Scroll down to see your responses and detailed results
Prepare for the CompTIA Linux+ XK0-005 exam with this free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
Using the groupadd
command with the -r
option creates a system group.
False
True
The -r
option with the groupadd
command is used for creating a system group. A system group is typically used for running system services and system users; it is not intended for login users. Therefore, it's important for administrators to understand and use this option appropriately in the context of system security and user management.
AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary function of an Ansible playbook?
To compile and execute Ansible modules on remote nodes
To store sensitive variables and data for Ansible roles
To create a visual dashboard and reporting tool for Ansible
To define and run a series of tasks to configure managed nodes
An Ansible playbook is a YAML file that defines work for a configuration management system and is used for defining and running multi-machine deployment sequences. It provides a series of tasks to automate the configuration of managed nodes. The correct answer is 'To define and run a series of tasks to configure managed nodes' because playbooks are Ansible's primary method for automation execution. The incorrect answers are closely related terms or Ansible components but do not correctly describe the function of an Ansible playbook.
AI Generated Content may display inaccurate information, always double-check anything important.
A system administrator wants to generate a report of disk usage by each user in the home directory and store the output to a file called disk_report.txt, overwriting any existing data in the file. Which command should they use to accomplish this task?
du -h /home/* > disk_report.txt
du -h /home/* &> disk_report.txt
du -h /home/* < disk_report.txt
du -h /home/* >> disk_report.txt
The correct answer is 'du -h /home/* > disk_report.txt' because the '>' operator will redirect the output of the 'du' command to 'disk_report.txt', overwriting its contents every time the command is run, thus only saving the latest disk usage report in the file.
The 'du -h /home/* >> disk_report.txt' is incorrect because using the '>>' operator would append to the file rather than overwriting it, leading to accumulation of data over time rather than maintaining a single report.
The 'du -h /home/* < disk_report.txt' is incorrect because the '<' operator is used for input redirection, which is not what is needed when intending to write to a file.
Lastly, 'du -h /home/* &> disk_report.txt' is incorrect as '&>' redirects both standard output and standard error to a file, which could include error messages in the report unnecessarily.
AI Generated Content may display inaccurate information, always double-check anything important.
Your company requires remote system administrators to authenticate using a method more secure than passwords alone when accessing critical Linux servers. Which of the following options provides an additional layer of security that requires something the user has, in addition to something the user knows?
Requiring administrators to connect using SSH keys
Employing biometric authentication such as fingerprint or facial recognition
Implementing a strict password strength and rotation policy
Using a one-time password (OTP) token in conjunction with their user password
Using a one-time password (OTP) token alongside the regular password constitutes two-factor authentication (2FA), which is a subset of MFA. The OTP token is a physical device or software application that generates a time-limited code, adding an additional security layer beyond the password, which is 'something the user knows'. The token ensures 'something the user has', thereby satisfying MFA requirements. Biometric authentication, while it also provides an additional security layer, is categorized as 'something the user is', and it is generally not used in conjunction with a password as the sole two factors in remote system administration. Password strength policies improve the security of the password itself but do not add another factor. SSH keys are a secure method of authentication but are considered a single factor: 'something the user has'.
AI Generated Content may display inaccurate information, always double-check anything important.
An administrator is attempting to run a graphical network configuration tool with elevated privileges on a desktop Linux system that uses PolicyKit. The administrator needs to ensure that the proper policy rules are respected, and that any authorization prompts are presented graphically. Which command should the administrator use to execute the network configuration tool?
polkit network-configuration-tool
pkexec network-configuration-tool
pexec network-configuration-tool
sudo network-configuration-tool
The correct answer is 'pkexec network-configuration-tool', as pkexec
allows an authorized user to execute programs with the security privileges of another user (normally the superuser) by respecting policy definitions. Unlike sudo
, pkexec
will show a graphical authentication dialog if the session indicates it's graphical; sudo
does not provide this and is traditionally used in a terminal. polkit
is not a command; it's the toolkit to which pkexec
belongs. The pexec
command does not exist, and sudo
will not provide a graphical dialog.
AI Generated Content may display inaccurate information, always double-check anything important.
What command would be used to perform a basic scan of a target system's open ports using Nmap?
nmap --top-ports 10
nmap -sV
nmap
nmap -A
The correct answer is nmap <target>
because Nmap is a network scanning tool, and the most basic usage involves executing nmap
followed by the specification of the target, which can be an IP address or hostname. This command will initiate a simple scan to find open ports on the target. Other options like -A
and -sV
add extra functionality, such as OS detection and service version detection, which is not required for a basic port scan. The --top-ports
option specifies that only a certain number of the most common ports should be scanned, not all ports, which would be the default for a basic scan without additional arguments.
AI Generated Content may display inaccurate information, always double-check anything important.
An administrator has discovered that a newly deployed web application cannot write to the /var/www/html/reports
directory on a SELinux-enabled system, despite the directory having write permissions set for the proper user and group. Which of the following commands should the administrator use to diagnose the issue related to SELinux context permissions?
ps auxZ
ls -Z /var/www/html/reports
getsebool -a
sestatus
The correct answer is ls -Z /var/www/html/reports
. The -Z
option displays the SELinux context for files, which includes user, role, type, and level information. This information is crucial in diagnosing why the web application cannot write to the directory despite seemingly appropriate Unix file permissions. If the SELinux context is incorrect, even with the right Unix permissions, access will be denied based on SELinux policy rules.
The other options are incorrect because getsebool -a
lists all of the SELinux boolean values, which are not specific to file contexts. ps auxZ
shows the SELinux context of running processes, not files. sestatus
provides an overview of the current SELinux operational state; it does not provide information on specific file contexts.
AI Generated Content may display inaccurate information, always double-check anything important.
The command docker logs
can only retrieve logs from currently running containers.
True
False
The statement is incorrect. The docker logs
command can retrieve logs from both running and stopped containers, provided that the container's logging driver and configuration support log retrieval after the container has stopped.
AI Generated Content may display inaccurate information, always double-check anything important.
A system administrator notices that an important server is experiencing intermittent problems with data integrity, and suspects filesystem corruption on one of its disks. After running fsck
on the unmounted filesystem and fixing several errors, the administrator needs to ensure that the filesystem will be checked and repaired if necessary during the next system boot. Which of the following commands should the administrator use to schedule a filesystem check on boot?
tune2fs -i 0 /dev/sda1
tune2fs -C 0 /dev/sda1
e2fsck -p /dev/sda1
tune2fs -c 1 /dev/sda1
The correct answer is tune2fs -c 1 /dev/sda1
because the command sets the maximum mount count (-c
) to 1
for the filesystem on /dev/sda1
, ensuring that fsck
will be run the next time the filesystem is mounted. This is typically during the boot process. The option -C 0
sets the current mount count to 0
, which is incorrect in this context because it does not schedule a check on the next boot. The -i
flag is used for setting the interval between checks based on time, not on the number of mounts. The e2fsck -p /dev/sda1
executes a filesystem check, but does not schedule it for the next boot.
AI Generated Content may display inaccurate information, always double-check anything important.
A Linux server is having intermittent problems resolving domain names, which is affecting the ability to access external websites. None of the remote services has reported downtime, and other devices on the same network are not experiencing any issues. What is the BEST step to take to diagnose the issue on the Linux server?
Check for a high number of outgoing DNS queries that might indicate a misconfigured service or DNS flood attack.
Ping the domain name in question to verify if domain name resolution works intermittently.
Immediately modify the /etc/resolv.conf
file to use different nameservers without doing further investigation.
Run dig +trace example.com
or nslookup example.com
to trace the path of the query from the root name servers downward.
To diagnose domain name resolution issues, running dig +trace example.com
or nslookup example.com
can provide detailed information about the entire process of resolving a domain name, from the root servers down to the authoritative name servers. Comparing this output with known good output can reveal any discrepancies or failures in the resolution process. If dig +trace
or nslookup
provides the correct information, this indicates that the issue is intermittent or specific to the server's resolver configuration rather than a problem with the DNS server itself. Modifying /etc/resolv.conf
would not fully diagnose the problem, as it could be a configuration issue, and checking for a high number of outgoing DNS queries or pinging the domain would not yield detailed resolution process information. Therefore, using dig
(with the +trace
option) or nslookup
is the best initial step for diagnosis.
AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary function of the groupmod
command in a Linux environment?
To modify file permissions for a group of files
To create a new user account on the system
To modify a group's name or GID (Group ID)
To add or remove a user from a group
The groupmod
command is used to modify a group's details, such as its name or Group ID (GID). Knowledge of this command is crucial for system administrators when they need to manage group information and its related security implications. For example, changing a group's name might be necessary when organizational roles change or to correct errors in naming conventions. The incorrect options provided are related to user and file management, not directly to groups, which may lead to confusion, but understanding groupmod
pertains specifically to group modifications.
AI Generated Content may display inaccurate information, always double-check anything important.
A system administrator needs to create a compressed backup of the /var/log
directory. Which command should they use to create a gzip-compressed archive file named log_backup.tar.gz
?
tar -cvf log_backup.tar.gz /var/log
tar -czvf log_backup.tar.gz /var/log
tar -xvf log_backup.tar.gz /var/log
tar -tzvf log_backup.tar.gz /var/log
The correct answer is tar -czvf log_backup.tar.gz /var/log
because the options -c
create a new archive, -z
filter the archive through gzip for compression, -v
produce verbose output, showing all processed files, and -f
specify the filename of the archive. The incorrect options either do not specify gzip compression, which is required to produce a .gz
file, or use options that perform actions other than creating an archive, such as extracting files or listing the contents of an archive.
AI Generated Content may display inaccurate information, always double-check anything important.
Which command will efficiently allow a monitoring script to display the last five entries of a log file and continue to output any new entries as they are appended, while also ensuring that file rotations are handled correctly by tracking the file descriptor?
tail -F -n 5 /var/log/webserver.log
tail -n 5 /var/log/webserver.log
tail -F /var/log/webserver.log
tail -f -n 5 /var/log/webserver.log
The command tail -F -n 5 /var/log/webserver.log
addresses the question's requirements by using -F
(capital F), which not only outputs the last five lines of the file with -n 5
but also monitors the file descriptor in case the log file is rotated, as is common with log management. This is useful for system administrators who want to ensure that the monitoring script continues to function even if the original log file is archived and a new one is created. The wrong answers either don't follow the file descriptor changes (tail -f -n 5
), don't provide real-time monitoring (tail -n 5
), or lack specificity in tracking the correct number of lines (tail -F
).
AI Generated Content may display inaccurate information, always double-check anything important.
During script execution, an administrator needs to ensure a command is executed only when a certain variable holds the exact word 'config'. Which syntax will correctly verify this within an if statement?
[[ $VARNAME != 'config' ]]
[[ $VARNAME == 'config' ]]
[ $VARNAME == 'config' ]
[[ $VARNAME -eq 'config' ]]
The conditional test using ==
is the correct answer because in shell scripting, this operator is used to compare two strings for equality. The single [
and double [[
are both used for the test construct, but the double bracket [[
is a newer Bash construct that offers additional functionality, such as regex matching and doesn't require quotes around the variable. The other answers are incorrect because -eq
is used for arithmetic comparison, and using !=
would check for inequality, which is not the desired operation.
AI Generated Content may display inaccurate information, always double-check anything important.
Using the command echo Number_{1..5}
in a shell script will output Number_1 Number_2 Number_3 Number_4 Number_5
.
This statement is inaccurate
This statement is accurate
Brace expansions are used to generate sets of strings or sequences. The command echo Number_{1..5}
correctly uses brace expansion to generate a sequence from 1 to 5, each prefixed with 'Number_'. The spaces in the output are due to the echo
command, which outputs its arguments separated by spaces by default.
AI Generated Content may display inaccurate information, always double-check anything important.
Looks like that's it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features