CCNA Operate Systems Questions

30 questions · Operate Systems topic · All types, answers revealed

1
MCQmedium

An administrator needs to combine two physical network interfaces into a single logical interface for redundancy. Which RHEL tool is recommended to configure this in RHEL 8/9?

A.teamd
B.ip link
C.brctl
D.nmcli
AnswerD

NetworkManager command-line tool, recommended for configuring bonds.

Why this answer

Option D (nmcli) is the preferred command-line tool for network management and can configure bonding/teaming. Option A (ip link) can set bonding but is lower-level. Option B (teamd) is used for teaming but nmcli is more common.

Option C (brctl) is for bridging.

2
Multi-Selecteasy

A system administrator needs to ensure a service called 'myapp' starts automatically at boot and also start it immediately without affecting the current boot configuration. Which TWO commands should be used?

Select 2 answers
A.systemctl daemon-reload myapp
B.systemctl start myapp
C.systemctl restart myapp
D.systemctl activate myapp
E.systemctl enable myapp
AnswersB, E

Correct: Starts the service immediately.

Why this answer

The 'systemctl enable myapp' command creates the necessary symlinks so that the service starts automatically at boot, while 'systemctl start myapp' launches the service immediately in the current session without altering the boot configuration. Together, they satisfy both requirements without affecting the existing boot setup.

Exam trap

The trap here is that candidates confuse 'enable' with 'start' or think 'restart' or 'daemon-reload' can achieve both goals, but only the combination of 'enable' (for boot persistence) and 'start' (for immediate activation) meets the exact requirements.

3
MCQeasy

Refer to the exhibit. A security analyst reviews the journal output for sshd.service. Which of the following best describes the observed pattern of events?

A.The system is under a denial-of-service attack because the connections are being closed before authentication.
B.The SSH service is malfunctioning and dropping connections due to a configuration error.
C.Multiple hosts are attempting to connect to the SSH service simultaneously, causing connection errors.
D.The system experienced a brute-force attack on the root account originating from IP 192.168.1.100, which eventually succeeded.
AnswerD

The logs show multiple failed attempts followed by a successful login from the same IP.

Why this answer

The journal output shows repeated failed authentication attempts for the root user from IP 192.168.1.100, followed by a successful login. This pattern is characteristic of a brute-force attack where an attacker tries many passwords until one works. The final 'Accepted password for root' line confirms the attack succeeded, making D correct.

Exam trap

Red Hat often tests the distinction between a denial-of-service attack (which would show connections dropped before authentication) and a brute-force attack (which shows repeated failed authentications followed by a success), leading candidates to confuse the two patterns.

How to eliminate wrong answers

Option A is wrong because the connections are not being closed before authentication; they are completing authentication (both failed and eventually accepted). Option B is wrong because there is no evidence of a configuration error; the SSH service is functioning normally by processing and logging authentication attempts. Option C is wrong because the events are sequential from a single IP, not simultaneous from multiple hosts, and the errors are authentication failures, not connection errors.

4
Matchingmedium

Match each file system type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Default file system for RHEL 8/9 with journaling and support for large files

High-performance 64-bit journaling file system, default for /boot in RHEL 7

Copy-on-write file system with snapshots and compression (available in RHEL 8/9)

Used for virtual memory, typically as a partition or file

Why these pairings

These are common file systems used in RHEL systems.

5
Drag & Dropmedium

Arrange the steps to configure a static IPv4 route in Red Hat Enterprise Linux.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static routes in RHEL are configured in interface configuration files by specifying GATEWAY and NETMASK, then restarting the network service.

6
MCQhard

Based on the exhibit, what is the most likely cause of the failure?

A.The SSH daemon is already running on another port.
B.Another process is already listening on port 22.
C.The sshd configuration file has a syntax error.
D.The service is not enabled.
AnswerB

Directly matches the error message.

Why this answer

Option B is correct because the status message explicitly says 'Address already in use', indicating another process is listening on the same port (port 22). Option A is ambiguous; the port conflict is precise. Option C would produce a different error.

Option D is incorrect because the service is enabled.

7
Matchingmedium

Match each user/group management command to its function.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Create a new user account

Modify an existing user account

Create a new group

Set or change a user's password

Why these pairings

These commands manage users and groups in RHEL.

8
MCQeasy

A critical service must restart automatically after a crash. Which systemd directive should be added to the [Service] section of the service unit file?

A.OnFailure=
B.Requires=
C.Restart=always
D.Wants=
AnswerC

Sets the service to restart after exit, including crashes.

Why this answer

Option A (Restart=always) is correct because it configures the service to restart automatically on failure. Option B (OnFailure=) invokes another unit on failure, not restart. Option C (Wants=) and Option D (Requires=) are dependency directives.

9
MCQhard

Refer to the exhibit. Which command would free up the most space immediately?

A.yum clean all
B.rm -rf /var/log/*
C.journalctl --vacuum-size=500M
D.logrotate -f /etc/logrotate.conf
AnswerC

Reduces journal log size to 500MB, freeing significant space.

Why this answer

Option C (journalctl --vacuum-size=500M) reduces the size of systemd journal logs in /var/log/journal, which is a major contributor. Option A deletes all logs including necessary ones. Option B rotates logs but may not free space if old logs are not deleted.

Option D clears package cache, not in /var/log.

10
Multi-Selecteasy

Which TWO commands can be used to view recent systemd journal logs for the current boot?

Select 2 answers
A.journalctl -p err
B.journalctl --list-boots
C.journalctl -b
D.journalctl --boot
E.journalctl --since today
AnswersC, D

Shorthand for --boot.

Why this answer

Options A and B are both correct. 'journalctl --boot' and 'journalctl -b' are equivalent and show logs from the current boot. Option C shows logs from today only, not limited to current boot. Option D lists available boots but does not display logs.

Option E filters by priority level.

11
MCQeasy

Which systemctl command configures a service to start automatically at boot without starting it now?

A.systemctl set-default service
B.systemctl start service
C.systemctl enable service
D.systemctl reenable service
AnswerC

Enables the service to start at boot without starting it currently.

Why this answer

Option B (systemctl enable service) creates the necessary symlinks to start at boot. Option A starts it immediately. Option C reenables.

Option D sets default target.

12
MCQmedium

Refer to the exhibit. The web server fails to start. What is the most likely cause?

A.SELinux context is wrong and should be httpd_sys_content_t.
B.SELinux context is correct, but httpd is not enabled.
C.The index.html file is missing.
D.httpd is masked.
AnswerB

The service is disabled; enable with systemctl enable httpd.

Why this answer

Option A is correct. The SELinux context on index.html is correct (httpd_sys_content_t). However, the httpd service is disabled.

It needs to be enabled and started. Option B is wrong because the context is already correct. Option C is not evident.

Option D is not true; it is disabled but not masked.

13
MCQmedium

A server running Red Hat Enterprise Linux 9 experiences high system load (load average 15 on a 4-core system) and slow response times. The administrator runs 'top' and sees that the 'kworker' processes are consuming significant CPU time. Further investigation reveals that the system is performing heavy I/O operations on the root filesystem, which is formatted as XFS. The administrator wants to reduce the impact of filesystem maintenance tasks on system performance. Which of the following actions should the administrator take?

A.Increase the value of the 'nr_requests' queue parameter for the underlying block device.
B.Mount the filesystem with the 'noatime' option to reduce metadata updates.
C.Schedule filesystem checks (fsck) to run during off-peak hours using a cron job.
D.Set the dirty ratio sysctl parameters (vm.dirty_ratio and vm.dirty_background_ratio) to lower values.
AnswerD

Lower values trigger more frequent writebacks, smoothing I/O load.

Why this answer

Option B is correct. Lowering vm.dirty_background_ratio and vm.dirty_ratio causes the kernel to begin writing dirty pages sooner and more frequently, preventing large bursts of I/O that can cause high load and slow responses. Option A (noatime) reduces metadata updates but is not the primary cause.

Option C (increasing nr_requests) can improve I/O queue depth but may increase memory pressure and does not directly reduce kworker CPU usage. Option D (scheduling fsck) is unrelated to the current issue.

14
Multi-Selectmedium

Which two commands can be used to view systemd journal entries for the sshd service?

Select 2 answers
A.journalctl -u sshd
B.systemctl status sshd
C.journalctl _SYSTEMD_UNIT=sshd.service
D.grep sshd /var/log/messages
E.tail -f /var/log/secure
AnswersA, C

Filters journal by unit name.

Why this answer

Options A and B are correct. journalctl -u sshd and journalctl _SYSTEMD_UNIT=sshd.service both filter journal entries for sshd. Option C shows current status. Options D and E read traditional log files, not the journal.

15
Multi-Selectmedium

Which three network configuration methods are valid in RHEL 8/9?

Select 3 answers
A.system-config-network
B./etc/sysconfig/network-scripts/ifcfg-* files
C.nmcli
D.ip command
E.ifconfig
AnswersB, C, D

Still available, though not managed by NetworkManager by default.

Why this answer

Options A, C, and E are valid. nmcli is the primary CLI tool. ip command is used for low-level network management. /etc/sysconfig/network-scripts/ifcfg-* files are still supported. ifconfig is deprecated. system-config-network is removed.

16
MCQeasy

Which command checks if a specific systemd service is currently running?

A.systemctl is-active
B.systemctl status
C.systemctl list-units
D.systemctl show
AnswerA

Returns 'active' or 'inactive' directly.

Why this answer

Option B (systemctl is-active) returns active or inactive for a service. Option A (systemctl status) shows more information but also indicates state. Option C (systemctl list-units) lists all units.

Option D (systemctl show) displays unit properties.

17
Multi-Selecthard

Which three commands can be used to display overall memory usage information?

Select 3 answers
A.free
B.uptime
C.top
D.ps aux
E.vmstat
AnswersA, C, E

Displays total, used, and free memory.

Why this answer

Options A, B, and C are correct. free shows memory summary. vmstat shows memory and more. top includes memory usage. ps aux shows per-process memory. uptime shows load averages only.

18
Multi-Selectmedium

Which TWO statements about systemd journal and rsyslog are correct?

Select 2 answers
A.rsyslog reads log messages directly from the journal files in /var/log/journal.
B.The command 'journalctl --list-boots' lists only the current boot's journal entries.
C.The command 'journalctl -u sshd.service' outputs the same as 'tail -f /var/log/messages' for SSH logs.
D.The journal stores logs in a structured binary format, allowing filtering by fields like _UID or _SYSTEMD_UNIT.
E.The journal can forward log messages to rsyslog by setting ForwardToSyslog=yes in /etc/systemd/journald.conf.
AnswersD, E

journald uses structured logging with various metadata fields.

Why this answer

Option D is correct because the systemd journal stores log data in a structured binary format (using the journald protocol), which allows filtering by specific fields such as _UID, _SYSTEMD_UNIT, or _COMM. This enables precise queries via journalctl, unlike plain-text log files.

Exam trap

The trap here is that candidates confuse the journal's structured binary format with plain-text log files, or assume rsyslog reads journal files directly, when in fact forwarding is configured via journald.conf.

19
MCQhard

An ext4 filesystem on a logical volume has been extended with lvextend, but df -h still shows the old size. Which command must be run to make the filesystem aware of the new size?

A.lvextend -r
B.fsadm resize
C.resize2fs
D.xfs_growfs
AnswerC

Resizes the ext4 filesystem to match the logical volume size.

Why this answer

Option D (resize2fs) is correct for ext4 filesystems. Option A (xfs_growfs) is for XFS. Option B (lvextend -r) would have performed the resize automatically if used initially.

Option C (fsadm resize) is alternative but less common.

20
MCQhard

A system administrator needs to ensure that a specific process continues to run even if it crashes. The process is started by a systemd service unit. Which approach ensures the process is automatically restarted by systemd, with a delay of 30 seconds after each crash, and does not count restarts towards the failure limit?

A.Restart=always, RestartSec=30, StartLimitIntervalSec=0, StartLimitBurst=0
B.Restart=on-failure and RestartSec=30
C.Restart=always, RestartSec=30, StartLimitIntervalSec=0
D.Restart=always and RestartSec=30
AnswerA

These settings disable the restart rate limit and ensure the service restarts every 30 seconds regardless of crash behavior.

Why this answer

Option A is correct because it combines `Restart=always` to restart the process unconditionally, `RestartSec=30` to introduce a 30-second delay between restarts, and `StartLimitIntervalSec=0` with `StartLimitBurst=0` to disable the start rate limiting entirely. This ensures the service restarts indefinitely after each crash without ever being considered as having failed, which matches the requirement exactly.

Exam trap

The trap here is that candidates often assume `Restart=always` alone is sufficient to restart indefinitely, forgetting that systemd's default start rate limiting (5 restarts within 10 seconds) will eventually stop the service unless explicitly disabled with both `StartLimitIntervalSec=0` and `StartLimitBurst=0`.

How to eliminate wrong answers

Option B is wrong because `Restart=on-failure` only restarts the service when it exits with a non-zero exit code or is terminated by a signal, not for all crashes (e.g., clean exit with code 0 would not trigger a restart), and it lacks the explicit disabling of start rate limits, so repeated restarts could eventually be counted toward the failure limit. Option C is wrong because while it sets `Restart=always` and `RestartSec=30`, it only sets `StartLimitIntervalSec=0` but does not set `StartLimitBurst=0`; by default, `StartLimitBurst` is 5, so after 5 restarts within the default interval (which is 10 seconds if `StartLimitIntervalSec` is not explicitly set to 0), systemd would stop the service and mark it as failed. Option D is wrong because it omits both `StartLimitIntervalSec=0` and `StartLimitBurst=0`, leaving the default start rate limiting active (5 restarts within 10 seconds), which would cause systemd to stop restarting the service after the burst limit is exceeded.

21
MCQeasy

To mount an ext4 filesystem with the noatime option and remount read-only on errors, which file should be edited?

A./etc/mtab
B./etc/sysconfig/network
C./etc/fstab
D./etc/rc.d/rc.local
AnswerC

Permanent mount options are configured in /etc/fstab.

Why this answer

Option C (/etc/fstab) is the filesystem table that defines mount options. Option A (/etc/mtab) shows currently mounted filesystems. Option B is unrelated.

Option D is a startup script.

22
MCQhard

A system administrator is troubleshooting a custom service called 'database.service' that fails intermittently. The service is a proprietary database that requires large amounts of memory. The administrator runs systemctl status database and sees 'Active: failed (Result: core-dump)' and the journal shows 'Out of memory: Killed process (database) total-vm:...' The server has 8GB RAM and 2 CPU cores. The service unit file does not contain any memory limits. The application is configured to use up to 4GB. The administrator suspects the systemd service is being killed by the OOM killer. Which action should the administrator take to prevent this issue?

A.Set MemoryMax=6G in the service unit file.
B.Set OOMScoreAdjust=-1000 in the service unit file.
C.Modify kernel parameters to disable the OOM killer.
D.Increase swap space to 16GB.
AnswerB

Correct: This makes the process less likely to be selected by the OOM killer.

Why this answer

Option B is correct because setting OOMScoreAdjust=-1000 makes the systemd service less likely to be targeted by the OOM killer. The OOM killer selects processes based on a badness score; a lower score (down to -1000) reduces the likelihood of being killed. Since the service is already configured to use up to 4GB and the server has 8GB RAM, adjusting the OOM score is the targeted fix without disabling kernel protections or over-allocating resources.

Exam trap

The trap here is that candidates confuse systemd's cgroup memory limits (MemoryMax) with the kernel OOM killer's scoring mechanism, or they think disabling the OOM killer or adding swap is a safe solution, when the correct approach is to adjust the OOM score to protect the specific service.

How to eliminate wrong answers

Option A is wrong because MemoryMax=6G would set a cgroup memory limit that could cause the service to be killed by systemd's own OOM logic before the kernel OOM killer acts, and it does not address the kernel OOM killer's scoring; the service already uses up to 4GB, so a 6GB limit may still trigger OOM kills if other processes consume memory. Option C is wrong because disabling the OOM killer entirely (e.g., via vm.oom_kill_allocating_task=0 or panic_on_oom=0) is dangerous and not recommended; it can lead to system hangs or unresponsive states, and it is not a targeted fix for a single service. Option D is wrong because increasing swap space to 16GB only delays OOM conditions and can cause severe performance degradation (thrashing); the OOM killer may still kill the process if memory pressure persists, and it does not address the root cause of the service being scored high by the OOM killer.

23
MCQhard

After restoring files from backup, an SELinux context of a directory is not correct. Which command will restore the file contexts to the system defaults?

A.chcon -R default_t /directory
B.restorecon -R /directory
C.semanage fcontext -R /directory
D.setfiles -v /directory
AnswerB

Restores the default SELinux contexts based on policy.

Why this answer

Option B (restorecon -R) is the correct command to restore default SELinux contexts. Option A (chcon) sets contexts manually, not to defaults. Option C (setfiles) is used for initial labeling.

Option D (semanage fcontext) adds default context rules.

24
MCQhard

After a system crash, an administrator needs to review logs from the previous boot. Which command shows only logs from the boot before the current one?

A.journalctl -b -1
B.dmesg -b -1
C.cat /var/log/boot.log
D.journalctl -b 0
AnswerA

Displays journal entries from the previous boot.

Why this answer

Option A (journalctl -b -1) shows logs from the previous boot. Option B shows current boot. Option C uses dmesg incorrectly.

Option D shows only the current boot log.

25
MCQmedium

A system administrator receives reports that a web server service (httpd) fails to start after a reboot. The administrator checks the service status and sees it is disabled. Which of the following is the most appropriate command to ensure the service starts automatically on future reboots?

A.systemctl start httpd
B.systemctl enable httpd
C.systemctl restart httpd
D.systemctl daemon-reload
AnswerB

Enables the service to start automatically at boot by creating symlinks.

Why this answer

Option B is correct because systemctl enable creates symlinks to start the service at boot. Option A (restart) only runs the service now, not persistently. Option C (start) also only runs now.

Option D (daemon-reload) reloads unit files but does not enable the service.

26
MCQmedium

Refer to the exhibit. What is the most likely cause of the httpd service failure?

A.The httpd service is disabled.
B.The Apache configuration has a syntax error.
C.The /var/www/html directory does not exist.
D.SELinux context on /var/www/html/index.html is incorrect.
AnswerD

Correct: 'Permission denied' with access denied error is typical of SELinux denials.

Why this answer

The httpd service fails because SELinux enforces a security context on the web content files. If the context of /var/www/html/index.html is not set to httpd_sys_content_t, the Apache process (running under the httpd_t domain) is denied read access to the file, even if file permissions are correct. This causes the service to start but fail to serve the page, often logged as a 'Permission denied' error in /var/log/audit/audit.log.

Exam trap

The trap here is that candidates assume file permissions (e.g., 644) are the only access control, overlooking SELinux as a mandatory access control system that can block access even when traditional permissions are correct.

How to eliminate wrong answers

Option A is wrong because a disabled service would not attempt to start at all; the systemctl status would show 'disabled' but the service could still be started manually, and the failure here is during runtime. Option B is wrong because a syntax error in Apache configuration would cause the service to fail to start with a specific error message (e.g., 'Syntax error on line ...'), not a silent failure after starting. Option C is wrong because if /var/www/html did not exist, Apache would log a clear 'Directory not found' error and fail to serve content, but the service itself would start; the question implies the service fails entirely, not just content delivery.

27
Drag & Dropmedium

Order the steps to configure a new user 'jdoe' with UID 2000, home directory /home/jdoe, and secondary group 'staff'.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

User creation involves optional group creation, useradd with options, password, and verification.

28
MCQmedium

Refer to the exhibit. What is the most likely cause of this failure?

A.Another process is already bound to port 22.
B.The sshd service is not enabled.
C.SELinux is blocking the service.
D.The /etc/ssh/sshd_config file is missing.
AnswerA

The error 'Cannot bind any address' suggests port conflict.

Why this answer

Option B is correct. The error message 'Cannot bind any address' indicates that the port (22) is already in use by another process. Option A is wrong because the service is enabled.

Option C would show 'Permission denied' if SELinux were blocking. Option D would show configuration errors.

29
MCQeasy

A security policy requires user passwords to expire 60 days after last change. Which command sets this for user 'jdoe'?

A.usermod -f 60 jdoe
B.passwd -x 60 jdoe
C.chage -m 60 jdoe
D.chage -M 60 jdoe
AnswerD

Sets maximum password age to 60 days.

Why this answer

Option C (chage -M 60 jdoe) sets the maximum number of days between password changes. Option A (passwd -x 60 jdoe) is also valid but legacy; chage is preferred in RHCSA. Option B (usermod -f) sets inactivity period.

Option D (chage -m) sets minimum days.

30
MCQhard

A junior administrator configured a new network interface (ens224) with a static IP address using a configuration file in /etc/sysconfig/network-scripts/ifcfg-ens224. After restarting the network service, the interface comes up but does not get the IP address. The administrator runs 'ip addr show ens224' and sees no IP address assigned. The interface is listed as DOWN. The administrator then runs 'ifup ens224' manually, which succeeds, and the IP address appears. What is the most likely cause?

A.The ONBOOT directive is set to no in the ifcfg file.
B.The network service is not enabled to start at boot.
C.The interface name does not match the device file.
D.There is a conflict with NetworkManager managing the interface.
AnswerA

When ONBOOT=no, the interface is not activated automatically; manual ifup works because the config is valid.

Why this answer

Option A is correct. The ONBOOT directive controls whether the interface is brought up automatically at boot or upon network service restart. Setting ONBOOT=no prevents automatic activation, but manual ifup works because the configuration is otherwise correct.

Option B is less likely because the network service was restarted, and if ONBOOT=yes, it would have activated the interface. Option C would cause a different error (interface not found). Option D could cause issues, but if NetworkManager is managing the interface, manual ifup might not work as expected, or the configuration would be ignored.

Ready to test yourself?

Try a timed practice session using only Operate Systems questions.