CompTIA Linux+ Practice Test (XK0-005)

The lvchange option '-a n' or '--alloc none' is used to change the allocation policy for a logical volume to 'none', preventing further extents from being allocated to the volume. This option would be used in advanced scenarios such as maintenance or to prevent changes to a volume while taking a snapshot. The other listed options do not relate to the allocation policy and serve different purposes within the lvchange command.

The correct command uses docker run to create and start the container. The -d flag runs the container in detached (background) mode. The --name flag assigns the required name stagedb. The -p 5432:5432 flag maps the host's port to the container's port. The --restart unless-stopped policy ensures the container will restart automatically with the Docker daemon (e.g., on host reboot) unless it was explicitly stopped.

• One incorrect command omits the -d and --restart flags, which means it would run in the foreground and would not be configured to restart on reboot.
• Another incorrect option uses docker start. This command is for restarting an existing, stopped container; it cannot be used to create a new container from an image or with creation-time flags like --name or -p.
• The final incorrect option includes the --rm flag, which automatically removes a container when it stops. This flag conflicts with any --restart policy and will cause the command to fail.

The if command is used to execute conditional statements in a shell script, allowing the script to branch and perform different actions based on whether specified conditions are true or not. The while command is used for loops that continue as long as the condition is true. for is also a looping command but iterates over a list of values. case is used for matching a variable against a series of patterns, not specifically for a conditional statement.

In shell scripting, the || operator is a logical OR. It creates a conditional execution chain where the command on the right is executed only if the command on the left fails, returning a non-zero exit status. A successful ping command returns an exit status of 0. If the ping command cannot reach the host, it will fail and return a non-zero exit status, which then triggers the echo command to execute.

The correct answer is df -h > /dev/null. The > operator redirects the standard output (STDOUT) to the specified file, in this case, /dev/null. The /dev/null device is a special file that discards all data written to it, effectively silencing any output that would normally be sent to the terminal. Incorrect answers involve the use of 2> /dev/null which would only redirect standard error (STDERR) and &> /dev/null which is not as commonly used or may not be the intended operation since it redirects both STDOUT and STDERR.

Using apt install with a file path causes apt to unpack the local .deb and resolve missing dependencies by downloading them from enabled sources. The dpkg --install command only unpacks and configures the package without fetching prerequisites. The apt-get install approach treats the argument as a package name rather than a file, and forcing dpkg dependencies skips checks instead of retrieving missing packages.

The correct command is firewall-cmd --permanent --add-port=8443/tcp && firewall-cmd --reload. This command first makes a permanent change to the firewall rules to allow traffic on port 8443, which is where the web server is now listening for secure traffic, and then reloads the firewall to apply the changes immediately without affecting other services or requiring a system reboot. firewall-cmd --permanent --add-service=https is not correct in this context because the web server is using a non-standard port, not the default port for HTTPS (443). Similarly, firewall-cmd --permanent --zone=public --add-port=443/tcp is incorrect as it opens the default HTTPS port, not the non-standard one in use. iptables -I INPUT -p tcp --dport 8443 -j ACCEPT && service iptables save would apply the rule without making it permanent across reboots because the service iptables save command is specific to certain Linux distributions that use the service management utility and not a standard way to persist firewall rules.

The correct answer is 'noatime'. This mount option disables the updating of access times on files when they are read, which can improve performance, especially on frequently accessed filesystems. The 'relatime' option updates access times only if the previous access time was earlier than the current modify or change time. 'sync' and 'dirsync' are not directly related to file access time updates; 'sync' makes all writes synchronous, and 'dirsync' ensures directory changes are written synchronously, but neither disables the update of access times.

The private key is used to decrypt data encrypted with the corresponding public key and to create digital signatures. It must be kept secure and confidential to ensure the integrity of the encryption and the authenticity of the data being signed. Sharing the private key compromises the security of the PKI system.

Using a single at-sign (@) before the destination tells rsyslog to send the selected messages over UDP. The selector . matches every facility and every priority, so the line . @192.168.150.50 forwards all logs to that host on the default UDP port 514. A double at-sign (@@) would switch the transport to TCP, while > is shell redirection and # begins a comment, so those lines would not achieve the stated goal.

The host network mode allows a container to share the host's networking namespace directly. This eliminates the overhead of network address translation (NAT) and allows the container to bind to ports on the host's IP address as if it were a native process, which can improve performance. The bridge network mode creates an isolated network for containers and requires port mapping to expose services. The overlay network is designed to connect containers across multiple Docker hosts. The none network mode disables all networking for the container.

The command docker run is used to create a new container instance from a specified image and start the container immediately. If the image is not available locally, it will be pulled from the container registry. docker create only creates the container without starting it, which requires a separate docker start command to run the container. docker build is used to create an image from a Dockerfile, not to start a container. docker commit creates a new image from a container's changes.

A high count of discarded packets is typically indicative of a duplex mismatch issue, where there is a configuration inconsistency between how the installed network adapter and the corresponding switch port manage data transmission. This would result in data collision and packet loss. A speed mismatch can also cause performance problems, but it doesn't typically increase the rate of discarded packets. Damaged cables may lead to packet loss, but this is less likely in a new installation where the adapter settings are a common concern. Incorrectly assigned network configurations could interfere with connectivity but generally do not lead directly to increased packet loss.

Adding the -e option to the built-in that writes to standard output enables interpretation of backslash escape sequences, turning \n into a real newline. The -n option suppresses the trailing newline instead of interpreting escapes. Wrapping the string in single quotes prevents escape processing entirely. Redirecting via a here‐document delivers the literal content without interpreting backslashes.

/dev/null is the null device. Any data written to it is immediately discarded; the kernel simply reports a successful write operation. Nothing is stored, and attempting to read the data back is impossible-it behaves as an empty file and returns EOF instantly. This makes /dev/null useful for silencing unwanted command output, unlike the other options, which describe behaviors the null device does not provide.

The passwd -u command removes the lock flag set by passwd -l, re-enabling password-based authentication. Using usermod -L applies a lock rather than removing one, chage -E changes expiration dates instead of lock state, and passwd -d deletes the password, leaving the account without a password and not addressing the lock flag.

The correct answer is nmap <target> because Nmap is a network scanning tool, and the most basic usage involves executing nmap followed by the specification of the target, which can be an IP address or hostname. This command will initiate a simple scan to find open ports on the target. Other options like -A and -sV add extra functionality, such as OS detection and service version detection, which is not required for a basic port scan. The --top-ports option specifies that only a certain number of the most common ports should be scanned, not all ports, which would be the default for a basic scan without additional arguments.

The correct option is read -p "Enter the file name: " file; IFS= read -r line < "$file". This approach is the most efficient. The read -p command prompts the user and captures the file name. Then, IFS= read -r line < "$file" uses the shell's built-in read command with input redirection (<). This method is highly efficient because it reads only the first line from the file without starting external processes. Using IFS= prevents trimming of leading/trailing whitespace, and -r prevents backslash interpretation.

The option using cat $file | head -n 1 works, but it is less efficient as it creates two external processes (cat and head) and a pipe.

The option with <<< $(cat $file) is also inefficient because it uses an unnecessary cat process and reads the entire file's content into a temporary string before read processes it.

The option using <<< "$file" is incorrect. A here-string (<<<) provides the literal string that follows it as standard input; it does not read from a file path. This command would cause the variable line to contain the file's name, not its content.

Specifying WantedBy=timers.target in the [Install] section links the timer unit into the correct target for timer activation. The multi-user.target is not processed by the timer management system. Adding Persistent=true only affects missed events, not initial activation. DefaultDependencies=no breaks essential ordering and dependency logic. Leaving WantedBy as multi-user.target registers the unit in the wrong target.

The ExecStopPost directive is executed after systemd has terminated the main process and completed the shutdown sequence, making it the appropriate choice for cleanup. ExecStartPre runs before the daemon starts, ExecStartPost executes immediately after startup, and ExecReload applies only when reloading the service.