00:20:00

CompTIA Linux+ Practice Test (XK0-006)

Use the form below to configure your CompTIA Linux+ Practice Test (XK0-006). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

Logo for CompTIA Linux+ XK0-006 (V8)
Questions
Number of questions in the practice test
Free users are limited to 20 questions, upgrade to unlimited
Seconds Per Question
Determines how long you have to finish the practice test
Exam Objectives
Which exam objectives should be included in the practice test

CompTIA Linux+ XK0-006 (V8) Information

CompTIA Linux+ (v8 / XK0-006) Exam

The CompTIA Linux+ (XK0-006) certification is designed for IT professionals who work with Linux systems. It validates skills in system administration, security, scripting, and troubleshooting. This certification is vendor-neutral, covering multiple distributions such as Ubuntu, CentOS, and Red Hat.

Exam Overview

The XK0-006 exam consists of a maximum of 90 questions, including multiple-choice and performance-based questions. Candidates have 90 minutes to complete the test. The exam costs $358 USD. A passing score is 720 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.

Exam Content

The XK0-006 exam focuses on five main domains: system management, security, scripting and automation, troubleshooting, and Linux fundamentals. System management includes package management, system monitoring, and user administration. Security covers permissions, authentication, and encryption. Scripting and automation focus on Bash scripting and task automation. Troubleshooting tests problem-solving skills for system failures and performance issues. Linux fundamentals include file system hierarchy, networking, and command-line operations.

Who Should Take This Exam?

The CompTIA Linux+ certification is ideal for system administrators, Linux support technicians, and DevOps professionals. It is recommended for individuals with at least one year of Linux experience. This certification is beneficial for IT professionals working with servers, cloud infrastructure, and cybersecurity.

How to Prepare

Candidates should review the official CompTIA Linux+ Exam Objectives and study materials provided by CompTIA. Hands-on experience with Linux systems is essential. Practice exams can help assess readiness and identify weak areas. Using Linux in a lab or virtual environment can provide practical experience with commands, system configuration, and troubleshooting.

Summary

The CompTIA Linux+ (XK0-006) certification is a valuable credential for IT professionals working with Linux systems. It validates essential skills in system administration, security, and automation. This certification is ideal for those managing Linux-based environments in IT infrastructure, cybersecurity, and cloud computing.

Free CompTIA Linux+ XK0-006 (V8) Practice Test

Press start when you are ready, or press Change to modify any settings for the practice test.

  • Questions: 20
  • Time: Unlimited
  • Included Topics:
    System Management
    Services and User Management
    Security
    Automation, Orchestration, and Scripting
    Troubleshooting
Question 1 of 20

While standardizing new local user environments on a Linux server, you prepare customized copies of .bashrc and .vimrc that should exist as real files inside every future user's home directory. You want the files to be created automatically whenever administrators run "useradd -m" without adding post-creation scripts or extra command-line options. Which action will achieve this goal?

  • Set a SKEL entry in /etc/login.defs to /home/company_skel and place the templates in that directory.

  • Add commands in /etc/profile that source the templates from a shared location whenever an interactive shell starts.

  • Append the file names to a COPY_FILES variable in /etc/default/useradd so that useradd copies them after it creates the account.

  • Copy the prepared template files into /etc/skel so useradd duplicates them into the new user's home directory during account creation.

Question 2 of 20

A system administrator needs to ensure a daily maintenance script runs on a Linux workstation. The workstation is frequently powered off outside of business hours. The administrator adds the following line to /etc/anacrontab to manage this task:

1 10 daily-maintenance /usr/local/bin/maintenance.sh

What is the function of the number 10 in this configuration?

  • The job will run at 10:00 AM if the system is on.

  • The delay in minutes after anacron starts before the job is executed.

  • The number of days anacron will wait before the first execution of the job.

  • The priority level of the job, on a scale from 1 to 99.

Question 3 of 20

A Linux administrator is writing a Dockerfile for a custom Nginx image. The container should, by default, start Nginx in the foreground using /usr/sbin/nginx -g 'daemon off;'. Administrators must be able to replace this entire command later simply by appending a different command to docker run, and the chosen command must run as PID 1 rather than through /bin/sh -c. Which single Dockerfile line meets all of these requirements?

  • CMD ["/usr/sbin/nginx", "-g", "daemon off;"]

  • CMD "/usr/sbin/nginx -g 'daemon off;'"

  • ENTRYPOINT ["/usr/sbin/nginx", "-g", "daemon off;"]

  • RUN ["/usr/sbin/nginx", "-g", "daemon off;"]

Question 4 of 20

A Linux administrator is configuring a new public-facing e-commerce web server. The primary requirement is to ensure that customers' web browsers automatically trust the server's identity and that all communication is encrypted without generating security warnings. Which of the following actions should the administrator take?

  • Copy the server's SSH public key and configure the web server to use it for TLS.

  • Configure the web server to use the default 'snake oil' certificate provided by the Linux distribution.

  • Generate a self-signed certificate using openssl and install it on the web server.

  • Obtain a TLS certificate from a publicly trusted Certificate Authority (CA).

Question 5 of 20

A Linux administrator is troubleshooting a monitoring agent that is constantly triggering SELinux AVC messages. After confirming the access is legitimate, the administrator runs the following command to generate a custom policy module:

# cat /var/log/audit/audit.log | audit2allow -M mon_agent

This produces the files mon_agent.pp and mon_agent.te in the working directory. To apply the new policy module immediately and ensure it remains in effect after future reboots-without altering the system's current enforcing mode-which command should the administrator run next?

  • semodule -i mon_agent.pp

  • audit2allow -i mon_agent.te

  • semanage -i mon_agent.pp

  • setenforce 0

Question 6 of 20

While investigating intermittent throughput problems on a Linux file-server, you run the following command during a period of heavy traffic:

# ethtool -S eno1 | grep -i drop
rx_queue_0_drops: 18342
rx_queue_1_drops: 19211

CPU utilization is low and no physical-layer errors are reported by ip -s link. Which NIC-level adjustment is most likely to reduce these packet drops without adding new hardware?

  • Decrease the interface transmit queue length to 100 packets.

  • Increase the RX and TX ring buffer sizes with ethtool -G.

  • Lower the interface MTU to 576 bytes.

  • Disable Generic Receive Offload (GRO) on the adapter.

Question 7 of 20

A Linux administrator is launching a new e-commerce website that will process sensitive customer financial data. The highest priorities are to establish maximum customer trust and ensure universal browser compatibility without security warnings. Which type of certificate should the administrator implement to best meet these requirements?

  • A certificate signed by the company's internal CA.

  • A no-cost certificate from an automated CA (e.g., Let's Encrypt).

  • A self-signed certificate generated using OpenSSL.

  • A commercial certificate from a trusted Certificate Authority (CA).

Question 8 of 20

A Linux administrator needs to configure a network interface, eth0, which already has the IP address 192.168.1.10/24. They need to add a second IP address, 10.0.0.5/8, to the same interface without interrupting existing services. Which of the following commands will accomplish this?

  • ip address add 10.0.0.5/8 dev eth0

  • ip address set 10.0.0.5/8 dev eth0

  • ip route add 10.0.0.5/8 dev eth0

  • ifconfig eth0:1 10.0.0.5 netmask 255.0.0.0

Question 9 of 20

A Linux administrator is performing maintenance on a server and needs to temporarily make the logical volume named app_data in the data_vg volume group unavailable. The data on the volume must be preserved, and the logical volume should not be removed. Which of the following commands will accomplish this task?

  • lvremove data_vg/app_data

  • vgchange -an data_vg

  • lvresize -L 50G data_vg/app_data

  • lvchange -an data_vg/app_data

Question 10 of 20

You have been asked to create a persistent audit rule that logs every change (write or attribute modification) to the /etc/shadow file, while ignoring normal read access. The rule must reside in /etc/audit/rules.d/50-shadow.rules and every resulting record should be labeled with the key identity_change. Which single line fulfils these requirements using standard auditctl / audit.rules syntax?

  • -w /etc/shadow -p wa -k identity_change

  • -w /etc/shadow -p ra -k identity_change

  • -w /etc/shadow -p rwx -k identity_change

  • -a always,exit -F path=/etc/shadow -F perm=rw -k identity_change

Question 11 of 20

A systems administrator is reviewing a developer's workflow. The developer frequently pastes large code snippets, which include proprietary logic and service account credentials, into a public, cloud-hosted AI chat service for debugging assistance. Which of the following is the most significant data governance risk associated with this practice?

  • Using a public AI service will violate the corporate policy on 'Shift-left testing'.

  • The sensitive data could be incorporated into the AI's training data or be exposed through human review, leading to a potential data breach.

  • The AI model might generate inefficient or non-compliant code, increasing technical debt.

  • The developer could become overly reliant on the AI, leading to a degradation of their own debugging skills.

Question 12 of 20

A Linux administrator is tasked with updating a series of complex, legacy shell scripts that have no existing documentation. To accelerate the process, the administrator uses a large language model (LLM) to generate comments and a summary for each script. According to responsible AI best practices, what is the most appropriate next step for the administrator to take?

  • Trust the AI's output as sufficient and archive the generated documentation in a shared folder without adding it to the scripts.

  • Thoroughly review the AI-generated documentation for technical accuracy and contextual correctness, then manually integrate it into the scripts or a separate documentation file.

  • Copy and paste the generated documentation directly into the scripts to save time and immediately commit the changes to the central repository.

  • Discard the generated documentation and use the AI to refactor the entire script into a more modern, self-documenting language like Python.

Question 13 of 20

A system administrator is analyzing the process list on a Linux server using the command ps -ef. The output includes several columns of information for each process. Which column in the output represents the Parent Process Identification Number (PPID)?

  • UID

  • C

  • PID

  • PPID

Question 14 of 20

During a security review, a Linux DevOps team discovers that a VS Code plug-in sends their Kubernetes manifests to a public large language model (LLM) for advice on hardening. Some of the manifests still contain base64-encoded Secrets that hold private container-registry credentials. The team wants to keep using the plug-in but must prevent accidental credential exposure. Which action best mitigates this specific risk?

  • Require the plug-in to use TLS with certificate pinning when calling the LLM's API endpoint.

  • Add an automated pre-submission filter that masks or removes any values matching credential or secret patterns before the manifest is sent to the LLM.

  • Insert a comment in each manifest instructing the LLM not to reveal or retain embedded secrets.

  • Allow the plug-in only on a non-production Git branch that mirrors the manifests.

Question 15 of 20

A RHEL 9 server has been joined to the corp.example.com Active Directory realm with realmd, and domain users are authenticating through SSSD. A new policy states that only members of the AD security group LinuxAdmins may obtain an interactive login on this host. The control must be implemented in SSSD (not in PAM or sshd).

Which modification to /etc/sssd/sssd.conf will enforce the requirement after the file is saved and SSSD is restarted?

  • Under [domain/corp.example.com] add: access_provider = ad ad_access_filter = (memberOf=CN=LinuxAdmins,OU=Groups,DC=corp,DC=example,DC=com)

  • Add simple_allow_groups = LinuxAdmins in the domain stanza and leave the existing access_provider unchanged

  • Set enumeration = true in the [sssd] section so SSSD can list the LinuxAdmins group

  • Disable credential caching by setting cache_credentials = false in the [sssd] section

Question 16 of 20

A network administrator is using iperf3 to troubleshoot network throughput between two Linux servers, ServerA (10.0.1.10) and ServerB (10.0.1.20). The administrator starts the iperf3 server process on ServerA. To measure the download speed from ServerA to ServerB, which command should be executed on ServerB?

  • iperf3 -c 10.0.1.10 -R

  • iperf3 -c 10.0.1.10

  • iperf3 -c 10.0.1.10 --get-server-output

  • iperf3 -s -c 10.0.1.10

Question 17 of 20

You are preparing to release a Linux command-line utility as part of an enterprise distribution. Management wants a license that will force anyone who ships a modified build-or an executable that is statically or dynamically linked with your utility-to (1) provide the full, preferred-form source code to recipients and (2) distribute every derivative or linked work under the same license terms, so the "share-and-share-alike" rule continues downstream. Which class of license will meet these requirements?

  • A weak copyleft license, such as the GNU Lesser General Public License (LGPL) v2.1

  • A permissive license, such as the MIT or BSD 2-Clause license

  • A strong copyleft license, for example the GNU General Public License (GPL) v3

  • A dual-license arrangement that lets distributors choose proprietary terms

Question 18 of 20

A systems administrator is hardening a new Linux server according to security best practices. The security policy requires that the root user cannot log in directly using a password but must be able to log in using SSH key-based authentication for emergency maintenance. Which configuration should the administrator set in the /etc/ssh/sshd_config file to meet this requirement?

  • PermitRootLogin no

  • PermitRootLogin prohibit-password

  • PermitRootLogin yes

  • PermitRootLogin forced-commands-only

Question 19 of 20

You are writing a portable Bourne-compatible shell script that must compress any log file in /var/log that exceeds 100 MiB (104 857 600 bytes). The loop must:

  1. Confirm that each entry is a regular file before acting.
  2. Compare the file's size against the byte threshold using POSIX-defined numeric operators.

Which snippet meets both requirements while remaining compatible with a standard /bin/sh on Linux?

  • for f in /var/log/*; do
      [[ -d "$f" ]] && [[ $(du -m "$f" | cut -f1) -gt 100 ]] && gzip "$f"
    done
    
  • for f in /var/log/*; do
      if (( $(stat -c%s "$f") > 104857600 )); then gzip "$f"; fi
    done
    
  • for f in /var/log/*; do
      [ -f "$f" ] && [ $(stat -c%s "$f") -gt 104857600 ] && gzip "$f"
    done
    
  • for f in /var/log/*; do
      test -f "$f" && test $(stat -c%s "$f") > 104857600 && gzip "$f"
    done
    
Question 20 of 20

A Linux systems administrator is investigating a performance degradation issue on a critical application server. The administrator suspects that the issue might be caused by an excessive number of malformed packets being sent to the server from a specific client machine. To confirm this suspicion, the administrator needs to capture and examine the full contents of the network packets exchanged between the server and the client. Which of the following tools is BEST suited for this task?

  • tcpdump

  • netstat

  • nmap

  • OpenSCAP