CompTIA Linux+ Practice Test (XK0-005)
Use the form below to configure your CompTIA Linux+ Practice Test (XK0-005). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA Linux+ XK0-005 (v7) Information
CompTIA Linux+ (XK0-005) Exam
The CompTIA Linux+ (XK0-005) certification is designed for IT professionals who work with Linux systems. It validates skills in system administration, security, scripting, and troubleshooting. This certification is vendor-neutral, covering multiple distributions such as Ubuntu, CentOS, and Red Hat.
Exam Overview
The XK0-005 exam consists of a maximum of 90 questions, including multiple-choice and performance-based questions. Candidates have 90 minutes to complete the test. The exam costs $358 USD. A passing score is 720 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.
Exam Content
The XK0-005 exam focuses on five main domains: system management, security, scripting and automation, troubleshooting, and Linux fundamentals. System management includes package management, system monitoring, and user administration. Security covers permissions, authentication, and encryption. Scripting and automation focus on Bash scripting and task automation. Troubleshooting tests problem-solving skills for system failures and performance issues. Linux fundamentals include file system hierarchy, networking, and command-line operations.
Who Should Take This Exam?
The CompTIA Linux+ certification is ideal for system administrators, Linux support technicians, and DevOps professionals. It is recommended for individuals with at least one year of Linux experience. This certification is beneficial for IT professionals working with servers, cloud infrastructure, and cybersecurity.
How to Prepare
Candidates should review the official CompTIA Linux+ Exam Objectives and study materials provided by CompTIA. Hands-on experience with Linux systems is essential. Practice exams can help assess readiness and identify weak areas. Using Linux in a lab or virtual environment can provide practical experience with commands, system configuration, and troubleshooting.
Summary
The CompTIA Linux+ (XK0-005) certification is a valuable credential for IT professionals working with Linux systems. It validates essential skills in system administration, security, and automation. This certification is ideal for those managing Linux-based environments in IT infrastructure, cybersecurity, and cloud computing.
Scroll down to see your responses and detailed results
Free CompTIA Linux+ XK0-005 (v7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 15
- Time: Unlimited
- Included Topics:System ManagementSecurityScripting, Containers, and AutomationTroubleshooting
Which command utility can be used to search for and replace patterns within a file, and it requires no additional scripting or programming?
tail
awk
sed
grep
Answer Description
The sed
utility, short for stream editor, is designed to filter and transform text. It is used on the command line and within scripts for pattern matching and substitution, making it an ideal tool for search and replace operations within files without the need for writing complex scripts or programs. The other choices do not match the specific utility that directly performs search and replace operations on a file.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the `sed` command and how is it used?
What are the differences between `sed`, `awk`, and `grep`?
Can you explain what a pattern is in the context of `sed`?
An administrator has discovered that a newly deployed web application cannot write to the /var/www/html/reports
directory on a SELinux-enabled system, despite the directory having write permissions set for the proper user and group. Which of the following commands should the administrator use to diagnose the issue related to SELinux context permissions?
ps auxZ
getsebool -a
sestatus
ls -Z /var/www/html/reports
Answer Description
The correct answer is ls -Z /var/www/html/reports
. The -Z
option displays the SELinux context for files, which includes user, role, type, and level information. This information is crucial in diagnosing why the web application cannot write to the directory despite seemingly appropriate Unix file permissions. If the SELinux context is incorrect, even with the right Unix permissions, access will be denied based on SELinux policy rules.
The other options are incorrect because getsebool -a
lists all of the SELinux boolean values, which are not specific to file contexts. ps auxZ
shows the SELinux context of running processes, not files. sestatus
provides an overview of the current SELinux operational state; it does not provide information on specific file contexts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux and why is it used?
What do SELinux contexts consist of?
How can I change SELinux context for a directory?
What characteristic distinguishes a stateful firewall from its stateless counterpart in the context of network traffic?
Creates dynamic rules for each new connection
Operates at a higher performance level
Monitors and maintains the state of active connections
Filters traffic solely based on static rules
Answer Description
A stateful firewall has the capability to monitor the entire state of active connections, and thus can make decisions based on the context of the traffic (such as the state of the connection), rather than relying solely on predetermined rules. This allows it to permit or deny traffic based on the history of the connection, which is not something that stateless firewalls can do. Stateless firewalls can only permit or deny traffic based on static rules and do not have the ability to retain connection state information. Dynamic rule creation is not a feature directly associated with being stateful; while a stateful firewall could potentially create rules dynamically, it's the state tracking that defines it. Nor do performance considerations determine whether a firewall is stateful or stateless.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean for a firewall to monitor the state of active connections?
Can you explain how dynamic rules work in stateful firewalls?
What are the main limitations of stateless firewalls compared to stateful firewalls?
A system administrator needs to obtain information about which server versions are running on open ports of a remote host. However, the administrator must avoid performing an intrusive scan that could disrupt network services. Which of the following commands should the administrator run to best meet these requirements?
nmap -A target_host
nmap -sT --top-ports=10 target_host
nmap --top-ports=100 -sV target_host
nmap -sV --version-light target_host
Answer Description
The correct answer is nmap -sV --version-light target_host
because this command line option tells Nmap to perform a service/version detection scan (-sV
) using a light intensity, which is less intrusive and less likely to cause disruptions (--version-light
). On the other hand, -sT
performs a Connect scan that could potentially be more disruptive by completing the TCP three-way handshake; -A
aggressively performs OS detection, script scanning, and traceroute, which is more intrusive; and --top-ports
does not specify the intensity for version scanning and is primarily used for scanning a certain number of the most common ports.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Nmap, and how is it used in network scanning?
What does the '-sV' option do in Nmap?
What is the difference between a light scan and a full scan in Nmap?
What operation should be periodically performed on a solid-state storage device to indicate which sectors are no longer in use?
Running a defragmentation program
Performing a surface scan
Conducting a sector-by-sector backup
Increasing the partition size
Executing a trim command
Answer Description
The operation, known as 'trim,' is crucial for solid-state storage devices. It marks sectors as no longer in use, which allows the device's controller to manage flash memory cells efficiently. This process avoids unnecessary write and erase cycles, thus maintaining optimal performance and extending the lifespan of the storage device. It is important to note that traditional defragmentation is not only unnecessary for these devices but also potentially harmful, as it increases write operations without any performance gain.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the trim command do specifically?
Why is defragmentation not recommended for SSDs?
How does the trim command extend the lifespan of SSDs?
A custom service runs a preparation script in ExecStart and a cleanup script in ExecStop. The preparation script exits with status code 2, so systemd marks the service as failed and skips cleanup on stop. Which setting added to the unit file will treat exit code 2 as normal and permit the cleanup script to run?
Restart=on-failure
Type=forking
SuccessExitStatus=2
ValidExitCodes=*
Answer Description
Systemd treats any exit code other than zero as failure by default, preventing ExecStop tasks from executing. The SuccessExitStatus directive overrides this by listing exit codes that indicate successful completion. Specifying ‘2’ lets systemd consider the startup step successful, so the service can be stopped cleanly and invoke ExecStop. Using Restart=on-failure would retry the service rather than adjust success criteria. Changing the Type does not redefine which exit codes are acceptable. ValidExitCodes is not a valid option.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the SuccessExitStatus directive in systemd?
How does the ExecStart and ExecStop work within a systemd service unit?
What happens if I set Restart=on-failure in a systemd service unit?
A Linux user is unable to write to a file named 'report.txt' located in a directory they own. Which of the following commands should the system administrator use to BEST resolve this issue?
chmod a+wx report.txt
chown :usergroup report.txt
chmod u+w report.txt
chmod 777 report.txt
Answer Description
The correct answer is 'chmod u+w report.txt', as the use of the 'chmod' command with the 'u+w' option grants the user (owner) of the file write permissions. This aligns most closely with the presented scenario, where a user is unable to write to their own file. The other options either set overly permissive rights, change group ownership which may not be needed, or use an invalid option.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the 'chmod' command do?
What do the options 'u', 'g', and 'o' in the 'chmod' command represent?
What are the risks of using 'chmod 777' on a file?
A Linux administrator is deploying an application on Kubernetes and needs to ensure that two containers (a web server and a caching service) share the same network and storage resources. Which of the following is the BEST option to achieve this requirement?
Launch separate pods for each container and use a service to link them
Use a DaemonSet to ensure that both containers run on each node in the cluster
Create a new Kubernetes service to facilitate communication between two standalone pods
Deploy both containers within a single pod
Answer Description
The correct answer is 'Deploy both containers within a single pod'. In Kubernetes, a Pod represents one or more containers that should be run together. Containers within the same pod share the same IP address, network, and storage resources, which means they can communicate with each other using 'localhost' and can access shared volumes. This is the exact scenario described, making it the ideal solution. The other options do not correctly represent how containers are co-located to share resources in the Kubernetes context. Creating separate pods for each container would not allow them to share network and storage resources directly. Configuring a service or deploying a DaemonSet would not target the issue at hand, which is the shared network and storage for closely related containers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a pod in Kubernetes?
How do containers in the same pod communicate?
What are the advantages of using a pod for related containers?
A company is planning to streamline their employee's access to multiple internal and external web applications to improve productivity and security. They want their employees to only log in once each day and gain access to all authorized resources without the need to sign in multiple times. Which solution should be implemented to achieve this requirement?
Implement Pluggable Authentication Modules (PAM) on all servers
Distribute SSH keys to all users
Establish centralized user management
Implement an SSO solution
Answer Description
The correct answer is Implement an SSO solution because SSO is the process that allows network users to provide their credentials just once to gain access to multiple applications and services. Implementing an SSO solution simplifies the user experience by requiring only one set of login credentials, reducing password fatigue and decreasing the chance of a security breach due to weak user credentials. On the other hand, SSH keys are primarily used for secure remote login from one computer to another and not for SSO across multiple web applications. Centralized user management is used to manage user accounts and permissions from a single location, which is not specific to the single authentication process required by SSO. Lastly, implementing PAM does not directly provide SSO capabilities, as PAM is used for implementing flexible authentication mechanisms for local system access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SSO and how does it work?
What are the security benefits of implementing SSO?
What technologies or protocols are commonly used in SSO implementations?
An organization requires a data storage solution using multiple disks. The solution must ensure continuous data availability even if two disks fail concurrently. Which configuration should be utilized to fulfill this requirement?
Striped set without redundancy
Mirrored set across two or more disks without parity
Striped mirrors with single-level parity
Dual parity configuration (capable of handling two simultaneous disk failures)
Answer Description
The appropriate configuration for this scenario is RAID 6, which uses dual parity, allowing the array to operate even if two disks fail at the same time. RAID 5 uses single parity and can only survive the loss of one disk, which does not meet the criteria of the scenario. RAID 0 has no redundancy and therefore provides no fault tolerance. RAID 10 can sustain multiple drive losses but only if they are not part of the same mirrored set, thus there's a risk if two specific disks fail.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is RAID 6 and how does it work?
What is the difference between RAID 5 and RAID 6?
What are the other RAID levels and their purposes?
A system administrator needs to create a compressed backup of the /var/log
directory. Which command should they use to create a gzip-compressed archive file named log_backup.tar.gz
?
tar -xvf log_backup.tar.gz /var/log
tar -tzvf log_backup.tar.gz /var/log
tar -cvf log_backup.tar.gz /var/log
tar -czvf log_backup.tar.gz /var/log
Answer Description
The correct answer is tar -czvf log_backup.tar.gz /var/log
because the options -c
create a new archive, -z
filter the archive through gzip for compression, -v
produce verbose output, showing all processed files, and -f
specify the filename of the archive. The incorrect options either do not specify gzip compression, which is required to produce a .gz
file, or use options that perform actions other than creating an archive, such as extracting files or listing the contents of an archive.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What do the options -c, -z, -v, and -f mean in the tar command?
What is the difference between -x, -t, and -c options in the tar command?
Why is gzip compression important in creating backups?
A system administrator compiles a custom version of an essential shared library required by commands in /bin and /sbin. After installation, those commands fail to run before the root filesystem is fully mounted. Which directory should the administrator install the new library in to make it available during early boot?
/usr/local/lib
/lib
/usr/lib
/lib64
Answer Description
The directory designated for essential shared libraries used by programs in /bin and /sbin is /lib. Libraries placed here are available before the root filesystem is mounted. The /usr/lib directory holds noncritical libraries for applications under /usr, which may not be accessible during early boot. The /usr/local/lib directory is for locally installed software and may also reside on a mount that isn’t available at boot. The /lib64 directory is used on 64-bit multiarch systems, but on a single-architecture 64-bit installation, /lib often symlinks to /lib64; however, the standardized path for essential libraries remains /lib.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of libraries are stored in /lib and why are they important during boot?
Why is /usr/lib not suitable for early boot operations?
What is the difference between /lib and /lib64?
A system administrator has been alerted to slow performance on a virtualized Linux server. After checking various system metrics, the administrator finds that a significant amount of processor time is categorized under 'st' when inspecting resource usage with monitoring tools. What does this category represent?
The period during which the system is idle and waiting for user interaction
Duration dedicated to running the kernel and its associated processes
Time allocated by the hypervisor to other virtual processors
Time reserved for low-priority background tasks within the system
This is the time spent performing calculations for user-initiated processes
Time spent processing input/output operations waiting for external devices
Answer Description
'st', or 'steal' time, is an important metric particularly in virtualized environments. It indicates the amount of time that the virtual processor wanted to execute, but the hypervisor allocated that time to another virtual processor. A high 'steal' time can be a sign of the virtualized server not getting enough processing power because the physical host's resources are heavily used by other virtual machines.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is 'steal' time in virtualization?
How can I reduce 'steal' time on a virtualized Linux server?
What tools can I use to monitor 'steal' time?
In the scenario where a Linux system has multiple services running, which of the following actions is the BEST practice to secure the corresponding service accounts?
Configuring PAM modules to limit the access times for service accounts.
Changing the default shell of the service accounts to
/bin/nologin
.Setting a strong, unique password for each service account.
Changing the home directory permissions of service accounts to 700.
Answer Description
Setting a strong, unique password for service accounts is essential as it ensures that each service has its distinct access credentials, which can prevent unauthorized access if one service is compromised. Locking service accounts with shell access adds an additional layer of security. Disabling login capabilities entirely for service accounts is the most secure practice because it mitigates the risk of these accounts being used to gain unauthorized system access. While changing the default shell to /bin/false
or nologin
reduces the functionality of the account for interactive use, it does not prevent the account from executing its service-related tasks. The reason this is the best practice is that it does not rely on password strength or the potential for a password to be compromised, as it altogether disables the ability for the service account to be used for direct logins. Service accounts should not be used for interactive logins, and their purpose is to run the corresponding service. Changing the home directory permissions and using PAM modules are also good security practices, but they do not restrict login capabilities as effectively as setting the shell to nologin
.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are service accounts in Linux?
What does changing the shell to `/bin/nologin` do?
Why is it important to set strong, unique passwords for service accounts?
A directory named 'data_backup' contains multiple files and subdirectories. How would an administrator remove the entire directory and its contents without being prompted for each file or directory?
rm data_backup
rmdir data_backup
rm -rf data_backup
rm -i data_backup
Answer Description
The correct answer is rm -rf data_backup
. The -r
option stands for 'recursive' and is necessary to delete directories and their contents. The -f
option stands for 'force', which prevents the command from prompting for confirmation. This combination is powerful and should be used with caution to avoid accidental data loss. rm data_backup
is not correct because it will only work on individual files and will fail on directories. rmdir data_backup
only removes empty directories, and rm -i data_backup
will prompt for confirmation, which we want to avoid based on the question.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What do the -r and -f options in the 'rm' command mean?
Why is it important to use the 'rm -rf' command with caution?
What alternatives exist for safely removing files or directories?
Gnarly!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.