CompTIA Linux+ XK0-006 (V8) Practice Question

The correct command is strace -f /path/to/service. The -f option instructs strace to trace child processes as they are created by the process currently being traced. This is essential for debugging applications that fork, as it provides a complete view of all system calls made by the parent and its children.

• strace -p $(pidof service) is incorrect because it attaches to an already running process. Since the service is failing on startup, it would be difficult or impossible to capture the PID before it crashes. Also, this command does not trace forked processes by default.
• strace -c /path/to/service is incorrect because the -c option only provides a summary of system call counts, times, and errors upon termination. It does not show the sequence of calls that led to the failure.
• strace -e trace=openat /path/to/service is incorrect because while the -e option is useful for filtering specific system calls (like openat), it is too narrow for this scenario. The administrator does not yet know which system call is failing, and this command would miss other potentially problematic calls. Crucially, it also does not trace forked processes.