EX200 · topic practice

Manage security practice questions

Practise Red Hat Certified System Administrator EX200 Manage security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Manage security

What the exam tests

What to know about Manage security

Manage security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Manage security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Manage security questions

20 questions · select your answer, then reveal the explanation

A junior admin needs to ensure that the 'apache' user (UID 48) cannot log in via SSH or console. Which command achieves this?

Question 2mediummultiple choice
Read the full Manage security explanation →

An administrator runs 'getenforce' and sees 'Enforcing'. They then run 'setenforce 0' but SELinux still denies access to a custom application. What is the most likely reason?

A system administrator wants to allow user 'jdoe' to execute any command as root via sudo without being prompted for a password, but only from the host 'client1.example.com'. Which sudoers rule achieves this?

Question 4mediummultiple choice
Read the full Manage security explanation →

A server's firewall is managed by firewalld. The admin adds a rule to allow HTTPS traffic to the public zone, but clients still cannot connect. What is the most likely cause?

Which TWO commands can be used to display SELinux contexts of files? (Choose two.)

Which THREE factors determine whether a local user can SSH into a Red Hat Enterprise Linux 9 system? (Choose three.)

Refer to the exhibit. A web server (httpd) is unable to serve files from a user's home directory. What is the most appropriate single command to resolve the issue?

Exhibit

Refer to the exhibit.

```
# ausearch -m avc -ts recent
----
time->Thu Mar 14 10:15:22 2024
type=AVC msg=audit(1710418522.123:456): avc:  denied  { read } for  pid=1234 comm="httpd" name="index.html" dev=sda1 ino=5678 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
```
Question 8mediummultiple choice
Read the full Manage security explanation →

You are the system administrator for a small company. A developer, Alice, needs to restart the web server (httpd.service) on server 'web1.example.com' without being prompted for a password. She should also be able to run any command as root on that server, but only from the server itself (not remotely). Currently, Alice can SSH into the server using her SSH key, but when she runs 'sudo systemctl restart httpd', she is prompted for her password. You have verified that Alice is in the 'wheel' group. The sudoers file currently has the line '%wheel ALL=(ALL) ALL'. You want to modify sudoers to satisfy the requirement with minimal privilege. Which action should you take?

A system administrator needs to configure a firewall using firewalld to allow incoming HTTPS traffic and deny incoming SSH traffic from a specific source IP 192.168.1.100. Which two commands should be run? (Choose two.)

Question 10easymultiple choice
Read the full Manage security explanation →

A junior administrator is tasked with setting up SELinux contexts on a Red Hat Enterprise Linux 9 server to allow Apache HTTPD to read and write to a custom directory /var/www/customcontent. The directory already exists and contains several files. The administrator has confirmed that the httpd service is running and SELinux is in enforcing mode. After changing the context to httpd_sys_content_t using chcon, the web server can read files but cannot write to the directory. The administrator needs to fix this without disabling SELinux or changing the mode to permissive. Which of the following is the correct next step?

Order the steps to configure firewall rules to allow HTTP and HTTPS traffic using firewalld.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Match each networking term to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automatically assigns IP addresses to hosts

Resolves hostnames to IP addresses

Translates private IPs to public IPs

Combines multiple network interfaces for redundancy or throughput

Question 13easymultiple choice
Read the full Manage security explanation →

A sysadmin wants to allow user 'alice' to run all commands as root via sudo. Which line should be added to /etc/sudoers?

Question 14mediummultiple choice
Read the full Manage security explanation →

After configuring sudo, a user reports: 'sudo: unable to open /etc/sudoers: Permission denied'. The admin checks the file permissions and sees '-rw-r-----' owned by root:root. What is the most likely cause?

Question 15hardmultiple choice
Review the full subnetting walkthrough →

A server uses firewalld with the default zone set to 'drop'. SSH is allowed only for the 192.168.1.0/24 subnet via a rich rule in the 'internal' zone. After a reboot, SSH connections from that subnet are refused. What is the most likely cause?

Question 16easymultiple choice
Read the full Manage security explanation →

Which command sets the password maximum age for user 'bob' to 30 days?

Question 17mediummultiple choice
Read the full Manage security explanation →

An administrator wants newly created files to be readable and writable only by the owner, and readable by group and others. Which umask value should be set?

Question 18hardmultiple choice
Read the full Manage security explanation →

A user reports that SSH key-based authentication fails, but password authentication works. The admin checks /etc/ssh/sshd_config: PubkeyAuthentication yes, PasswordAuthentication no (contrary to the report). Which is the most likely reason key-based auth fails?

Question 19easymultiple choice
Read the full Manage security explanation →

Which file contains the hashed passwords for local user accounts?

Question 20mediummultiple choice
Read the full Manage security explanation →

A file has been assigned an incorrect SELinux context, preventing a service from accessing it. Which command restores the default SELinux context for that file?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Manage security sessions

Start a Manage security only practice session

Every question in these sessions is drawn from the Manage security domain — nothing else.

Related practice questions

Related EX200 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the EX200 exam test about Manage security?
Manage security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Manage security questions in a focused session?
Yes — the session launcher on this page draws every question from the Manage security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other EX200 topics?
Use the topic links above to move to related areas, or go back to the EX200 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the EX200 exam covers. They are not copied from any real exam or dump site.