Exam4Training

CompTIA XK0-005 CompTIA Linux+ Exam Online Training

Question #1

An administrator accidentally deleted the /boot/vmlinuz file and must resolve the issue before the server is rebooted.

Which of the following commands should the administrator use to identify the correct

version of this file?

  • A . rpm -qa | grep kernel; uname -a
  • B . yum -y update; shutdown -r now
  • C . cat /etc/centos-release; rpm -Uvh –nodeps
  • D . telinit 1; restorecon -Rv /boot

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command rpm -qa | grep kernel lists all the installed kernel packages, and the command uname -a displays the current kernel version. These commands can help the administrator identify the correct version of the /boot/vmlinuz file, which is the kernel image file. The other options are not relevant or helpful for this task.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing the Linux Boot Process, page 267.

Question #2

A cloud engineer needs to change the secure remote login port from 22 to 49000.

Which of the following files should the engineer modify to change the port number to the desired value?

  • A . /etc/host.conf
  • B . /etc/hostname
  • C . /etc/services
  • D . /etc/ssh/sshd_config

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The file /etc/ssh/sshd_config contains the configuration settings for the SSH daemon, which handles the secure remote login. To change the port number, the engineer should edit this file and modify the line that says Port 22 to Port 49000. The other files are not related to the SSH service.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 411.

Question #3

A new file was added to a main Git repository. An administrator wants to synchronize a local copy with the contents of the main repository.

Which of the following commands should the administrator use for this task?

  • A . git reflog
  • B . git pull
  • C . git status
  • D . git push

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination 192.0.2.25:3128 adds a rule to the nat table that redirects all incoming TCP packets with destination port 80 (HTTP) to the proxy server 192.0.2.25 on port 3128. This is the correct way to achieve the task. The other options are incorrect because they either delete a rule (-D), use the wrong protocol (top instead of tcp), or use the wrong port (81 instead of 80).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 381.

Question #3

A new file was added to a main Git repository. An administrator wants to synchronize a local copy with the contents of the main repository.

Which of the following commands should the administrator use for this task?

  • A . git reflog
  • B . git pull
  • C . git status
  • D . git push

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination 192.0.2.25:3128 adds a rule to the nat table that redirects all incoming TCP packets with destination port 80 (HTTP) to the proxy server 192.0.2.25 on port 3128. This is the correct way to achieve the task. The other options are incorrect because they either delete a rule (-D), use the wrong protocol (top instead of tcp), or use the wrong port (81 instead of 80).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 381.

Question #5

0.2.25 on port 3128.

Which of the following commands will accomplish this task?

  • A . iptables -t nat -D PREROUTING -p tcp –sport 80 -j DNAT – -to-destination 192.0.2.25:3128
  • B . iptables -t nat -A PREROUTING -p top –dport 81 -j DNAT C-to-destination 192.0.2.25:3129
  • C . iptables -t nat -I PREROUTING -p top –sport 80 -j DNAT C-to-destination 192.0.2.25:3129
  • D . iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT C-to-destination 192.0.2.25:3128

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to-destination 192.0.2.25:3128 adds a rule to the nat table that redirects all incoming TCP packets with destination port 80 (HTTP) to the proxy server 192.0.2.25 on port 3128. This is the correct way to achieve the task. The other options are incorrect because they either delete a rule (-D), use the wrong protocol (top instead of tcp), or use the wrong port (81 instead of 80).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 381.

Question #6

Developers have requested implementation of a persistent, static route on the application server. Packets sent over the interface eth0 to 10.0.213.5/32 should be routed via 10.0.5.1.

Which of the following commands should the administrator run to achieve this goal?

  • A . route -i etho -p add 10.0.213.5 10.0.5.1
  • B . route modify eth0 +ipv4.routes "10.0.213.5/32 10.0.5.1"
  • C . echo "10.0.213.5 10.0.5.1 eth0" > /proc/net/route
  • D . ip route add 10.0.213.5/32 via 10.0.5.1 dev eth0

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command ip route add 10.0.213.5/32 via 10.0.5.1 dev eth0 adds a static route to the routing table that sends packets destined for 10.0.213.5/32 (a single host) through the gateway 10.0.5.1 on the interface eth0. This is the correct way to achieve the goal. The other options are incorrect because they either use the wrong syntax (route -i etho -p add), the wrong command (route modify), or the wrong file (/proc/net/route).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 379.

Question #7

A user is asking the systems administrator for assistance with writing a script to verify whether a file exists. Given the following:

Which of the following commands should replace the <CONDITIONAL> string?

  • A . if [ -f "$filename" ]; then
  • B . if [ -d "$filename" ]; then
  • C . if [ -f "$filename" ] then
  • D . if [ -f "$filename" ]; while

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command if [ -f "$filename" ]; then checks if the variable $filename refers to a regular file that exists. The -f option is used to test for files. If the condition is true, the commands after then are executed. This is the correct way to replace the <CONDITIONAL> string. The other options are incorrect because they either use the wrong option (-d tests for directories), the wrong syntax (missing a semicolon after the condition), or the wrong keyword (while is used for loops, not conditions).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 16: Writing and Executing Bash Shell Scripts, page 493.

Question #8

DRAG DROP

As a Systems Administrator, to reduce disk space, you were tasked to create a shell script that does the following:

Add relevant content to /tmp/script.sh, so that it finds and compresses rotated files in /var/log without recursion.

INSTRUCTIONS

Fill the blanks to build a script that performs the actual compression of rotated log files.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Reveal Solution Hide Solution

Correct Answer:


Question #9

A systems administrator is deploying three identical, cloud-based servers.

The administrator is using the following code to complete the task:

Which of the following technologies is the administrator using?

  • A . Ansible
  • B . Puppet
  • C . Chef
  • D . Terraform

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The code snippet is written in Terraform language, which is a tool for building, changing, and versioning infrastructure as code. Terraform uses a declarative syntax to describe the desired state of the infrastructure and applies the changes accordingly. The code defines a resource of type aws_instance, which creates an AWS EC2 instance, and sets the attributes such as the AMI ID, instance type, security group IDs, and key name. The code also uses a count parameter to create three identical instances and assigns them different names using the count.index variable. This is the correct technology that the administrator is using. The other options are incorrect because they use different languages and syntaxes for infrastructure as code.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 559.

Question #10

Which of the following technologies can be used as a central repository of Linux users and groups?

  • A . LDAP
  • B . MFA
  • C . SSO
  • D . PAM

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

LDAP stands for Lightweight Directory Access Protocol, which is a protocol for accessing and managing a central directory of users and groups. LDAP can be used as a central repository of Linux users and groups, allowing for centralized authentication and authorization across multiple Linux systems. MFA, SSO, and PAM are not technologies that can be used as a central repository of Linux users and groups. MFA stands for Multi-Factor Authentication, which is a method of verifying a user’s identity using more than one factor, such as a password, a token, or a biometric. SSO stands for Single Sign-On, which is a feature that allows a user to log in once and access multiple applications or systems without having to re-enter credentials. PAM stands for Pluggable Authentication Modules, which is a framework that allows Linux to use different authentication methods, such as passwords, tokens, or biometrics.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing Users and Groups

Question #11

A systems administrator is troubleshooting connectivity issues and trying to find out why a Linux server is not able to reach other servers on the same subnet it is connected to.

When listing link parameters, the following is presented:

Based on the output above, which of following is the MOST probable cause of the issue?

  • A . The address ac:00:11:22:33:cd is not a valid Ethernet address.
  • B . The Ethernet broadcast address should be ac:00:11:22:33:ff instead.
  • C . The network interface eth0 is using an old kernel module.
  • D . The network interface cable is not connected to a switch.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The most probable cause of the connectivity issue is that the network interface cable is not connected to a switch. This can be inferred from the output of the ip link list dev eth0 command, which shows that the network interface eth0 has the NO-CARRIER flag set. This flag indicates that there is no physical link detected on the interface, meaning that the cable is either unplugged or faulty. The other options are not valid causes of the issue. The address ac:00:11:22:33:cd is a valid Ethernet address, as it follows the format of six hexadecimal octets separated by colons. The Ethernet broadcast address should be ff:ff:ff:ff:ff:ff, which is the default value for all interfaces. The network interface eth0 is not using an old kernel module, as it shows the UP flag, which indicates that the interface is enabled and ready to transmit data.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Networking

Question #12

A Linux administrator was asked to run a container with the httpd server inside. This container should be exposed at port 443 of a Linux host machine while it internally listens on port 8443.

Which of the following commands will accomplish this task?

  • A . podman run -d -p 443:8443 httpd
  • B . podman run -d -p 8443:443 httpd
  • C . podman run Cd -e 443:8443 httpd
  • D . podman exec -p 8443:443 httpd

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command that will accomplish the task of running a container with the httpd server inside and exposing it at port 443 of the Linux host machine while it internally listens on port 8443 is podman run -d -p 443:8443 httpd. This command uses the podman tool, which is a daemonless container engine that can run and manage containers on Linux systems. The -d option runs the container in detached mode, meaning that it runs in the background without blocking the terminal. The -p option maps a port on the host machine to a port inside the container, using the format host_port:container_port. In this case, port 443 on the host machine is mapped to port 8443 inside the container, allowing external access to the httpd server. The httpd argument specifies the name of the image to run as a container, which in this case is an image that contains the Apache HTTP Server software. The other options are not correct commands for accomplishing the task. Podman run -d -p 8443:443 httpd maps port 8443 on the host machine to port 443 inside the container, which does not match the requirement. Podman run Cd -e 443:8443 httpd uses the -e option instead of the -p option, which sets an environment variable inside the container instead of mapping a port. Podman exec -p 8443:443 httpd uses the podman exec command instead of the podman run command, which executes a command inside an existing container instead of creating a new one.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks

Question #13

A Linux administrator needs to analyze a failing application that is running inside a container.

Which of the following commands allows the Linux administrator to enter the running container and analyze the logs that are stored inside?

  • A . docker run -ti app /bin/sh
  • B . podman exec -ti app /bin/sh
  • C . podman run -d app /bin/bash
  • D . docker exec -d app /bin/bash

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Podman exec -ti app /bin/sh allows the Linux administrator to enter the running container and analyze the logs that are stored inside. This command uses the podman tool, which is a daemonless container engine that can run and manage containers on Linux systems. The exec option executes a command inside an existing container, in this case app, which is the name of the container that runs the failing application. The -ti option allocates a pseudo-TTY and keeps STDIN open, allowing for interactive shell access to the container. The /bin/sh argument specifies the shell command to run inside the container, which can be used to view and manipulate the log files.

The other options are not correct commands for entering a running container and analyzing the logs. Docker run -ti app /bin/sh creates a new container from the app image and runs the /bin/sh command inside it, but does not enter the existing container that runs the failing application. Podman run -d app /bin/bash also creates a new container from the app image and runs the /bin/bash command inside it, but does so in detached mode, meaning that it runs in the background without interactive shell access. Docker exec -d app /bin/bash executes the /bin/bash command inside the existing app container, but also does so in detached mode, without interactive shell access.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks; View container logs | Docker Docs; How to see the logs of a docker container – Stack Overflow

Question #14

A systems administrator needs to clone the partition /dev/sdc1 to /dev/sdd1.

Which of the following commands will accomplish this task?

  • A . tar -cvzf /dev/sdd1 /dev/sdc1
  • B . rsync /dev/sdc1 /dev/sdd1
  • C . dd if=/dev/sdc1 of=/dev/sdd1
  • D . scp /dev/sdc1 /dev/sdd1

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command dd if=/dev/sdc1 of=/dev/sdd1 copies the data from the input file (if) /dev/sdc1 to the output file (of) /dev/sdd1, byte by byte. This is the correct way to clone a partition. The other options are incorrect because they either compress the data (tar -cvzf), synchronize the files (rsync), or copy the files over a network (scp), which are not the same as cloning a partition.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, page 321.

Question #15

When trying to log in remotely to a server, a user receives the following message:

The server administrator is investigating the issue on the server and receives the following outputs:

Which of the following is causing the issue?

  • A . The wrong permissions are on the user’s home directory.
  • B . The account was locked out due to three failed logins.
  • C . The user entered the wrong password.
  • D . The user has the wrong shell assigned to the account.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The user has the wrong shell assigned to the account, which is causing the issue. The output 1 shows that the user’s shell is set to /bin/false, which is not a valid shell and will prevent the user from logging in. The output 2 shows that the user’s home directory has the correct permissions (drwxr-xr-x), and the output 3 shows that the user entered the correct password and was accepted by the SSH daemon, but the session was closed immediately due to the invalid shell. The other options are incorrect because they are not supported by the outputs.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 413.

Question #16

A new Linux systems administrator just generated a pair of SSH keys that should allow connection to the servers.

Which of the following commands can be used to copy a key file to remote servers? (Choose two.)

  • A . wget
  • B . ssh-keygen
  • C . ssh-keyscan
  • D . ssh-copy-id
  • E . ftpd
  • F . scp

Reveal Solution Hide Solution

Correct Answer: D, F
D, F

Explanation:

The commands ssh-copy-id and scp can be used to copy a key file to remote servers. The command ssh-copy-id copies the public key to the authorized_keys file on the remote server, which allows the user to log in without a password. The command scp copies files securely over SSH, which can be used to transfer the key file to any location on the remote server. The other options are incorrect because they are not related to copying key files. The command wget downloads files from the web, the command ssh-keygen generates key pairs, the command ssh-keyscan collects public keys from remote hosts, and the command ftpd is a FTP server daemon.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, pages 408-410.

Question #17

A systems administrator needs to reconfigure a Linux server to allow persistent IPv4 packet forwarding.

Which of the following commands is the correct way to accomplish this task?

  • A . echo 1 > /proc/sys/net/ipv4/ipv_forward
  • B . sysctl -w net.ipv4.ip_forward=1
  • C . firewall-cmd –enable ipv4_forwarding
  • D . systemct1 start ipv4_forwarding

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command sysctl -w net.ipv4.ip_forward=1 enables IPv4 packet forwarding temporarily by setting the kernel parameter net.ipv4.ip_forward to 1. To make this change persistent, the administrator needs to edit the file /etc/sysctl.conf and add the line net.ipv4.ip_forward = 1. The other options are incorrect because they either use the wrong file (/proc/sys/net/ipv4/ipv_forward), the wrong command (firewall-cmd or systemct1), or the wrong option (–enable or start).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 378.

Question #18

A Linux administrator would like to use systemd to schedule a job to run every two hours. The administrator creates timer and service definitions and restarts the server to load these new configurations. After the restart, the administrator checks the log file and notices that the job is only running daily.

Which of the following is MOST likely causing the issue?

  • A . The checkdiskspace.service is not running.
  • B . The checkdiskspace.service needs to be enabled.
  • C . The OnCalendar schedule is incorrect in the timer definition.
  • D . The system-daemon services need to be reloaded.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The OnCalendar schedule is incorrect in the timer definition, which is causing the issue. The OnCalendar schedule defines when the timer should trigger the service. The format of the schedule is OnCalendar=<year>-<month>-<day> <hour>:<minute>:<second>. If any of the fields are omitted, they are assumed to be *, which means any value. Therefore, the schedule OnCalendar=*-*-* 00:00:00 means every day at midnight, which is why the job is running daily. To make the job run every two hours, the schedule should be OnCalendar=*-*-* *:00:00/2, which means every hour divisible by 2 at the start of the minute. The other options are incorrect because they are not related to the schedule. The checkdiskspace.service is running, as shown by the output of systemct1 status checkdiskspace.service. The checkdiskspace.service is enabled, as shown by the output of systemct1 is-enabled checkdiskspace.service. The system-daemon services do not need to be reloaded, as the timer and service definitions are already loaded by the restart.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, page 437.

Question #19

An administrator deployed a Linux server that is running a web application on port 6379/tcp.

SELinux is in enforcing mode based on organization policies.

The port is open on the firewall.

Users who are trying to connect to a local instance of the web application receive Error 13, Permission denied.

The administrator ran some commands that resulted in the following output:

Which of the following commands should be used to resolve the issue?

  • A . semanage port -d -t http_port_t -p tcp 6379
  • B . semanage port -a -t http_port_t -p tcp 6379
  • C . semanage port -a http_port_t -p top 6379
  • D . semanage port -l -t http_port_tcp 6379

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command semanage port -a -t http_port_t -p tcp 6379 adds a new port definition to the SELinux policy and assigns the type http_port_t to the port 6379/tcp. This allows the web application to run on this port and accept connections from users. This is the correct way to resolve the issue. The other options are incorrect because they either delete a port definition (-d), use the wrong protocol (top instead of tcp), or list the existing port definitions (-l).

Reference: CompTIA Linux+ (XK0-005)

Certification Study Guide, Chapter 18: Securing Linux Systems, page 535.

Question #20

A systems administrator created a web server for the company and is required to add a tag for the API so end users can connect.

Which of the following would the administrator do to complete this requirement?

  • A . hostnamectl status –no-ask-password
  • B . hostnamectl set-hostname "$(perl -le "print" "A" x 86)"
  • C . hostnamectl set-hostname Comptia-WebNode -H root@192.168.2.14
  • D . hostnamectl set-hostname Comptia-WebNode –transient

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command hostnamectl set-hostname Comptia-WebNode -H root@192.168.2.14 sets the hostname of the web server to Comptia-WebNode and connects to the server using the SSH protocol and the root user. This is the correct way to complete the requirement. The other options are incorrect because they either display the current hostname status (hostnamectl status), set an invalid hostname (hostnamectl set-hostname "$(perl -le "print" "A" x 86)"), or set a transient hostname that is not persistent (hostnamectl set-hostname Comptia-WebNode –transient).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 9: Managing System Components, page 291.

Question #21

A systems administrator wants to back up the directory /data and all its contents to /backup/data on a remote server named remote.

Which of the following commands will achieve the desired effect?

  • A . scp -p /data remote:/backup/data
  • B . ssh -i /remote:/backup/ /data
  • C . rsync -a /data remote:/backup/
  • D . cp -r /data /remote/backup/

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command that will back up the directory /data and all its contents to /backup/data on a remote server named remote is rsync -a /data remote:/backup/. This command uses the rsync tool, which is a remote and local file synchronization tool. It uses an algorithm to minimize the amount of data copied by only moving the portions of files that have changed. The -a option stands for archive mode, which preserves the permissions, ownership, timestamps, and symbolic links of the files. The /data argument specifies the source directory to be backed up, and the remote:/backup/ argument specifies the destination directory on the remote server. The rsync tool will create a subdirectory named data under /backup/ on the remote server, and copy all the files and subdirectories from /data on the local server.

The other options are not correct commands for backing up a directory to a remote server. The scp -p /data remote:/backup/data command will copy the /data directory as a file named data under /backup/ on the remote server, not as a subdirectory with its contents. The -p option preserves the permissions and timestamps of the file, but not the ownership or symbolic links. The ssh -i /remote:/backup/ /data command will try to use /remote:/backup/ as an identity file for SSH authentication, which is not valid. The cp -r /data /remote/backup/ command will try to copy the /data directory to a local directory named /remote/backup/, not to a remote server.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks; rsync(1) – Linux manual page

Question #22

An administrator needs to make some changes in the IaC declaration templates.

Which of the following commands would maintain version control?

  • A . git clone https://github.com/comptia/linux+-.git git push origin
  • B . git clone https://qithub.com/comptia/linux+-.git git fetch New-Branch
  • C . git clone https://github.com/comptia/linux+-.git git status
  • D . git clone https://github.com/comptia/linuxt+-.git git checkout -b <new-branch>

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that will maintain version control while making some changes in the IaC declaration templates is git checkout -b <new-branch>. This command uses the git tool, which is a distributed version control system that tracks changes in source code and enables collaboration among developers. The checkout option switches to a different branch in the git repository, where a branch is a pointer to a specific commit in the history. The -b option creates a new branch with the given name, and switches to it. This way, the administrator can make changes in the new branch without affecting the main branch, and later merge them if needed.

The other options are not correct commands for maintaining version control while making some changes in the IaC declaration templates. The git clone https://github.com/comptia/linux±.git command will clone an existing repository from a remote URL to a local directory, but it will not create a new branch for making changes. The git push origin command will push the local changes to a remote repository named origin, but it will not create a new branch for making changes. The git fetch New-Branch command will fetch updates from a remote branch named New-Branch, but it will not create a new branch for making changes.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Source Code; Git – Basic Branching and Merging

Question #23

An administrator attempts to rename a file on a server but receives the following error.

The administrator then runs a few commands and obtains the following output:

Which of the following commands should the administrator run NEXT to allow the file to be renamed by any user?

  • A . chgrp reet files
  • B . chacl -R 644 files
  • C . chown users files
  • D . chmod -t files

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that the administrator should run NEXT to allow the file to be renamed by any user is chmod -t files. This command uses the chmod tool, which is used to change file permissions and access modes. The -t option removes (or sets) the sticky bit on a directory, which restricts deletion or renaming of files within that directory to only their owners or root. In this case, since files is a directory with sticky bit set (indicated by t in drwxrwxrwt), removing it will allow any user to rename or delete files within that directory.

The other options are not correct commands for allowing any user to rename files within files directory. The chgrp reet files command will change the group ownership of files directory to reet, but it will not affect its permissions or access modes. The chacl -R 644 files command is invalid, as chacl is used to change file access control lists (ACLs), not permissions or access modes. The chown users files command will change the user ownership of files directory to users, but it will not affect its permissions or access modes.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing Users and Groups; chmod(1) – Linux manual page

Question #24

Which of the following commands will display the operating system?

  • A . uname -n
  • B . uname -s
  • C . uname -o
  • D . uname -m

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command that will display the operating system is uname -o. This command uses the uname tool, which is used to print system information such as the kernel name, version, release, machine, and processor. The -o option stands for operating system, and prints the name of the operating system implementation (usually GNU/Linux).

The other options are not correct commands for displaying the operating system. The uname -n command will display the network node hostname of the system. The uname -s command will display the kernel name of the system. The uname -m command will display the machine hardware name of the system.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 1: Exploring Linux Command-Line Tools; uname(1) – Linux manual page

Question #25

A systems engineer is adding a new 1GB XFS filesystem that should be temporarily mounted under /ops/app.

Which of the following is the correct list of commands to achieve this goal?

A)

B)

C)

D)

  • A . Option A
  • B . Option B
  • C . Option C
  • D . Option D

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The list of commands in option D is the correct way to achieve the goal.

The commands are as follows:

fallocate -l 1G /ops/app.img creates a 1GB file named app.img under the /ops directory.

mkfs.xfs /ops/app.img formats the file as an XFS filesystem.

mount -o loop /ops/app.img /ops/app mounts the file as a loop device under the /ops/app directory. The other options are incorrect because they either use the wrong commands (dd or truncate instead of fallocate), the wrong options (-t or -f instead of -o), or the wrong order of arguments (/ops/app.img /ops/app instead of /ops/app /ops/app.img).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, pages 323-324.

Question #26

A Linux administrator recently downloaded a software package that is currently in a compressed file.

Which of the following commands will extract the files?

  • A . unzip -v
  • B . bzip2 -z
  • C . gzip
  • D . funzip

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command gzip can extract files that are compressed with the gzip format, which has the extension .gz. This is the correct command to use for the software package. The other options are incorrect because they either compress files (bzip2 -z), unzip files that are compressed with the zip format (unzip -v or funzip), or have the wrong options (-v or -z instead of -d).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, page 353.

Question #27

A Linux administrator is troubleshooting SSH connection issues from one of the workstations.

When users attempt to log in from the workstation to a server with the IP address 104.21.75.76, they receive the following message:

The administrator reviews the information below:

Which of the following is causing the connectivity issue?

  • A . The workstation has the wrong IP settings.
  • B . The sshd service is disabled.
  • C . The server’s firewall is preventing connections from being made.
  • D . The server has an incorrect default gateway configuration.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The server’s firewall is preventing connections from being made, which is causing the connectivity issue. The output of iptables -L -n shows that the firewall is blocking all incoming traffic on port 22, which is the default port for SSH. The output of ssh -v user@104.21.75.76 shows that the connection is refused by the server. To resolve the issue, the administrator needs to allow port 22 on the firewall. The other options are incorrect because they are not supported by the outputs. The workstation has the correct IP settings, as shown by the output of ip addr show. The sshd service is enabled and running, as shown by the output of systemct1 status sshd. The server has the correct default gateway configuration, as shown by the output of ip route show.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, pages 406-407.

Question #28

Which of the following files holds the system configuration for journal when running systemd?

  • A . /etc/systemd/journald.conf
  • B . /etc/systemd/systemd-journalctl.conf
  • C . /usr/lib/systemd/journalctl.conf
  • D . /etc/systemd/systemd-journald.conf

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The file that holds the system configuration for journal when running systemd is /etc/systemd/journald.conf. This file contains various settings that control the behavior of the journald daemon, which is responsible for collecting and storing log messages from various sources. The journald.conf file can be edited to change the default values of these settings, such as the storage location, size limits, compression, and forwarding options of the journal files. The file also supports a drop-in directory /etc/systemd/journald.conf.d/ where additional configuration files can be placed to override or extend the main file.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks; journald.conf(5) – Linux manual page

Question #29

A Linux administrator is tasked with creating resources using containerization. When deciding how to create this type of deployment, the administrator identifies some key features, including portability, high availability, and scalability in production.

Which of the following should the Linux administrator choose for the new design?

  • A . Docker
  • B . On-premises systems
  • C . Cloud-based systems
  • D . Kubernetes

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The Linux administrator should choose Kubernetes for the new design that requires portability, high availability, and scalability in production using containerization. Kubernetes is an open-source platform that automates the deployment, scaling, and management of containerized applications across clusters of nodes. Kubernetes provides features such as service discovery, load balancing, storage orchestration, self-healing, secret and configuration management, and batch execution. Kubernetes also supports multiple container runtimes, such as Docker, containerd, and CRI-O, making it portable across different platforms and clouds.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks; What is Kubernetes? | Kubernetes

Question #30

Which of the following tools is commonly used for creating CI/CD pipelines?

  • A . Chef
  • B . Puppet
  • C . Jenkins
  • D . Ansible

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The tool that is commonly used for creating CI/CD pipelines is Jenkins. Jenkins is an open-source automation server that enables continuous integration and continuous delivery (CI/CD) of software projects. Jenkins allows developers to build, test, and deploy code changes automatically and frequently using various plugins and integrations. Jenkins also supports distributed builds, parallel execution, pipelines as code, and real-time feedback.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Source Code; Jenkins

Question #31

A systems administrator requires that all files that are created by the user named web have read-only permissions by the owner.

Which of the following commands will satisfy this requirement?

  • A . chown web:web /home/web
  • B . chmod -R 400 /home/web
  • C . echo "umask 377" >> /home/web/.bashrc
  • D . setfacl read /home/web

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command that will satisfy the requirement of having all files that are created by the user named web have read-only permissions by the owner is echo “umask 377” >> /home/web/.bashrc. This command will append the umask 377 command to the end of the .bashrc file in the web user’s home directory. The .bashrc file is a shell script that is executed whenever a new interactive shell session is started by the user. The umask command sets the file mode creation mask, which determines the default permissions for newly created files or directories by subtracting from the maximum permissions (666 for files and 777 for directories). The umask 377 command means that the user does not want to give any permissions to the group or others (3 = 000 in binary), and only wants to give read permission to the owner (7 – 3 = 4 = 100 in binary). Therefore, any new file created by the web user will have read-only permission by the owner (400) and no permission for anyone else.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing Users and Groups; Umask Command in Linux | Linuxize

Question #32

A systems administrator is tasked with preventing logins from accounts other than root, while the file /etc/nologin exists.

Which of the following PAM modules will accomplish this task?

  • A . pam_login.so
  • B . pam_access.so
  • C . pam_logindef.so
  • D . pam_nologin.so

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The PAM module pam_nologin.so will prevent logins from accounts other than root, while the file /etc/nologin exists. This module checks for the existence of the file /etc/nologin and displays its contents to the user before denying access. The root user is exempt from this check and can still log in. This is the correct module to accomplish the task. The other options are incorrect because they are either non-existent modules (pam_login.so or pam_logindef.so) or do not perform the required function (pam_access.so controls access based on host, user, or time).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 15: Managing Users and Groups, page 471.

Question #33

A systems administrator has been tasked with disabling the nginx service from the environment to prevent it from being automatically and manually started.

Which of the following commands will accomplish this task?

  • A . systemct1 cancel nginx
  • B . systemct1 disable nginx
  • C . systemct1 mask nginx
  • D . systemct1 stop nginx

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command systemct1 mask nginx disables the nginx service from the environment and prevents it from being automatically and manually started. This command creates a symbolic link from the service unit file to /dev/null, which makes the service impossible to start. This is the correct way to accomplish the task. The other options are incorrect because they either do not exist (systemct1 cancel nginx), do not prevent manual start (systemct1 disable nginx), or do not prevent automatic start (systemct1 stop nginx).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, page 429.

Question #34

A Linux administrator is troubleshooting an issue in which an application service failed to start on a

Linux server.

The administrator runs a few commands and gets the following outputs:

Based on the above outputs, which of the following is the MOST likely action the administrator should take to resolve this issue?

  • A . Enable the logsearch.service and restart the service.
  • B . Increase the TimeoutStartUSec configuration for the logsearch.sevice.
  • C . Update the OnCalendar configuration to schedule the start of the logsearch.service.
  • D . Update the KillSignal configuration for the logsearch.service to use TERM.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The administrator should increase the TimeoutStartUSec configuration for the logsearch.service to resolve the issue. The output of systemct1 status logsearch.service shows that the service failed to start due to a timeout. The output of cat /etc/systemd/system/logsearch.service shows that the service has a TimeoutStartUSec configuration of 10 seconds, which might be too short for the service to start. The administrator should increase this value to a higher number, such as 30 seconds or 1 minute, and then restart the service. The other options are incorrect because they are not related to the issue. The service is already enabled, as shown by the output of systemct1 is-enabled logsearch.service. The service does not use an OnCalendar configuration, as it is not a timer unit. The service does not use a KillSignal configuration, as it is not being killed by a signal.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, pages 434-435.

Question #35

A Linux administrator has installed a web server, a database server, and a web application on a server. The web application should be active in order to render the web pages. After the administrator restarts the server, the website displays the following message in the browser: Error establishing a database connection.

The Linux administrator reviews the following relevant output from the systemd init files:

The administrator needs to ensure that the database is available before the web application is started.

Which of the following should the administrator add to the HTTP server .service file to accomplish this task?

  • A . TRIGGERS=mariadb.service
  • B . ONFAILURE=mariadb.service
  • C . WANTEDBY=mariadb.service
  • D . REQUIRES=mariadb.service

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The administrator should add REQUIRES=mariadb.service to the HTTP server .service file to ensure that the database is available before the web application is started. This directive specifies that the HTTP server unit requires the MariaDB server unit to be started before it can run. If the MariaDB server unit fails to start or stops for any reason, the HTTP server unit will also fail or stop. This way, the dependency between the web application and the database is enforced by systemd.

The other options are not correct directives for accomplishing this task. TRIGGERS=mariadb.service is not a valid directive in systemd unit files. ONFAILURE=mariadb.service means that the HTTP server unit will start only if the MariaDB server unit fails, which is not what we want. WANTEDBY=mariadb.service means that the HTTP server unit will be started when the MariaDB server unit is enabled, but it does not imply a strong dependency or ordering relationship between them.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Services with systemd; systemd.unit(5) – Linux manual page

Question #36

Several users reported that they were unable to write data to the /oracle1 directory.

The following output has been provided:

Which of the following commands should the administrator use to diagnose the issue?

  • A . df -i /oracle1
  • B . fdisk -1 /dev/sdb1
  • C . lsblk /dev/sdb1
  • D . du -sh /oracle1

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The administrator should use the command df -i /oracle1 to diagnose the issue of users being unable to write data to the /oracle1 directory. This command will show the inode usage of the /oracle1 filesystem, which indicates how many files and directories can be created on it. If the inode usage is 100%, it means that no more files or directories can be added, even if there is still free space on the disk. The administrator can then delete some unnecessary files or directories, or increase the inode limit of the filesystem, to resolve the issue.

The other options are not correct commands for diagnosing this issue. The fdisk -l /dev/sdb1 command will show the partition table of /dev/sdb1, which is not relevant to the inode usage. The lsblk /dev/sdb1 command will show information about /dev/sdb1 as a block device, such as its size, mount point, and type, but not its inode usage. The du -sh /oracle1 command will show the disk usage of /oracle1 in human-readable format, but not its inode usage.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 7: Managing Disk Storage; How to Check Inode Usage in Linux – Fedingo

Question #37

After installing some RPM packages, a systems administrator discovers the last package that was installed was not needed.

Which of the following commands can be used to remove the package?

  • A . dnf remove packagename
  • B . apt-get remove packagename
  • C . rpm -i packagename
  • D . apt remove packagename

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command that can be used to remove an RPM package that was installed by mistake is dnf remove packagename. This command will use the DNF package manager to uninstall an RPM package and its dependencies from a Linux system that uses RPM-based distributions, such as Red Hat Enterprise Linux or CentOS. The DNF package manager handles dependency resolution and metadata searching for RPM packages.

The other options are not correct commands for removing an RPM package from a Linux system. The apt-get remove packagename and apt remove packagename commands are used to remove Debian packages from a Linux system that uses Debian-based distributions, such as Ubuntu or Debian. They are not compatible with RPM packages. The rpm -i packagename command is used to install an RPM package, not to remove it.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 9: Managing Software Packages; How to install/remove/query/update RPM packages in Linux (Cheat Sheet …

Question #38

A systems administrator is checking the system logs. The administrator wants to look at the last 20 lines of a log.

Which of the following will execute the command?

  • A . tail -v 20
  • B . tail -n 20
  • C . tail -c 20
  • D . tail -l 20

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command tail -n 20 will display the last 20 lines of a file. The -n option specifies the number of lines to show. This is the correct command to execute the task. The other options are incorrect because they either use the wrong options (-v, -c, or -l) or have the wrong arguments (20 instead of 20 filename).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, page 352.

Question #39

An administrator is trying to diagnose a performance issue and is reviewing the following output:

System Properties:

CPU: 4 vCPU

Memory: 40GB

Disk maximum IOPS: 690

Disk maximum throughput: 44Mbps | 44000Kbps

Based on the above output, which of the following BEST describes the root cause?

  • A . The system has reached its maximum IOPS, causing the system to be slow.
  • B . The system has reached its maximum permitted throughput, therefore iowait is increasing.
  • C . The system is mostly idle, therefore the iowait is high.
  • D . The system has a partitioned disk, which causes the IOPS to be doubled.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The system has reached its maximum permitted throughput, therefore iowait is increasing. The output of iostat -x shows that the device sda has an average throughput of 44.01 MB/s, which is equal to the disk maximum throughput of 44 Mbps. The output also shows that the device sda has an average iowait of 99.99%, which means that the CPU is waiting for the disk to complete the I/O requests. This indicates that the disk is the bottleneck and the system is slow due to the high iowait. The other options are incorrect because they are not supported by the outputs. The system has not reached its maximum IOPS, as the device sda has an average IOPS of 563.50, which is lower than the disk maximum IOPS of 690. The system is not mostly idle, as the output of top shows that the CPU is 100% busy. The system does not have a partitioned disk, as the output of lsblk shows that the device sda has only one partition sda1.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 17: Optimizing Linux Systems, pages 513-514.

Question #40

A systems administrator wants to test the route between IP address 10.0.2.15 and IP address 192.168.1.40.

Which of the following commands will accomplish this task?

  • A . route -e get to 192.168.1.40 from 10.0.2.15
  • B . ip route get 192.163.1.40 from 10.0.2.15
  • C . ip route 192.169.1.40 to 10.0.2.15
  • D . route -n 192.168.1.40 from 10.0.2.15

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command ip route get 192.168.1.40 from 10.0.2.15 will test the route between the IP address 10.0.2.15 and the IP address 192.168.1.40. The ip route get command shows the routing decision for a given destination and source address. This is the correct command to accomplish the task. The other options are incorrect because they either use the wrong commands (route instead of ip route), the wrong options (-e or -n instead of get), or the wrong syntax (to instead of from).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 379.

Question #41

A Linux administrator was tasked with deleting all files and directories with names that are contained in the sobelete.txt file.

Which of the following commands will accomplish this task?

  • A . xargs -f cat toDelete.txt -rm
  • B . rm -d -r -f toDelete.txt
  • C . cat toDelete.txt | rm -frd
  • D . cat toDelete.txt | xargs rm -rf

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command cat toDelete.txt | xargs rm -rf will delete all files and directories with names that are contained in the toDelete.txt file. The cat command reads the file and outputs its contents to the standard output. The | operator pipes the output to the next command. The xargs command converts the output into arguments for the next command. The rm -rf command removes the files and directories recursively and forcefully. This is the correct way to accomplish the task. The other options are incorrect because they either use the wrong options (-f instead of -a for xargs), the wrong arguments (toDelete.txt instead of toDelete.txt filename for rm), or the wrong commands (rm instead of xargs).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11:

Managing Files and Directories, pages 349-350.

Question #42

A Linux administrator is troubleshooting the root cause of a high CPU load and average.

Which of the following commands will permanently resolve the issue?

  • A . renice -n -20 6295
  • B . pstree -p 6295
  • C . iostat -cy 1 5
  • D . kill -9 6295

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that will permanently resolve the issue of high CPU load and average is kill -9 6295. This command will send a SIGKILL signal to the process with the PID 6295, which is the process that is consuming 99.7% of the CPU according to the top output. The SIGKILL signal will terminate the process immediately and free up the CPU resources. The kill command is used to send signals to processes by PID or name.

The other options are not correct commands for resolving this issue. The renice -n -20 6295 command will change the priority (niceness) of the process with PID 6295 to -20, which is the highest priority possible. This will make the process more CPU-intensive, not less. The renice command is used to change the priority of running processes. The pstree -p 6295 command will show a tree of processes with PID 6295 as the root. This will not affect the CPU load or average, but only display information. The pstree command is used to display a tree of processes. The iostat -cy 1 5 command will show CPU and disk I/O statistics for 5 iterations with an interval of 1 second. This will also not affect the CPU load or average, but only display information. The iostat command is used to report CPU and I/O statistics.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Troubleshooting Linux Systems; kill(1) – Linux manual page; renice(1) – Linux manual page; pstree(1) – Linux manual page; iostat(1) – Linux manual page

Question #43

A Linux administrator wants to set the SUID of a file named dev_team.text with 744 access rights.

Which of the following commands will achieve this goal?

  • A . chmod 4744 dev_team.txt
  • B . chmod 744 –setuid dev_team.txt
  • C . chmod -c 744 dev_team.txt
  • D . chmod -v 4744 –suid dev_team.txt

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command that will set the SUID of a file named dev_team.txt with 744 access rights is chmod 4744 dev_team.txt. This command will use the chmod utility to change the file mode bits of dev_team.txt. The first digit (4) represents the SUID bit, which means that when someone executes dev_team.txt, it will run with the permissions of the file owner. The next three digits (744) represent the read, write, and execute permissions for the owner (7), group (4), and others (4). This means that the owner can read, write, and execute dev_team.txt, while the group and others can only read it.

The other options are not correct commands for setting the SUID of a file with 744 access rights. The chmod 744 –setuid dev_team.txt command is invalid because there is no –setuid option in chmod.

The chmod -c 744 dev_team.txt command will change the file mode bits to 744, but it will not set the SUID bit. The -c option only means that chmod will report when a change is made. The chmod -v 4744 –suid dev_team.txt command is also invalid because there is no –suid option in chmod. The -v option only means that chmod will output a diagnostic for every file processed.

Reference: CompTIA

Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing Users and Groups; chmod(1) – Linux

manual page

Question #44

A developer has been unable to remove a particular data folder that a team no longer uses. The developer escalated the issue to the systems administrator.

The following output was received:

Which of the following commands can be used to resolve this issue?

  • A . chgrp -R 755 data/
  • B . chmod -R 777 data/
  • C . chattr -R -i data/
  • D . chown -R data/

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command that can be used to resolve the issue of being unable to remove a particular data folder is chattr -R -i data/. This command will use the chattr utility to change file attributes on a Linux file system. The -R option means that chattr will recursively change attributes of directories and their contents. The -i option means that chattr will remove (unset) the immutable attribute from files or directories. When a file or directory has the immutable attribute set, it cannot be modified, deleted, or renamed.

The other options are not correct commands for resolving this issue. The chgrp -R 755 data/ command will change the group ownership of data/ and its contents recursively to 755, which is not a valid group name. The chgrp command is used to change group ownership of files or directories. The chmod -R 777 data/ command will change the file mode bits of data/ and its contents recursively to 777, which means that everyone can read, write, and execute them. However, this will not remove the immutable attribute, which prevents deletion or modification regardless of permissions. The chmod command is used to change file mode bits of files or directories. The chown -R data/ command is incomplete and will produce an error. The chown command is used to change the user and/or group ownership of files or directories, but it requires at least one argument besides the file name.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 7: Managing Disk Storage; chattr(1) – Linux manual page; chgrp(1) – Linux manual page; chmod(1) – Linux manual page; chown(1) – Linux manual page

Question #45

A Linux administrator needs to ensure that Java 7 and Java 8 are both locally available for developers to use when deploying containers. Currently only Java 8 is available.

Which of the following commands should the administrator run to ensure both versions are available?

  • A . docker image load java:7
  • B . docker image pull java:7
  • C . docker image import java:7
  • D . docker image build java:7

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command that the administrator should run to ensure that both Java 7 and Java 8 are locally available for developers to use when deploying containers is docker image pull java:7. This command will use the docker image pull subcommand to download the java:7 image from Docker Hub, which is the default registry for Docker images. The java:7 image contains Java 7 installed on a Debian-based Linux system. The administrator can also specify a different registry by using the syntax registry/repository:tag.

The other options are not correct commands for ensuring that both Java 7 and Java 8 are locally available for developers to use when deploying containers. The docker image load java:7 command will load an image from a tar archive or STDIN, not from a registry. The docker image import java:7 command will create a new filesystem image from the contents of a tarball, not from a registry. The docker image build java:7 command will build an image from a Dockerfile, not from a registry.

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks; docker image pull | Docker Docs

Question #46

A cloud engineer is installing packages during VM provisioning.

Which of the following should the engineer use to accomplish this task?

  • A . Cloud-init
  • B . Bash
  • C . Docker
  • D . Sidecar

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The cloud engineer should use cloud-init to install packages during VM provisioning. Cloud-init is a tool that allows the customization of cloud instances at boot time. Cloud-init can perform various tasks, such as setting the hostname, creating users, installing packages, configuring network, and running scripts. Cloud-init can work with different cloud platforms and Linux distributions. This is the correct tool to accomplish the task. The other options are incorrect because they are either not suitable for cloud provisioning (Bash or Docker) or not a tool but a design pattern (Sidecar).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 563.

Question #47

A systems administrator is tasked with creating a cloud-based server with a public IP address.

Which of the following technologies did the systems administrator use to complete this task?

  • A . Puppet
  • B . Git
  • C . Ansible
  • D . Terraform

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The systems administrator used Terraform to create a cloud-based server with a public IP address. Terraform is a tool for building, changing, and versioning infrastructure as code. Terraform can create and manage resources on different cloud platforms, such as AWS, Azure, or Google Cloud. Terraform uses a declarative syntax to describe the desired state of the infrastructure and applies the changes accordingly. Terraform can also assign a public IP address to a cloud server by using the appropriate resource attributes. This is the correct technology that the systems administrator used to complete the task. The other options are incorrect because they are either not designed for creating cloud servers (Puppet or Git) or not capable of assigning public IP addresses (Ansible).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 559.

Question #48

A Linux systems administrator is setting up a new web server and getting 404 – NOT FOUND errors while trying to access the web server pages from the browser.

While working on the diagnosis of this issue, the Linux systems administrator executes the following commands:

Which of the following commands will BEST resolve this issue?

  • A . sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config
  • B . restorecon -R -v /var/www/html
  • C . setenforce 0
  • D . setsebool -P httpd_can_network_connect_db on

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command restorecon -R -v /var/www/html will best resolve the issue. The issue is caused by the incorrect SELinux context of the web server files under the /var/www/html directory. The output of ls -Z /var/www/html shows that the files have the type user_home_t, which is not allowed for web content. The command restorecon restores the default SELinux context of files based on the policy rules. The options -R and -v are used to apply the command recursively and verbosely. This command will change the type of the files to httpd_sys_content_t, which is the correct type for web content. This will allow the web server to access the files and serve the pages to the browser. The other options are incorrect because they either disable SELinux entirely (sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config or setenforce 0), which is not a good security practice, or enable an unnecessary boolean (setsebool -P httpd_can_network_connect_db on), which is not related to the issue.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 535.

Question #49

To harden one of the servers, an administrator needs to remove the possibility of remote administrative login via the SSH service.

Which of the following should the administrator do?

  • A . Add the line DenyUsers root to the /etc/hosts.deny file.
  • B . Set PermitRootLogin to no in the /etc/ssh/sshd_config file.
  • C . Add the line account required pam_nologin. so to the /etc/pam.d/sshd file.
  • D . Set PubKeyAuthentication to no in the /etc/ssh/ssh_config file.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The administrator should set PermitRootLogin to no in the /etc/ssh/sshd_config file to remove the possibility of remote administrative login via the SSH service. The PermitRootLogin directive controls whether the root user can log in using SSH. Setting it to no will deny any remote login attempts by the root user. This will harden the server and prevent unauthorized access. The administrator should also restart the sshd service after making the change. The other options are incorrect because they either do not affect the SSH service (/etc/hosts.deny or /etc/pam.d/sshd) or do not prevent remote administrative login (PubKeyAuthentication).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 413.

Question #50

Which of the following is a function of a bootloader?

  • A . It initializes all the devices that are required to load the OS.
  • B . It mounts the root filesystem that is required to load the OS.
  • C . It helps to load the different kernels to initiate the OS startup process.
  • D . It triggers the start of all the system services.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

A function of a bootloader is to help load the different kernels to initiate the OS startup process. A bootloader is a program that runs when the system is powered on and prepares the system for booting the OS. A bootloader can load different kernels, which are the core components of the OS, and pass the control to the selected kernel. A bootloader can also provide a menu for the user to choose which kernel or OS to boot. This is a correct function of a bootloader. The other options are incorrect because they are either functions of the kernel (initialize devices or mount root filesystem) or functions of the init system (trigger the start of system services).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing the Linux Boot Process, page 265.

Question #51

A systems administrator configured firewall rules using firewalld.

However, after the system is rebooted, the firewall rules are not present:

The systems administrator makes additional checks:

Which of the following is the reason the firewall rules are not active?

  • A . iptables is conflicting with firewalld.
  • B . The wrong system target is activated.
  • C . FIREWALL_ARGS has no value assigned.
  • D . The firewalld service is not enabled.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The reason the firewall rules are not active is that the firewalld service is not enabled. This means that the service will not start automatically at boot time or after a system reload. To enable the firewalld service, the systems administrator needs to use the command sudo systemct1 enable firewalld. This will create a symbolic link from the firewalld service file to the appropriate systemd target, such as multi-user.target. Enabling the service does not start it immediately, so the systems administrator also needs to use the command sudo systemct1 start firewalld or sudo systemct1 reload firewalld to activate the firewall rules.

The other options are not correct reasons for the firewall rules not being active. iptables is not conflicting with firewalld, because firewalld uses iptables as its backend by default. The wrong system target is not activated, because firewalld is independent of the system target and can be enabled for any target. FIREWALL_ARGS has no value assigned, but this is not a problem, because FIREWALL_ARGS is an optional environment variable that can be used to pass additional arguments to the firewalld daemon, such as –debug or –nofork. If FIREWALL_ARGS is empty or not defined, firewalld will use its default

arguments.

References: firewalld.service(8) – Linux manual page; firewall-cmd(1) – Linux manual page; systemct1(1) – Linux manual page

Question #52

A newly created container has been unable to start properly, and a Linux administrator is analyzing the cause of the failure.

Which of the following will allow the administrator to determine the FIRST command that is executed inside the container right after it starts?

  • A . docker export <container_id>
  • B . docker info <container_id>
  • C . docker start <container_id>
  • D . docker inspect <container_id>

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that will allow the administrator to determine the first command that is executed inside the container right after it starts is docker inspect <container_id>. This command will display detailed information about the container, including its configuration, state, network settings, mounts, and logs. One of the configuration fields is “Entrypoint”, which shows the command that is executed when the container is run. The entrypoint can be specified in the Dockerfile or overridden at runtime using the –entrypoint option.

The other options are not correct commands for determining the first command that is executed inside the container. The docker export <container_id> command will export the contents of the container’s filesystem as a tar archive to STDOUT. This will not show the entrypoint of the container, but only its files. The docker info <container_id> command is invalid because docker info does not take any arguments. It shows system-wide information about Docker, such as the number of containers, images, volumes, networks, and storage drivers. The docker start <container_id> command will start a stopped container and attach its STDOUT and STDERR to the terminal. This will not show the entrypoint of the container, but only its output.

Reference: docker inspect | Docker Docs; docker export | Docker Docs; docker info | Docker Docs; docker start | Docker Docs

Question #53

A Linux administrator is scheduling a system job that runs a script to check available disk space every hour. The Linux administrator does not want users to be able to start the job.

Given the following:

The Linux administrator attempts to start the timer service but receives the following error message:

Which of the following is MOST likely the reason the timer will not start?

  • A . The checkdiskspace.timer unit should be enabled via systemct1.
  • B . The timers.target should be reloaded to get the new configuration.
  • C . The checkdiskspace.timer should be configured to allow manual starts.
  • D . The checkdiskspace.timer should be started using the sudo command.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The most likely reason the timer will not start is that the checkdiskspace.timer should be configured to allow manual starts. By default, systemd timers do not allow manual activation via systemct1 start, unless they have RefuseManualStart=no in their [Unit] section. This option prevents users from accidentally starting timers that are meant to be controlled by other mechanisms, such as calendar events or dependencies. To enable manual starts for checkdiskspace.timer, the administrator should add RefuseManualStart=no to its [Unit] section and reload systemd.

The other options are not correct reasons for the timer not starting. The checkdiskspace.timer unit does not need to be enabled via systemct1 enable, because enabling a timer only makes it start automatically at boot time or after a system reload, but does not affect manual activation. The timers.target does not need to be reloaded to get the new configuration, because reloading a target only affects units that have a dependency on it, but does not affect manual activation. The checkdiskspace.timer does not need to be started using the sudo command, because the administrator is already running systemct1 as root, as indicated by the # prompt.

Reference: systemd.timer(5) – Linux manual page; systemct1(1) – Linux manual page

Question #54

A Linux administrator wants to find out whether files from the wget package have been altered since they were installed.

Which of the following commands will provide the correct information?

  • A . rpm -i wget
  • B . rpm -qf wget
  • C . rpm -F wget
  • D . rpm -V wget

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that will provide the correct information about whether files from the wget package have been altered since they were installed is rpm -V wget. This command will use the rpm utility to verify an installed RPM package by comparing information about the installed files with information from the RPM database.

The verification process can check various attributes of each file, such as size, mode, owner, group, checksum, capabilities, and so on. If any discrepancies are found, rpm will report them using a single letter code for each attribute.

The other options are not correct commands for verifying an installed RPM package. The rpm -i wget command is invalid because -i is used to install a package from a file, not to verify an installed package. The rpm -qf wget command will query which package owns wget as a file name or path name, but it will not verify its attributes. The rpm -F wget command will freshen (upgrade) an already installed package with wget as a file name or path name, but it will not verify its attributes.

References: rpm(8) – Linux manual page; Using RPM to Verify Installed Packages

Question #55

A Linux engineer set up two local DNS servers (10.10.10.10 and 10.10.10.20) and was testing email connectivity to the local mail server using the mail command on a local machine when the following error appeared:

The local machine DNS settings are:

Which of the following commands could the engineer use to query the DNS server to get mail server information?

  • A . dig @example.com 10.10.10.20 a
  • B . dig @10.10.10.20 example.com mx
  • C . dig @example.com 10.10.10.20 ptr
  • D . dig @10.10.10.20 example.com ns

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command dig @10.10.10.20 example.com mx will query the DNS server to get mail server information. The dig command is a tool for querying DNS servers and displaying the results.

The @ option specifies the DNS server to query, in this case 10.10.10.20. The mx option specifies the type of record to query, in this case mail exchange (MX) records, which identify the mail servers for a domain. The domain name to query is example.com. This command will show the MX records for example.com from the DNS server 10.10.10.20. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong syntax (@example.com 10.10.10.20 instead of @10.10.10.20 example.com), the wrong type of record (a or ptr instead of mx), or the wrong domain name (example.com ns instead of example.com mx).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 415.

Question #56

A Linux engineer has been notified about the possible deletion of logs from the file /opt/app/logs.

The engineer needs to ensure the log file can only be written into without removing previous entries.

Which of the following commands would be BEST to use to accomplish this task?

  • A . chattr +a /opt/app/logs
  • B . chattr +d /opt/app/logs
  • C . chattr +i /opt/app/logs
  • D . chattr +c /opt/app/logs

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command chattr +a /opt/app/logs will ensure the log file can only be written into without removing previous entries. The chattr command is a tool for changing file attributes on Linux file systems. The +a option sets the append-only attribute, which means that the file can only be opened in append mode for writing. This prevents the file from being modified, deleted, or renamed. This is the best command to use to accomplish the task. The other options are incorrect because they either set the wrong attributes (+d, +i, or +c) or do not affect the file at all (-a).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, page 357.

Question #57

A systems administrator needs to check if the service systemd-resolved.service is running without any errors.

Which of the following commands will show this information?

  • A . systemct1 status systemd-resolved.service
  • B . systemct1 enable systemd-resolved.service
  • C . systemct1 mask systemd-resolved.service
  • D . systemct1 show systemd-resolved.service

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command systemct1 status systemd-resolved.service will show the information about the service systemd-resolved.service. The systemct1 command is a tool for managing system services and units. The status option displays the current status of a unit, such as active, inactive, or failed. The output also shows the unit description, loaded configuration, process ID, memory usage, and recent log messages. This command will show if the service systemd-resolved.service is running without any errors. This is the correct command to use to accomplish the task. The other options are incorrect because they either perform different actions (enable, mask, or show) or do not show the status of the service (systemct1 show systemd-resolved.service only shows the properties of the service, not the status).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, page 427.

Question #58

Junior system administrator had trouble installing and running an Apache web server on a Linux server. You have been tasked with installing the Apache web server on the Linux server and resolving the issue that prevented the junior administrator from running Apache.

INSTRUCTIONS

Install Apache and start the service. Verify that the Apache service is running with the defaults.

Typing “help” in the terminal will show a list of relevant event commands.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Reveal Solution Hide Solution

Correct Answer: yum install httpd

systemct1 –now enable httpd

systemct1 status httpd

netstat -tunlp | grep 80

pkill <processname>

systemct1 restart httpd

systemct1 status httpd

Question #59

A Linux administrator needs to remove software from the server.

Which of the following RPM options should be used?

  • A . rpm -s
  • B . rрm -d
  • C . rpm -q
  • D . rpm -e

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The RPM option -e should be used to remove software from the server. The rpm command is a tool for managing software packages on RPM-based Linux distributions. The -e option stands for erase and removes the specified package from the system. This is the correct option to use to accomplish the task. The other options are incorrect because they either do not exist (-s or -d) or do not remove software (-q stands for query and displays information about the package).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 16: Managing Software, page 489.

Question #60

A Linux system fails to start and delivers the following error message:

Which of the following commands can be used to address this issue?

  • A . fsck.ext4 /dev/sda1
  • B . partprobe /dev/sda1
  • C . fdisk /dev/sda1
  • D . mkfs.ext4 /dev/sda1

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command fsck.ext4 /dev/sda1 can be used to address the issue. The issue is caused by a corrupted filesystem on the /dev/sda1 partition. The error message shows that the filesystem type is ext4 and the superblock is invalid. The command fsck.ext4 is a tool for checking and repairing ext4 filesystems. The

command will scan the partition for errors and attempt to fix them. This command can resolve the issue and allow the system to start. The other options are incorrect because they either do not fix the filesystem (partprobe or fdisk) or destroy the data on the partition (mkfs.ext4).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, page 325.

Question #61

Based on an organization’s new cybersecurity policies, an administrator has been instructed to ensure that, by default, all new users and groups that are created fall within the specified values below.

To which of the following configuration files will the required changes need to be made?

  • A . /etc/login.defs
  • B . /etc/security/limits.conf
  • C . /etc/default/useradd
  • D . /etc/profile

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The required changes need to be made to the /etc/login.defs configuration file. The /etc/login.defs file defines the default values for user and group IDs, passwords, shells, and other parameters for user and group creation. The file contains the directives UID_MIN, UID_MAX, GID_MIN, and GID_MAX, which set the minimum and maximum values for automatic user and group ID selection. The administrator can edit this file and change the values to match the organization’s new cybersecurity policies. This is the correct file to modify to accomplish the task. The other options are incorrect because they either do not affect the user and group IDs (/etc/security/limits.conf or /etc/profile) or do not set the default values

(/etc/default/useradd).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 15: Managing Users and Groups, page 463.

Question #62

A Linux administrator is trying to remove the ACL from the file /home/user/data. txt but receives the following error message:

Given the following analysis:

Which of the following is causing the error message?

  • A . The administrator is not using a highly privileged account.
  • B . The filesystem is mounted with the wrong options.
  • C . SELinux file context is denying the ACL changes.
  • D . File attributes are preventing file modification.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

File attributes are preventing file modification, which is causing the error message. The output of lsattr /home/user/data.txt shows that the file has the immutable attribute (i) set, which means that the file cannot be changed, deleted, or renamed. The command setfacl -b /home/user/data.txt tries to remove the ACL from the file, but fails because of the immutable attribute. The administrator needs to remove the immutable attribute first by using the command chattr -i /home/user/data.txt and then try to remove the ACL again. The other options are incorrect because they are not supported by the outputs. The administrator is using a highly privileged account, as shown by the # prompt. The filesystem is mounted with the correct options, as shown by the output of mount | grep /home. SELinux file context is not denying the ACL changes, as shown by the output of ls -Z /home/user/data.txt.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, pages 357-358.

Question #63

A Linux administrator needs to create a new cloud.cpio archive containing all the files from the current directory.

Which of the following commands can help to accomplish this task?

  • A . ls | cpio -iv > cloud.epio
  • B . ls | cpio -iv < cloud.epio
  • C . ls | cpio -ov > cloud.cpio
  • D . ls cpio -ov < cloud.cpio

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command ls | cpio -ov > cloud.cpio can help to create a new cloud.cpio archive containing all the files from the current directory. The ls command lists the files in the current directory and outputs them to the standard output. The | operator pipes the output to the next command. The cpio command is a tool for creating and extracting compressed archives. The -o option creates a new archive and the -v option shows the verbose output. The > operator redirects the output to the cloud.cpio file. This command will create a new cloud.cpio archive with all the files from the current directory. The other options are incorrect because they either use the wrong options (-i instead of -o), the wrong arguments (cloud.epio instead of cloud.cpio), or the wrong syntax (< instead of > or missing |).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, page 351.

Question #64

A systems administrator made some changes in the ~/.bashrc file and added an alias command. When the administrator tried to use the alias command, it did not work.

Which of the following should be executed FIRST?

  • A . source ~/.bashrc
  • B . read ~/.bashrc
  • C . touch ~/.bashrc
  • D . echo ~/.bashrc

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command source ~/.bashrc should be executed first to use the alias command.

The source command reads and executes commands from a file in the current shell environment. The ~/.bashrc file is a configuration file that contains commands and aliases that are executed when a new bash shell is started. The administrator made some changes in the ~/.bashrc file and added an alias command, but the changes are not effective until the file is sourced or a new shell is started. The command source ~/.bashrc will reload the file and make the alias command available. The other options are incorrect because they either do not execute the commands in the file (read, touch, or echo) or do not affect the current shell environment (read or echo).

Reference: CompTIA Linux+

(XK0-005) Certification Study Guide, Chapter 9: Working with the Linux Shell, page 295.

Question #65

A junior systems administrator has just generated public and private authentication keys for passwordless login.

Which of the following files will be moved to the remote servers?

  • A . id_dsa.pem
  • B . id_rsa
  • C . id_ecdsa
  • D . id_rsa.pub

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The file id_rsa.pub will be moved to the remote servers for passwordless login. The id_rsa.pub file is the public authentication key that is generated by the ssh-keygen command. The public key can be copied to the remote servers by using the ssh-copy-id command or manually. The remote servers will use the public key to authenticate the user who has the corresponding private key (id_rsa). This will allow the user to log in without entering a password. The other options are incorrect because they are either private keys (id_rsa, id_dsa.pem, or id_ecdsa) or non-existent files (id_dsa.pem or id_ecdsa).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 410.

Question #66

A Linux administrator cloned an existing Linux server and built a new server from that clone.

The administrator encountered the following error after booting the cloned server:

The administrator performed the commands listed below to further troubleshoot and mount the missing filesystem:

Which of the following should administrator use to resolve the device mismatch issue and mount the disk?

  • A . mount disk by device-id
  • B . fsck -A
  • C . mount disk by-label
  • D . mount disk by-blkid

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The administrator should use the command mount disk by device-id to resolve the device mismatch issue and mount the disk. The issue is caused by the cloned server having a different device name for the disk than the original server. The output of blkid shows that the disk has the device name /dev/sdb1 on the cloned server, but the output of cat /etc/fstab shows that the disk is expected to have the device name /dev/sda1. The command mount disk by device-id will mount the disk by using its unique identifier (UUID) instead of its device name. The UUID can be obtained from the output of blkid or lsblk -f. The command will mount the disk to the specified mount point (/data) and resolve the issue. The other options are incorrect because they either do not mount the disk (fsck -A), do not use the correct identifier (mount disk by-label or mount disk by-blkid), or do not exist (mount disk by-blkid).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, pages 318-319.

Question #67

A systems administrator installed a new software program on a Linux server. When the systems administrator tries to run the program, the following message appears on the screen.

Which of the following commands will allow the systems administrator to check whether the system supports virtualization?

  • A . dmidecode -s system-version
  • B . lscpu
  • C . sysctl -a
  • D . cat /sys/device/system/cpu/possible

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command that will allow the systems administrator to check whether the system supports virtualization is lscpu. This command will display information about the CPU architecture, such as the number of CPUs, cores, sockets, threads, model name, frequency, cache size, and flags. One of the flags is vmx (for Intel processors) or svm (for AMD processors), which indicates that the CPU supports hardware virtualization. If the flag is present, it means that the system supports virtualization. If the flag is absent, it means that the system does not support virtualization or that it is disabled in the BIOS settings.

The other options are not correct commands for checking whether the system supports virtualization. The dmidecode -s system-version command will display the version of the system, such as the product name or serial number, but not the CPU information. The sysctl -a command will display all the kernel parameters, but not the CPU flags. The cat /sys/devices/system/cpu/possible command will display the range of possible CPUs that can be online or offline, but not the CPU features.

Reference: lscpu(1) – Linux manual page; How To Check If Virtualization is Enabled in Windows 10 / 11

Question #68

A Linux administrator created the directory /project/access2all. By creating this directory, the administrator is trying to avoid the deletion or modification of files from non-owners.

Which of the following will accomplish this goal?

  • A . chmod +t /project/access2all
  • B . chmod +rws /project/access2all
  • C . chmod 2770 /project/access2all
  • D . chmod ugo+rwx /project/access2all

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command that will accomplish the goal of avoiding the deletion or modification of files from non-owners is chmod +t /project/access2all. This command will set the sticky bit on the directory /project/access2all, which is a special permission that restricts file deletion or renaming to only the file owner, directory owner, or root user. This way, even if multiple users have write permission to the directory, they cannot delete or modify each other’s files.

The other options are not correct commands for accomplishing the goal. The chmod +rws /project/access2all command will set both the SUID and SGID bits on the directory, which are special permissions that allow a program or a directory to run or be accessed with the permissions of its owner or group, respectively. However, this does not prevent file deletion or modification from non-owners. The chmod 2770 /project/access2all command will set only the SGID bit on the directory, which means that any new files or subdirectories created in it will inherit its group ownership. However, this does not prevent file deletion or modification from non-owners. The chmod ugo+rwx /project/access2all command will grant read, write, and execute permissions to all users (user, group, and others) on the directory, which means that anyone can delete or modify any file in it.

Reference: chmod(1) – Linux manual page; How to Use SUID, SGID, and Sticky Bits on Linux

Question #69

A Linux systems administrator needs to persistently enable IPv4 forwarding in one of the Linux systems.

Which of the following commands can be used together to accomplish this task? (Choose two.)

  • A . sysctl net.ipv4.ip_forward
  • B . sysctl -w net.ipv4.ip_forward=1
  • C . echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
  • D . echo 1 > /proc/sys/net/ipv4/ip_forward
  • E . sysctl Cp
  • F . echo "net.ipv6.conf.all.forwarding=l" >> /etc/sysctl.conf

Reveal Solution Hide Solution

Correct Answer: B, E
B, E

Explanation:

The commands that can be used together to persistently enable IPv4 forwarding in one of the Linux systems are sysctl -w net.ipv4.ip_forward=1 and sysctl Cp. The first command will use sysctl to write a new value (1) to the net.ipv4.ip_forward kernel parameter, which controls whether IP forwarding is enabled or disabled for IPv4. This will enable IP forwarding immediately without rebooting. However, this change is temporary and will be lost after a reboot or a system reload. To make it permanent, we need to use the second command sysctl Cp, which will load kernel parameters from /etc/sysctl.conf file. This file contains key-value pairs of kernel parameters and their values. To make sure that net.ipv4.ip_forward is set to 1 in this file, we can either edit it manually or append it using echo “net.ipv4.ip_forward=1” >> /etc/sysctl.conf.

The other options are not correct commands for persistently enabling IPv4 forwarding. The sysctl net.ipv4.ip_forward command will only display the current value of net.ipv4.ip_forward parameter, but not change it. The echo 1 > /proc/sys/net/ipv4/ip_forward command will write 1 to /proc/sys/net/ipv4/ip_forward file, which is another way to change net.ipv4.ip_forward parameter. However, this change is also temporary and will not survive a reboot or a system reload. The echo

“net.ipv6.conf.all.forwarding=l” >> /etc/sysctl.conf command will append a line to /etc/sysctl.conf file that sets net.ipv6.conf.all.forwarding parameter to 1. However, this parameter controls whether IP forwarding is enabled or disabled for IPv6, not IPv4.

Reference: sysctl(8) – Linux manual page; Configure Linux as a Router (IP Forwarding)

Question #70

Due to low disk space, a Linux administrator finding and removing all log files that were modified more than 180 days ago.

Which of the following commands will accomplish this task?

  • A . find /var/log -type d -mtime +180 -print -exec rm {} ;
  • B . find /var/log -type f -modified +180 -rm
  • C . find /var/log -type f -mtime +180 -exec rm {}
  • D . find /var/log -type c -atime +180 Cremove

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command that will accomplish the task of finding and removing all log files that were modified more than 180 days ago is find /var/log -type f -mtime +180 -exec rm {} ;. This command will use find to search for files (-type f) under /var/log directory that have a modification time (-mtime) older than 180 days (+180). For each matching file, it will execute (-exec) the rm command to delete it, passing the file name as an argument ({}). The command will end with a semicolon (;), which is escaped with a backslash to prevent shell interpretation.

The other options are not correct commands for accomplishing the task. The find /var/log -type d -mtime +180 -print -exec rm {} ; command will search for directories (-type d) instead of files, and print their names (-print) before deleting them. This is not what the task requires. The find /var/log -type f -modified +180 -rm command is invalid because there is no such option as -modified or -rm for find. The correct options are -mtime and -delete, respectively. The find /var/log -type c -atime +180 Cremove command is also invalid because there is no such option as Cremove for find. Moreover, it will search for character special files (-type c) instead of regular files, and use access time (-atime) instead of modification time.

References: find(1) – Linux manual page; Find and delete files older than n days in Linux

Question #71

A junior administrator is setting up a new Linux server that is intended to be used as a router at a remote site.

Which of the following parameters will accomplish this goal?

A)

B)

C)

D)

  • A . Option A
  • B . Option B
  • C . Option C
  • D . Option D

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The parameter net.ipv4.ip_forward=1 will accomplish the goal of setting up a new Linux server as a router. This parameter enables the IP forwarding feature, which allows the server to forward packets between different network interfaces. This is necessary for a router to route traffic between different networks. The parameter can be set in the /etc/sysctl.conf file or by using the sysctl command. This is the correct parameter to use to accomplish the goal. The other options are incorrect because they either do not exist (net.ipv4.ip_forwarding or net.ipv4.ip_route) or do not enable IP forwarding (net.ipv4.ip_forward=0).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 382.

Question #72

Some servers in an organization have been compromised. Users are unable to access to the organization’s web page and other services.

While reviewing the system log, a systems administrator notices messages from the kernel regarding firewall rules:

Which of the following commands will remediate and help resolve the issue?

A)

B)

C)

D)

  • A . Option A
  • B . Option B
  • C . Option C
  • D . Option D

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command iptables -F will remediate and help resolve the issue. The issue is caused by the firewall rules that block the access to the organization’s web page and other services. The output of dmesg | grep firewall shows that the kernel has dropped packets from the source IP address 192.168.1.100 to the destination port 80, which is the default port for HTTP. The command iptables – F will flush all the firewall rules and allow the traffic to pass through. This command will resolve the issue and restore the access to the web page and other services. The other options are incorrect because they either do not affect the firewall rules (ip route flush or ip addr flush) or do not exist (iptables -R).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 543.

Question #73

A junior administrator is trying to set up a passwordless SSH connection to one of the servers. The administrator follows the instructions and puts the key in the authorized_key file at the server, but the administrator is still asked to provide a password during the connection.

Given the following output:

Which of the following commands would resolve the issue and allow an SSH connection to be established without a password?

  • A . restorecon -rv .ssh/authorized_key
  • B . mv .ssh/authorized_key .ssh/authorized_keys
  • C . systemct1 restart sshd.service
  • D . chmod 600 mv .ssh/authorized_key

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command mv .ssh/authorized_key .ssh/authorized_keys will resolve the issue and allow an SSH connection to be established without a password. The issue is caused by the incorrect file name of the authorized key file on the server. The file should be named authorized_keys, not authorized_key. The mv command will rename the file and fix the issue. The other options are incorrect because they either do not affect the file name (restorecon or chmod) or do not restart the SSH service (systemct1).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 410.

Question #74

A Linux administrator needs to resolve a service that has failed to start.

The administrator runs the following command:

The following output is returned

Which of the following is MOST likely the issue?

  • A . The service does not have permissions to read write the startupfile.
  • B . The service startupfile size cannot be 81k.
  • C . The service startupfile cannot be owned by root.
  • D . The service startupfile should not be owned by the root group.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The most likely issue is that the service does not have permissions to read or write the startupfile. The output of systemct1 status startup.service shows that the service has failed to start and the error message is “Permission denied”. The output of ls -l /etc/startupfile shows that the file has the permissions -rw-r–r–, which means that only the owner (root) can read and write the file, while the group (root) and others can only read the file. The service may not run as root and may need write access to the file. The administrator should change the permissions of the file by using the chmod command and grant write access to the group or others, or change the owner or group of the file by using the chown command and assign it to the user or group that runs the service. The other options are incorrect because they are not supported by the outputs. The file size, owner, and group are not the causes of the issue.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, pages 345-346.

Question #75

A Linux engineer is setting the sticky bit on a directory called devops with 755 file permission.

Which of the following commands will accomplish this task?

  • A . chown -s 755 devops
  • B . chown 1755 devops
  • C . chmod -s 755 devops
  • D . chmod 1755 devops

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that will set the sticky bit on a directory called devops with 755 file permission is chmod 1755 devops. This command will use chmod to change the mode of the directory devops to 1755, which means that the owner has read, write, and execute permissions (7), the group has read and execute permissions (5), and others have read and execute permissions (5). The first digit 1 indicates that the sticky bit is set on the directory, which is a special permission that prevents users from deleting or renaming files in the directory that they do not own.

The other options are not correct commands for setting the sticky bit on a directory. The chown -s 755 devops command is invalid because chown is used to change the owner and group of files or directories, not their permissions. The -s option for chown is used to remove a symbolic link, not to set the sticky bit. The chown 1755 devops command is also invalid because chown does not accept numeric arguments for changing permissions. The chmod -s 755 devops command will remove the sticky bit from the directory devops, not set it.

Reference: chmod(1) – Linux manual page; How to Use SUID, SGID, and Sticky Bits on Linux

Question #76

A Linux administrator booted up the server and was presented with a non-GUI terminal. The administrator ran the command systemct1 isolate graphical.target and rebooted the system by running systemct1 reboot, which fixed the issue. However, the next day the administrator was presented again with a non-GUI terminal.

Which of the following is the issue?

  • A . The administrator did not reboot the server properly.
  • B . The administrator did not set the default target to basic.target.
  • C . The administrator did not set the default target to graphical.target.
  • D . The administrator did not shut down the server properly.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The issue is that the administrator did not set the default target to graphical.target. A target is a unit of systemd that groups together other units by a common purpose or state. The graphical.target is a target that starts the graphical user interface (GUI) along with other services. The administrator used the command systemct1 isolate graphical.target to switch to this target temporarily, but this does not change the default target that is activated at boot time. To make this change permanent, the administrator should have used the command systemct1 set-default graphical.target, which creates a symbolic link from /etc/systemd/system/default.target to /usr/lib/systemd/system/graphical.target. The other options are not correct explanations for the issue. The administrator did reboot the server properly by using systemct1 reboot, which shuts down and restarts the system cleanly. The administrator did not need to set the default target to basic.target, which is a minimal target that only starts essential services. The administrator did not shut down the server improperly, which could have caused file system corruption or data loss, but not affect the default target.

Reference: systemct1(1) – Linux manual page; How to Change Runlevels (targets) in SystemD

Question #77

Users report that connections to a MariaDB service are being closed unexpectedly.

A systems administrator troubleshoots the issue and finds the following message in /var/log/messages:

Which of the following is causing the connection issue?

  • A . The process mysqld is using too many semaphores.
  • B . The server is running out of file descriptors.
  • C . Something is starving the server resources.
  • D . The amount of RAM allocated to the server is too high.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The message in /var/log/messages indicates that the server is running out of file descriptors. A file descriptor is a non-negative integer identifier for an open file in Linux. Each process has a table of open file descriptors where a new entry is appended upon opening a new file. There is a limit on how many file descriptors a process can open at a time, which depends on the system configuration and the user privileges. If a process tries to open more files than the limit, it will fail with an error message like "Too many open files". This could cause connections to be closed unexpectedly or other problems with the application.

The other options are not correct causes for the connection issue. The process mysqld is not using too many semaphores, which are synchronization mechanisms for processes that share resources. Semaphores are not related to file descriptors or open files. Something is not starving the server resources, which could mean high CPU usage, memory pressure, disk I/O, network congestion, or other factors that affect performance. These could cause slowdowns or timeouts, but not file descriptor exhaustion. The amount of RAM allocated to the server is not too high, which could cause swapping or paging if it exceeds the physical memory available. This could also affect performance, but not file descriptor availability.

Reference: File Descriptor Requirements (Linux Systems); Limits on the Number of Linux File Descriptors

Question #78

A developer is trying to install an application remotely that requires a graphical interface for installation. The developer requested assistance to set up the necessary environment variables along with X11 forwarding in SSH.

Which of the following environment variables must be set in remote shell in order to launch the graphical interface?

  • A . $RHOST
  • B . SETENV
  • C . $SHELL
  • D . $DISPLAY

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The environment variable that must be set in remote shell in order to launch the graphical interface is

$DISPLAY. This variable tells X11 applications where to display their windows on screen. It usually has the form hostname:displaynumber.screennumber, where hostname is the name of the computer running the X server, displaynumber is a unique identifier for an X display on that computer, and screennumber is an optional identifier for a screen within an X display. For example, localhost:0.0 means display number 0 on the local host. If the hostname is omitted, it defaults to the local host.

The other options are not correct environment variables for launching the graphical interface. $RHOST is a variable that stores the name of the remote host, but it is not used by X11 applications. SETENV is a command that sets environment variables in some shells, but it is not an environment variable itself. $SHELL is a variable that stores the name of the current shell, but it is not related to X11 forwarding.

References: How to enable or disable X11 forwarding in an SSH server; How to Configure X11 Forwarding Using SSH In Linux

Question #79

A systems administrator is implementing a new service task with systems at startup and needs to execute a script entitled test.sh with the following content:

The administrator tries to run the script after making it executable with chmod +x; however, the script will not run.

Which of the following should the administrator do to address this issue? (Choose two.)

  • A . Add #!/bin/bash to the bottom of the script.
  • B . Create a unit file for the new service in /etc/systemd/system/ with the name helpme.service in the location.
  • C . Add #!//bin/bash to the top of the script.
  • D . Restart the computer to enable the new service.
  • E . Create a unit file for the new service in /etc/init.d with the name helpme.service in the location.
  • F . Shut down the computer to enable the new service.

Reveal Solution Hide Solution

Correct Answer: B, C
B, C

Explanation:

The administrator should do the following two things to address the issue:

Add #!/bin/bash to the top of the script. This is called a shebang line and it tells the system which interpreter to use to execute the script. Without this line, the script will not run properly. The shebang line should be the first line of the script and should start with #! followed by the path to the interpreter. In this case, the interpreter is bash and the path is /bin/bash. The other option (A) is incorrect because the shebang line should be at the top, not the bottom of the script.

Create a unit file for the new service in /etc/systemd/system/ with the name helpme.service in the location. This is necessary to register the script as a systemd service and enable it to run at startup. A unit file is a configuration file that defines the properties and behavior of a service, such as the description, dependencies, start and stop commands, and environment variables. The unit file should have the extension .service and should be placed in the /etc/systemd/system/ directory. The other option (E) is incorrect because /etc/init.d is the directory for init scripts, not systemd services.

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, pages 429-430.

Question #80

A Linux administrator needs to correct the permissions of a log file on the server.

Which of the following commands should be used to set filename.log permissions to -rwxr―r–. ?

  • A . chmod 755 filename.log
  • B . chmod 640 filename.log
  • C . chmod 740 filename.log
  • D . chmod 744 filename.log

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command chmod 755 filename.log should be used to set filename.log permissions to -rwxr–r–. The chmod command is a tool for changing file permissions on Linux file systems. The permissions can be specified in octal notation, where each digit represents the permissions for the owner, group, and others respectively.

The permissions are encoded as follows:

0: no permission

1: execute permission

2: write permission

4: read permission

5: read and execute permissions (4 + 1)

6: read and write permissions (4 + 2)

7: read, write, and execute permissions (4 + 2 + 1)

The command chmod 755 filename.log will set the permissions to -rwxr–r–, which means that the owner has read, write, and execute permissions (7), the group has read and execute permissions (5), and others have read and execute permissions (5). This is the correct command to use to accomplish the task. The other options are incorrect because they either set the wrong permissions (chmod 640, chmod 740, or chmod 744) or do not exist (chmod -G).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, page 345.

Question #81

After listing the properties of a system account, a systems administrator wants to remove the expiration date of a user account.

Which of the following commands will accomplish this task?

  • A . chgrp system accountname
  • B . passwd Cs accountname
  • C . chmod -G system account name
  • D . chage -E -1 accountname

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command chage -E -1 accountname will accomplish the task of removing the expiration date of a user account. The chage command is a tool for changing user password aging information on Linux systems. The -E option sets the expiration date of the user account, and the -1 value means that the account will never expire. The command chage -E -1 accountname will remove the expiration date of the user account named accountname. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not affect the expiration date (chgrp, passwd, or chmod) or do not exist (chmod -G).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 15: Managing Users and Groups, page 467.

Question #82

A systems administrator wants to be sure the sudo rules just added to /etc/sudoers are valid.

Which of the following commands can be used for this task?

  • A . visudo -c
  • B . test -f /etc/sudoers
  • C . sudo vi check
  • D . cat /etc/sudoers | tee test

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command visudo -c can be used to check the validity of the sudo rules in the /etc/sudoers file. The visudo command is a tool for editing and validating the /etc/sudoers file, which defines the rules for the sudo command. The -c option checks the syntax and logic of the file and reports any errors or warnings. The command visudo -c will verify the sudo rules and help the administrator avoid any mistakes. This is the correct command to use for this task. The other options are incorrect because they either do not check the validity of the file (test, sudo, or cat) or do not exist (sudo vi check).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 546.

Question #83

A user generated a pair of private-public keys on a workstation.

Which of the following commands will allow the user to upload the public key to a remote server and enable passwordless login?

  • A . scp ~/.ssh/id_rsa user@server:~/
  • B . rsync ~ /.ssh/ user@server:~/
  • C . ssh-add user server
  • D . ssh-copy-id user@server

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command ssh-copy-id user@server will allow the user to upload the public key to a remote server and enable passwordless login. The ssh-copy-id command is a tool for copying the public key to a remote server and appending it to the authorized_keys file, which is used for public key authentication. The command will also set the appropriate permissions on the remote server to ensure the security of the key. The command ssh-copy-id user@server will copy the public key of the user to the server and allow the user to log in without a password. This is the correct command to use for this task. The other options are incorrect because they either do not copy the public key (scp, rsync, or ssh-add) or do not use the correct syntax (scp ~/.ssh/id_rsa user@server:~/ instead of scp ~/.ssh/id_rsa.pub user@server:~/ or rsync ~ /.ssh/ user@server:~/ instead of rsync ~/.ssh/id_rsa.pub user@server:~/).

References: CompTIA Linux+ (XK0-005)

Certification Study Guide, Chapter 13: Managing Network Services, page 410.

Question #84

A Linux administrator created a new file system.

Which of the following files must be updated to ensure the filesystem mounts at boot time?

  • A . /etc/sysctl
  • B . /etc/filesystems
  • C . /etc/fstab
  • D . /etc/nfsmount.conf

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The file that must be updated to ensure the filesystem mounts at boot time is /etc/fstab. This file contains information about the filesystems that are mounted automatically by the mount -a command, which is usually invoked during the system startup. The /etc/fstab file has six fields for each filesystem: device name, mount point, filesystem type, mount options, dump frequency, and pass number. To add a new filesystem to the /etc/fstab file, you need to specify these fields correctly and make sure the mount point directory exists.

The other options are not correct files for controlling persistent mount points of filesystems. The /etc/sysctl file is used to configure kernel parameters at runtime. The /etc/filesystems file is used to specify the order of filesystem types used by mount when no filesystem type is given. The /etc/nfsmount.conf file is used to set options for mounting NFS filesystems.

Reference: Persistently mounting file systems; fstab(5) – Linux manual page

Question #85

A Linux administrator is troubleshooting a memory-related issue.

Based on the output of the commands:

Which of the following commands would address the issue?

  • A . top -p 8321
  • B . kill -9 8321
  • C . renice -10 8321
  • D . free 8321

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command that would address the memory-related issue is kill -9 8321. This command will send a SIGKILL signal to the process with the PID 8321, which is the mysqld process that is using 99.7% of the available memory according to the top output. The SIGKILL signal will terminate the process immediately and free up the memory it was using. However, this command should be used with caution as it may cause data loss or corruption if the process was performing some critical operations.

The other options are not correct commands for addressing the memory-related issue. The top -p 8321 command will only display information about the process with the PID 8321, but will not kill it or reduce its memory usage. The renice -10 8321 command will change the priority (niceness) of the process with the PID 8321 to -10, which means it will have a higher scheduling priority, but this will not affect its memory consumption. The free 8321 command is invalid because free does not take a PID as an argument; free only displays information about the total, used, and free memory in the system.

Reference: How to troubleshoot Linux server memory issues; kill(1) – Linux manual page

Question #86

A systems administrator made some unapproved changes prior to leaving the company. The newly hired administrator has been tasked with revealing the system to a compliant state.

Which of the following commands will list and remove the correspondent packages?

  • A . dnf list and dnf remove last
  • B . dnf remove and dnf check
  • C . dnf info and dnf upgrade
  • D . dnf history and dnf history undo last

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The commands that will list and remove the corresponding packages are dnf history and dnf history undo last. The dnf history command will display a list of all transactions performed by dnf, such as installing, updating, or removing packages. Each transaction has a unique ID, a date and time, an action, and a number of altered packages. The dnf history undo last command will undo the last transaction performed by dnf, meaning that it will reverse all package changes made by that transaction. For example, if the last transaction installed some packages, dnf history undo last will remove them.

The other options are not correct commands for listing and removing corresponding packages. The dnf list command will display a list of available packages in enabled repositories, but not the packages installed by dnf transactions. The dnf remove command will remove specified packages from the system, but not all packages from a specific transaction. The dnf info command will display detailed information about specified packages, but not about dnf transactions. The dnf upgrade command will upgrade all installed packages to their latest versions, but not undo any package changes.

Reference: Handling package management history; dnf(8) – Linux manual page

Question #87

An administrator transferred a key for SSH authentication to a home directory on a remote server. The key file was moved to .ssh/authorized_keys location in order to establish SSH connection without a password. However, the SSH command still asked for the password.

Given the following output:

Which of the following commands would resolve the issue?

  • A . restorecon .ssh/authorized_keys
  • B . ssh_keygen -t rsa -o .ssh/authorized_keys
  • C . chown root:root .ssh/authorized_keys
  • D . chmod 600 .ssh/authorized_keys

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The command that would resolve the issue is chmod 600 .ssh/authorized_keys. This command will change the permissions of the .ssh/authorized_keys file to 600, which means that only the owner of the file can read and write it. This is necessary for SSH key authentication to work properly, as SSH will refuse to use a key file that is accessible by other users or groups for security reasons. The output of ls -l shows that currently the .ssh/authorized_keys file has permissions of 664, which means that both the owner and group can read and write it, and others can read it.

The other options are not correct commands for resolving the issue. The restorecon .ssh/authorized_keys command will restore the default SELinux security context for the .ssh/authorized_keys file, but this will not change its permissions or ownership. The ssh_keygen -t rsa -o .ssh/authorized_keys command is invalid because ssh_keygen is not a valid command (the correct command is ssh-keygen), and the -o option is used to specify a new output format for the key file, not the output file name. The chown root:root .ssh/authorized_keys command will change the owner and group of the .ssh/authorized_keys file to root, but this will not change its permissions or make it accessible by the user who wants to log in with SSH key authentication.

Reference: How to Use Public Key Authentication with SSH; chmod(1) – Linux manual page

Question #88

A cloud engineer needs to remove all dangling images and delete all the images that do not have an associated container.

Which of the following commands will help to accomplish this task?

  • A . docker images prune -a
  • B . docker push images -a
  • C . docker rmi -a images
  • D . docker images rmi –all

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command docker images prune -a will help to remove all dangling images and delete all the images that do not have an associated container. The docker command is a tool for managing Docker containers and images. The images subcommand operates on images. The prune option removes unused images. The -a option removes all images, not just dangling ones. A dangling image is an image that is not tagged and is not referenced by any container. This command will accomplish the task of cleaning up the unused images. The other options are incorrect because they either do not exist (docker push images -a or docker images rmi –all) or do not remove images (docker rmi -a images only removes images that match the name or ID of “images”).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 567.

Question #89

A Linux system is failing to boot with the following error:

Which of the following actions will resolve this issue? (Choose two.)

  • A . Execute grub-install –root-directory=/mnt and reboot.
  • B . Execute grub-install /dev/sdX and reboot.
  • C . Interrupt the boot process in the GRUB menu and add rescue to the kernel line.
  • D . Fix the partition modifying /etc/default/grub and reboot.
  • E . Interrupt the boot process in the GRUB menu and add single to the kernel line.
  • F . Boot the system on a LiveCD/ISO.

Reveal Solution Hide Solution

Correct Answer: B, F
B, F

Explanation:

The administrator should do the following two actions to resolve the issue:

Boot the system on a LiveCD/ISO. This is necessary to access the system and repair the boot loader. A LiveCD/ISO is a bootable media that contains a Linux distribution that can run without installation. The administrator can boot the system from the LiveCD/ISO and mount the root partition of the system to a temporary directory, such as /mnt.

Execute grub-install /dev/sdX and reboot. This will reinstall the GRUB boot loader to the disk device, where sdX is the device name of the disk, such as sda or sdb. The GRUB boot loader is a program that runs when the system is powered on and allows the user to choose which operating system or kernel to boot. The issue is caused by a corrupted or missing GRUB boot loader, which prevents the system from booting. The command grub-install will restore the GRUB boot loader and fix the issue.

The other options are incorrect because they either do not fix the boot loader (interrupt the boot process in the GRUB menu or fix the partition modifying /etc/default/grub) or do not use the correct syntax (grub-install –root-directory=/mnt instead of grub-install /dev/sdX or rescue or single instead of recovery in the GRUB menu).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing the Linux Boot Process, pages 265-266.

Question #90

A Linux administrator needs to create an image named sda.img from the sda disk and store it in the /tmp directory.

Which of the following commands should be used to accomplish this task?

  • A . dd of=/dev/sda if=/tmp/sda.img
  • B . dd if=/dev/sda of=/tmp/sda.img
  • C . dd –if=/dev/sda –of=/tmp/sda.img
  • D . dd –of=/dev/sda –if=/tmp/sda.img

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command dd if=/dev/sda of=/tmp/sda.img should be used to create an image named sda.img from the sda disk and store it in the /tmp directory. The dd command is a tool for copying and converting data on Linux systems. The if option specifies the input file or device, in this case /dev/sda, which is the disk device. The of option specifies the output file or device, in this case /tmp/sda.img, which is the image file. The command dd if=/dev/sda of=/tmp/sda.img will copy the entire disk data from /dev/sda to /tmp/sda.img and create an image file. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong options (–if or –of instead of if or of) or swap the input and output (dd of=/dev/sda if=/tmp/sda.img or dd –of=/dev/sda –if=/tmp/sda.img).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, page 323.

Question #91

A Linux administrator is creating a primary partition on the replacement hard drive for an application server.

Which of the following commands should the administrator issue to verify the device name of this partition?

  • A . sudo fdisk /dev/sda
  • B . sudo fdisk -s /dev/sda
  • C . sudo fdisk -l
  • D . sudo fdisk -h

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The command sudo fdisk -l should be issued to verify the device name of the partition.

The sudo command allows the administrator to run commands as the superuser or another user. The fdisk command is a tool for manipulating disk partitions on Linux systems. The -l option lists the partitions on all disks or a specific disk. The command sudo fdisk -l will show the device names, sizes, types, and other information of the partitions on all disks. The administrator can identify the device name of the partition by looking at the output. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not list the partitions (sudo fdisk /dev/sda or sudo fdisk -h) or do not exist (sudo fdisk -s /dev/sda).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, page 317.

Question #92

A systems administrator is investigating why one of the servers has stopped connecting to the internet.

Which of the following is causing the issue?

  • A . The DNS address has been commented out in the configuration file.
  • B . The search entry in the /etc/resolv.conf file is incorrect.
  • C . Wired connection 1 is offline.
  • D . No default route is defined.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The issue is caused by the lack of a default route defined in the /etc/sysconfig/network-scripts/ifcfg-enp0s3 file. A default route is a special route that specifies where to send packets that do not match any other routes in the routing table. Without a default route, the server will not be able to communicate with hosts outside its local network. The default route is usually configured with the GATEWAY option in the network interface configuration file. For example, to set the default gateway to 192.168.1.1, the file should contain:

GATEWAY=192.168.1.1

The other options are not causing the issue. The DNS address is not commented out in the configuration file, it is specified with the DNS1 option. The search entry in the /etc/resolv.conf file is correct, it specifies the domain name to append to unqualified hostnames. Wired connection 1 is online, as indicated by the ONBOOT=yes option and the output of ip link show enp0s3 command.

References: Configuring IP Networking with nmcli; Configuring IP Networking with ifcfg Files

Question #93

A systems administrator is tasked with installing GRUB on the legacy MBR of the SATA hard drive.

Which of the following commands will help the administrator accomplish this task?

  • A . grub-install /dev/hda
  • B . grub-install /dev/sda
  • C . grub-install /dev/sr0
  • D . grub-install /dev/hd0,0

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command that will help the administrator install GRUB on the legacy MBR of the SATA hard drive is grub-install /dev/sda. This command will install GRUB on the master boot record (MBR) of the first SATA disk (/dev/sda). The MBR is the first sector of a disk that contains boot code and a partition table. GRUB will overwrite the boot code and place its own code that can load GRUB modules and configuration files from a specific partition.

The other options are not correct commands for installing GRUB on the legacy MBR of the SATA hard drive.

The grub-install /dev/hda command will try to install GRUB on the first IDE disk (/dev/hda), which may not exist or may not be bootable. The grub-install /dev/sr0 command will try to install GRUB on the first SCSI CD-ROM device (/dev/sr0), which is not a hard drive and may not be bootable. The grub-install /dev/hd0,0 command is invalid because grub-install does not accept partition names as arguments, only disk names.

References: Installing GRUB using grub-install; GRUB Manual

Question #94

A junior Linux administrator is tasked with installing an application.

The installation guide states the application should only be installed in a run level 5 environment.

Which of the following commands would ensure the server is set to runlevel 5?

  • A . systemct1 isolate multi-user.target
  • B . systemct1 isolate graphical.target
  • C . systemct1 isolate network.target
  • D . systemct1 isolate basic.target

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command that would ensure the server is set to runlevel 5 is systemct1 isolate graphical.target. This command will change the current target (or runlevel) of systemd to graphical.target, which is equivalent to runlevel 5 in SysV init systems. Graphical.target means that the system will start with a graphical user interface (GUI) and all services required for it.

The other options are not correct commands for setting the server to runlevel 5. The systemct1 isolate multi-user.target command will change the current target to multi-user.target, which is equivalent to runlevel 3 in SysV init systems. Multi-user.target means that the system will start with multiple user logins and networking, but without a GUI. The systemct1 isolate network.target command will change the current target to network.target, which is not a real runlevel but a synchronization point for network-related services. Network.target means that network functionality should be available, but does not specify whether it should be started before or after it. The systemct1 isolate basic.target command will change the current target to basic.target, which is also not a real runlevel but a synchronization point for basic system services. Basic.target means that all essential services should be started, but does not specify whether it should be started before or after it.

References: systemd System and Service Manager; systemd.special(7) – Linux manual page

Question #95

A Linux administrator is tasked with adding users to the system. However, the administrator wants to ensure the users’ access will be disabled once the project is over. The expiration date should be 2021-09-30.

Which of the following commands will accomplish this task?

  • A . sudo useradd -e 2021-09-30 Project_user
  • B . sudo useradd -c 2021-09-30 Project_user
  • C . sudo modinfo -F 2021-09-30 Project_uses
  • D . sudo useradd -m -d 2021-09-30 Project_user

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command that will accomplish this task is sudo useradd -e 2021-09-30 Project_user. This command will create a new user account named Project_user with an expiration date of 2021-09-30. The -e option of useradd specifies the date on which the user account will be disabled in YYYY-MM-DD format.

The other options are not correct commands for creating a user account with an expiration date. The sudo useradd -c 2021-09-30 Project_user command will create a new user account named Project_user with a comment of 2021-09-30. The -c option of useradd specifies a comment or description for the user account, not an expiration date. The sudo modinfo -F 2021-09-30 Project_user command is invalid because modinfo is not a command for managing user accounts, but a command for displaying information about kernel modules. The -F option of modinfo specifies a field name to show, not an expiration date. The sudo useradd -m -d 2021-09-30 Project_user command will create a new user account named Project_user with a home directory of 2021-09-30. The -m option of useradd specifies that the home directory should be created if it does not exist, and the -d option specifies the home directory name, not an expiration date.

References: useradd(8) – Linux manual page; modinfo(8) – Linux manual page

Question #96

A DevOps engineer needs to download a Git repository from https://git.company.com/admin/project.git.

Which of the following commands will achieve this goal?

  • A . git clone https://git.company.com/admin/project.git
  • B . git checkout https://git.company.com/admin/project.git
  • C . git pull https://git.company.com/admin/project.git
  • D . git branch https://git.company.com/admin/project.git

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command git clone https://git.company.com/admin/project.git will achieve the goal of downloading a Git repository from the given URL. The git command is a tool for managing version control systems. The clone option creates a copy of an existing repository. The URL specifies the location of the repository to clone, in this case https://git.company.com/admin/project.git. The command git clone https://git.company.com/admin/project.git will download the repository and create a directory named project in the current working directory. This is the correct command to use to accomplish the goal. The other options are incorrect because they either do not download the repository (git checkout, git pull, or git branch) or do not use the correct syntax (git checkout https://git.company.com/admin/project.git instead of git checkout -b project https://git.company.com/admin/project.git or git branch https://git.company.com/admin/project.git instead of git branch project https://git.company.com/admin/project.git).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 571.

Question #97

An administrator installed an application from source into /opt/operations1/ and has received numerous reports that users are not able to access the application without having to use the full path /opt/operations1/bin/*.

Which of the following commands should be used to resolve this issue?

  • A . echo ‘export PATH=$PATH:/opt/operations1/bin’ >> /etc/profile
  • B . echo ‘export PATH=/opt/operations1/bin’ >> /etc/profile
  • C . echo ‘export PATH=$PATH/opt/operations1/bin’ >> /etc/profile
  • D . echo ‘export $PATH:/opt/operations1/bin’ >> /etc/profile

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The command echo ‘export PATH=$PATH:/opt/operations1/bin’ >> /etc/profile should be used to resolve the issue of users not being able to access the application without using the full path. The echo command prints the given string to the standard output. The export command sets an environment variable and makes it available to all child processes. The PATH variable contains a list of directories where the shell looks for executable files. The $PATH expands to the current value of the PATH variable. The : separates the directories in the list. The /opt/operations1/bin is the directory where the application is installed.

The >> operator appends the output to the end of the file. The /etc/profile file is a configuration file that is

executed when a user logs in. The command echo ‘export PATH=$PATH:/opt/operations1/bin’ >>

/etc/profile will add the /opt/operations1/bin directory to the PATH variable for all users and allow them to

access the application without using the full path. This is the correct command to use to resolve the issue. The other options are incorrect because they either overwrite the PATH variable (echo ‘export

PATH=/opt/operations1/bin’ >> /etc/profile) or do not use the correct syntax (echo ‘export

PATH=$PATH/opt/operations1/bin’ >> /etc/profile or echo ‘export $PATH:/opt/operations1/bin’ >>

/etc/profile).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 9: Working with the Linux Shell, page 295.

Question #98

A Linux system is getting an error indicating the root filesystem is full.

Which of the following commands should be used by the systems administrator to resolve this issue? (Choose three.)

  • A . df -h /
  • B . fdisk -1 /dev/sdb
  • C . growpart /dev/mapper/rootvg-rootlv
  • D . pvcreate /dev/sdb
  • E . lvresize CL +10G -r /dev/mapper/rootvg-rootlv
  • F . lsblk /dev/sda
  • G . parted -l /dev/mapper/rootvg-rootlv
  • H . vgextend /dev/rootvg /dev/sdb

Reveal Solution Hide Solution

Correct Answer: ACE
ACE

Explanation:

The administrator should use the following three commands to resolve the issue of the root filesystem being full:

– df -h /. This command will show the disk usage of the root filesystem in a human-readable format. The df command is a tool for reporting file system disk space usage. The -h option displays the sizes in powers of 1024 (e.g., 1K, 234M, 2G). The / specifies the root filesystem. The command df -h / will show the total size, used space, available space, and percentage of the root filesystem. This command will help the administrator identify the problem and plan the solution.

– growpart /dev/mapper/rootvg-rootlv. This command will grow the partition that contains the root filesystem to the maximum size available. The growpart command is a tool for resizing partitions on Linux systems. The /dev/mapper/rootvg-rootlv is the device name of the partition, which is a logical volume managed by the Logical Volume Manager (LVM). The command growpart /dev/mapper/rootvg-rootlv will extend the partition to fill the disk space and increase the size of the root filesystem. This command will help the administrator solve the problem and free up space.

– lvresize CL +10G -r /dev/mapper/rootvg-rootlv. This command will resize the logical volume that contains the root filesystem and add 10 GB of space. The lvresize command is a tool for resizing logical volumes on Linux systems. The -L option specifies the new size of the logical volume, in this case +10G, which means 10 GB more than the current size. The -r option resizes the underlying file system as well. The /dev/mapper/rootvg-rootlv is the device name of the logical volume, which is the same as the partition name. The command lvresize CL +10G -r /dev/mapper/rootvg-rootlv will increase the size of the logical volume and the root filesystem by 10 GB and free up space. This command will help the administrator solve the problem and free up space.

The other options are incorrect because they either do not affect the root filesystem (fdisk -1 /dev/sdb, pvcreate /dev/sdb, lsblk /dev/sda, or vgextend /dev/rootvg /dev/sdb) or do not use the correct syntax (fdisk -1 /dev/sdb instead of fdisk -l /dev/sdb or parted -l /dev/mapper/rootvg-rootlv instead of parted /dev/mapper/rootvg-rootlv print).

References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Storage, pages 318-319, 331-332.

Question #99

A cloud engineer is asked to copy the file deployment.yaml from a container to the host where the container is running.

Which of the following commands can accomplish this task?

  • A . docker cp container_id/deployment.yaml deployment.yaml
  • B . docker cp container_id:/deployment.yaml deployment.yaml
  • C . docker cp deployment.yaml local://deployment.yaml
  • D . docker cp container_id/deployment.yaml local://deployment.yaml

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command docker cp container_id:/deployment.yaml deployment.yaml can accomplish the task of copying the file deployment.yaml from a container to the host. The docker command is a tool for managing Docker containers and images. The cp option copies files or directories between a container and the local filesystem. The container_id is the identifier of the container, which can be obtained by using the docker ps command. The /deployment.yaml is the path of the file in the container, which must be preceded by a slash. The deployment.yaml is the path of the file on the host, which can be relative or absolute. The command docker cp container_id:/deployment.yaml deployment.yaml will copy the file deployment.yaml from the container to the current working directory on the host. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong syntax (docker cp container_id/deployment.yaml deployment.yaml or docker cp container_id/deployment.yaml local://deployment.yaml) or do not exist (docker cp deployment.yaml local://deployment.yaml).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 567.

Question #100

A Linux system is failing to start due to issues with several critical system processes.

Which of the following options can be used to boot the system into the single user mode? (Choose two.)

  • A . Execute the following command from the GRUB rescue shell: mount -o remount, ro/sysroot.
  • B . Interrupt the boot process in the GRUB menu and add systemd.unit=single in the kernel line.
  • C . Interrupt the boot process in the GRUB menu and add systemd.unit=rescue.target in the kernel line.
  • D . Interrupt the boot process in the GRUB menu and add single=user in the kernel line.
  • E . Interrupt the boot process in the GRUB menu and add init=/bin/bash in the kernel line.
  • F . Interrupt the boot process in the GRUB menu and add systemd.unit=single.target in the kernel line.

Reveal Solution Hide Solution

Correct Answer: C, F
C, F

Explanation:

The administrator can use the following two options to boot the system into the single user mode: Interrupt the boot process in the GRUB menu and add systemd.unit=rescue.target in the kernel line. This option will boot the system into the rescue mode, which is a minimal environment that allows the administrator to perform basic tasks such as repairing the system. The GRUB menu is a screen that appears when the system is powered on and allows the administrator to choose which kernel or operating system to boot. The kernel line is a line that specifies the parameters for the kernel, such as the root device, the init system, and the boot options. The administrator can interrupt the boot process by pressing the e key in the GRUB menu and edit the kernel line by adding systemd.unit=rescue.target at the end. This option will tell the system to use the rescue target, which is a unit that defines the state of the system in the rescue mode. The administrator can then press Ctrl+X to boot the system with the modified kernel line. This option will boot the system into the single user mode and allow the administrator to troubleshoot the issues.

Interrupt the boot process in the GRUB menu and add systemd.unit=single.target in the kernel line. This option will boot the system into the single user mode, which is a mode that allows the administrator to log in as the root user and perform maintenance tasks. The GRUB menu and the kernel line are the same as the previous option. The administrator can interrupt the boot process by pressing the e key in the GRUB menu and edit the kernel line by adding systemd.unit=single.target at the end. This option will tell the system to use the single target, which is a unit that defines the state of the system in the single user mode. The administrator can then press Ctrl+X to boot the system with the modified kernel line. This option will boot the system into the single user mode and allow the administrator to troubleshoot the issues.

The other options are incorrect because they either do not boot the system into the single user mode (execute the following command from the GRUB rescue shell: mount -o remount, ro/sysroot or interrupt the boot process in the GRUB menu and add systemd.unit=single in the kernel line) or do not use the correct syntax (interrupt the boot process in the GRUB menu and add single=user in the kernel line or interrupt the boot process in the GRUB menu and add init=/bin/bash in the kernel line).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 8: Managing the Linux Boot Process, pages 267-268.

Question #101

A DevOps engineer needs to allow incoming traffic to ports in the range of 4000 to 5000 on a Linux server.

Which of the following commands will enforce this rule?

  • A . iptables -f filter -I INPUT -p tcp –dport 4000:5000 -A ACCEPT
  • B . iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT
  • C . iptables filter -A INPUT -p tcp –dport 4000:5000 -D ACCEPT
  • D . iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will enforce the rule of allowing incoming traffic to ports in the range of 4000 to 5000 on a Linux server.

The iptables command is a tool for managing firewall rules on Linux systems. The -t option specifies the table to operate on, in this case filter, which is the default table that contains the rules for filtering packets. The -A option appends a new rule to the end of a chain, in this case INPUT, which is the chain that processes the packets that are destined for the local system. The -p option specifies the protocol to match, in this case tcp, which is the transmission control protocol. The –dport option specifies the destination port or port range to match, in this case 4000:5000, which is the range of ports from 4000 to 5000. The -j option specifies the target to jump to if the rule matches, in this case ACCEPT, which is the target that allows the packet to pass through. The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will add a new rule to the end of the INPUT chain that will accept the incoming TCP packets that have a destination port between 4000 and 5000. This command will enforce the rule and allow the traffic to the specified ports. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong options (-f instead of -t or -D instead of -A) or do not exist (iptables filter -A INPUT -p tcp — dport 4000:5000 -D ACCEPT or iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT).

Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 543.

Exit mobile version