Scroll down to see your responses and detailed results
Prepare for the CompTIA Linux+ XK0-005 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
An administrator in your organization is concerned about performance issues and believes that Security-Enhanced Linux (SELinux) may be impacting the system's performance negatively. The admin has decided to completely disable SELinux to test this theory. After changing the SELinux mode to 'disabled' and rebooting the system, what long-term security implications should the administrator be made aware of?
The system will rely solely on traditional Unix/Linux permissions, leading to potential security vulnerabilities.
SELinux can be re-enabled without rebooting, thus no long-term security implications exist.
SELinux will automatically re-enable after an update, minimizing long-term security risks.
The system performance will improve without any negative security implications since file permissions and ACLs continue to protect the system.
Disabling SELinux entirely can expose the system to vulnerabilities and security threats that SELinux would ordinarily mitigate. SELinux provides a layer of security by enforcing access control policies that are not managed by traditional Unix/Linux permissions. When disabled, these policies do not apply, leaving the system susceptible to unauthorized access and potential exploits. The administrator should be aware of the increased risk and consider alternative methods for diagnosing performance issues, such as permissive mode, without compromising on security.
Which lvchange option is used to prevent allocation of physical extents to a logical volume?
-r or --resizefs
-a n or --alloc none
-l +100%FREE
-an or --activate no
The lvchange option '-a n' or '--alloc none' is used to change the allocation policy for a logical volume to 'none', preventing further extents from being allocated to the volume. This option would be used in advanced scenarios such as maintenance or to prevent changes to a volume while taking a snapshot. The other listed options do not relate to the allocation policy and serve different purposes within the lvchange command.
A Linux administrator needs to grant a user named 'jane' write access to a file called 'data.log', which is currently only accessible by its owner 'john'. The file should not have its existing permissions altered for any other user or group. Which of the following commands would correctly grant 'jane' the required access?
chmod +w data.log
chown jane data.log
setfacl -m u:jane:rwx data.log
setfacl -m o:w data.log
chmod u+w data.log
setfacl -m u:jane:w data.log
The correct answer is setfacl -m u:jane:w data.log
because the setfacl
command is used to set Access Control Lists, and -m
is used to modify the ACL by adding a new rule. The rule u:jane:w
specifies that the user 'jane' is given write (w
) access. Using ACLs allows for extending the permission set beyond the traditional owner, group, and others model.
You are maintaining a script that updates system packages and restarts a critical service afterward, but only if the update succeeds. Which line of code correctly implements this behavior?
yum update -y & service httpd restart
yum update -y ; service httpd restart
yum update -y && service httpd restart
yum update -y || service httpd restart
The use of &&
ensures that the subsequent command (service httpd restart) is executed only if the preceding command (yum update -y) completes successfully with an exit status of 0. Using ;
does not check the success of the previous command. Using ||
only executes the subsequent command if the preceding one fails. Using &
will put the first command in the background and immediately run the second one regardless of the first one's result.
A system administrator needs to create a compressed backup of the /var/log
directory. Which command should they use to create a gzip-compressed archive file named log_backup.tar.gz
?
tar -cvf log_backup.tar.gz /var/log
tar -xvf log_backup.tar.gz /var/log
tar -tzvf log_backup.tar.gz /var/log
tar -czvf log_backup.tar.gz /var/log
The correct answer is tar -czvf log_backup.tar.gz /var/log
because the options -c
create a new archive, -z
filter the archive through gzip for compression, -v
produce verbose output, showing all processed files, and -f
specify the filename of the archive. The incorrect options either do not specify gzip compression, which is required to produce a .gz
file, or use options that perform actions other than creating an archive, such as extracting files or listing the contents of an archive.
A system administrator needs to find occurrences of the word 'refused' in the 'auth.log' file, which indicates failed SSH login attempts, and then count how many times this occurs. Which command will provide the accurate count?
grep -v 'refused' /var/log/auth.log | wc -l
grep -c 'refused' /var/log/auth.log
grep 'refused' /var/log/auth.log | wc -l
grep 'refused' /var/log/auth.log -c
The correct answer is grep -c 'refused' /var/log/auth.log
because the -c
option in the grep command provides a count of matching lines that contain the pattern specified. In this scenario, it counts the number of lines that have the word 'refused', giving an indication of the number of failed SSH login attempts logged in the 'auth.log' file. The options that include piping with the wc -l
command are incorrect because when used with grep's -c
option, they are redundant and unnecessarily complicate the command. The option that includes -v
is incorrect because this inverts the match and would count all lines that do not contain the word 'refused'.
A Linux server with sufficient swap space will never encounter an Out of Memory condition.
True
False
The statement is false because even if a server has sufficient swap space, it can still encounter Out of Memory conditions. Swap space acts as an overflow for when the physical memory (RAM) is fully utilized, and it allows the system to continue running by temporarily moving some memory pages to disk. However, swap space is significantly slower than RAM, and if the system is under heavy memory pressure, where even the swap space is entirely used, it may still trigger the OOM killer to terminate processes to free up memory. Additionally, certain situations, such as kernel memory allocation requests that cannot be swapped out, may also lead to OOM conditions regardless of the available swap.
An administrator is attempting to run a graphical network configuration tool with elevated privileges on a desktop Linux system that uses PolicyKit. The administrator needs to ensure that the proper policy rules are respected, and that any authorization prompts are presented graphically. Which command should the administrator use to execute the network configuration tool?
pexec network-configuration-tool
pkexec network-configuration-tool
polkit network-configuration-tool
sudo network-configuration-tool
The correct answer is 'pkexec network-configuration-tool', as pkexec
allows an authorized user to execute programs with the security privileges of another user (normally the superuser) by respecting policy definitions. Unlike sudo
, pkexec
will show a graphical authentication dialog if the session indicates it's graphical; sudo
does not provide this and is traditionally used in a terminal. polkit
is not a command; it's the toolkit to which pkexec
belongs. The pexec
command does not exist, and sudo
will not provide a graphical dialog.
A system administrator is setting up a new web server that requires encrypted data transfer. Which of the following would be the best to implement on the server to enable HTTPS communication?
A wildcard certificate
A self-signed certificate
An SSL/TLS certificate
A digital signature
A Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificate is required to establish a secure connection between a web server and a client using the HTTPS protocol. This certificate ensures that the data transferred is encrypted and the server's authenticity is validated by a Certificate Authority (CA). A self-signed certificate provides encryption but does not offer third-party validation of the server's identity and can cause trust issues with clients' browsers. A digital signature is used to verify that data has not been altered during transfer but does not by itself enable encrypted communications. A wildcard certificate is used to secure multiple subdomains but still requires the SSL/TLS protocol to function for secure communications.
When a container is set to use the host networking mode, it will share the networking namespace with the host machine allowing the container to listen on the host's IP address.
True
False
Using the host networking mode means that the container shares the host's networking namespace. This allows the container to bind ports directly to the host's IP address. It's crucial for certain applications that require direct visibility from external networks without network address translation (NAT). Other answers might seem correct, but they do not accurately describe the behavior of containers in host network mode.
What is the primary purpose of using the mv command in a Linux environment?
Changing file permissions
Creating a duplicate of a file
Copying files to a new directory
Moving and renaming files and directories
The mv command is used primarily to move files and directories from one location to another or to rename them. It's an essential command for managing the filesystem structure. It does not actually copy the file content to a new location but rather changes the file's index node (inode) information in the filesystem's table to reflect the new location or name. This is why the correct answer is 'Moving and renaming files and directories', as it accurately describes the action performed by the mv command. The options 'Copying files to a new directory' and 'Creating a duplicate of a file' suggest replicating the file's content, which is not the behavior of mv; for those purposes, the cp command would be used. Lastly, 'Changing file permissions' is an operation performed by the chmod command, not mv.
A system administrator needs to write a shell script that will output 'Large file detected' if a specified file size exceeds 1024 kilobytes. Which of the following shell script code blocks is the BEST to accomplish this?
if [ $(stat -c%s "file.txt") -gt 1024 ]; then echo 'Large file detected'; fi
if [ $(stat -c%s "file.txt") -gt 1048576 ]; then echo 'Large file detected'; fi
if [[ $(stat -c%s "file.txt") -gt 1024 ]]; then echo 'Large file detected'; fi
if [ $(stat -c%s "file.txt") / 1024 -gt 1024 ]; then echo 'Large file detected'; fi
The correct code block uses the -gt
operator to check if the file size is greater than 1024 kilobytes. Remember that stat -c%s filename
retrieves the file size in bytes, so you must divide by 1024 to convert bytes to kilobytes. The if
statement then evaluates this condition and prints 'Large file detected' if the condition is true. Other comparisons or the lack of size conversion can result in incorrect behavior or syntax errors.
Which command utility can be used to search for and replace patterns within a file, and it requires no additional scripting or programming?
tail
sed
awk
grep
The sed
utility, short for stream editor, is designed to filter and transform text. It is used on the command line and within scripts for pattern matching and substitution, making it an ideal tool for search and replace operations within files without the need for writing complex scripts or programs. The other choices do not match the specific utility that directly performs search and replace operations on a file.
Using the groupadd
command with the -r
option creates a system group.
True
False
The -r
option with the groupadd
command is used for creating a system group. A system group is typically used for running system services and system users; it is not intended for login users. Therefore, it's important for administrators to understand and use this option appropriately in the context of system security and user management.
To create a new archive with cpio
, which of the following commands would you use, given that you have a list of files to archive from a file called 'filelist.txt'?
cpio -o < filelist.txt
cpio -ov < filelist.txt > archive.cpio
tar -cf filelist.txt archive.cpio
cpio -iv < filelist.txt > archive.cpio
The command cpio -ov < filelist.txt > archive.cpio
is correct for creating a new archive named archive.cpio
using the list of files contained in filelist.txt
. The -o
option is used with cpio
to specify that files are being copied out into an archive, and the -v
option is for verbose output, listing files as they are archived.
Looks like thats it! You can go back and review your answers or click the button below to grade your test.
Join premium for unlimited access and more features