the exhibit. A user 'alice' is unable to write to /data directory. What is the most likely reason?

A.The directory permissions restrict access
B.The filesystem is nearly full
C.The directory is owned by root and alice is not root
D.The directory has ACLs preventing access
AnswerA

Permissions are 700 (owner only) and alice is not root.

Why this answer

The correct answer is A because the exhibit (not shown here) likely displays directory permissions such as 'drwxr-xr-x' or 'drwx------' that do not grant write access to the user 'alice'. In Linux, the write permission (w) on a directory controls whether a user can create, delete, or rename files within it. Since 'alice' lacks write permission on /data, she cannot write to it, regardless of ownership or filesystem space.

Exam trap

The trap here is that candidates often assume ownership by root (Option C) is the sole reason for denial, overlooking that permissions (Option A) are the actual gatekeeper; Cisco tests whether you understand that 'root ownership' does not block a non-root user if the 'others' permission allows write.

How to eliminate wrong answers

Option B is wrong because a nearly full filesystem would produce a 'No space left on device' error, not a permission denied error; the question describes inability to write due to permissions, not capacity. Option C is wrong because directory ownership by root does not inherently prevent 'alice' from writing if the directory's permissions grant write access to others (e.g., 'drwxrwxrwx') or if 'alice' is in a group with write permission; the exhibit likely shows restrictive permissions, not just ownership. Option D is wrong because ACLs (Access Control Lists) could also restrict access, but the question asks for the 'most likely' reason, and standard Unix permissions are the default and more common cause; ACLs would require explicit 'setfacl' configuration, which is less typical in basic scenarios.

16
Multi-Selecthard

Which two statements are true regarding network teaming (teamd) compared to bonding?

Select 2 answers
A.Teaming must be configured manually with configuration files only
B.Teaming supports more advanced features like load balancing and link monitoring
C.Bonding is deprecated in RHEL 8
D.Bonding does not support active-backup mode
E.Teaming uses the libteam library
AnswersB, E

Teaming provides advanced features not available in traditional bonding.

Why this answer

Option B is correct because teaming (teamd) provides advanced features such as IEEE 802.3ad load balancing, active-backup, and LACP support, along with more sophisticated link monitoring (e.g., ARP ping, NSNA) compared to the older bonding driver. Teaming uses the libteam library to offer a modular and extensible architecture, which is why option E is also correct.

Exam trap

The trap here is that candidates often assume bonding is deprecated or lacks features like active-backup, but Red Hat still supports bonding in RHEL 8, and the key differentiator is the userspace control and modularity of teaming, not a complete replacement.

17
Multi-Selectmedium

Which three of the following are required steps to create a new logical volume of 5GB in an existing volume group 'vg00'?

Select 3 answers
A.Create a logical volume with lvcreate
B.Format the logical volume with a filesystem (e.g., mkfs)
C.Mount the filesystem
D.Create a physical volume
E.Create a volume group
AnswersA, B, C

Necessary to create the new logical volume.

Why this answer

Option A is correct because `lvcreate` is the command used to create a new logical volume within an existing volume group. For a 5GB volume in vg00, the command would be `lvcreate -L 5G -n lvname vg00`. This step is mandatory to allocate the logical volume from the free extents in the volume group.

Exam trap

The trap here is that candidates confuse the entire LVM creation workflow (PV → VG → LV → filesystem → mount) with the steps required when the volume group already exists, leading them to incorrectly select D or E as necessary steps.

18
Matchingmedium

Match each SELinux mode to its behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

SELinux policy is enforced and denials are logged

Policy is not enforced but denials are logged

SELinux is turned off completely

Why these pairings

SELinux modes control how security policies are applied.

19
MCQeasy

Refer to the exhibit. The SSH service has been running for 2 weeks. An administrator wants to restart the service without interrupting existing SSH connections. Which command should they use?

A.systemctl reload sshd
B.systemctl stop sshd; systemctl start sshd
C.kill -HUP 1234
D.systemctl restart sshd
AnswerA

Reload sends SIGHUP, causing sshd to reload configuration without interrupting existing connections.

Why this answer

Option A is correct because `systemctl reload sshd` sends a SIGHUP signal to the SSH daemon, instructing it to reload its configuration file without terminating existing connections. This is the standard method for applying configuration changes to services that support graceful reloads, such as sshd, which maintains persistent sessions by only re-reading its configuration and not restarting the process.

Exam trap

The trap here is that candidates confuse `reload` with `restart`, assuming both achieve the same result, but `restart` terminates all active connections while `reload` preserves them, and Red Hat often tests this distinction to catch those who overlook the 'without interrupting' requirement.

How to eliminate wrong answers

Option B is wrong because `systemctl stop sshd; systemctl start sshd` first stops the service, which kills all active SSH sessions, and then starts it again, causing disruption to users. Option C is wrong because `kill -HUP 1234` assumes PID 1234 is the sshd process, but this is unreliable; the PID may change after a restart, and using a hardcoded PID without verification can target the wrong process or fail entirely. Option D is wrong because `systemctl restart sshd` stops the service completely before starting it, which terminates all existing SSH connections, unlike a reload.

20
MCQhard

Refer to the exhibit. An administrator sees that a user from 192.168.1.101 cannot connect to the SSH server. Based on the log, what is the most probable cause?

A.The client's host key type is not supported by the server
B.The server's firewall is blocking the connection
C.The SSH service is not running
D.The client's IP is blacklisted
AnswerA

The log shows negotiation failure due to missing host key type.

Why this answer

Option A is correct. The log clearly states 'no matching host key type found'. This indicates the client offers host key types that the server does not support.

Option B is possible but not indicated in the log. Option C is unlikely because the service accepted connections from other IPs. Option D is not shown.

21
MCQmedium

Refer to the exhibit. An administrator needs to free up space in the /backup filesystem. Which of the following actions would be MOST effective?

A.Increase the size of the logical volume
B.Remove unnecessary files in /backup
C.Delete old log files in /var/log
D.Use lvreduce to shrink the logical volume
AnswerB

Directly removing unneeded files from the mounted /backup filesystem frees space.

Why this answer

Option B is correct because the most direct way to free up space in the /backup filesystem is to remove unnecessary files stored there. This action immediately reclaims available space without altering the underlying logical volume or affecting other filesystems.

Exam trap

The trap here is that candidates may confuse freeing space in a filesystem with managing the underlying logical volume, leading them to choose lvreduce or lvextend instead of the simple file removal that directly addresses the space shortage.

How to eliminate wrong answers

Option A is wrong because increasing the size of the logical volume (e.g., with lvextend) does not free up space; it consumes additional free space from the volume group, potentially worsening the shortage. Option C is wrong because deleting old log files in /var/log frees space in the /var filesystem, not in /backup, unless /var/log is mounted under /backup, which is not indicated. Option D is wrong because using lvreduce to shrink the logical volume reduces the available space in /backup, which is the opposite of freeing up space and could cause data loss if the filesystem is not resized first.

22
MCQmedium

A cron job fails to run. Which command should the administrator use to verify the cron daemon is active?

A.systemctl status cron
B.systemctl status crond
C.systemctl list-units --type=service
D.service crond status
AnswerB

'systemctl status crond' correctly shows the status of the cron daemon.

Why this answer

'systemctl status crond' checks the status of the cron daemon. Option B is incorrect because the service name is 'crond', not 'cron'. Option C uses 'service' which is legacy.

Option D checks for systemd units but not specifically cron.

23
MCQhard

A systems administrator installs a custom hardware device driver kernel module named 'mydevice' on a RHEL 9 system. The module is built and placed in /lib/modules/$(uname -r)/extra/. The administrator loads it manually with modprobe mydevice and it works. However, after a system reboot, the module is not loaded. The administrator checks that the device is present at boot time. Which step should be taken to ensure the module loads automatically at boot?

A.Add the line 'install mydevice /sbin/modprobe --ignore-install mydevice' to /etc/modprobe.d/load.conf
B.Rebuild the initramfs with 'dracut --force --add mydevice'
C.Add the line 'load mydevice' to /etc/rc.local and ensure rc.local is executable.
D.Run 'echo mydevice > /etc/modules-load.d/mydevice.conf'
AnswerD

Placing the module name in a file under /etc/modules-load.d/ causes systemd to load it at boot.

Why this answer

Option D is correct because writing the module name to a file in /etc/modules-load.d/ ensures systemd loads the module automatically at boot. The modules-load.d mechanism is the standard RHEL 9 method for specifying kernel modules to be loaded early in the boot process, before the root filesystem is fully available.

Exam trap

The trap here is that candidates confuse the initramfs rebuild (dracut) with the simpler modules-load.d mechanism, thinking all kernel modules must be baked into the initramfs to load at boot, when in fact only modules needed before root is mounted require that treatment.

How to eliminate wrong answers

Option A is wrong because the 'install' directive in modprobe.d is used to override the default installation command for a module, not to specify automatic loading at boot; it would only affect manual modprobe invocations. Option B is wrong because rebuilding the initramfs with dracut --add mydevice is unnecessary for a module already installed in /lib/modules/.../extra/; initramfs is for modules needed during early boot (e.g., storage drivers), and adding a device driver that is not required for mounting root is wasteful and not the standard method. Option C is wrong because /etc/rc.local is a legacy mechanism that runs after the system is fully booted, not during early kernel module loading; it is also not enabled by default on RHEL 9 and would load the module too late for device initialization.

24
MCQmedium

A system administrator needs to ensure that a specific kernel module 'usb_storage' is not loaded automatically during boot on a RHEL 9 system. Which configuration file should be modified to blacklist this module?

A.Add 'blacklist usb_storage' to /etc/modules-load.d/usb_storage.conf
B.Add 'install usb_storage /bin/false' to /etc/sysconfig/modules/
C.Add 'blacklist usb_storage' to /etc/modprobe.d/blacklist.conf
D.Add 'blacklist usb_storage' to /etc/init.d/rc.local
AnswerC

This is the standard location for blacklisting modules.

Why this answer

Option C is correct because on RHEL 9, the recommended way to prevent a kernel module from loading automatically is to add a 'blacklist' directive in a file under /etc/modprobe.d/. The file /etc/modprobe.d/blacklist.conf is a conventional location for such blacklist entries. When modprobe processes this file, it will ignore the specified module during boot and when loading modules manually, effectively preventing usb_storage from being loaded.

Exam trap

The trap here is that candidates confuse /etc/modules-load.d/ (used for loading modules) with /etc/modprobe.d/ (used for module configuration including blacklisting), leading them to choose Option A.

How to eliminate wrong answers

Option A is wrong because /etc/modules-load.d/ is used to list modules that should be loaded at boot, not to blacklist them; adding 'blacklist usb_storage' there would have no effect. Option B is wrong because /etc/sysconfig/modules/ is not a standard directory for module blacklisting; the 'install usb_storage /bin/false' directive, if placed in a modprobe.d file, would override the module's installation, but the path given is incorrect. Option D is wrong because /etc/init.d/rc.local is a legacy script for local startup commands and is not designed for kernel module blacklisting; it would run too late in the boot process and is not the proper mechanism for preventing module loading.

25
MCQmedium

A system administrator needs to restore the default SELinux security context on all files under /var/www/html after a misconfiguration. Which command should be used?

A.setfiles -R /var/www/html
B.restorecon -R /var/www/html
C.fixfiles -R /var/www/html
D.chcon -R -t httpd_sys_content_t /var/www/html
AnswerB

Recursively restores default SELinux contexts.

Why this answer

The `restorecon -R /var/www/html` command restores the default SELinux security contexts on all files under /var/www/html by reading the file contexts defined in the SELinux policy (typically from /etc/selinux/targeted/contexts/files/file_contexts). The `-R` flag ensures recursive operation, making it the correct tool to fix misconfigured contexts without manually specifying a type.

Exam trap

The trap here is that candidates confuse `restorecon` with `chcon` or `setfiles`, thinking that manually setting the type with `chcon` is equivalent to restoring the default context, but `chcon` does not consult the policy and can set an incorrect type if the path's default context differs from the specified type.

How to eliminate wrong answers

Option A is wrong because `setfiles` is used to verify or set file contexts based on a file context specification file, but it requires a specification file argument (e.g., `setfiles -c /etc/selinux/targeted/policy/policy.31 file_contexts /var/www/html`) and is not the standard command for restoring contexts on a live system; it is more commonly used for initial labeling or relabeling after policy changes. Option C is wrong because `fixfiles` is a higher-level script that can restore contexts, but its `-R` option is not valid; `fixfiles` uses `-F` to force restoration or `-R` to remove files from the restore list, and the correct syntax for recursive restore is `fixfiles restore /var/www/html` or `fixfiles -R /var/www/html` is not a standard usage. Option D is wrong because `chcon -R -t httpd_sys_content_t /var/www/html` manually sets the type to `httpd_sys_content_t`, which may not match the default context defined in the policy (e.g., `httpd_sys_content_t` is correct for static content, but the default context could be `httpd_sys_rw_content_t` for writable directories or other types depending on the path); this approach bypasses the policy and can lead to further misconfiguration.

26
MCQmedium

An administrator wants to temporarily disable the firewalld service for troubleshooting. Which command will stop the service and prevent it from starting on subsequent boots?

A.systemctl stop --now firewalld
B.systemctl mask firewalld
C.systemctl stop firewalld
D.systemctl disable firewalld
E.systemctl disable --now firewalld
AnswerE

Stops and disables the service in one command.

Why this answer

Option E is correct because `systemctl disable --now firewalld` both stops the service immediately (via `--now`) and disables it from starting automatically on subsequent boots. This meets the requirement of temporarily disabling the service for troubleshooting while preventing it from starting after reboot.

Exam trap

The trap here is that candidates often confuse `disable` with `mask` or forget that `stop` alone does not affect boot-time behavior, leading them to choose options that either stop the service without disabling it or permanently block it with mask.

How to eliminate wrong answers

Option A is wrong because `systemctl stop --now firewalld` stops the service immediately but does not disable it, so it will start again on the next boot. Option B is wrong because `systemctl mask firewalld` creates a symlink to /dev/null, which prevents the service from being started manually or automatically, but it is a permanent action that is difficult to reverse and not appropriate for temporary troubleshooting. Option C is wrong because `systemctl stop firewalld` stops the service only for the current session; it will restart on the next boot.

Option D is wrong because `systemctl disable firewalld` prevents the service from starting on boot but does not stop it immediately, so the service remains running until manually stopped.

27
Multi-Selectmedium

Which TWO statements are true about systemd services in RHEL 9? (Choose exactly two.)

Select 2 answers
A.'systemctl list-units --type=service' lists all service units.
B.'systemctl enable' starts the service immediately.
C.'systemctl status' shows whether a service is running.
D.'systemctl mask' disables a service but allows manual start.
E.'systemctl disable' stops the service immediately.
AnswersA, C

This lists loaded service units.

Why this answer

Option A is correct because 'systemctl list-units --type=service' filters the output to show only service units, which are the primary unit type for managing daemons and background processes. Option C is correct because 'systemctl status' displays the current state of a unit, including whether it is active (running), inactive (stopped), or in another state like failed.

Exam trap

The trap here is that candidates often confuse 'enable' with 'start' and 'disable' with 'stop', or think 'mask' is a softer form of disable that still permits manual activation.

28
MCQmedium

An administrator wants to optimize system performance for a database workload. Which tool should be used to select a performance profile?

A.performance-tune --profile database
B.setroubleshoot
C.tuned-adm profile throughput-performance
D.systemctl set-profile database
AnswerC

tuned-adm selects and applies a performance profile.

Why this answer

C is correct because `tuned-adm profile throughput-performance` selects a Tuned performance profile optimized for high throughput, which is suitable for database workloads that benefit from increased I/O and network performance. Tuned is the systemd-based dynamic system tuning daemon in RHEL that adjusts kernel parameters, disk schedulers, and other settings based on the selected profile.

Exam trap

The trap here is that candidates may confuse `tuned-adm` with non-existent commands like `performance-tune` or incorrectly assume `systemctl` can manage performance profiles, when in fact Tuned is a separate service controlled via `tuned-adm`.

How to eliminate wrong answers

Option A is wrong because `performance-tune` is not a valid command in RHEL; the correct tool for managing performance profiles is `tuned-adm`. Option B is wrong because `setroubleshoot` is a tool for diagnosing SELinux denials, not for selecting performance profiles. Option D is wrong because `systemctl set-profile` is not a valid systemctl command; systemctl manages systemd units and services, not performance tuning profiles.

29
Multi-Selecthard

An administrator wants to change the default systemd target to multi-user.target. Which three steps are part of a correct procedure? (Choose three.)

Select 3 answers
A.systemctl enable multi-user.target
B.systemctl start multi-user.target
C.systemctl isolate multi-user.target
D.ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
E.systemctl set-default multi-user.target
AnswersC, D, E

Changes the current target immediately (part of procedure).

Why this answer

Option C is correct because `systemctl isolate multi-user.target` immediately switches the current systemd target to multi-user.target, which is the correct way to change the active target at runtime without a reboot. This command stops all units not required by the new target and starts those that are, effectively changing the system's operational state.

Exam trap

The trap here is that candidates confuse `systemctl enable` (which controls whether a unit starts at boot) with `systemctl set-default` (which sets the default target for boot), and they may think `systemctl start` is sufficient to change the active target, not realizing that `isolate` is required to properly transition systemd to a different target.

30
MCQeasy

A technician needs to configure a network interface to use a static IP address permanently. Which command should be used in RHEL 9?

A.ip
B.vi /etc/sysconfig/network-scripts/ifcfg-eth0
C.nmcli
D.ifconfig
AnswerC

nmcli is the correct tool for permanent network configuration via NetworkManager.

Why this answer

Option C is correct because `nmcli` is the primary command-line tool for managing NetworkManager in RHEL 9, and it allows you to configure a static IP address persistently. Using `nmcli con mod` followed by the connection name and IP settings ensures the configuration survives reboots, as NetworkManager stores the settings in its own configuration files.

Exam trap

The trap here is that candidates familiar with older RHEL versions (e.g., RHEL 7 or 8) may still expect the legacy `ifcfg-*` files to work, but RHEL 9 has fully transitioned to NetworkManager keyfiles, making `nmcli` the correct persistent tool.

How to eliminate wrong answers

Option A is wrong because `ip` is a low-level tool for viewing and temporarily changing network parameters (e.g., IP addresses, routes) at runtime; it does not write persistent configuration to any file, so changes are lost after a reboot. Option B is wrong because RHEL 9 no longer uses the legacy `ifcfg-*` files in `/etc/sysconfig/network-scripts/` by default; NetworkManager ignores these files unless explicitly configured, and the correct persistent method is via `nmcli` or `nmtui`. Option D is wrong because `ifconfig` is deprecated and not installed by default in RHEL 9; it only makes temporary changes and does not support persistent configuration.

31
Multi-Selectmedium

An administrator needs to configure a static IP address on an interface that will persist across reboots using NetworkManager. Which TWO commands or files can be used to achieve this?

Select 2 answers
A.systemctl restart network
B.nmcli con up eth0
C.nmcli con mod eth0 ipv4.addresses 192.168.1.10/24
D.Edit /etc/sysconfig/network-scripts/ifcfg-eth0
E.ip addr add 192.168.1.10/24 dev eth0
AnswersC, D

Modifies the connection configuration, which is saved and persists.

Why this answer

Option C is correct because the `nmcli con mod` command modifies the NetworkManager connection profile for the interface, setting a static IPv4 address that is stored persistently in the connection configuration. Option D is correct because editing the `/etc/sysconfig/network-scripts/ifcfg-eth0` file directly defines the static IP address in the ifcfg format, which NetworkManager reads on boot to apply persistent settings.

Exam trap

The trap here is that candidates confuse runtime commands like `ip addr add` (which are temporary) with persistent configuration methods, or they mistakenly think restarting the network service (systemctl restart network) will save the IP address, when in fact it only reloads existing configurations without making changes permanent.

32
MCQeasy

An administrator runs 'df -h' and sees the output above. The /data partition is nearly full. Which command will help identify the largest files in /data?

A.du -sch /data/*
B.du -sh /data
C.du -h --max-depth=1 /data
D.du -sh /data/*
AnswerD

Shows size of each top-level item in /data.

Why this answer

Option D is correct because 'du -sh /data/*' calculates the total disk usage of each top-level item (files and directories) within /data, showing human-readable sizes. The asterisk expands to all immediate children, allowing the administrator to identify which specific files or directories consume the most space, which is exactly what is needed when /data is nearly full.

Exam trap

The trap here is that candidates often confuse 'du -sh /data' (which shows only the total) with 'du -sh /data/*' (which shows per-item sizes), or they pick 'du -h --max-depth=1 /data' thinking it shows files, when in fact it only shows directory totals at depth 1, missing top-level files.

How to eliminate wrong answers

Option A is wrong because 'du -sch /data/*' includes the '-c' flag, which adds a grand total line at the end; while it shows individual sizes, the total is unnecessary and can clutter output, but more critically it does not limit depth and could descend into subdirectories if not combined with --max-depth. Option B is wrong because 'du -sh /data' shows only the total size of the entire /data directory, not the sizes of individual files or subdirectories inside it, so it cannot identify the largest files. Option C is wrong because 'du -h --max-depth=1 /data' shows the total size of each immediate subdirectory but does not include the sizes of files directly in /data (only directories), so it would miss large files at the top level.

33
MCQmedium

An administrator wants to install a package 'httpd' but only if it is available in the configured repositories. Which command should be used to check if the package exists?

A.rpm -q httpd
B.dnf search httpd
C.dnf list available httpd
D.dnf install httpd
AnswerC

Shows available packages matching the name.

Why this answer

Option C is correct because `dnf list available httpd` queries the configured DNF repositories and displays the package only if it exists in them. This command checks availability without installing, which matches the requirement to verify the package is present in the repositories before proceeding.

Exam trap

The trap here is that candidates often confuse `rpm -q` (which checks local installation status) with repository availability checks, or they mistakenly think `dnf search` is the correct command for listing available packages, when in fact `dnf list available` is the precise tool for this task.

How to eliminate wrong answers

Option A is wrong because `rpm -q httpd` checks if the package is already installed on the system, not whether it is available in repositories. Option B is wrong because `dnf search httpd` searches package names and descriptions across repositories but does not specifically list only available packages; it may return partial matches and is not the standard command for confirming availability. Option D is wrong because `dnf install httpd` attempts to install the package immediately, which does not fulfill the requirement to check existence first without making changes.

34
MCQmedium

A system has a new disk /dev/sdb that needs to be used as an LVM physical volume for an existing volume group 'vg_data'. Which sequence of commands is correct?

A.vgcreate vg_data /dev/sdb; pvcreate /dev/sdb
B.lvextend vg_data /dev/sdb
C.pvcreate /dev/sdb; vgcreate vg_data /dev/sdb
D.pvcreate /dev/sdb; vgextend vg_data /dev/sdb
AnswerD

First create the PV, then extend the existing VG.

Why this answer

Option D is correct because the disk /dev/sdb must first be initialized as a physical volume using pvcreate, then added to the existing volume group vg_data using vgextend. This sequence properly extends the volume group with the new physical volume, as required by LVM.

Exam trap

The trap here is that candidates often confuse vgcreate (which creates a new volume group) with vgextend (which adds a physical volume to an existing volume group), leading them to select option C instead of D.

How to eliminate wrong answers

Option A is wrong because vgcreate creates a new volume group, but the question specifies an existing volume group 'vg_data', and the command order also incorrectly places vgcreate before pvcreate. Option B is wrong because lvextend extends a logical volume, not a volume group, and it requires a physical volume or logical volume path, not a volume group name. Option C is wrong because vgcreate would attempt to create a new volume group named 'vg_data', which already exists, causing a conflict; the correct command to add a physical volume to an existing volume group is vgextend, not vgcreate.

35
MCQhard

A system fails to boot because of a corrupted fstab file. The administrator boots into rescue mode from a RHEL installation ISO. Which command should be run first to mount the root filesystem read-write?

A.mount /dev/mapper/rhel-root /mnt/sysimage
B.mount -o rw,remount /sysroot
C.chroot /mnt/sysimage
D.systemctl rescue
AnswerA

Mounts the root logical volume to the rescue mount point.

Why this answer

In rescue mode, the root filesystem is not mounted by default. The first step is to mount the logical volume containing the root filesystem (e.g., /dev/mapper/rhel-root) to a temporary mount point like /mnt/sysimage so that you can access and repair the corrupted /etc/fstab file. Option A correctly uses the mount command with the device and mount point, which is the standard procedure for RHEL rescue environments.

Exam trap

The trap here is that candidates confuse the rescue mode mount point (/mnt/sysimage) with the emergency mode mount point (/sysroot) or attempt to use chroot before mounting, leading them to select options B or C.

How to eliminate wrong answers

Option B is wrong because /sysroot is not a standard mount point in rescue mode; the correct temporary mount point is /mnt/sysimage, and the -o rw,remount option is used to remount an already mounted filesystem, not to mount one from scratch. Option C is wrong because chroot /mnt/sysimage changes the root directory into the mounted filesystem, but it cannot be run before the filesystem is actually mounted; it is a subsequent step after mounting. Option D is wrong because systemctl rescue switches the system to rescue mode (a systemd target), but the system is already booted into rescue mode from the ISO, and this command does not mount the root filesystem.

36
MCQmedium

An administrator wants to view only the error messages from the kernel ring buffer since last boot. Which command should be used?

A.cat /var/log/kernel-errors
B.dmesg -p err
C.journalctl -k -p err
D.systemctl status kernel
AnswerC

journalctl -k shows kernel messages, -p err filters by priority error.

Why this answer

Option C is correct because `journalctl -k -p err` filters the kernel messages (`-k`) from the systemd journal by priority level `err` (error), showing only error-level kernel messages since the last boot. This is the standard way to view kernel error messages in modern RHEL/CentOS systems using systemd-journald.

Exam trap

The trap here is that candidates may confuse `dmesg` options (using `-l` for level filtering) with `journalctl` options (using `-p` for priority), or assume a static log file exists for kernel errors, leading them to pick option A or B.

How to eliminate wrong answers

Option A is wrong because `/var/log/kernel-errors` is not a standard log file; kernel messages are stored in the kernel ring buffer and accessed via `dmesg` or `journalctl`, not a dedicated file. Option B is wrong because `dmesg -p err` is invalid syntax; `dmesg` uses `-l` (level) to filter by priority, not `-p`. Option D is wrong because `systemctl status kernel` is not a valid systemctl command; systemctl manages services, not the kernel directly.

37
MCQmedium

A web server running Apache (httpd) on RHEL 9 serves content from /var/www/custom. Clients get a 403 error. The SELinux context on files is system_u:object_r:default_t:s0. Which command resolves the issue persistently without disabling SELinux?

A.chcon -t httpd_sys_content_t /var/www/custom
B.setsebool -P httpd_enable_custom on
C.restorecon -R /var/www/custom
D.semanage fcontext -a -t httpd_sys_content_t "/var/www/custom(/.*)?" && restorecon -R /var/www/custom
AnswerD

Adds a persistent file context rule and applies it, ensuring correct context across relabels.

Why this answer

Option D is correct because it uses `semanage fcontext` to add a persistent file context rule for `/var/www/custom` and its contents, then applies it with `restorecon`. This ensures the `httpd_sys_content_t` type is set persistently across file system relabeling, resolving the 403 error caused by the default SELinux type (`default_t`) that denies Apache access.

Exam trap

The trap here is that candidates choose `chcon` (Option A) because it immediately fixes the 403 error, but they overlook the requirement for a persistent change, which `semanage fcontext` with `restorecon` provides.

How to eliminate wrong answers

Option A is wrong because `chcon` changes the SELinux context immediately but does not persist after a file system relabel (e.g., `restorecon` or `fixfiles`), making it a temporary fix. Option B is wrong because `setsebool -P httpd_enable_custom on` is not a valid boolean; the correct boolean for allowing Apache to access custom content directories is `httpd_read_user_content` or similar, and this option does not address the file context issue. Option C is wrong because `restorecon` alone will reset the context to the default policy, which is `default_t` for an unlabeled directory, not `httpd_sys_content_t`, so it does not fix the 403 error.

38
Multi-Selecteasy

Which TWO files are essential in the /boot directory for the kernel to boot?

Select 2 answers
A.fstab
B.grub.cfg
C.initramfs
D.vmlinuz
E.kernel
AnswersC, D

initramfs provides initial drivers to access the root filesystem.

Why this answer

The initramfs (initial RAM filesystem) is essential because it contains the necessary drivers and tools to mount the root filesystem before the kernel can take over. Without it, the kernel would not be able to access the storage device containing the root partition, especially when using filesystems or hardware that require kernel modules not built into the kernel itself.

Exam trap

The trap here is that candidates often confuse the bootloader configuration file (grub.cfg) with a kernel-essential file, or they think the generic term 'kernel' is an actual filename, when in fact the correct filename is vmlinuz.

39
MCQmedium

A system administrator is tasked with configuring a RHEL 9 system to automatically mount an NFS share from 192.168.1.10:/export/data on /mnt/data at boot. Which entry in /etc/fstab is correct?

A.192.168.1.10 /export/data /mnt/data nfs4 defaults 0 0
B./mnt/data 192.168.1.10:/export/data nfs4 defaults 0 0
C.192.168.1.10:/export/data /mnt/data nfs4 defaults 0 0
D.192.168.1.10:/export/data /mnt/data nfs defaults 0 0
AnswerC

Correct syntax for NFSv4 mount.

Why this answer

Option C is correct because the /etc/fstab entry for an NFS mount requires the remote server and export path in the format server:/export, followed by the local mount point, the filesystem type (nfs4 for NFSv4), mount options, dump flag, and fsck order. This matches the standard NFS fstab syntax for automatic mounting at boot.

Exam trap

The trap here is that candidates often confuse the fstab field order or use the generic 'nfs' type instead of 'nfs4', not realizing that RHEL 9 defaults to NFSv4 and the exam expects precise syntax for the specified protocol version.

How to eliminate wrong answers

Option A is wrong because it places the server IP and export path as separate fields, which is invalid; the correct format is a single field server:/export. Option B is wrong because it reverses the order, putting the local mount point first and the remote source second, which violates the fstab column order (device, mount point, type, options, dump, pass). Option D is wrong because it uses 'nfs' instead of 'nfs4' as the filesystem type; while 'nfs' may work for older NFS versions, the question specifies RHEL 9 and NFSv4, and 'nfs4' is the correct type for NFSv4 mounts to ensure proper protocol negotiation and security.

40
Multi-Selecthard

Which TWO commands can be used to display the current SELinux mode?

Select 2 answers
A.setenforce
B.ausearch
C.getenforce
D.sestatus
E.semanage
AnswersC, D

Displays current SELinux mode.

Why this answer

The `getenforce` command (option C) displays the current SELinux mode as either Enforcing, Permissive, or Disabled. The `sestatus` command (option D) provides a detailed status report including the current mode, the loaded policy, and the mode from the configuration file. Both are standard tools for querying the SELinux operational state.

Exam trap

Red Hat often tests the distinction between commands that *query* state versus those that *modify* state, so candidates may confuse `setenforce` (which changes mode) with `getenforce` (which displays mode).

41
MCQmedium

An administrator extends a logical volume by 5GB. The filesystem is XFS. Which command must be run to make the additional space available?

A.xfs_growfs /mount
B.mount -o remount /mount
C.resize2fs /dev/vg/lv_root
D.lvresize -L +5G /dev/vg/lv_root
AnswerA

xfs_growfs expands an XFS filesystem to use all available space in the LV.

Why this answer

After extending a logical volume with lvresize, the XFS filesystem does not automatically recognize the new space. The xfs_growfs command must be run on the mounted filesystem to expand it to fill the enlarged logical volume. This command can target the mount point directly and works online without unmounting.

Exam trap

The trap here is that candidates confuse the logical volume resize (lvresize) with the filesystem resize, assuming the filesystem automatically expands when the LV grows, or they mistakenly apply ext4 tools like resize2fs to an XFS filesystem.

How to eliminate wrong answers

Option B is wrong because 'mount -o remount /mount' only reapplies mount options and does not resize any filesystem; it is irrelevant for making additional space available after an LV extension. Option C is wrong because 'resize2fs' is the tool for ext2/ext3/ext4 filesystems, not XFS; using it on an XFS filesystem would fail or cause corruption. Option D is wrong because 'lvresize -L +5G /dev/vg/lv_root' is the command that extends the logical volume itself, but the question asks what must be run after that step to make the space available to the filesystem; the LV resize is already assumed to have been done.

42
MCQmedium

A developer deploys a container using podman with a bind mount to persist web content. They run: podman run -d --name web -v /webdata:/usr/local/apache2/htdocs:Z -p 8080:80 httpd:latest. The container fails to start. The journal shows SELinux denials for the httpd process inside the container trying to read files with context httpd_sys_content_t, while the process runs in container_t domain. The host directory /webdata exists and contains index.html. The administrator checks that the container image is standard. What is the most likely cause of the failure?

A.The SELinux context on /webdata is incorrect for container use.
B.The /webdata directory does not exist.
C.The podman command should use :z instead of :Z.
D.The container image is incompatible with the host SELinux policy.
AnswerC

:Z relabels with private context; :z uses shared context that allows access.

Why this answer

Option C is correct because the `:Z` flag in the bind mount tells Podman to relabel the host directory with a private SELinux context (`container_file_t`) unique to that container, which prevents other containers from accessing it. However, the SELinux denial shows the httpd process inside the container (running in `container_t` domain) cannot read files labeled `httpd_sys_content_t` (the default label for web content on the host). Using `:z` instead of `:Z` would relabel the directory with the shared context `container_file_t`, allowing the container process to read the files while still enforcing SELinux policy.

Exam trap

The trap here is that candidates confuse `:z` (shared) with `:Z` (private) and assume the SELinux denial is due to the host directory context being wrong, when in fact the `:Z` flag relabels the directory to a private context that the container cannot read because the process domain (`container_t`) expects the shared `container_file_t` label.

How to eliminate wrong answers

Option A is wrong because the SELinux context on `/webdata` is `httpd_sys_content_t`, which is correct for web content on the host, but the container process runs in the `container_t` domain, which is not allowed to read `httpd_sys_content_t` — the issue is the mount flag, not the host context itself. Option B is wrong because the question explicitly states that `/webdata` exists and contains `index.html`, so a missing directory is not the cause. Option D is wrong because the container image is standard (`httpd:latest`), and SELinux denials are not caused by image incompatibility with the host policy; the policy applies uniformly to all container processes in the `container_t` domain regardless of the image.

43
MCQhard

A system fails to boot and drops into an emergency shell. The administrator suspects a misconfigured /etc/fstab. Which command should be used to determine which filesystem is causing the boot issue?

A.systemctl status local-fs.target
B.journalctl -xb -p err
C.fsck -A
D.mount -a
AnswerB

Shows error messages from the journal, including mount failures.

Why this answer

When a system fails to boot due to a misconfigured /etc/fstab, the emergency shell is entered. The `journalctl -xb -p err` command displays the systemd journal from the current boot (`-b`) with extended information (`-x`) and filters for error-level messages (`-p err`). This will show the exact mount failure and the offending filesystem entry, making it the correct diagnostic tool.

Exam trap

The trap here is that candidates often choose `mount -a` (option D) thinking it will show the error, but it only attempts the mount again without providing the specific fstab line or error context, whereas `journalctl -xb -p err` reveals the exact failure from the boot process.

How to eliminate wrong answers

Option A is wrong because `systemctl status local-fs.target` shows the status of the local-fs target unit, but it does not provide detailed error messages about which specific filesystem failed to mount; it only indicates whether the target is active or failed. Option C is wrong because `fsck -A` checks all filesystems listed in /etc/fstab for consistency, but it does not report which filesystem caused the boot failure—it may run checks on healthy filesystems and does not parse mount errors. Option D is wrong because `mount -a` attempts to mount all filesystems in /etc/fstab, but if the system is already in an emergency shell, this command may fail again without providing clear diagnostic output about the specific misconfiguration.

44
MCQeasy

Refer to the exhibit. An administrator is unable to write to /tmp because the filesystem is full. What is the most likely cause?

A.The /tmp is a separate filesystem
B.There is a filesystem quota enabled
C.The /boot partition is too small
D.The root filesystem is nearly full at 90% usage
AnswerD

/tmp is part of root; with only 5.2GB free, it may be full.

Why this answer

The exhibit shows that the root filesystem (/) is at 90% usage, while /tmp is not a separate filesystem but a directory under the root. Since /tmp resides on the root filesystem, when the root filesystem is nearly full, there is no space left for writing to /tmp, causing the write failure.

Exam trap

Red Hat often tests the misconception that /tmp is always a separate filesystem, leading candidates to overlook the root filesystem's usage as the cause of write failures.

How to eliminate wrong answers

Option A is wrong because if /tmp were a separate filesystem, it would have its own usage percentage shown in the df output; the exhibit does not list /tmp as a separate mount point, so it is part of the root filesystem. Option B is wrong because there is no indication of a filesystem quota being enabled; quotas are typically shown with commands like `repquota` or `quota`, and the df output does not reflect quota limits. Option C is wrong because the /boot partition being too small would not affect the ability to write to /tmp, as /boot is a separate filesystem used for boot files and does not share space with /tmp.

45
Multi-Selecteasy

Which TWO are correct ways to check the SELinux context of a file named 'test.txt'? (Choose exactly two.)

Select 2 answers
A.ls -Z test.txt
B.ls -l test.txt
C.sestatus
D.getenforce
E.stat test.txt
AnswersA, E

ls -Z shows SELinux context.

Why this answer

Option A is correct because `ls -Z` displays the SELinux security context of files, including user, role, type, and sensitivity level. The `-Z` option is specifically designed to show SELinux context information for files and processes.

Exam trap

Red Hat often tests the distinction between commands that show SELinux status (`sestatus`, `getenforce`) versus commands that show file-level SELinux context (`ls -Z`, `stat`), trapping candidates who confuse system-wide status with per-file attributes.

46
MCQeasy

An administrator needs to ensure that the httpd service starts automatically after a system reboot and is set to start immediately without rebooting. Which command should be used?

A.systemctl set-default httpd
B.systemctl add httpd
C.systemctl enable --now httpd
D.systemctl start --enable httpd
AnswerC

Enables the service and starts it immediately.

Why this answer

Option C is correct because `systemctl enable --now httpd` both creates the necessary symlinks to start the httpd service automatically at boot (enable) and starts the service immediately (--now) without requiring a reboot. This combines two operations into one command, satisfying both requirements in the question.

Exam trap

The trap here is that candidates may confuse `systemctl enable` (for boot persistence) with `systemctl start` (for immediate execution), or misremember the `--now` flag as `--enable`, leading them to pick a syntactically invalid option like D or a non-existent subcommand like B.

How to eliminate wrong answers

Option A is wrong because `systemctl set-default` sets the default target (e.g., multi-user.target), not a service; it has no effect on httpd. Option B is wrong because `systemctl add` is not a valid systemctl subcommand; the correct command for enabling a service is `systemctl enable`. Option D is wrong because `systemctl start --enable httpd` uses an invalid option order; the correct syntax is `systemctl enable --now httpd`, and `--enable` is not a valid flag for `systemctl start`.

47
MCQhard

An administrator needs to add a 2GB swap file to a system that already has swap partitions. Which set of commands will create and activate the swap file correctly?

A.fallocate -l 2G /swapfile; mkswap /swapfile; swapon /swapfile
B.mkfile 2G /swapfile; mkswap /swapfile; swapon /swapfile
C.dd if=/dev/zero of=/swapfile bs=1M count=2048; mkswap /swapfile; swapon /swapfile
D.touch /swapfile; truncate -s 2G /swapfile; mkswap /swapfile; swapon /swapfile
AnswerA

Efficiently creates the file and activates swap.

Why this answer

Option A is correct because `fallocate` pre-allocates a 2GB file efficiently without writing data blocks, then `mkswap` sets up the swap signature, and `swapon` activates it. This is the recommended method for creating swap files on modern Linux systems, as it avoids the overhead of writing zeros with `dd`.

Exam trap

Red Hat often tests the difference between `fallocate` (fast, pre-allocates) and `dd` (slow, writes zeros) to see if candidates know the efficient method, and the trap is that `dd` works but is not the best practice for the exam's context.

How to eliminate wrong answers

Option B is wrong because `mkfile` is not a standard Linux command (it exists on some BSD systems) and will fail on RHEL/CentOS. Option C is wrong because while `dd` can create the swap file, it is unnecessarily slow and writes every block, which is inefficient compared to `fallocate`; however, it would technically work, but the question asks for the 'correct' set, and `fallocate` is the modern, preferred method. Option D is wrong because `touch` creates an empty file and `truncate` sets its size, but the file is sparse (holes) and may cause swap to fail or behave unexpectedly due to filesystem support issues; `mkswap` requires a non-sparse file.

48
MCQeasy

A system administrator is troubleshooting a RHEL 9 server that fails to boot and drops into emergency mode. The system console shows an error about mounting /dev/sdb1 on /data. The administrator enters emergency mode, checks /etc/fstab, and sees the line: /dev/sdb1 /data ext4 defaults 0 0. The /data directory exists but /dev/sdb1 is a partition on an external USB drive that was removed. The administrator needs the system to boot normally without the USB drive and plans to fix the mount configuration later. Which course of action should the administrator take?

A.Remove the line from /etc/fstab and run systemctl daemon-reload, then reboot.
B.Add the nofail option to the fstab line, then reboot.
C.Delete the /data directory and reboot.
D.Use a text editor to insert '#' at the beginning of the /dev/sdb1 line in /etc/fstab, then reboot.
AnswerD

Commenting the line prevents the mount attempt; system will boot normally.

Why this answer

Option D is correct because commenting out the /dev/sdb1 line in /etc/fstab with '#' prevents systemd from attempting to mount the missing device during boot, allowing the system to boot normally into multi-user.target. This is a safe, reversible change that does not delete the mount point or alter the filesystem, and it preserves the original configuration for later restoration.

Exam trap

The trap here is that candidates may think removing the line or adding nofail is the correct fix, but they overlook that the system is already in emergency mode and the immediate goal is to boot normally with minimal changes, making a simple comment-out the safest and most reversible action.

How to eliminate wrong answers

Option A is wrong because removing the line from /etc/fstab and running systemctl daemon-reload does not take effect until the next reboot; however, the immediate boot failure is caused by systemd's mount unit for /data failing, and removing the line alone does not address the current emergency mode state—though it would work after reboot, it is less reversible and not the minimal fix. Option B is wrong because adding the nofail option to the fstab line requires editing the file and rebooting, but the system is already in emergency mode; while nofail would prevent future boot failures, it does not resolve the immediate need to boot without the USB drive, and it permanently changes the mount behavior rather than temporarily disabling the entry. Option C is wrong because deleting the /data directory does not fix the mount failure; systemd still attempts to mount /dev/sdb1 on /data, and the missing device will cause the same error, plus deleting the directory may cause data loss if it contains important files.

49
MCQeasy

A technician needs to configure a static IPv4 address on a RHEL 9 network interface 'enp1s0' using NetworkManager. Which command should be used to set the IP address?

A.nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24
B.nmtui edit enp1s0 --ipv4 192.168.1.100/24
C.ip addr add 192.168.1.100/24 dev enp1s0
D.ifconfig enp1s0 192.168.1.100 netmask 255.255.255.0
AnswerA

This makes a persistent change via NetworkManager.

Why this answer

Option A is correct because `nmcli connection modify enp1s0 ipv4.addresses 192.168.1.100/24` is the proper NetworkManager command to set a static IPv4 address on a RHEL 9 interface. This command modifies the connection profile for 'enp1s0' by setting the `ipv4.addresses` property to the specified address and prefix length, which is the standard method for persistent static IP configuration via NetworkManager.

Exam trap

The trap here is that candidates often confuse temporary runtime commands (like `ip addr add` or deprecated `ifconfig`) with persistent configuration tools required by NetworkManager, or they misuse `nmtui` syntax expecting inline arguments instead of its interactive interface.

How to eliminate wrong answers

Option B is wrong because `nmtui edit enp1s0 --ipv4 192.168.1.100/24` is not a valid syntax; `nmtui` is an interactive text user interface and does not accept command-line arguments like `--ipv4` — it must be run interactively or with subcommands like `nmtui edit` without inline IP assignment. Option C is wrong because `ip addr add 192.168.1.100/24 dev enp1s0` only adds the IP address temporarily to the kernel's network stack; it does not persist across reboots and does not use NetworkManager, so it is not the correct tool for a persistent static configuration. Option D is wrong because `ifconfig` is deprecated in RHEL 9 and does not integrate with NetworkManager; it also only sets the address temporarily and lacks persistent configuration capabilities.

50
MCQhard

A company has a RHEL 9 server that hosts a critical application. The server has two network interfaces: enp1s0 (192.168.1.100/24) and enp2s0 (10.0.0.100/24). The default gateway is 192.168.1.1. The application listens on a TCP port 8080 and should be accessible from both networks. Recently, the administrator noticed that clients on the 10.0.0.0/24 network can ping the server's 10.0.0.100 address but cannot connect to port 8080. Clients on 192.168.1.0/24 can connect fine. The firewall is configured with the default zone (public) and the service 'http' is allowed, but port 8080 is not specifically allowed. The administrator checks 'firewall-cmd --list-all' and sees that only services 'ssh' and 'http' are listed. The application is running and listening on 0.0.0.0:8080. What is the most likely cause and the correct course of action?

A.Disable SELinux to allow the application to accept connections.
B.Add a firewall rule to open TCP port 8080 in the public zone using 'firewall-cmd --add-port=8080/tcp --permanent' and reload.
C.Change the application to listen only on the 10.0.0.100 interface.
D.Add a static route for the 10.0.0.0/24 network via the 10.0.0.1 gateway.
AnswerB

The firewall is blocking port 8080; adding the rule allows traffic.

Why this answer

The firewall is blocking incoming connections to port 8080 because only services 'ssh' (port 22) and 'http' (port 80) are allowed in the public zone. Since the application listens on 0.0.0.0:8080, it is reachable from both networks at the IP level, but the firewall drops packets destined for port 8080. Adding a permanent rule to open TCP port 8080 and reloading the firewall configuration resolves the issue.

Exam trap

The trap here is that candidates assume the application is unreachable due to a routing or SELinux issue, overlooking the fact that the firewall's default zone only allows explicitly listed services and ports, and that 'http' does not cover port 8080.

How to eliminate wrong answers

Option A is wrong because SELinux does not block network ports by default; it enforces mandatory access control on processes, and disabling it is unnecessary and insecure—the problem is firewall-related, not SELinux. Option C is wrong because the application already listens on 0.0.0.0 (all interfaces), and restricting it to 10.0.0.100 would break connectivity for clients on the 192.168.1.0/24 network. Option D is wrong because clients on 10.0.0.0/24 can already ping the server's 10.0.0.100 address, indicating routing is functional; the issue is a firewall rule, not a missing static route.

51
MCQhard

An administrator needs to ensure that a mounted NFS filesystem is not accessible to users without proper Kerberos authentication, even if the NFS server exports with no_root_squash. Which mount options should be used in /etc/fstab?

A.sec=krb5i,soft
B.sec=sys,ro
C.sec=krb5,noexec
D.sec=krb5p,hard
AnswerD

krb5p provides authentication and encryption; hard ensures the mount persists.

Why this answer

Option D is correct because `sec=krb5p` enforces Kerberos authentication with full encryption of NFS traffic, ensuring that only users with valid Kerberos tickets can access the filesystem. The `hard` mount option ensures persistent retries if the server becomes unreachable, which is standard for critical NFS mounts. This combination prevents unauthorized access even if the server uses `no_root_squash`, as Kerberos authentication is enforced at the RPC layer.

Exam trap

The trap here is that candidates often confuse `sec=krb5` (authentication only) with `sec=krb5p` (full encryption), or assume `sec=sys` is sufficient for security, ignoring that `no_root_squash` bypasses UID-based restrictions.

How to eliminate wrong answers

Option A is wrong because `sec=krb5i` provides integrity checking but not encryption, and `soft` can cause silent data corruption on NFS timeouts, making it unsuitable for secure, reliable mounts. Option B is wrong because `sec=sys` uses traditional AUTH_SYS (UID/GID-based) authentication, which is vulnerable to spoofing and does not enforce Kerberos; `ro` only restricts write access, not read access by unauthorized users. Option C is wrong because `sec=krb5` provides Kerberos authentication without encryption (only for the initial handshake), and `noexec` prevents execution of binaries but does not address authentication or encryption requirements.

52
Multi-Selecthard

Which THREE are valid methods to configure network bonding in RHEL 9? (Choose exactly three.)

Select 3 answers
A.Using a configuration file in /etc/NetworkManager/system-connections/.
B.Using nmcli to create a bond connection.
C.Using nmtui interactive interface.
D.Using the teamd service.
E.Editing /etc/sysconfig/network-scripts/ifcfg-bond0 directly.
AnswersA, B, C

NetworkManager stores connections there.

Why this answer

Option A is correct because in RHEL 9, NetworkManager stores connection profiles in `/etc/NetworkManager/system-connections/`. You can manually create a bond configuration file in this directory with the proper key-value pairs (e.g., `type=bond`, `bond.options=mode=1,miimon=100`), and NetworkManager will read it on restart or reload. This is a valid method for configuring network bonding.

Exam trap

The trap here is that candidates familiar with RHEL 7 or 8 may still expect `ifcfg-*` files or `teamd` to be valid, but RHEL 9 has fully removed both, making only NetworkManager-based methods (files, nmcli, nmtui) correct.

53
Multi-Selecthard

Which THREE of the following are common steps to configure a system to automatically mount an NFS share at boot?

Select 3 answers
A.Run 'mount -a' after boot
B.Ensure nfs-utils is installed
C.Use autofs
D.Configure /etc/exports
E.Add an entry to /etc/fstab
AnswersB, C, E

The nfs-utils package provides necessary utilities for NFS client.

Why this answer

B is correct because the NFS client functionality in Red Hat Enterprise Linux is provided by the nfs-utils package. Without this package installed, the system lacks the necessary tools (such as mount.nfs and rpcbind) to mount NFS shares, making it impossible to configure automatic mounting at boot.

Exam trap

Red Hat often tests the misconception that /etc/exports is a client-side configuration file, when in fact it is strictly a server-side file used to define exported directories, not client-side automount settings.

54
MCQmedium

A system has a disk that may be failing. Which tool can be used to check the health of a SATA disk using SMART monitoring?

A.fsck
B.dd
C.smartctl
D.badblocks
AnswerC

smartctl is the correct tool to check SMART attributes for disk health.

Why this answer

smartctl is the correct tool because it directly interfaces with the Self-Monitoring, Analysis, and Reporting Technology (SMART) built into modern SATA and ATA drives. It can query the drive's internal health metrics, such as reallocated sector counts and temperature, to predict potential failure. The other options do not access SMART data.

Exam trap

Red Hat often tests the distinction between file system tools (fsck), block-level utilities (dd, badblocks), and hardware monitoring tools (smartctl), leading candidates to confuse disk surface testing with SMART health checks.

How to eliminate wrong answers

Option A is wrong because fsck (file system check) operates on the file system layer, not on the underlying disk hardware, and cannot read SMART attributes. Option B is wrong because dd is a low-level data copy and conversion tool; it can read/write raw disk blocks but has no capability to query SMART health data. Option D is wrong because badblocks scans for physical bad sectors by performing read/write tests, but it does not access the drive's internal SMART logs or predictive failure indicators.

55
MCQhard

An administrator needs to create a network bond interface 'bond0' with two slave interfaces 'eth0' and 'eth1' using active-backup mode. Which set of commands is correct?

A.nmcli con add type bond ifname bond0; nmcli con add type ethernet ifname eth0 master bond0 slave-type bond
B.Edit /etc/sysconfig/network-scripts/ifcfg-bond0 and ifcfg-eth0 manually
C.teamd -d -c '{"device":"bond0","runner":{"name":"activebackup"},"ports":{"eth0":{},"eth1":{}}}'
D.nmcli con add type bond ifname bond0; nmcli con add type bond-slave ifname eth0 master bond0
AnswerA

Correct use of nmcli to create bond and attach ethernet slaves.

Why this answer

Option A is correct because it uses `nmcli` to first create a bond interface named 'bond0' with the default active-backup mode, then adds an Ethernet connection for 'eth0' as a slave to 'bond0' using the `master bond0 slave-type bond` parameters. This is the standard NetworkManager approach for bonding in RHEL 8/9, ensuring the bond is managed by NetworkManager and the slave is properly attached.

Exam trap

The trap here is that candidates confuse bonding with teaming (Option C) or use deprecated manual file editing (Option B), while the correct `nmcli` syntax for adding a slave requires `type ethernet` with `master` and `slave-type`, not a non-existent `type bond-slave` (Option D).

How to eliminate wrong answers

Option B is wrong because manually editing configuration files under `/etc/sysconfig/network-scripts/` is deprecated in RHEL 8/9 in favor of `nmcli`; it also does not include the second slave 'eth1' and lacks the active-backup mode specification. Option C is wrong because `teamd` is used for teaming (a different technology), not bonding; the command uses a teamd JSON configuration with 'activebackup' runner, but the question explicitly asks for a bond interface, not a team interface. Option D is wrong because `nmcli con add type bond-slave` is not a valid connection type in `nmcli`; the correct syntax is `type ethernet` with the `master` and `slave-type` options.

56
MCQeasy

A user reports that they cannot create files in their home directory. The administrator checks permissions and sees drwxr-xr-x. What is the likely cause?

A.The directory has the sticky bit set
B.The filesystem is read-only
C.The user is not the owner of the directory
D.The user is not in the group
AnswerC

If the user is not the owner, they only have read and execute permissions, preventing file creation.

Why this answer

The permissions `drwxr-xr-x` mean the owner has read, write, and execute (rwx) access, while group and others have only read and execute (r-x). Since the user cannot create files (which requires write permission), the user must not be the owner of the directory. Only the owner (or root) can write to it, so the likely cause is that the user is not the owner.

Exam trap

Red Hat often tests the misconception that group membership alone grants write access, but here the group lacks write permission (`r-x`), so even being in the group does not allow file creation; the trap is focusing on group membership rather than the actual permission bits.

How to eliminate wrong answers

Option A is wrong because the sticky bit (indicated by a 't' in the execute position for others, e.g., `drwxr-xr-t`) is not set here; the permissions show a regular 'x' for others, and the sticky bit does not prevent file creation by the owner or those with write permission. Option B is wrong because a read-only filesystem would prevent all write operations system-wide, not just for this user, and the user can still read and execute files in the directory, which would be impossible if the filesystem were read-only. Option D is wrong because group permissions are `r-x`, which do not include write access, so even if the user were in the group, they still could not create files; the issue is the lack of write permission, not group membership.

57
MCQeasy

An administrator needs to create a 10GB logical volume named 'mylv' in an existing volume group 'vg1', format it with XFS, and mount it at /mnt/data. Which set of commands achieves this correctly?

A.lvcreate -n mylv -L 10G vg1 && mkfs.xfs /dev/vg1/mylv && mount /dev/vg1/mylv /mnt/data && echo "/dev/vg1/mylv /mnt/data xfs defaults 0 0" >> /etc/fstab
B.lvcreate -n mylv -L 10G vg1 && mkfs.xfs /dev/vg1/mylv && mount /dev/vg1/mylv /mnt/data && blkid /dev/vg1/mylv >> /etc/fstab
C.lvcreate -n mylv -L 10G vg1 && mkfs.xfs /dev/vg1/mylv && mount /dev/vg1/mylv /mnt/data && echo "/dev/vg1/mylv /mnt/data xfs defaults 0 0" > /etc/fstab
D.lvcreate -n mylv --size 10G vg1 && mkfs.xfs /dev/mylv && mount /dev/mylv /mnt/data && echo "/dev/mylv /mnt/data xfs defaults 0 0" >> /etc/fstab
AnswerA

Correct: Uses proper device path and appends fstab entry.

Why this answer

Option A is correct because it uses the proper `lvcreate` syntax with `-n` for name and `-L` for size, creates the logical volume `/dev/vg1/mylv`, formats it with XFS, mounts it, and appends the correct fstab entry using `>>` to avoid overwriting existing entries. The device path `/dev/vg1/mylv` is the standard LVM device mapper path for a logical volume named 'mylv' in volume group 'vg1'.

Exam trap

Red Hat often tests the distinction between `>` (overwrite) and `>>` (append) in fstab manipulation, and the correct LVM device path format (`/dev/vg1/mylv` vs. `/dev/mylv`), to catch candidates who confuse volume group names with logical volume paths or misuse shell redirection.

How to eliminate wrong answers

Option B is wrong because `blkid` outputs a line with the UUID and filesystem type, but the format is not a valid fstab entry (it lacks mount point, options, dump, and pass fields), and appending it directly to `/etc/fstab` would cause mount failures. Option C is wrong because it uses `>` (single redirect) instead of `>>`, which overwrites the entire `/etc/fstab` file, destroying all existing mount entries. Option D is wrong because it uses the incorrect device path `/dev/mylv` (which would be a volume group name, not a logical volume path) and also uses `--size` instead of `-L` (though `--size` works, the path error is fatal); the correct path should be `/dev/vg1/mylv`.

58
MCQhard

An administrator wants to enable disk quotas for users on an XFS filesystem. Which command initializes the quota database?

A.edquota -u user
B.quotacheck -cug /mount
C.xfs_quota -x -c 'limit -u bsoft=...' /mount
D.quotaon /mount
AnswerD

After editing /etc/fstab and remounting, 'quotaon' enables quotas on the filesystem.

Why this answer

Option D is correct because `quotaon` activates disk quotas on a filesystem after the quota database has been initialized. However, for XFS filesystems, the quota database is not a separate file; XFS uses internal metadata. The command to initialize quota accounting on XFS is `xfs_quota -x -c 'limit'`, but the question asks for initializing the quota database, which for non-XFS filesystems is done with `quotacheck`.

For XFS, the equivalent is enabling quota via `xfs_quota` or mounting with `uquota`/`gquota` options. The correct answer here is D because `quotaon` is the command that turns on quota enforcement after the database is ready, but the question's phrasing is ambiguous; in the context of EX200, `quotaon` is the final step to activate quotas, not to initialize the database. The trap is that candidates confuse 'initializing the database' with 'enabling quotas'.

For XFS, the database is initialized automatically when quotas are enabled via mount options or `xfs_quota`.

Exam trap

Red Hat often tests the distinction between initializing quota databases (which for XFS is done at mount time) and enabling quota enforcement (quotaon), leading candidates to incorrectly choose quotacheck or edquota.

How to eliminate wrong answers

Option A is wrong because `edquota -u user` edits quotas for a specific user, not initializes the quota database. Option B is wrong because `quotacheck -cug /mount` is used for ext3/ext4 filesystems to create quota files (aquota.user/aquota.group), but XFS does not use separate quota files; it stores quota information in its internal metadata, so `quotacheck` is not applicable. Option C is wrong because `xfs_quota -x -c 'limit -u bsoft=...' /mount` sets a quota limit for a user, but it does not initialize the quota database; it assumes quotas are already enabled on the filesystem.

59
MCQeasy

A user is unable to log in via SSH. The administrator checks /var/log/secure and sees 'Authentication refused: bad ownership or modes' for the user's home directory. What is the most likely cause?

A.The sshd service is not running
B.The SELinux context is wrong
C.The .ssh/authorized_keys file has incorrect permissions
D.The user's home directory is owned by root
AnswerC

The error directly refers to bad ownership or modes; typically the authorized_keys file permissions are too permissive.

Why this answer

Option C is correct because the error 'Authentication refused: bad ownership or modes' in /var/log/secure specifically indicates that the SSH daemon (sshd) has rejected authentication due to overly permissive permissions on the user's ~/.ssh/authorized_keys file. SSH requires that this file be owned by the user and not writable by group or others (typically mode 600 or 644), and the directory ~/.ssh must be mode 700. This is a security check enforced by sshd to prevent unauthorized key injection.

Exam trap

Red Hat often tests the distinction between home directory ownership issues and the specific permissions of ~/.ssh/authorized_keys, leading candidates to incorrectly select 'home directory owned by root' when the log message explicitly mentions 'bad ownership or modes' for the key file.

How to eliminate wrong answers

Option A is wrong because if the sshd service were not running, the user would not even reach the authentication stage; the error would be a connection timeout or 'Connection refused', not a permission-related log entry. Option B is wrong because SELinux context issues typically produce AVC denial messages in /var/log/audit/audit.log, not the specific 'bad ownership or modes' error in /var/log/secure. Option D is wrong because while a home directory owned by root could cause other issues (e.g., inability to write files), the specific error about 'bad ownership or modes' for SSH authentication is triggered by the permissions of ~/.ssh/authorized_keys, not the home directory itself.

60
MCQmedium

A Red Hat Enterprise Linux 8 system was recently updated via 'yum update'. After reboot, the systemd-logind service fails to start with the error 'Failed to start Login Service' and 'Permission denied' messages in the journal. The administrator checks the SELinux status with 'getenforce' and it returns 'Enforcing'. The administrator also notices that the '/var/run' directory is now a symlink to '/run'. There are no firewall issues. The service works if SELinux is set to permissive. Which single action should the administrator take to resolve this issue permanently?

A.Run 'restorecon -Rv /run' to restore default SELinux contexts for /run
B.Add 'selinux=0' to kernel boot parameters and reboot
C.Edit the systemd-logind service unit to add 'Permissions=yes'
D.Reinstall the systemd-logind package using 'yum reinstall systemd'
AnswerA

Restoring contexts on /run will fix permission problems caused by mislabeled files.

Why this answer

After a yum update, SELinux contexts on /run may be incorrect because /var/run is a symlink to /run. When SELinux is enforcing, systemd-logind requires the correct context (typically system_u:object_r:var_run_t:s0) on /run to access its runtime files. Running 'restorecon -Rv /run' restores the default SELinux contexts for all files under /run, resolving the 'Permission denied' errors permanently without disabling SELinux.

Exam trap

The trap here is that candidates may focus on the symlink (/var/run -> /run) and assume a package reinstall or disabling SELinux is needed, rather than recognizing that SELinux contexts on the target directory (/run) are the root cause, which is fixed by a simple restorecon.

How to eliminate wrong answers

Option B is wrong because adding 'selinux=0' disables SELinux entirely, which is not a permanent fix and violates security best practices; the service works in permissive mode, indicating SELinux is the issue but should remain enforcing. Option C is wrong because systemd-logind service units do not have a 'Permissions=yes' directive; this is a fictional option that misleads candidates into thinking a service-level permission setting exists. Option D is wrong because reinstalling the systemd-logind package does not fix SELinux context mismatches; the package files are correct, but the runtime contexts on /run are wrong due to the symlink change.

61
Multi-Selecthard

On a default Red Hat Enterprise Linux 8 installation, which THREE tools or files can be used to configure time synchronization?

Select 3 answers
A.ntpq
B./etc/ntp.conf
C.chronyc
D.timedatectl
E./etc/chrony.conf
AnswersC, D, E

Command-line tool for managing chrony.

Why this answer

On a default Red Hat Enterprise Linux 8 installation, `chronyd` is the default NTP daemon, and its configuration file is `/etc/chrony.conf`. The `chronyc` command is the command-line interface for interacting with the `chronyd` daemon, allowing you to monitor and adjust time synchronization. `timedatectl` is the systemd-based tool for managing system time and date settings, including enabling NTP synchronization via `chronyd`.

Exam trap

The trap here is that candidates familiar with older RHEL versions (6/7) may assume `ntpq` and `/etc/ntp.conf` are still the default tools, but RHEL 8 has replaced `ntpd` with `chronyd` as the default NTP implementation.

62
Multi-Selecteasy

Which TWO commands can be used to display available disk space on mounted filesystems in a human-readable format?

Select 2 answers
A.blkid
B.df -h
C.ls -lh
D.du -sh
E.fdisk -l
AnswersB, D

Disks space usage for filesystems.

Why this answer

The `df -h` command displays disk space usage for mounted filesystems, with the `-h` flag converting sizes into human-readable units (e.g., KB, MB, GB). This directly answers the requirement to show available disk space on mounted filesystems in a human-readable format.

Exam trap

The trap here is that candidates often confuse `du -sh` (which shows used space for a specific directory) with `df -h` (which shows available space on filesystems), but both are correct in this question because `du -sh` can be used to display disk usage in human-readable format, though it does not show available space directly.

63
MCQhard

An administrator needs to configure system tuning profiles for a database server. Which command is used to set the 'throughput-performance' profile?

A.powertop --set-profile=throughput-performance
B.sysctl -w kernel.throughput=1
C.systemctl set-profile throughput-performance
D.tuned-adm profile throughput-performance
AnswerD

tuned-adm is the correct tool for applying tuning profiles.

Why this answer

The `tuned-adm profile throughput-performance` command is correct because Tuned is the system tuning service on Red Hat Enterprise Linux, and `tuned-adm` is the command-line tool used to activate predefined tuning profiles. The 'throughput-performance' profile optimizes the system for maximum network and disk throughput by disabling power-saving features and tuning kernel parameters.

Exam trap

The trap here is that candidates confuse `systemctl` (which manages systemd services) with `tuned-adm` (which manages Tuned profiles), or they assume a generic sysctl parameter exists for setting a complete tuning profile.

How to eliminate wrong answers

Option A is wrong because `powertop` is a power management diagnostic tool, not a profile manager; it does not have a `--set-profile` option for setting Tuned profiles. Option B is wrong because `sysctl` is used to modify kernel parameters at runtime, but there is no `kernel.throughput` parameter; setting a Tuned profile involves multiple kernel and system settings, not a single sysctl variable. Option C is wrong because `systemctl` manages systemd services, not Tuned profiles; the correct command to set a Tuned profile is `tuned-adm profile`, not `systemctl set-profile`.

64
Multi-Selectmedium

Which TWO commands can be used to display the current SELinux mode?

Select 2 answers
A.sestatus
B.getenforce
C.checkmodule
D.seinfo
E.setenforce
AnswersA, B

sestatus provides detailed SELinux status including current mode.

Why this answer

The `sestatus` command displays the current SELinux mode (enforcing, permissive, or disabled) along with other SELinux status information. The `getenforce` command specifically returns only the current SELinux mode as a string (Enforcing, Permissive, or Disabled). Both are standard tools for checking the SELinux operational state.

Exam trap

The trap here is that candidates confuse `setenforce` (which changes the mode) with `getenforce` (which displays the mode), or assume `seinfo` or `checkmodule` are status-checking tools when they are actually policy analysis and compilation utilities.

65
MCQhard

A system administrator notices that a RHEL 9 server's /var/log/messages is filling up the /var partition. The administrator wants to ensure log rotation runs daily and keeps 4 weeks of logs. Which configuration file should be modified?

A./etc/systemd/journald.conf
B./etc/logrotate.d/syslog
C./etc/rsyslog.conf
D./etc/cron.daily/logrotate
AnswerB

This is the logrotate config for syslog files.

Why this answer

Option B is correct because /etc/logrotate.d/syslog is the configuration file that controls log rotation for system log files such as /var/log/messages. By modifying this file, the administrator can set the rotation frequency to daily and specify the number of weeks (e.g., rotate 28 for 4 weeks) to retain logs, directly addressing the requirement.

Exam trap

The trap here is that candidates confuse the log rotation configuration file (/etc/logrotate.d/syslog) with the cron job that triggers it (/etc/cron.daily/logrotate) or with the logging daemon configuration files (journald.conf or rsyslog.conf), assuming those control rotation parameters.

How to eliminate wrong answers

Option A is wrong because /etc/systemd/journald.conf configures the systemd journal daemon (journald), which manages binary journal logs, not the rotation of text-based log files like /var/log/messages; log rotation for syslog files is handled by logrotate. Option C is wrong because /etc/rsyslog.conf configures the rsyslog daemon's logging rules and destinations, not log rotation parameters; rotation is a separate function managed by logrotate. Option D is wrong because /etc/cron.daily/logrotate is the cron job script that triggers logrotate execution daily, not a configuration file where rotation parameters (frequency, retention) are defined; modifying this script would not set the rotation schedule or retention count.

66
Multi-Selecteasy

Which two commands correctly set the system to boot into a multi-user target (runlevel 3)?

Select 2 answers
A.systemctl enable multi-user.target
B.systemctl default multi-user
C.systemctl set-default multi-user.target
D.ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
E.systemctl set-default runlevel3.target
AnswersC, D

Correctly sets the default target to multi-user.

Why this answer

Option C is correct because `systemctl set-default multi-user.target` sets the default systemd target to multi-user.target, which corresponds to runlevel 3. This command changes the symlink at /etc/systemd/system/default.target to point to the specified target, ensuring the system boots into that target by default.

Exam trap

The trap here is that candidates may confuse `systemctl set-default` with `systemctl enable` or use incorrect target names like `runlevel3.target`, which does not exist in systemd; the correct target is `multi-user.target`.

67
MCQmedium

Refer to the exhibit. The service 'example.service' is created but fails to start. The administrator runs 'systemctl start example.service' and gets no output, but 'systemctl status example.service' shows 'active (exited)'. What is the most likely cause?

A.The script /usr/local/bin/example.sh exits immediately.
B.The Restart=on-failure directive is misconfigured.
C.The network.target dependency is not met.
D.The administrator forgot to run systemctl daemon-reload after starting.
AnswerA

Type=simple expects the main process to stay running.

Why this answer

When a service unit is configured with `Type=oneshot` (or the default `Type=simple` with a script that exits quickly), systemd reports the service as `active (exited)` after the main process finishes. The administrator sees no error output because the command `systemctl start` succeeded in launching the process, but the process itself (the script `/usr/local/bin/example.sh`) exits immediately, which is expected behavior for a oneshot service. The service is considered 'active' because it ran and exited cleanly, not because it remains running.

Exam trap

Red Hat often tests the distinction between `active (running)` and `active (exited)` to catch candidates who assume a service must remain running to be considered active, when in fact `Type=oneshot` services are designed to exit and still be marked as active.

How to eliminate wrong answers

Option B is wrong because `Restart=on-failure` only triggers a restart when the service unit exits with a non-zero exit code or is terminated by a signal; it does not change the fact that the script exits immediately, and the service would still show `active (exited)` after a successful run. Option C is wrong because `network.target` is a synchronization point that ensures network interfaces are configured before the service starts, but its failure would cause the service to fail to start entirely (e.g., `failed` state), not to show `active (exited)`. Option D is wrong because `systemctl daemon-reload` is required only after modifying unit files, not after starting a service; running it after `systemctl start` would have no effect on the service state.

68
MCQmedium

A cron job runs a script every hour and leaves many log files. The administrator wants to clean up log files older than 7 days in /var/log/myapp/. Which command should be added to a weekly cron job?

A.find /var/log/myapp -type f -atime +7 -delete
B.find /var/log/myapp -type f -mtime +7 -exec rm {} \;
C.find /var/log/myapp -type f -ctime +7 -delete
D.find /var/log/myapp -type f -mtime +7 -delete
AnswerD

Correctly finds files modified more than 7 days ago and deletes them.

Why this answer

Option D is correct because `-mtime +7` matches files whose modification time is older than 7 days, and `-delete` safely removes them. This is the most efficient and standard approach for cleaning up old log files in a cron job, as it avoids spawning a separate process for each file.

Exam trap

The trap here is that candidates often confuse `-atime`, `-ctime`, and `-mtime`, or think `-exec rm {} \;` is equivalent to `-delete`, when in fact `-delete` is the preferred, safer, and more efficient method for bulk file removal in cron jobs.

How to eliminate wrong answers

Option A is wrong because `-atime` checks access time, not modification time; log files may be accessed (e.g., read by monitoring tools) without being modified, so they could be deleted prematurely or not at all. Option B is wrong because while `-mtime +7` is correct, using `-exec rm {} \;` is inefficient and less safe than `-delete`; it forks a new `rm` process for each file, which is slower and can cause issues with special characters in filenames. Option C is wrong because `-ctime` checks inode change time (metadata changes like permissions or ownership), not the file's content modification time; log files might have unchanged metadata but old content, leading to incorrect cleanup.

69
Multi-Selectmedium

A system administrator wants to permanently allow incoming HTTP traffic on RHEL 9 using firewalld. Which two commands will achieve this? (Choose two.)

Select 2 answers
A.firewall-cmd --add-service=http
B.firewall-cmd --add-port=80/tcp --permanent
C.firewall-cmd --runtime-to-permanent
D.firewall-cmd --add-service=http && firewall-cmd --runtime-to-permanent
E.firewall-cmd --add-service=http --permanent
AnswersB, E

Permanently adds port 80/tcp.

Why this answer

Option B is correct because `--add-port=80/tcp --permanent` adds the rule to the permanent configuration, ensuring it persists across reboots. Option E is correct because `--add-service=http --permanent` achieves the same effect using the predefined service name for HTTP (port 80/tcp). Both commands modify the permanent zone configuration directly, which is required for a permanent rule.

Exam trap

The trap here is that candidates often forget the `--permanent` flag and assume runtime changes persist, or they incorrectly think `--runtime-to-permanent` alone adds the rule, when it only saves existing runtime rules.

70
MCQhard

Refer to the exhibit. The administrator wants to add an additional 5GB to the /mnt/data filesystem. There is no unpartitioned space on /dev/sdb. Which is the correct procedure?

A.Use resize2fs /dev/sdb1 to expand filesystem.
B.Add a new disk, create a physical volume, extend volume group, and extend logical volume.
C.Use fdisk to delete and recreate /dev/sdb1 with larger size, run partprobe, then xfs_growfs /mnt/data.
D.Use fdisk to delete and recreate /dev/sdb1 with larger size, then mount.
AnswerC

Correct steps for XFS on a partition.

Why this answer

Option C is correct because the filesystem on /mnt/data is XFS (as shown in the exhibit), and XFS cannot be shrunk; it can only be grown. Since there is no unpartitioned space on /dev/sdb, the partition itself must be resized. The correct procedure is to delete and recreate the partition with a larger size using fdisk, inform the kernel of the change with partprobe, and then grow the XFS filesystem with xfs_growfs /mnt/data.

Exam trap

Red Hat often tests the distinction between XFS and ext4 filesystem resizing commands; the trap here is that candidates familiar with ext4 might incorrectly choose resize2fs (Option A) or forget that XFS requires xfs_growfs after partition resizing, leading them to select Option D without the grow step.

How to eliminate wrong answers

Option A is wrong because resize2fs is used for ext2/ext3/ext4 filesystems, not XFS; using it on an XFS filesystem would fail. Option B is wrong because adding a new disk, creating a physical volume, extending the volume group, and extending a logical volume is the procedure for LVM-based filesystems, but the exhibit shows /dev/sdb1 is a standard partition, not an LVM logical volume. Option D is wrong because after deleting and recreating the partition with a larger size, you must run partprobe to update the kernel's partition table and then grow the filesystem with xfs_growfs; simply mounting does not resize the filesystem.

71
MCQhard

An administrator has a logical volume 'lv_data' in a volume group 'vg_data' with a filesystem. The administrator needs to reduce the size of 'lv_data' by 2GB. Which sequence of commands should be performed?

A.umount, e2fsck -f, resize2fs, lvreduce
B.lvreduce, resize2fs, e2fsck, umount
C.resize2fs, lvreduce, umount, e2fsck
D.umount, lvreduce, resize2fs, e2fsck
AnswerA

Correct order: unmount, check, shrink filesystem, then shrink LV.

Why this answer

Option A is correct because reducing a logical volume with a filesystem requires a specific sequence: first unmount the filesystem to ensure no writes occur, then run e2fsck -f to force a filesystem check and ensure consistency, then use resize2fs to shrink the filesystem to the desired size, and finally lvreduce to shrink the logical volume itself. This order prevents data corruption by resizing the filesystem before the underlying block device.

Exam trap

Red Hat often tests the misconception that you can reduce the logical volume first and then shrink the filesystem, but the correct order is always filesystem first, then LV reduction, with unmount and fsck as prerequisites.

How to eliminate wrong answers

Option B is wrong because lvreduce is performed before resize2fs, which would shrink the logical volume while the filesystem still expects the original size, causing data corruption. Option C is wrong because resize2fs is attempted before unmounting the filesystem, which is not allowed on a mounted ext filesystem and will fail; additionally, lvreduce is done before e2fsck, risking corruption. Option D is wrong because lvreduce is performed before resize2fs, meaning the logical volume is reduced while the filesystem still occupies the original space, leading to data loss or corruption.

72
MCQhard

A system fails to boot with an error about a missing ext4 filesystem. From the rescue environment, which command should be run to attempt automatic repair of all filesystems?

A.fsck /dev/sda1
B.debugfs -R 'repair'
C.e2fsck -p
D.fsck -A -y
AnswerD

fsck -A checks all filesystems listed in /etc/fstab, and -y answers yes to all repairs.

Why this answer

Option D is correct because `fsck -A -y` automatically checks all filesystems listed in `/etc/fstab` (the `-A` flag) and answers 'yes' to any repair prompts (the `-y` flag), making it the most appropriate command for automatic repair of all filesystems from a rescue environment. The error indicates a missing ext4 filesystem, and this command will attempt to repair any ext4 (or other) filesystem issues without manual intervention.

Exam trap

The trap here is that candidates confuse `e2fsck -p` (which only repairs a single ext filesystem automatically) with `fsck -A -y` (which repairs all filesystems automatically), or they mistakenly think `debugfs` has a repair command, when it is actually a debugging tool, not a repair utility.

How to eliminate wrong answers

Option A is wrong because `fsck /dev/sda1` only checks a single partition (sda1), not all filesystems, and it does not automatically answer 'yes' to repair prompts, so it may stall or require manual input. Option B is wrong because `debugfs -R 'repair'` is not a valid command; `debugfs` is an interactive ext2/ext3/ext4 filesystem debugger, and it does not have a `-R 'repair'` option—it is used for low-level manipulation, not automatic repair. Option C is wrong because `e2fsck -p` automatically repairs ext2/ext3/ext4 filesystems without prompting, but it only operates on a single filesystem (the one specified, e.g., `e2fsck -p /dev/sda1`), not all filesystems; the `-p` flag is for preen mode, not for scanning all fstab entries.

Ready to test yourself?

Try a timed practice session using only Deploy Configure Systems questions.