CompTIA Linux+ Practice Test (XK0-006)
Use the form below to configure your CompTIA Linux+ Practice Test (XK0-006). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Linux+ XK0-006 (V8) Information
CompTIA Linux+ (v8 / XK0-006) Exam
The CompTIA Linux+ (XK0-006) certification is designed for IT professionals who work with Linux systems. It validates skills in system administration, security, scripting, and troubleshooting. This certification is vendor-neutral, covering multiple distributions such as Ubuntu, CentOS, and Red Hat.
Exam Overview
The XK0-006 exam consists of a maximum of 90 questions, including multiple-choice and performance-based questions. Candidates have 90 minutes to complete the test. The exam costs $358 USD. A passing score is 720 on a scale of 100 to 900. The certification is valid for three years and can be renewed through CompTIA’s continuing education program.
Exam Content
The XK0-006 exam focuses on five main domains: system management, security, scripting and automation, troubleshooting, and Linux fundamentals. System management includes package management, system monitoring, and user administration. Security covers permissions, authentication, and encryption. Scripting and automation focus on Bash scripting and task automation. Troubleshooting tests problem-solving skills for system failures and performance issues. Linux fundamentals include file system hierarchy, networking, and command-line operations.
Who Should Take This Exam?
The CompTIA Linux+ certification is ideal for system administrators, Linux support technicians, and DevOps professionals. It is recommended for individuals with at least one year of Linux experience. This certification is beneficial for IT professionals working with servers, cloud infrastructure, and cybersecurity.
How to Prepare
Candidates should review the official CompTIA Linux+ Exam Objectives and study materials provided by CompTIA. Hands-on experience with Linux systems is essential. CompTIA Linux+ practice test can help assess readiness and identify weak areas. Using Linux in a lab or virtual environment can provide practical experience with commands, system configuration, and troubleshooting.
Summary
The CompTIA Linux+ (XK0-006) certification is a valuable credential for IT professionals working with Linux systems. It validates essential skills in system administration, security, and automation. This certification is ideal for those managing Linux-based environments in IT infrastructure, cybersecurity, and cloud computing.
Free CompTIA Linux+ XK0-006 (V8) Practice Test
- 20 Questions
- Unlimited time
- System ManagementServices and User ManagementSecurityAutomation, Orchestration, and ScriptingTroubleshooting
During a compliance audit on an x86_64 server running a 6.x Linux kernel, you list the contents of /boot and see the following files:
/boot/initramfs-6.7.9-amd64.img
/boot/vmlinuz-6.7.9-amd64
/boot/System.map-6.7.9-amd64
/boot/grub/grub.cfg
The auditors ask you to justify the presence of the initramfs-6.7.9-amd64.img file. Which statement accurately describes the purpose of this file in the Linux boot process?
It is the main GRUB2 configuration file that lists available boot entries and kernel parameters.
It provides a minimal root filesystem loaded into RAM so the kernel can load drivers and scripts required to mount the real root filesystem before normal boot continues.
It is a sector map generated by LILO that tells the bootloader where kernel sectors are located on disk.
It is a compressed copy of the kernel that the firmware expands before handing control to the bootloader.
Answer Description
The initramfs (or initrd) image is a compressed archive that the bootloader loads into memory together with the kernel. The kernel unpacks it to create a temporary root filesystem that contains the drivers, modules, and early-boot scripts required to locate and mount the real root filesystem-whether it resides on LVM, RAID, encrypted storage, or over the network. Once the real root is mounted, control passes to the normal init system and the initramfs is discarded from RAM. It is therefore not a GRUB configuration file (that is grub.cfg), a compressed kernel image (that is vmlinuz), or a sector-map file generated by LILO (that is /boot/map).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the initramfs file during the Linux boot process?
How is initramfs different from the vmlinuz file?
What tools or commands are used to create or inspect initramfs files?
A system administrator needs to temporarily disable password-based login for a user account named temp_user without deleting the user or their current password. The administrator wants to be able to easily re-enable login later. Which of the following commands will accomplish this?
passwd -l temp_userpasswd -d temp_userpasswd -e temp_userpasswd -u temp_user
Answer Description
The correct command is passwd -l temp_user. The -l option locks the specified user's password by prepending an exclamation mark (!) to the encrypted password hash in the /etc/shadow file. This action prevents the user from authenticating with their password. The -u option is used to unlock an account that was previously locked with -l. The -d option deletes the user's password, which is a different action from locking it. The -e option expires the user's password, forcing them to change it at the next login, but it does not lock the account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the /etc/shadow file in Linux?
How does the `passwd -u` command unlock a user account?
Why is `passwd -d` different from `passwd -l` when managing user accounts?
A systems administrator is configuring a new virtualization server using Linux. They have chosen KVM as the hypervisor to leverage its direct integration with the Linux kernel for managing CPU and memory. For emulating I/O devices, such as network and storage controllers, which accompanying technology is primarily used with KVM?
libvirt
QEMU
VirtIO
Xen
Answer Description
KVM (Kernel-based Virtual Machine) is a virtualization module in the Linux kernel that allows the kernel to function as a hypervisor. It directly leverages hardware virtualization extensions for CPU and memory management. However, KVM itself does not handle the emulation of other hardware like storage controllers, network cards, or USB ports. For this functionality, KVM relies on a user-space program, most commonly QEMU. QEMU provides the hardware emulation, while KVM provides the acceleration for CPU and memory, making them a powerful combination for high-performance virtualization. libvirt is a management toolkit and API, VirtIO provides paravirtualized drivers for performance, and Xen is a separate hypervisor technology.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is QEMU and how does it assist KVM?
How does VirtIO enhance performance in a KVM+QEMU setup?
How does libvirt interact with KVM and QEMU?
A systems administrator uses a large language model (LLM) to generate an Ansible playbook designed to configure a fleet of new web servers. The playbook appears correct at a glance. What is the most important best practice the administrator must follow before executing the playbook on production systems?
Immediately run the playbook on a single production node to confirm it works before running it on the entire fleet.
Check the playbook's syntax using an automated linter without manually reviewing the logic.
Add comments to the playbook crediting the AI model that generated it and noting the date of generation.
Thoroughly review the playbook for correctness and security, and then test it in a staging environment that mirrors production.
Answer Description
The correct answer is to thoroughly review the playbook for correctness and security, and then test it in a staging environment. AI-generated code, including Infrastructure as Code (IaC), can contain subtle errors, security vulnerabilities, or use deprecated modules. It is the administrator's responsibility to validate any code before deployment. A thorough manual review combined with testing in a safe, non-production environment that mimics the production setup is the most critical step to ensure the playbook is safe and effective. Running the playbook on a single production node is dangerous as it could still cause an outage or security issue. Checking syntax with a linter is a good step, but it is insufficient as it will not catch logical errors or security misconfigurations. Adding comments for attribution is good practice for documentation but does not address the operational risk of running unverified code.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an Ansible playbook?
What is a staging environment, and why is it important?
What are common security risks in AI-generated code?
A Linux administrator is configuring a new KVM virtual machine that will host a web server. The web server must be directly accessible to other physical servers on the same local network segment, using an IP address from the same subnet as the host machine. Which network mode should the administrator configure for the virtual machine's network interface to achieve this?
Host-only
Bridged
NAT
Routed
Answer Description
The correct answer is Bridged networking. This mode connects a virtual machine's network interface directly to the physical network, making it appear as another physical device on the LAN. The VM will get its own IP address on the same subnet as the host and other physical devices, allowing direct two-way communication.
- NAT (Network Address Translation) mode is incorrect because it isolates the VM on a private network. While the VM can initiate outbound connections, external devices cannot directly access services on the VM without special configuration like port forwarding.
- Host-only (or isolated) mode is incorrect because it restricts network communication to only the host machine and other VMs on that same host. It does not allow access from other physical devices on the network.
- Routed mode is incorrect for this scenario because, while it allows two-way communication without NAT, it involves placing the VM on a separate subnet and requires additional static routing configuration on the physical network's router to direct traffic to the VM. The scenario specifies the VM should be on the same subnet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is bridged networking in KVM?
How does NAT networking differ from bridged networking in virtual machines?
What are some use cases for host-only networking in KVM?
A system administrator needs to start a script named long_backup.sh that will take several hours to complete. The administrator must be able to disconnect their SSH session from the server without causing the script to terminate. Which of the following commands should the administrator use?
bg ./long_backup.shexec ./long_backup.shnohup ./long_backup.sh &./long_backup.sh &
Answer Description
The correct command is nohup ./long_backup.sh &. The nohup command makes the script ignore the SIGHUP (hangup) signal, which is sent to processes when the controlling terminal is closed. The & operator runs the command in the background, freeing up the terminal for other commands and allowing the user to log out.
- Running the script with only
&(./long_backup.sh &) will start it in the background, but it will still terminate when the session ends and the SIGHUP signal is sent. - The
bgcommand is used to resume a stopped job in the background; it is not used to initiate a new process in this manner. - The
execcommand replaces the current shell with the script's process. It does not run the script in the background and will not prevent it from terminating upon logout.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does `nohup` do in Linux?
What is the purpose of the `&` operator in Linux commands?
How does `nohup ./script.sh &` differ from `./script.sh &`?
A system administrator is hardening a legacy Linux server and discovers that TCP port 23 is open and listening. A network packet capture confirms that authentication credentials are being sent in plaintext during remote login sessions. To remediate this critical security vulnerability, which of the following services should the administrator disable and replace with a secure alternative?
SFTP
Telnet
SSH
FTP
Answer Description
The correct answer is Telnet. The Telnet protocol, which traditionally uses TCP port 23, transmits all data, including usernames and passwords, in clear text. The scenario described, with plaintext credentials on port 23, is a classic indicator of an active Telnet service. The best practice is to disable Telnet and replace it with SSH (Secure Shell), which encrypts the entire communication session. SSH is the secure alternative for remote command-line access, protecting credentials and data from being intercepted. FTP is also an insecure protocol that transmits credentials in plaintext, but it is used for file transfers and typically operates on ports 20 and 21. SFTP is a secure file transfer protocol that runs over SSH and would not exhibit this vulnerability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is Telnet considered insecure?
How does SSH provide secure communication?
What is the difference between FTP and SFTP?
A KVM host uses external snapshots for one of its guests. After several disk-only snapshots, the backing-file chain for the guest's vda disk is now:
base.img ← snap1.qcow2 ← active-overlay (current)
The guest must stay online, but the administrator wants to merge all data in the overlays back into base.img and immediately pivot the running VM so it continues to use base.img, allowing the overlay files to be deleted. Which single virsh command will perform this task?
virsh blockcommit vm1 vda --active --pivot --verbose
virsh snapshot-revert vm1 snap1 --running
virsh blockpull vm1 vda --wait --verbose
virsh blockcopy vm1 vda /var/lib/libvirt/images/base.img --wait
Answer Description
The virsh blockcommit sub-command copies data from the top of a backing-file chain down into a specified base image while the virtual machine is running. Using the options --active and --pivot performs a live commit of the overlay data into base.img and then switches (pivots) the guest to use the consolidated base image, so the overlay files are no longer needed.
- blockpull moves data in the opposite direction (from the backing file up into the active overlay), leaving the chain length unchanged.
- snapshot-revert changes the VM to a previous snapshot state rather than merging disk images.
- blockcopy creates a new copy of a block device but does not collapse an existing snapshot chain.
Therefore, the only command that both merges the overlays into the base image and pivots the running guest in one step is blockcommit with the --active and --pivot options.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an external snapshot in KVM?
What is the difference between blockcommit and blockpull in virsh?
What does the --active and --pivot options do in virsh blockcommit?
A PHP application running under Apache on a CentOS 9 Stream server fails to open a TCP connection to a remote MariaDB database on port 3306 while SELinux is in enforcing mode. The audit log records a name_connect denial for the httpd_t domain to mysql_port_t. To permanently grant only the required permission-letting the web server reach the database but not other arbitrary network ports-which SELinux Boolean should you enable?
allow_httpd_connect_mysql
httpd_can_network_connect
httpd_can_network_connect_db
httpd_can_network_memcache
Answer Description
The Boolean that specifically allows Apache (httpd_t) to initiate network connections only to database servers is httpd_can_network_connect_db. Enabling it with setsebool -P httpd_can_network_connect_db on (or 1) makes the change persistent across reboots and satisfies the application's need to reach MySQL or MariaDB without granting the broader access provided by httpd_can_network_connect. The other options are either unrelated to database traffic or are not valid SELinux Booleans, so they do not resolve the denial.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux and how does it work?
What does the 'httpd_can_network_connect_db' Boolean control?
What is the difference between 'httpd_can_network_connect' and 'httpd_can_network_connect_db'?
A systems administrator is managing a KVM hypervisor and needs to dynamically increase the memory available to a running virtual machine named 'db-server-01'. The VM is currently running with 2GB of RAM but is configured to support a maximum of 8GB. Which of the following commands will successfully allocate a total of 4GB of RAM to the running VM without requiring a restart?
virsh edit db-server-01
virsh setmem db-server-01 4G --live
virsh setmaxmem db-server-01 4G --config
virsh memtune db-server-01 --hard-limit 4G
Answer Description
The correct command is virsh setmem db-server-01 4G --live. The virsh setmem command is used to change a virtual machine's current memory allocation. The --live flag is crucial as it applies the change to the running instance of the virtual machine. The new memory size cannot exceed the maximum memory configured for the VM. The virsh edit command modifies the persistent XML configuration, but changes do not take effect until the VM is restarted. The virsh setmaxmem command is used to alter the maximum possible memory a VM can have, which also typically requires a restart to apply. virsh memtune is used for setting memory performance tuning parameters, not for changing the primary memory allocation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the --live flag do in the `virsh setmem` command?
How is `virsh setmaxmem` different from `virsh setmem`?
When should the `virsh memtune` command be used?
A systems administrator is editing a script file in the nano text editor and needs to replace every instance of the word "temp" with "local". After opening the file in nano, which key combination should the administrator press to initiate the search and replace function?
Ctrl+\Ctrl+OCtrl+GCtrl+W
Answer Description
The correct key combination to initiate the search and replace function in the nano text editor is Ctrl+\. After pressing this combination, nano will prompt for the search term, and then the replacement term. The user will then be prompted to replace the first instance, all instances, or skip to the next. The other options are incorrect. Ctrl+W is used to search for text (Where is). Ctrl+O is used to save the file (Write Out). Ctrl+G is used to display the help menu (Get Help).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the `nano` text editor?
How does the search and replace function work in `nano`?
What are the differences between `Ctrl+W`, `Ctrl+O`, and `Ctrl+G` in `nano`?
A system administrator is writing a backup script. The script should use the directory specified in the BACKUP_DIR environment variable. If BACKUP_DIR is not set or is empty, the script should default to using /var/backups for the current operation without permanently changing the BACKUP_DIR variable.
Which of the following commands correctly assigns the appropriate directory to the target_dir variable?
target_dir=${BACKUP_DIR:-/var/backups}
target_dir=${BACKUP_DIR:?/var/backups}
target_dir=${BACKUP_DIR:+/var/backups}
target_dir=$
Answer Description
The correct command is target_dir=${BACKUP_DIR:-/var/backups}.
- The
${parameter:-word}expansion checks if the variableBACKUP_DIRis unset or null. If it is, the expansion returns the default value/var/backups. Importantly, it does not change the value ofBACKUP_DIRitself. - The
${parameter:=word}syntax would also use the default value, but it would also assign/var/backupsback to theBACKUP_DIRvariable if it was unset or null, which is not desired according to the scenario. - The
${parameter:+word}syntax does the opposite of what is needed; it expands to the word only if the parameter is set and not null. - The
${parameter:?word}syntax would cause the script to exit with an error message ifBACKUP_DIRwere unset or null, which is intended for error handling, not for providing a default value.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the ':-' operator in shell scripting?
How does the ':-' operator differ from the ':=' operator in shell scripting?
Why wouldn't the '+', '=', or '?' operators work in this scenario?
A system administrator is tasked with deploying a multi-service web application. The application's source code includes a docker-compose.yml file that defines all the necessary services, networks, and volumes. Which of the following commands should the administrator run from the directory containing the file to build, create, and start the entire application stack in the foreground?
docker-compose startdocker-compose updocker-compose execdocker-compose build
Answer Description
The correct command is docker-compose up. This command is an aggregate command that automates the process of building images (if they do not already exist), creating containers, networks, and volumes, and then starting all the defined services. The docker-compose build command only builds or rebuilds the service images but does not start them. The docker-compose start command only starts existing containers that were previously created and are in a stopped state; it does not create them. The docker-compose exec command is used to execute a command inside an already running container.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the `docker-compose.yml` file?
What is the difference between `docker-compose up` and `docker-compose build`?
When would you use `docker-compose exec`?
An organization must run dozens of containers on a production Linux server that is connected to an access-layer switch enforcing a "one-MAC-address-per-port" security rule. Each container must still obtain its own routable IPv4 address on the same VLAN and communicate directly with other hosts on that segment, without the NAT that the default bridge network applies. Which container network type should the administrator configure for these containers?
IPvlan network driver
Host network driver
Bridge network driver
Macvlan network driver
Answer Description
The IPvlan driver allows multiple container interfaces to share the host's physical interface MAC address while giving each container its own IP address on the subnet. This satisfies the switch's single-MAC restriction and provides layer-2 connectivity without NAT. Macvlan assigns a unique MAC to every container, so the switch would see many MAC addresses and block traffic. A user-defined bridge keeps one MAC but relies on NAT, preventing the containers from being directly reachable on the VLAN. Host networking shares the host's IP stack, leaving containers without individual IP addresses. Therefore, IPvlan is the only option that meets all stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between Macvlan and IPvlan drivers in container networking?
How does IPvlan provide Layer-2 connectivity without using NAT?
What are some use cases where IPvlan is preferred over other container networking types?
While reviewing a Python 3 script that inventories running services, you notice the author indented one line with a tab and the next with four spaces. Running the script immediately raises:
TabError: inconsistent use of tabs and spaces in indentation
The developer also wants to make the code conform to the PEP 8 style guide. Which modification will resolve the error and satisfy PEP 8 recommendations?
Replace every indentation level with a single tab character; PEP 8 requires tabs rather than spaces.
Add a shebang of
#!/usr/bin/env python -ttso Python automatically treats tabs as four spaces at runtime.Replace every indentation level with exactly four space characters and remove all tabs.
Convert the file's line endings to LF (Unix style); inconsistent CRLF endings are what trigger the TabError.
Answer Description
PEP 8 explicitly says to use four spaces per indentation level and warns that Python 3 forbids mixing tabs and spaces. Converting every indent to four ASCII spaces removes the mixed whitespace that triggers the TabError and matches the style guide. Switching to tabs alone might eliminate the runtime error, but it ignores PEP 8's preference for spaces. Changing line endings or adding the -tt option does not fix existing mixed indentation and therefore will not meet both goals.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PEP 8 and why is it important?
Why does Python 3 forbid mixing tabs and spaces for indentation?
Why does PEP 8 prefer four spaces over tabs for indentation?
While logged into a Bash shell on a Linux server, you start a large copy operation in the foreground:
$ cp -av /media/usb/ /srv/data/
Realizing you chose the wrong destination, you press Ctrl + c in the same terminal. The copy stops immediately and the prompt returns. According to POSIX signal behavior, which signal did the terminal send to the cp process and what is that signal's default action?
SIGINT (signal 2) - terminate the process
SIGTSTP (signal 20) - suspend (stop) the process
SIGTERM (signal 15) - request the process to terminate gracefully
SIGQUIT (signal 3) - terminate the process and create a core dump
Answer Description
Pressing Ctrl + c causes the terminal driver to deliver the SIGINT (interrupt) signal, number 2, to every process in the current foreground process group. Unless the process has installed a custom handler or masked the signal, the kernel's default disposition for SIGINT is to terminate the process. That is why the cp command aborted as soon as you pressed Ctrl + c and control returned to the shell. SIGTERM (15) is the default signal sent by the kill command, not by Ctrl + c; SIGQUIT (3) is generated by Ctrl+\ and would terminate the process while producing a core dump; SIGTSTP (20) is generated by Ctrl+z and suspends (stops) the process rather than terminating it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are POSIX signals in Linux?
How does Ctrl + c send SIGINT in the terminal?
What is the difference between SIGINT and SIGTERM?
A systems administrator is writing a troubleshooting script that calls head on whatever files are passed on the command line. The script should show the first 15 lines of each file and print a filename header (the "> filename <" line) even when the script receives only a single file. Which head invocation satisfies these requirements if the shell variable $FILES already holds the list of filenames?
(Note: assume a GNU/Linux system with the standard coreutils implementation of head.)
head -c 15 -v $FILES
head -q -n 15 $FILES
head -n 15 -v $FILES
head -n 15 $FILES
Answer Description
The -n 15 (or --lines=15) option limits output to the first 15 lines. The -v/--verbose option forces head to print the header that includes the filename every time, regardless of how many files are supplied. Together they meet both conditions.
Using -q/--quiet hides headers, so that choice fails. The form that omits -v relies on head's default behaviour, which prints a header only when more than one file is processed, so it would not show the header when a single file is passed. The -c option measures bytes rather than lines, so it does not meet the 15-line requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the option `-n` in the `head` command do?
What is the purpose of the `-v` option in the `head` command?
Why does the `-c` option not meet the requirement for the 15-line output?
A system administrator needs to update a configuration file named app.conf. They must replace every instance of the old IP address 192.168.1.5 with the new IP address 10.10.0.5 within the file. The changes need to be saved directly back into app.conf. Which of the following commands will accomplish this task correctly?
sed 's/192.168.1.5/10.10.0.5/g' app.confsed -i 's/192.168.1.5/10.10.0.5/' app.confsed -i 's/192.168.1.5/10.10.0.5/g' app.confsed 's/192.168.1.5/10.10.0.5/g' app.conf > app.conf
Answer Description
The correct command is sed -i 's/192.168.1.5/10.10.0.5/g' app.conf. Here is a breakdown of the command:
sedis the stream editor command.- The
-ioption stands for "in-place" and modifies the file directly. 's/old/new/g'is the substitution command.sindicates the substitute command./192.168.1.5/is the pattern to search for./10.10.0.5/is the replacement string.gis the global flag, which ensures all occurrences on each line are replaced, not just the first one. The commandsed 's/192.168.1.5/10.10.0.5/g' app.confis incorrect because it lacks the-iflag; it will only print the modified text to standard output and will not save the changes to the file. The commandsed 's/192.168.1.5/10.10.0.5/g' app.conf > app.confis incorrect and dangerous. The shell processes the redirection>by truncating the output file (app.conf) before thesedcommand runs. This results insedreading an empty file and the original content being lost. The commandsed -i 's/192.168.1.5/10.10.0.5/' app.confis incorrect because it is missing the globalgflag. It would only replace the first occurrence of the IP address on any given line.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `sed` command do in Linux?
What is the purpose of the `-i` flag in the `sed` command?
What does the `g` flag do in the `sed` substitution command?
On a freshly installed Ubuntu 22.04 server you create a user called alex and add the account to the sudo group with:
sudo usermod -aG sudo alex
After logging out and back in, alex can run sudo apt update even though neither /etc/sudoers nor any file in /etc/sudoers.d has been edited.
Which explanation correctly describes why this procedure works?
The default
/etc/sudoersfile contains the entry%sudo ALL=(ALL:ALL) ALL, so any user added to the sudo group may execute any command with sudo after entering their own password.A built-in polkit rule maps the sudo group to the wheel role, providing password-less root access only from the system console.
When a session is started by a sudo group member, PAM grants the
CAP_SYS_ADMINcapability to all of the user's processes, eliminating the need for sudo.Members of the sudo group are automatically assigned UID 0 in
/etc/passwd, giving them root privileges without needing sudo or a password.
Answer Description
Ubuntu's default /etc/sudoers file already contains a line that delegates full sudo privileges to members of the sudo group:
%sudo ALL=(ALL:ALL) ALL
Because this rule is present out-of-the-box, adding a user to the sudo group is enough to let them run any command via sudo. The rule still requires the user to authenticate with their own password, so the privilege is not password-less.
The other statements are inaccurate:
- The sudo group is not mapped to UID 0 and does not bypass the password prompt.
- PAM does not automatically grant system-wide capabilities such as
CAP_SYS_ADMINjust because a user is in a particular group. - polkit rules are unrelated to classic
sudogroup elevation on headless or server installations and do not remap the group to a wheel role.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the line `%sudo ALL=(ALL:ALL) ALL` in `/etc/sudoers` mean?
How does adding alex to the *sudo* group grant privileges without modifying `/etc/sudoers`?
Why is authentication still required for users in the *sudo* group?
A Linux administrator manages a multi-container application with a compose.yaml file. After a successful deployment with podman-compose up -d, they need to completely tear down the environment for a system update. This process requires stopping the containers, removing the containers and their associated networks, and also deleting the named volumes defined in the compose.yaml file. Which single command should the administrator use to achieve this full cleanup?
podman-compose down --volumespodman-compose downpodman-compose rm --force --volumespodman-compose stop
Answer Description
The correct command is podman-compose down --volumes. The down command stops and removes containers and networks created by up. However, by default, it does not remove named volumes. The --volumes (or -v) flag must be added to also remove the named volumes defined in the compose.yaml file.
podman-compose stoponly stops the running containers; it does not remove them or any other resources like networks or volumes.podman-compose downon its own stops and removes containers and networks but leaves named volumes intact.podman-compose rm --force --volumesis incorrect becausermis used to remove already stopped containers, and it is not the primary command for tearing down a full environment. While it has a--volumesflag, it is for anonymous volumes, not the named volumes managed by thedowncommand in a compose context. Thedowncommand is the more comprehensive and appropriate tool for this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of the `--volumes` flag in `podman-compose down`?
How is `podman-compose stop` different from `podman-compose down`?
What is the role of named volumes in `compose.yaml` files?
Smashing!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.