ExamGecko
Search Search Login
Home Home / CompTIA / XK0-005

CompTIA XK0-005 Practice Test - Questions Answers, Page 25

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A systems administrator is enabling LUKS on a USB storage device with an ext4 filesystem format. The administrator runs dmesg and notices the following output: Given this scenario, which of the following should the administrator perform to meet these requirements? (Select three).
A Linux administrator needs to harden a system and guarantee that the Postfix service will not run, even after a restart or system upgrade. Which of the following commands allows the administrator to fulfill the requirement?
A Linux systems administrator is updating code. After completing the update, the administrator wants to publish the updated code without including the configuration files. Which of the following should the administrator use to accomplish this task?
A Linux engineer set up two local DNS servers (10.10.10.10 and 10.10.10.20) and was testing email connectivity to the local mail server using the mail command on a local machine when the following error appeared: The local machine DNS settings are: Which of the following commands could the engineer use to query the DNS server to get mail server information?
Junior system administrator had trouble installing and running an Apache web server on a Linux server. You have been tasked with installing the Apache web server on the Linux server and resolving the issue that prevented the junior administrator from running Apache. INSTRUCTIONS Install Apache and start the service. Verify that the Apache service is running with the defaults. Typing "help" in the terminal will show a list of relevant event commands. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A new application container was built with an incorrect version number. Which of the following commands should be used to rename the image to match the correct version 2.1.2?
Which of the following options describes the purpose of YAML?
A Linux administrator needs to analyze a failing application that is running inside a container. Which of the following commands allows the Linux administrator to enter the running container and analyze the logs that are stored inside?
A Linux system fails to start and delivers the following error message: Which of the following commands can be used to address this issue?
A Linux administrator is scheduling a system job that runs a script to check available disk space every hour. The Linux administrator does not want users to be able to start the job. Given the following: The Linux administrator attempts to start the timer service but receives the following error message: Which of the following is MOST likely the reason the timer will not start?

Question 241

Report
Export
Collapse

A systems administrator created a new directory with specific permissions. Given the following output:

# file: comptia

# owner: root

# group: root

user: : rwx

group :: r-x

other: :---

default:user :: rwx

default:group :: r-x

default:group:wheel: rwx

default:mask :: rwx

default:other ::-

Which of the following permissions are enforced on /comptia?

A.
Members of the wheel group can read files in /comptia.
A.
Members of the wheel group can read files in /comptia.
Answers
B.
Newly created files in /comptia will have the sticky bit set.
B.
Newly created files in /comptia will have the sticky bit set.
Answers
C.
Other users can create files in /comptia.
C.
Other users can create files in /comptia.
Answers
D.
Only root can create files in /comptia.
D.
Only root can create files in /comptia.
Answers
Suggested answer: A

Explanation:

The output shows the file access control list (FACL) of the /comptia directory, which is an extension of the standard Linux permissions that allows more fine-grained control over file and directory access1. The FACL consists of two parts: the access ACL and the default ACL.The access ACL applies to the current object, while the default ACL applies to the objects created within the directory2.

The access ACL has three entries: user, group, and other. These are similar to the standard Linux permissions, but they can be specified for individual users or groups as well. The user entry shows that the owner of the directory (root) has read, write, and execute permissions (rwx). The group entry shows that the group owner of the directory (root) has read and execute permissions (r-x). The other entry shows that all other users have no permissions (---).

The default ACL has five entries: user, group, group:wheel, mask, and other. These are applied to any files or directories created within /comptia. The user entry shows that the owner of the new object will have read, write, and execute permissions (rwx). The group entry shows that the group owner of the new object will have read and execute permissions (r-x). The group:wheel entry shows that the members of the wheel group will have read, write, and execute permissions (rwx) on the new object. The mask entry shows that the maximum permissions allowed for any user or group are read, write, and execute (rwx). The other entry shows that all other users will have no permissions (---) on the new object.

Therefore, based on the FACL output, members of the wheel group can read files in /comptia, as they have read permission on both the directory and any files within it. Option B is incorrect because the sticky bit is not set on /comptia or any files within it.The sticky bit is a special permission that prevents users from deleting or renaming files that they do not own in a shared directory3. It is symbolized by a t character in the execute position of others. Option C is incorrect because other users cannot create files in /comptia, as they have no permissions on the directory or any files within it. Option D is incorrect because root is not the only user who can create files in /comptia. Any user who has write permission on the directory can create files within it, such as members of the wheel group.

Question 242

Report
Export
Collapse

A Linux administrator is configuring a new internal web server fleet. The web servers are up and running but can only be reached by users directly via IP address. The administrator is attempting to fix this inconvenience by requesting appropriate records from the DNS team. The details are:

Hostname: devel.comptia.org

IP address: 5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4

Name server: 5.5.5.254

Additional names: dev.comptia.org, development.comptia.org

Which of the following types of DNS records should the Linux administrator request from the DNS team? (Select three).

A.
MX
A.
MX
Answers
B.
NS
B.
NS
Answers
C.
PTR
C.
PTR
Answers
D.
A
D.
A
Answers
E.
CNAME
E.
CNAME
Answers
F.
RRSIG
F.
RRSIG
Answers
G.
SOA
G.
SOA
Answers
H.
TXT
H.
TXT
Answers
I.
SRV
I.
SRV
Answers
Suggested answer: B, D, E

Explanation:

The Linux administrator should request the following types of DNS records from the DNS team:

A: This record type is used to map a hostname to an IPv4 address. The administrator needs four A records for devel.comptia.org, one for each IP address (5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4).This will allow users to access the web servers by using the hostname devel.comptia.org instead of the IP addresses1.

CNAME: This record type is used to create an alias for another hostname. The administrator needs two CNAME records, one for dev.comptia.org and one for development.comptia.org, both pointing to devel.comptia.org.This will allow users to access the web servers by using any of these three hostnames interchangeably1.

NS: This record type is used to delegate a domain or a subdomain to another name server.The administrator needs one NS record for comptia.org, pointing to 5.5.5.254, which is the name server that hosts the records for the subdomain devel.comptia.org2.This will allow users to resolve the hostnames under comptia.org by querying the name server 5.5.5.2542.

The other record types are not relevant for the administrator's task:

MX: This record type is used to specify the mail exchange server for a domain or a subdomain1. The administrator does not need this record type because the web servers are not intended to handle email traffic.

PTR: This record type is used to map an IP address to a hostname, which is the reverse of an A record1. The administrator does not need this record type because the web servers are not expected to be accessed by their IP addresses.

RRSIG: This record type is used to provide digital signatures for DNSSEC, which is a security extension for DNS that verifies the authenticity and integrity of DNS responses3. The administrator does not need this record type because it is not mentioned in the task requirements.

SOA: This record type is used to provide information about the authoritative name server and other parameters for a domain or a subdomain1.The administrator does not need this record type because it is usually created automatically by the name server software when a new zone file is created4.

TXT: This record type is used to store arbitrary text data that can be used for various purposes, such as SPF, DKIM, DMARC, etc1. The administrator does not need this record type because it is not related to the web server functionality.

SRV: This record type is used to specify the location and port number of a service that runs on a domain or a subdomain1. The administrator does not need this record type because the web servers use the standard HTTP port 80, which does not require an SRV record.

Question 243

Report
Export
Collapse

After connecting to a remote host via SSH, an administrator attempts to run an application but receives the following error:

[user@workstation ~]$ ssh admin@srv1

Last login: Tue Mar 29 18:03:34 2022

[admin@srvl ~] $ /usr/local/bin/config_manager

Error: cannot open display:

[admin@srv1 ~] $

Which of the following should the administrator do to resolve this error?

A.
Disconnect from the SSH session and reconnect using the ssh -x command.
A.
Disconnect from the SSH session and reconnect using the ssh -x command.
Answers
B.
Add Options X11 to the /home/admin/.ssh/authorized_keys file.
B.
Add Options X11 to the /home/admin/.ssh/authorized_keys file.
Answers
C.
Open port 6000 on the workstation and restart the firewalld service.
C.
Open port 6000 on the workstation and restart the firewalld service.
Answers
D.
Enable X11 forwarding in /etc/ssh/ssh_config and restart the server.
D.
Enable X11 forwarding in /etc/ssh/ssh_config and restart the server.
Answers
Suggested answer: A

Explanation:

The error indicates that the application requires an X11 display, but the SSH session does not forward the X11 connection. To enable X11 forwarding, the administrator needs to use the ssh -X option, which requests X11 forwarding with authentication spoofing. This will set the DISPLAY environment variable on the remote host and allow the application to open a window on the local display.

Reference

CompTIA Linux+ (XK0-005) Certification Study Guide, page 314

Open a window on a remote X display (why ''Cannot open display'')?, answer by Gilles 'SO- stop being evil'

Question 244

Report
Export
Collapse

A Linux engineer needs to block an incoming connection from the IP address 2.2.2.2 to a secure shell server and ensure the originating IP address receives a response that a firewall is blocking the connection. Which of the following commands can be used to accomplish this task?

A.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j DROP
A.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j DROP
Answers
B.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j RETURN
B.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j RETURN
Answers
C.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j REJECT
C.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j REJECT
Answers
D.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j QUEUE
D.
iptables -A INPUT -p tcp -- dport ssh -s 2.2.2.2 -j QUEUE
Answers
Suggested answer: C

Explanation:

The REJECT target sends back an error packet to the source IP address, indicating that the connection is refused by the firewall. This is different from the DROP target, which silently discards the packet without any response. The RETURN target returns to the previous chain, which may or may not accept the connection. The QUEUE target passes the packet to a userspace application for further processing, which is not the desired outcome in this case.

Reference

CompTIA Linux+ (XK0-005) Certification Study Guide, page 316

iptables - ssh - access from specific ip only - Server Fault, answer by Eugene Ionichev

Question 245

Report
Export
Collapse

A Linux administrator provisioned a new web server with custom administrative permissions for certain users. The administrator receives a report that user1 is unable to restart the Apache web service on this server. The administrator reviews the following output:

[ root@server ] # id user1

UID=1011 (user1) gid=1011 (USER1) groups=1011 (user1), 101 (www-data), 1120 (webadmin)

[ root@server ] # cat /etc/sudoers.d/custom.conf

user1 ALL=/usr/sbin/systemctl start httpd, /usr/sbin/systemctl stop httpd

webadmin ALL=NOPASSWD: /etc/init.d.httpd restart, /sbin/service httpd restart, /usr/sbin/apache2ctl restart

#%wheel ALL=(ALL) NOPASSWD: ALL

Which of the following would most likely resolve the issue while maintaining a least privilege security model?

A.
User1 should be added to the wheel group to manage the service.
A.
User1 should be added to the wheel group to manage the service.
Answers
B.
User1 should have 'NOPASSWD:' after the 'ALL=' in the custom. conf.
B.
User1 should have 'NOPASSWD:' after the 'ALL=' in the custom. conf.
Answers
C.
The wheel line in the custom. conf file should be uncommented.
C.
The wheel line in the custom. conf file should be uncommented.
Answers
D.
Webadmin should be listed as a group in the custom. conf file.
D.
Webadmin should be listed as a group in the custom. conf file.
Answers
Suggested answer: D

Explanation:

The custom.conf file grants sudo privileges to user1 and webadmin for managing the Apache web service, but it uses different commands for each of them. User1 is allowed to use systemctl to start and stop the httpd service, while webadmin is allowed to use init.d, service, or apache2ctl to restart the httpd service. However, the user1 is unable to restart the service, only start and stop it. To fix this, user1 should be able to use the same commands as webadmin, which can be achieved by listing webadmin as a group in the custom.conf file, using the syntax %groupname. This way, user1 will inherit the sudo privileges of the webadmin group, and be able to restart the Apache web service without compromising the least privilege security model.

Reference

Sudo and Sudoers Configuration | Servers for Hackers, section ''Groups''

Chapter 12. Managing sudo access - Red Hat Customer Portal, section ''12.1. Configuring sudo access for users and groups''

Question 246

Report
Export
Collapse

A Linux system is having issues. Given the following outputs:

# dig @192.168.2.2 mycomptiahost

; << >> DiG 9.9.4-RedHat-9.9.4-74.el7_6.1 << >> @192.168.2.2 mycomptiahost

; (1 server found)

;; global options: +cmd

;; connection timed out; no servers could be reached

# nc -v 192.168.2.2 53

Ncat: Version 7.70 ( https://nmap.org/ncat )

Ncat: Connection timed out.

# ping 192.168.2.2

PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.

64 bytes from 192.168.2.2: icmp_seq=1 ttl=117 time=4.94 ms

64 bytes from 192.168.2.2: icmp_seq=2 ttl=117 time=10.5 ms

Which of the following best describes this issue?

A.
The DNS host is down.
A.
The DNS host is down.
Answers
B.
The name mycomptiahost does not exist in the DNS.
B.
The name mycomptiahost does not exist in the DNS.
Answers
C.
The Linux engineer is using the wrong DNS port.
C.
The Linux engineer is using the wrong DNS port.
Answers
D.
The DNS service is currently not available or the corresponding port is blocked.
D.
The DNS service is currently not available or the corresponding port is blocked.
Answers
Suggested answer: D

Explanation:

The ping command shows that the Linux system can reach the DNS server at 192.168.2.2, so the DNS host is not down. The dig and nc commands show that the Linux system cannot connect to the DNS server on port 53, which is the standard port for DNS queries. This means that either the DNS service is not running on the DNS server, or there is a firewall or network device blocking the port 53 traffic.Therefore, the DNS service is currently not available or the corresponding port is blocked. Reference 1:How To Troubleshoot DNS Client Issues in Linux - RootUsers 2:6 Best Tools to Troubleshoot DNS Issues in Linux - Tecmint 3:How To Troubleshoot DNS in Linux - OrcaCore 4:Fixing DNS Issues in Ubuntu 20.04 | DeviceTests

Question 247

Report
Export
Collapse

Users are experiencing high latency when accessing a web application served by a Linux machine. A systems administrator checks the network interface counters and sees the following:

Which of the following is the most probable cause of the observed latency?

A.
The network interface is disconnected.
A.
The network interface is disconnected.
Answers
B.
A connection problem exists on the network interface.
B.
A connection problem exists on the network interface.
Answers
C.
No IP address is assigned to the interface.
C.
No IP address is assigned to the interface.
Answers
D.
The gateway is unreachable.
D.
The gateway is unreachable.
Answers
Suggested answer: B

Explanation:

The high number of errors and dropped packets in the output of the network interface counters indicate a connection problem on the network interface.

CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 10: Managing Networking, Section: Troubleshooting Network Issues, Page 359.

Linux+ (Plus) Certification, Exam Objectives: 4.3 Given a scenario, troubleshoot and resolve basic network configuration and connectivity issues.

Question 248

Report
Export
Collapse

While troubleshooting server issues, a Linux systems administrator obtains the following output:

[rootGhost ~]# total free -m used free shared buf f/cache available

Mem: 3736 3598 88 2 48 29

Swap: 2047 1824 223

Which of the following best describes the state of the system?

A.
The system has consumed the system memory and swap space.
A.
The system has consumed the system memory and swap space.
Answers
B.
The system has enough free memory space.
B.
The system has enough free memory space.
Answers
C.
The system has swap disabled.
C.
The system has swap disabled.
Answers
D.
The system has allocated enough buffer space.
D.
The system has allocated enough buffer space.
Answers
Suggested answer: B

Explanation:

The output shows that the system has a total of 3736MB of memory, of which 3598MB is free.This indicates that the system has enough free memory space12.

Reference: 1(https://phoenixnap.com/kb/swap-space) 2(https://www.baeldung.com/linux/swap-space-use)

Question 249

Report
Export
Collapse

A network administrator issues the dig ww. comptia. org command and receives an NXDOMAIN response. Which of the following files should the administrator check first?

A.
/etc/resolv.conf
A.
/etc/resolv.conf
Answers
B.
/etc/hosts
B.
/etc/hosts
Answers
C.
/etc/sysconfig/network-scripts
C.
/etc/sysconfig/network-scripts
Answers
D.
/etc/nsswitch.conf
D.
/etc/nsswitch.conf
Answers
Suggested answer: A

Explanation:

Thedigcommand uses the DNS servers listed in the/etc/resolv.conffile to resolve domain names. If thedigcommand returns an NXDOMAIN response, it means the domain does not exist according to the DNS servers used.Therefore, the administrator should check the/etc/resolv.conffile first34.

Reference: 3(https://www.linuxquestions.org/questions/linux-newbie-8/help-me-dig-status-nxdomain-4175684441/) 4(https://serverfault.com/questions/729025/what-are-all-the-flags-in-a-dig-response)

Question 250

Report
Export
Collapse

An administrator is running a web server in a container named web, but none of the error output is not showing. Which of the following should the administrator use to generate the errors on the container?

A.
docker-compose inspect WEB
A.
docker-compose inspect WEB
Answers
B.
docker logs WEB
B.
docker logs WEB
Answers
C.
docker run ---name WEB ---volume/dev/stdout:/var/log/nginx/error.log
C.
docker run ---name WEB ---volume/dev/stdout:/var/log/nginx/error.log
Answers
D.
docker ps WEB -f
D.
docker ps WEB -f
Answers
Suggested answer: B

Explanation:

Thedocker logscommand is used to fetch the logs of a container.If the error output is not showing for a running container, thedocker logscommand can be used to view these details56.

Reference: 5(https://www.docker.com/blog/how-to-fix-and-debug-docker-containers-like-a-superhero/) 6(https://stackoverflow.com/questions/33083385/getting-console-output-from-a-docker-container)

Total 371 questions
Go to page: of 38
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms