Practice Free XK0-006 Exam Online Questions
Question #1
Which of the following utilities supports the automation of security compliance and vulnerability management?
- A . SELinux
- B . Nmap
- C . AIDE
- D . OpenSCAP
Correct Answer: D
D
Explanation:
Security compliance and vulnerability management are critical components of Linux system administration, and CompTIA Linux+ V8 places strong emphasis on automated security assessment tools. OpenSCAP is specifically designed to address these requirements.
OpenSCAP is an open-source framework that implements the Security Content Automation Protocol (SCAP), a set of standards used for automated vulnerability scanning, configuration compliance checking, and security auditing. It allows administrators to assess Linux systems against established security baselines such as CIS benchmarks, DISA STIGs, and organizational security policies. This makes OpenSCAP the most appropriate tool for automating both compliance and vulnerability management.
The other options serve different security-related purposes but do not fulfill the automation requirement. SELinux is a mandatory access control system that enforces security policies at runtime but does not perform compliance scanning or vulnerability assessments. Nmap is a network scanning and discovery tool used to identify open ports and services, not compliance automation. AIDE (Advanced Intrusion Detection Environment) is a file integrity monitoring tool that detects unauthorized file changes but does not evaluate overall system compliance.
Linux+ V8 documentation highlights OpenSCAP as a tool used to automate security audits, generate compliance reports, and integrate with configuration management workflows. Its ability to standardize security checks across multiple systems makes it essential in enterprise and regulated environments.
Therefore, the correct answer is D. OpenSCAP.
D
Explanation:
Security compliance and vulnerability management are critical components of Linux system administration, and CompTIA Linux+ V8 places strong emphasis on automated security assessment tools. OpenSCAP is specifically designed to address these requirements.
OpenSCAP is an open-source framework that implements the Security Content Automation Protocol (SCAP), a set of standards used for automated vulnerability scanning, configuration compliance checking, and security auditing. It allows administrators to assess Linux systems against established security baselines such as CIS benchmarks, DISA STIGs, and organizational security policies. This makes OpenSCAP the most appropriate tool for automating both compliance and vulnerability management.
The other options serve different security-related purposes but do not fulfill the automation requirement. SELinux is a mandatory access control system that enforces security policies at runtime but does not perform compliance scanning or vulnerability assessments. Nmap is a network scanning and discovery tool used to identify open ports and services, not compliance automation. AIDE (Advanced Intrusion Detection Environment) is a file integrity monitoring tool that detects unauthorized file changes but does not evaluate overall system compliance.
Linux+ V8 documentation highlights OpenSCAP as a tool used to automate security audits, generate compliance reports, and integrate with configuration management workflows. Its ability to standardize security checks across multiple systems makes it essential in enterprise and regulated environments.
Therefore, the correct answer is D. OpenSCAP.
Question #2
A Linux administrator wants to add a user to the Docker group without changing the user’s primary group.
Which of the following commands should the administrator use to complete this task?
- A . sudo groupmod docker user
- B . sudo usermod -g docker user
- C . sudo usermod -aG docker user
- D . sudo groupmod -G docker user
Correct Answer: C
C
Explanation:
User and group management is a core System Management topic in CompTIA Linux+ V8. When adding a user to an additional group―such as the docker group―care must be taken not to alter the user’s primary group.
The correct command is sudo usermod -aG docker user. The -G option specifies a supplementary group, and the -a (append) option ensures the user is added to the group without removing existing group memberships. This is especially important because omitting -a would overwrite the user’s supplementary groups.
Option B, usermod -g docker user, changes the user’s primary group, which is not desired. Options A and D misuse groupmod, which is intended for modifying group properties, not user membership.
Linux+ V8 documentation explicitly warns that failing to use -a with -G can unintentionally remove a user from all other supplementary groups, potentially causing access issues.
Therefore, the correct and safe command is C. sudo usermod -aG docker user.
C
Explanation:
User and group management is a core System Management topic in CompTIA Linux+ V8. When adding a user to an additional group―such as the docker group―care must be taken not to alter the user’s primary group.
The correct command is sudo usermod -aG docker user. The -G option specifies a supplementary group, and the -a (append) option ensures the user is added to the group without removing existing group memberships. This is especially important because omitting -a would overwrite the user’s supplementary groups.
Option B, usermod -g docker user, changes the user’s primary group, which is not desired. Options A and D misuse groupmod, which is intended for modifying group properties, not user membership.
Linux+ V8 documentation explicitly warns that failing to use -a with -G can unintentionally remove a user from all other supplementary groups, potentially causing access issues.
Therefore, the correct and safe command is C. sudo usermod -aG docker user.
Question #3
An administrator added a new disk to expand the current storage.
Which of the following commands should the administrator run first to add the new disk to the LVM?
- A . vgextend
- B . lvextend
- C . pvcreate
- D . pvresize
Correct Answer: C
C
Explanation:
From Exact Extract:
To add a new physical disk to LVM, the disk must first be initialized as a physical volume using the pvcreate command. This prepares the new disk for use by the LVM subsystem. After initializing with pvcreate, you would use vgextend to add the new physical volume to an existing volume group.
Other options:
C
Explanation:
From Exact Extract:
To add a new physical disk to LVM, the disk must first be initialized as a physical volume using the pvcreate command. This prepares the new disk for use by the LVM subsystem. After initializing with pvcreate, you would use vgextend to add the new physical volume to an existing volume group.
Other options:
Question #4
A Linux administrator needs to create and then connect to the app-01-image container.
Which of the following commands accomplishes this task?
- A . docker run -it app-01-image
- B . docker start -td app-01-image
- C . docker build -ic app-01-image
- D . docker exec -dc app-01-image
Correct Answer: A
A
Explanation:
From Linux+ V8 documents:
Container lifecycle management is a core topic within the Automation, Orchestration, and Scripting domain of CompTIA Linux+ V8. Administrators must understand the difference between creating containers, starting containers, and executing commands within running containers.
The correct command is docker run -it app-01-image. The docker run command performs three actions at once: it creates a new container from the specified image, starts the container, and optionally attaches the administrator’s terminal to it. The -i option keeps standard input open, while the -t option allocates a pseudo-terminal (TTY). Together, these options allow the administrator to interactively connect to the container immediately after it is created.
The other options are incorrect for the following reasons. docker start is used only to start an existing stopped container and does not create a new container from an image. Additionally, -t and -d are not valid options for attaching an interactive terminal during container startup. docker build is used to build a Docker image from a Dockerfile and cannot be used to create or connect to a container. docker exec is used to run commands inside an already running container and therefore cannot be used to create a container.
Linux+ V8 documentation emphasizes that docker run is the primary command used when administrators want to instantiate containers from images and interact with them. This command is commonly used during testing, development, and troubleshooting workflows.
A
Explanation:
From Linux+ V8 documents:
Container lifecycle management is a core topic within the Automation, Orchestration, and Scripting domain of CompTIA Linux+ V8. Administrators must understand the difference between creating containers, starting containers, and executing commands within running containers.
The correct command is docker run -it app-01-image. The docker run command performs three actions at once: it creates a new container from the specified image, starts the container, and optionally attaches the administrator’s terminal to it. The -i option keeps standard input open, while the -t option allocates a pseudo-terminal (TTY). Together, these options allow the administrator to interactively connect to the container immediately after it is created.
The other options are incorrect for the following reasons. docker start is used only to start an existing stopped container and does not create a new container from an image. Additionally, -t and -d are not valid options for attaching an interactive terminal during container startup. docker build is used to build a Docker image from a Dockerfile and cannot be used to create or connect to a container. docker exec is used to run commands inside an already running container and therefore cannot be used to create a container.
Linux+ V8 documentation emphasizes that docker run is the primary command used when administrators want to instantiate containers from images and interact with them. This command is commonly used during testing, development, and troubleshooting workflows.
Question #5
An administrator logs in to a Linux server and notices the clock is 37 minutes fast.
Which of the following commands will fix the issue?
- A . hwclock
- B . ntpdate
- C . timedatectl
- D . ntpd -q
Correct Answer: B
B
Explanation:
From Exact Extract:
The ntpdate command synchronizes the system clock with a remote NTP server immediately, correcting any significant time drift. This is ideal for one-time corrections.
For example:
bash
CopyEdit
ntpdate pool.ntp.org
Other options:
B
Explanation:
From Exact Extract:
The ntpdate command synchronizes the system clock with a remote NTP server immediately, correcting any significant time drift. This is ideal for one-time corrections.
For example:
bash
CopyEdit
ntpdate pool.ntp.org
Other options:
Question #6
Which of the following can reduce the attack surface area in relation to Linux hardening?
- A . Customizing the log-in banner
- B . Reducing the number of directories created
- C . Extending the SSH startup timeout period
- D . Enforcing password strength and complexity
Correct Answer: D
D
Explanation:
From Exact Extract:
Reducing the attack surface area in Linux hardening refers to limiting possible points of unauthorized access. According to the CompTIA Linux+ Official Study Guide (Exam XK0-006), enforcing strong password policies is a critical aspect of security hardening. This practice ensures that user accounts are protected by passwords that are difficult to guess or crack, thus minimizing the risk of successful brute-force attacks. Implementing password complexity requirements (such as minimum length, use of uppercase, lowercase, numbers, and special characters) directly addresses one of the primary vectors for unauthorized access.
Other options do not have a direct impact on reducing the attack surface:
D
Explanation:
From Exact Extract:
Reducing the attack surface area in Linux hardening refers to limiting possible points of unauthorized access. According to the CompTIA Linux+ Official Study Guide (Exam XK0-006), enforcing strong password policies is a critical aspect of security hardening. This practice ensures that user accounts are protected by passwords that are difficult to guess or crack, thus minimizing the risk of successful brute-force attacks. Implementing password complexity requirements (such as minimum length, use of uppercase, lowercase, numbers, and special characters) directly addresses one of the primary vectors for unauthorized access.
Other options do not have a direct impact on reducing the attack surface:
Question #7
Which of the following is a characteristic of Python 3?
- A . It is closed source.
- B . It is extensible through modules.
- C . It is fully backwards compatible.
- D . It is binary compatible with Java.
Correct Answer: B
B
Explanation:
Python 3 characteristics are part of Linux+ V8 scripting objectives. One of Python’s most important features is its modular and extensible architecture.
Option B is correct because Python 3 supports extensibility through modules and packages. Python includes a large standard library and allows developers to extend functionality using third-party modules or custom code. This makes Python highly adaptable for automation, system management, and DevOps tasks.
The other options are incorrect. Python is open source, not closed source. Python 3 is not fully backwards compatible with Python 2, which is a major distinction emphasized in Linux+ V8. Python is also not binary compatible with Java.
Linux+ V8 documentation highlights Python’s extensibility as a key reason it is widely used in Linux automation. Therefore, the correct answer is B.
B
Explanation:
Python 3 characteristics are part of Linux+ V8 scripting objectives. One of Python’s most important features is its modular and extensible architecture.
Option B is correct because Python 3 supports extensibility through modules and packages. Python includes a large standard library and allows developers to extend functionality using third-party modules or custom code. This makes Python highly adaptable for automation, system management, and DevOps tasks.
The other options are incorrect. Python is open source, not closed source. Python 3 is not fully backwards compatible with Python 2, which is a major distinction emphasized in Linux+ V8. Python is also not binary compatible with Java.
Linux+ V8 documentation highlights Python’s extensibility as a key reason it is widely used in Linux automation. Therefore, the correct answer is B.
Question #8
To perform a live migration, which of the following must match on both host servers? (Choose two)
- A . USB ports
- B . Network speed
- C . Available swap
- D . CPU architecture
- E . Available memory
- F . Disk storage path
Correct Answer: D E
D E
Explanation:
From Linux+ V8 documents:
Live migration is a virtualization feature that allows a running virtual machine to be moved from one host to another with minimal or no downtime. This topic falls under System Management in the CompTIA Linux+ V8 objectives, particularly in the areas of virtualization and resource management.
For a live migration to succeed, the CPU architecture must match between the source and destination hosts. This is critical because the running virtual machine’s CPU state, instruction set, and registers must be compatible with the destination system. Migrating between different CPU architectures (for example, x86_64 to ARM) is not supported and would cause the virtual machine to fail. Therefore, option D is required.
Additionally, the destination host must have sufficient available memory to accommodate the virtual machine being migrated. During live migration, the memory contents of the running VM are copied from the source host to the destination host while the VM continues to run. If enough memory is not available, the migration cannot complete successfully. This makes option E mandatory.
The other options are not strict requirements. USB ports do not need to match for live migration. Network speed may affect migration performance but does not need to be identical. Available swap space is not directly required for migration. Disk storage paths do not need to match as long as shared storage or compatible storage access is available.
Linux+ V8 documentation emphasizes CPU compatibility and memory availability as core prerequisites for live migration. Therefore, the correct answers are D and E.
D E
Explanation:
From Linux+ V8 documents:
Live migration is a virtualization feature that allows a running virtual machine to be moved from one host to another with minimal or no downtime. This topic falls under System Management in the CompTIA Linux+ V8 objectives, particularly in the areas of virtualization and resource management.
For a live migration to succeed, the CPU architecture must match between the source and destination hosts. This is critical because the running virtual machine’s CPU state, instruction set, and registers must be compatible with the destination system. Migrating between different CPU architectures (for example, x86_64 to ARM) is not supported and would cause the virtual machine to fail. Therefore, option D is required.
Additionally, the destination host must have sufficient available memory to accommodate the virtual machine being migrated. During live migration, the memory contents of the running VM are copied from the source host to the destination host while the VM continues to run. If enough memory is not available, the migration cannot complete successfully. This makes option E mandatory.
The other options are not strict requirements. USB ports do not need to match for live migration. Network speed may affect migration performance but does not need to be identical. Available swap space is not directly required for migration. Disk storage paths do not need to match as long as shared storage or compatible storage access is available.
Linux+ V8 documentation emphasizes CPU compatibility and memory availability as core prerequisites for live migration. Therefore, the correct answers are D and E.
Question #9
Which of the following is the main reason for setting up password expiry policies?
- A . To avoid using the same passwords repeatedly
- B . To mitigate the use of exposed passwords
- C . To force usage of passwordless authentication
- D . To increase password strength and complexity
Correct Answer: B
B
Explanation:
Password management is a core topic in the Security domain of CompTIA Linux+ V8. Password expiry policies are implemented to reduce the risk associated with long-lived credentials.
The primary reason for enforcing password expiration is to mitigate the risk of exposed or compromised passwords. If a password is leaked through phishing, malware, keylogging, or data breaches, limiting its
lifespan reduces the window of opportunity for attackers to exploit it. Requiring periodic password changes ensures that compromised credentials eventually become invalid.
Option B correctly captures this security objective. Linux+ V8 documentation emphasizes minimizing credential exposure as a key principle of access control.
The other options are secondary or incorrect. Avoiding password reuse and increasing complexity are addressed through password history and complexity policies, not expiration alone. Password expiry does not force passwordless authentication, making option C incorrect.
Therefore, the correct answer is B. To mitigate the use of exposed passwords.
B
Explanation:
Password management is a core topic in the Security domain of CompTIA Linux+ V8. Password expiry policies are implemented to reduce the risk associated with long-lived credentials.
The primary reason for enforcing password expiration is to mitigate the risk of exposed or compromised passwords. If a password is leaked through phishing, malware, keylogging, or data breaches, limiting its
lifespan reduces the window of opportunity for attackers to exploit it. Requiring periodic password changes ensures that compromised credentials eventually become invalid.
Option B correctly captures this security objective. Linux+ V8 documentation emphasizes minimizing credential exposure as a key principle of access control.
The other options are secondary or incorrect. Avoiding password reuse and increasing complexity are addressed through password history and complexity policies, not expiration alone. Password expiry does not force passwordless authentication, making option C incorrect.
Therefore, the correct answer is B. To mitigate the use of exposed passwords.
Question #10
An administrator needs to verify the user ID, home directory, and assigned shell for the user named "accounting."
Which of the following commands should the administrator use to retrieve this information?
- A . getent passwd accounting
- B . id accounting
- C . grep accounting /etc/shadow
- D . who accounting
Correct Answer: A
A
Explanation:
User account information is centrally stored in the system’s account databases, and Linux+ V8 emphasizes the use of standard tools to query this data safely and consistently.
The getent passwd accounting command retrieves the user’s entry from the passwd database, which may be sourced from local files or network services such as LDAP. This entry includes the username, user ID (UID), group ID (GID), home directory, and assigned login shell. Therefore, option A provides all the requested information in a single command.
Option B, id accounting, displays the UID and group memberships but does not show the home directory or assigned shell.
Option C is incorrect because /etc/shadow contains password hashes and expiration data, not shell or home directory information.
Option D, who accounting, only shows login sessions and does not provide account configuration details.
Linux+ V8 documentation highlights getent passwd as the preferred method for retrieving comprehensive user account information because it works across different authentication backends.
Thus, the correct answer is A.
A
Explanation:
User account information is centrally stored in the system’s account databases, and Linux+ V8 emphasizes the use of standard tools to query this data safely and consistently.
The getent passwd accounting command retrieves the user’s entry from the passwd database, which may be sourced from local files or network services such as LDAP. This entry includes the username, user ID (UID), group ID (GID), home directory, and assigned login shell. Therefore, option A provides all the requested information in a single command.
Option B, id accounting, displays the UID and group memberships but does not show the home directory or assigned shell.
Option C is incorrect because /etc/shadow contains password hashes and expiration data, not shell or home directory information.
Option D, who accounting, only shows login sessions and does not provide account configuration details.
Linux+ V8 documentation highlights getent passwd as the preferred method for retrieving comprehensive user account information because it works across different authentication backends.
Thus, the correct answer is A.