CompTIA Linux+ Practice Test (XK0-005)
Use the form below to configure your CompTIA Linux+ Practice Test (XK0-005). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA Linux+ XK0-005 (v7) Information
CompTIA Linux+ (XK0-005) Exam
The CompTIA Linux+ (XK0-005) certification is designed for IT professionals who work with Linux systems. It validates skills in system administration, security, scripting, and troubleshooting. This certification is vendor-neutral, covering multiple distributions such as Ubuntu, CentOS, and Red Hat.
Exam Overview
The XK0-005 exam consists of a maximum of 90 questions, including multiple-choice and performance-based questions. Candidates have 90 minutes to complete the test. The exam costs $358 USD. A passing score is 720 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.
Exam Content
The XK0-005 exam focuses on five main domains: system management, security, scripting and automation, troubleshooting, and Linux fundamentals. System management includes package management, system monitoring, and user administration. Security covers permissions, authentication, and encryption. Scripting and automation focus on Bash scripting and task automation. Troubleshooting tests problem-solving skills for system failures and performance issues. Linux fundamentals include file system hierarchy, networking, and command-line operations.
Who Should Take This Exam?
The CompTIA Linux+ certification is ideal for system administrators, Linux support technicians, and DevOps professionals. It is recommended for individuals with at least one year of Linux experience. This certification is beneficial for IT professionals working with servers, cloud infrastructure, and cybersecurity.
How to Prepare
Candidates should review the official CompTIA Linux+ Exam Objectives and study materials provided by CompTIA. Hands-on experience with Linux systems is essential. Practice exams can help assess readiness and identify weak areas. Using Linux in a lab or virtual environment can provide practical experience with commands, system configuration, and troubleshooting.
Summary
The CompTIA Linux+ (XK0-005) certification is a valuable credential for IT professionals working with Linux systems. It validates essential skills in system administration, security, and automation. This certification is ideal for those managing Linux-based environments in IT infrastructure, cybersecurity, and cloud computing.
Free CompTIA Linux+ XK0-005 (v7) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:System ManagementSecurityScripting, Containers, and AutomationTroubleshooting
Which lvchange option is used to prevent allocation of physical extents to a logical volume?
-r or --resizefs
-an or --activate no
-l +100%FREE
-a n or --alloc none
Answer Description
The lvchange option '-a n' or '--alloc none' is used to change the allocation policy for a logical volume to 'none', preventing further extents from being allocated to the volume. This option would be used in advanced scenarios such as maintenance or to prevent changes to a volume while taking a snapshot. The other listed options do not relate to the allocation policy and serve different purposes within the lvchange command.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a logical volume in Linux?
How does the '--alloc none' option specifically prevent changes to a logical volume?
What are physical extents in LVM?
A staging server needs to run a database from a prebuilt container image. The service must operate in the background, listen on host port 5432, use the name stagedb, and restart automatically on host reboot. Which command fulfills these requirements?
docker run --name stagedb -p 5432:5432 postgres:13
docker run -d --rm --name stagedb -p 5432:5432 --restart unless-stopped postgres:13
docker start -d --name stagedb -p 5432:5432 postgres:13
docker run -d --name stagedb -p 5432:5432 --restart unless-stopped postgres:13
Answer Description
The correct command uses docker run
to create and start the container. The -d
flag runs the container in detached (background) mode. The --name
flag assigns the required name stagedb
. The -p 5432:5432
flag maps the host's port to the container's port. The --restart unless-stopped
policy ensures the container will restart automatically with the Docker daemon (e.g., on host reboot) unless it was explicitly stopped.
- One incorrect command omits the
-d
and--restart
flags, which means it would run in the foreground and would not be configured to restart on reboot. - Another incorrect option uses
docker start
. This command is for restarting an existing, stopped container; it cannot be used to create a new container from an image or with creation-time flags like--name
or-p
. - The final incorrect option includes the
--rm
flag, which automatically removes a container when it stops. This flag conflicts with any--restart
policy and will cause the command to fail.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `-d` flag in the `docker run` command do?
Why is the `--restart unless-stopped` flag important in the `docker run` command?
How does the `-p 5432:5432` option work in the `docker run` command?
What command is used in a shell script to perform actions based on whether a particular condition is met or not?
case
while
if
for
Answer Description
The if
command is used to execute conditional statements in a shell script, allowing the script to branch and perform different actions based on whether specified conditions are true or not. The while
command is used for loops that continue as long as the condition is true. for
is also a looping command but iterates over a list of values. case
is used for matching a variable against a series of patterns, not specifically for a conditional statement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the syntax of an `if` statement in a shell script?
How does the `if` command differ from the `case` command in a shell script?
What types of conditions can be used with the `if` statement?
A Linux administrator runs the command ping -c 1 192.168.1.255 || echo "Host is not responding."
. Under which of the following conditions will the message "Host is not responding." be displayed on the terminal?
The message will never be displayed because of a syntax error.
Only if the
ping
command successfully reaches the host.Only if the
ping
command fails to reach the host.The message will always be displayed, regardless of the
ping
result.
Answer Description
In shell scripting, the ||
operator is a logical OR. It creates a conditional execution chain where the command on the right is executed only if the command on the left fails, returning a non-zero exit status. A successful ping
command returns an exit status of 0. If the ping
command cannot reach the host, it will fail and return a non-zero exit status, which then triggers the echo
command to execute.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `||` operator do in Linux shell scripting?
What does the exit status of a command represent?
Why would `ping -c 1` fail to reach a host?
A system administrator is writing a shell script that periodically checks the disk space usage on a Linux server. To ensure that the output of the disk check does not flood the terminal or logs when running the script via a cron job, the administrator wants to discard the standard output. Which command redirection to /dev/null
achieves this purpose?
df -h | /dev/null
df -h &> /dev/null
df -h > /dev/null
df -h 2> /dev/null
Answer Description
The correct answer is df -h > /dev/null
. The >
operator redirects the standard output (STDOUT) to the specified file, in this case, /dev/null
. The /dev/null
device is a special file that discards all data written to it, effectively silencing any output that would normally be sent to the terminal. Incorrect answers involve the use of 2> /dev/null
which would only redirect standard error (STDERR) and &> /dev/null
which is not as commonly used or may not be the intended operation since it redirects both STDOUT and STDERR.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of /dev/null in Linux?
What are the differences between >, 2>, and &> operators for redirection?
Why is &> /dev/null not recommended in this case?
You download a custom .deb file and run dpkg --install package.deb, but the operation fails because other packages are not present. Which command will install this file and pull in any needed components from your configured repositories?
apt install ./package.deb
dpkg --force-depends package.deb
dpkg --install package.deb
apt-get install package.deb
Answer Description
Using apt install with a file path causes apt to unpack the local .deb and resolve missing dependencies by downloading them from enabled sources. The dpkg --install command only unpacks and configures the package without fetching prerequisites. The apt-get install approach treats the argument as a package name rather than a file, and forcing dpkg dependencies skips checks instead of retrieving missing packages.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does apt install resolve missing dependencies while dpkg does not?
What is the difference between apt and apt-get for installing packages?
What does --force-depends do in dpkg, and why is it not recommended?
A Linux system administrator needs to modify the firewall settings to allow access to a web server service that has been recently configured to listen on a non-standard port, 8443 for secure traffic. Simultaneously, they must ensure that other services remain unaffected by this firewall change. To apply this change immediately and make it permanent for subsequent system reboots, which of the following commands should the administrator execute?
firewall-cmd --permanent --zone=public --add-port=443/tcp
firewall-cmd --permanent --add-port=8443/tcp && firewall-cmd --reload
iptables -I INPUT -p tcp --dport 8443 -j ACCEPT && service iptables save
firewall-cmd --permanent --add-service=https
Answer Description
The correct command is firewall-cmd --permanent --add-port=8443/tcp && firewall-cmd --reload
. This command first makes a permanent change to the firewall rules to allow traffic on port 8443, which is where the web server is now listening for secure traffic, and then reloads the firewall to apply the changes immediately without affecting other services or requiring a system reboot. firewall-cmd --permanent --add-service=https
is not correct in this context because the web server is using a non-standard port, not the default port for HTTPS (443). Similarly, firewall-cmd --permanent --zone=public --add-port=443/tcp
is incorrect as it opens the default HTTPS port, not the non-standard one in use. iptables -I INPUT -p tcp --dport 8443 -j ACCEPT && service iptables save
would apply the rule without making it permanent across reboots because the service iptables save
command is specific to certain Linux distributions that use the service management utility and not a standard way to persist firewall rules.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the --permanent flag in firewall-cmd?
Why is --reload necessary after using firewall-cmd with --permanent?
How is firewall-cmd different from iptables?
An administrator notices that a recently mounted ext4 filesystem is not correctly recording the access times of files when they are read. The administrator suspects that a mount option may be causing this behavior. Which of the following mount options did the administrator most likely use when mounting the filesystem?
relatime
noatime
sync
dirsync
Answer Description
The correct answer is 'noatime'. This mount option disables the updating of access times on files when they are read, which can improve performance, especially on frequently accessed filesystems. The 'relatime' option updates access times only if the previous access time was earlier than the current modify or change time. 'sync' and 'dirsync' are not directly related to file access time updates; 'sync' makes all writes synchronous, and 'dirsync' ensures directory changes are written synchronously, but neither disables the update of access times.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the 'noatime' mount option do?
How does 'relatime' differ from 'noatime' in mounting filesystems?
What do the 'sync' and 'dirsync' mount options control?
What is the role of a private key in a public key infrastructure (PKI)?
It is used to decrypt data that has been encrypted with the corresponding public key and to create digital signatures.
It is distributed to the public for encrypting data intended for the key's owner.
It verifies the authenticity of digital certificates issued by the certificate authority.
It acts as a universally recognized identifier for the key's owner in all encrypted communications.
Answer Description
The private key is used to decrypt data encrypted with the corresponding public key and to create digital signatures. It must be kept secure and confidential to ensure the integrity of the encryption and the authenticity of the data being signed. Sharing the private key compromises the security of the PKI system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a private key differ from a public key in PKI?
What happens if a private key is compromised?
What is the role of digital signatures in PKI?
A Linux administrator must forward all syslog messages via UDP to a remote log server at IP address 192.168.150.50. Which line should be added to /etc/rsyslog.conf (legacy syntax) to meet this requirement?
. @@192.168.150.50
. >192.168.150.50
. #192.168.150.50
. @192.168.150.50
Answer Description
Using a single at-sign (@) before the destination tells rsyslog to send the selected messages over UDP. The selector . matches every facility and every priority, so the line . @192.168.150.50 forwards all logs to that host on the default UDP port 514. A double at-sign (@@) would switch the transport to TCP, while > is shell redirection and # begins a comment, so those lines would not achieve the stated goal.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between using '@' and '@@' in rsyslog.conf?
What role does the *.* selector play in rsyslog?
What is UDP port 514, and why is it the default for syslog?
A systems administrator needs to deploy a containerized application that requires high network performance and needs to bind directly to a port on the host machine, bypassing any network address translation (NAT). Which container network mode should the administrator use to achieve this?
none
bridge
overlay
host
Answer Description
The host
network mode allows a container to share the host's networking namespace directly. This eliminates the overhead of network address translation (NAT) and allows the container to bind to ports on the host's IP address as if it were a native process, which can improve performance. The bridge
network mode creates an isolated network for containers and requires port mapping to expose services. The overlay
network is designed to connect containers across multiple Docker hosts. The none
network mode disables all networking for the container.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary advantage of using host network mode in containers?
How does host network mode differ from bridge network mode?
When would using the overlay network mode be a better choice than host mode?
Which command would you use to create a new container from an existing image and start it immediately?
docker commit
docker run
docker build
docker create
Answer Description
The command docker run
is used to create a new container instance from a specified image and start the container immediately. If the image is not available locally, it will be pulled from the container registry. docker create
only creates the container without starting it, which requires a separate docker start
command to run the container. docker build
is used to create an image from a Dockerfile, not to start a container. docker commit
creates a new image from a container's changes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between `docker run` and `docker create`?
What is a Docker image, and how is it different from a container?
What happens if the image for `docker run` is not available locally?
After installing a new network adapter in a Linux server, users report sporadic and sluggish connections to hosted services. Upon inspecting the interface statistics, you notice an abnormally high count of discarded packets. Identifying the probable root cause of this issue is your next step. Which of the following should you investigate first?
Verify that the network configurations on the server are correctly assigned
Check for duplex mismatch between the network adapter and the corresponding switch configuration
Examine the physical cables for signs of damage or wear
Investigate a possible speed mismatch between the server's network adapter and the clients' adapters
Answer Description
A high count of discarded packets is typically indicative of a duplex mismatch issue, where there is a configuration inconsistency between how the installed network adapter and the corresponding switch port manage data transmission. This would result in data collision and packet loss. A speed mismatch can also cause performance problems, but it doesn't typically increase the rate of discarded packets. Damaged cables may lead to packet loss, but this is less likely in a new installation where the adapter settings are a common concern. Incorrectly assigned network configurations could interfere with connectivity but generally do not lead directly to increased packet loss.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a duplex mismatch?
How can you check and fix a duplex mismatch on a Linux server?
Why doesn’t a speed mismatch typically cause discarded packets?
A system administrator wrote a shell script to display a two‐line status message:
STATUS="Update complete\nReview logs for details"
echo "$STATUS"
When executed, the output shows the literal \n instead of splitting into two lines. Which modification ensures the backslash‐escaped sequence is rendered as an actual newline?
Include -e with the output command
Enclose the string in single quotes
Use a here‐document for the text block
Include -n with the output command
Answer Description
Adding the -e option to the built-in that writes to standard output enables interpretation of backslash escape sequences, turning \n into a real newline. The -n option suppresses the trailing newline instead of interpreting escapes. Wrapping the string in single quotes prevents escape processing entirely. Redirecting via a here‐document delivers the literal content without interpreting backslashes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the -e option do in the echo command?
Why do single quotes disable escape sequence processing?
What is a here‐document, and why doesn't it process escape sequences?
In a Linux system, what is the effect of redirecting the output of a command to /dev/null (for example, mycommand > /dev/null
)?
The data is compressed and stored in a temporary buffer for later retrieval.
The data is encrypted and saved in the user's home directory.
The data is mirrored to the system console while also remaining available in the file.
The data is discarded permanently; the write appears to succeed but nothing is stored.
Answer Description
/dev/null is the null device. Any data written to it is immediately discarded; the kernel simply reports a successful write operation. Nothing is stored, and attempting to read the data back is impossible-it behaves as an empty file and returns EOF instantly. This makes /dev/null useful for silencing unwanted command output, unlike the other options, which describe behaviors the null device does not provide.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is /dev/null in Linux?
Why would you redirect output to /dev/null in Linux?
What is the difference between `> /dev/null` and `2> /dev/null`?
An employee reports they cannot log in because their account has been locked after multiple unsuccessful password attempts. Which command will restore access by reversing the lock state on their account?
passwd -u alice
passwd -d alice
chage -E 0 alice
usermod -L alice
Answer Description
The passwd -u command removes the lock flag set by passwd -l, re-enabling password-based authentication. Using usermod -L applies a lock rather than removing one, chage -E changes expiration dates instead of lock state, and passwd -d deletes the password, leaving the account without a password and not addressing the lock flag.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the 'passwd -u' command do?
What is the difference between 'passwd -u' and 'usermod -L'?
How does 'chage -E' differ from 'passwd -u'?
What command would be used to perform a basic scan of a target system's open ports using Nmap?
nmap --top-ports 10
nmap
nmap -sV
nmap -A
Answer Description
The correct answer is nmap <target>
because Nmap is a network scanning tool, and the most basic usage involves executing nmap
followed by the specification of the target, which can be an IP address or hostname. This command will initiate a simple scan to find open ports on the target. Other options like -A
and -sV
add extra functionality, such as OS detection and service version detection, which is not required for a basic port scan. The --top-ports
option specifies that only a certain number of the most common ports should be scanned, not all ports, which would be the default for a basic scan without additional arguments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of Nmap in network scanning?
What is the difference between a basic scan and using the `-A` or `-sV` options in Nmap?
What does the `--top-ports` option do in an Nmap scan?
A system administrator is writing a shell script that must prompt a user for a file name and then efficiently read only the first line of that file into a variable. Which of the following commands is the most efficient and idiomatic method to achieve this in Bash?
read -p "Enter the file name: " file; IFS= read -r line < "$file"
read -p "Enter the file name: " file; IFS= read -r line <<< $(cat "$file")
read -p "Enter the file name: " file; IFS= read -r line <<< "$file"
read -p "Enter the file name: " file; line=$(cat "$file" | head -n 1)
Answer Description
The correct option is read -p "Enter the file name: " file; IFS= read -r line < "$file"
. This approach is the most efficient. The read -p
command prompts the user and captures the file name. Then, IFS= read -r line < "$file"
uses the shell's built-in read
command with input redirection (<
). This method is highly efficient because it reads only the first line from the file without starting external processes. Using IFS=
prevents trimming of leading/trailing whitespace, and -r
prevents backslash interpretation.
The option using cat $file | head -n 1
works, but it is less efficient as it creates two external processes (cat
and head
) and a pipe.
The option with <<< $(cat $file)
is also inefficient because it uses an unnecessary cat
process and reads the entire file's content into a temporary string before read
processes it.
The option using <<< "$file"
is incorrect. A here-string (<<<
) provides the literal string that follows it as standard input; it does not read from a file path. This command would cause the variable line
to contain the file's name, not its content.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does `IFS=` do in the Bash script?
Why is the `-r` option used with the `read` command?
Why is input redirection (`<`) more efficient than using `cat`?
A system administrator created a timer unit named backup.timer in /etc/systemd/system with the following sections:
[Unit]
Description=Run backup script after boot
[Timer]
OnBootSec=5min
[Install]
WantedBy=multi-user.target
After running systemctl daemon-reload, enabling backup.timer, and rebooting, the backup.service did not run 5 minutes after boot. What modification ensures the timer starts and triggers as intended?
Set DefaultDependencies=no in [Install]
Change WantedBy in [Install] to timers.target
Add Persistent=true under [Timer]
None of the options
Answer Description
Specifying WantedBy=timers.target in the [Install] section links the timer unit into the correct target for timer activation. The multi-user.target is not processed by the timer management system. Adding Persistent=true only affects missed events, not initial activation. DefaultDependencies=no breaks essential ordering and dependency logic. Leaving WantedBy as multi-user.target registers the unit in the wrong target.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of timers.target in systemd?
What does Persistent=true do in a systemd timer unit?
Why does DefaultDependencies=no break systemd unit logic?
A systemd unit must invoke a shell script once the daemon’s main process exits and its shutdown sequence has finished. Which [Service] directive specifies this script?
ExecStopPost=/usr/local/bin/cleanup.sh
ExecReload=/usr/local/bin/cleanup.sh
ExecStartPre=/usr/local/bin/cleanup.sh
ExecStartPost=/usr/local/bin/cleanup.sh
Answer Description
The ExecStopPost directive is executed after systemd has terminated the main process and completed the shutdown sequence, making it the appropriate choice for cleanup. ExecStartPre runs before the daemon starts, ExecStartPost executes immediately after startup, and ExecReload applies only when reloading the service.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a systemd unit?
How is ExecStartPre different from ExecStopPost?
When should ExecReload be used?
Wow!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.