Practice Free XK0-005 Exam Online Questions
Question #91
The development team wants to prevent a file from being modified by all users in a Linux system, including the root account.
Which of the following commands can be used to accomplish this objective?
- A . chmod / app/conf/file
- B . setenforce / app/ conf/ file
- C . chattr +i /app/conf/file
- D . chmod 0000 /app/conf/file
Correct Answer: C
C
Explanation:
The chattr command is used to change file attributes on Linux systems that support extended attributes, such as ext2, ext3, ext4, btrfs, xfs, and others. File attributes are flags that modify the behavior of files and directories.
To prevent a file from being modified by all users in a Linux system, including the root account, the development team can use the chattr +i /app/conf/file command. This command will set the immutable attribute (+i) on the file /app/conf/file, which means that the file cannot be deleted, renamed, linked, appended, or written to by any user or process. To remove the immutable attribute, the development team can use the chattr -i /app/conf/file command. The statement C is correct.
The statements A, B, and D are incorrect because they do not prevent the file from being modified by all users. The chmod /app/conf/file command does not work because it requires an argument to specify the permissions to change. The setenforce /app/conf/file command does not work because it is used to change the SELinux mode, not file attributes. The chmod 0000 /app/conf/file command will remove all permissions from the file, but it can still be modified by the root account.
Reference: [How to Use chattr Command in Linux]
C
Explanation:
The chattr command is used to change file attributes on Linux systems that support extended attributes, such as ext2, ext3, ext4, btrfs, xfs, and others. File attributes are flags that modify the behavior of files and directories.
To prevent a file from being modified by all users in a Linux system, including the root account, the development team can use the chattr +i /app/conf/file command. This command will set the immutable attribute (+i) on the file /app/conf/file, which means that the file cannot be deleted, renamed, linked, appended, or written to by any user or process. To remove the immutable attribute, the development team can use the chattr -i /app/conf/file command. The statement C is correct.
The statements A, B, and D are incorrect because they do not prevent the file from being modified by all users. The chmod /app/conf/file command does not work because it requires an argument to specify the permissions to change. The setenforce /app/conf/file command does not work because it is used to change the SELinux mode, not file attributes. The chmod 0000 /app/conf/file command will remove all permissions from the file, but it can still be modified by the root account.
Reference: [How to Use chattr Command in Linux]
Question #92
A Linux systems administrator needs to compress a file named passwords.txt. The compressed file should be saved as passwords.txt.gz.
Which of the following commands should the administrator use to accomplish this task?
- A . gzip -c passwords.txt > passwords.txt.gz
- B . gzip -d passwords.txt | passwords.txt.gz
- C . gzip -n passwords.txt > passwords.txt.gz
- D . gzip -n passwords.txt < passwords.txt.gz
Correct Answer: A
A
Explanation:
The gzip command with the -c flag outputs the compressed data to standard output, which can then be redirected to create a .gz file. This approach maintains the original file while creating a compressed version.
Reference: Gzip Command Documentation
A
Explanation:
The gzip command with the -c flag outputs the compressed data to standard output, which can then be redirected to create a .gz file. This approach maintains the original file while creating a compressed version.
Reference: Gzip Command Documentation
Question #93
A DevOps engineer needs to allow incoming traffic to ports in the range of 4000 to 5000 on a Linux server.
Which of the following commands will enforce this rule?
- A . iptables -f filter -I INPUT -p tcp –dport 4000:5000 -A ACCEPT
- B . iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT
- C . iptables filter -A INPUT -p tcp –dport 4000:5000 -D ACCEPT
- D . iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT
Correct Answer: B
B
Explanation:
The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will enforce the rule of allowing incoming traffic to ports in the range of 4000 to 5000 on a Linux server.
The iptables command is a tool for managing firewall rules on Linux systems. The -t option specifies the table to operate on, in this case filter, which is the default table that contains the rules for filtering packets. The -A option appends a new rule to the end of a chain, in this case INPUT, which is the chain that processes the packets that are destined for the local system. The -p option specifies the protocol to match, in this case tcp, which is the transmission control protocol. The –dport option specifies the destination port or port range to match, in this case 4000:5000, which is the range of ports from 4000 to 5000. The -j option specifies the target to jump to if the rule matches, in this case ACCEPT, which is the target that allows the packet to pass through. The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will add a new rule to the end of the INPUT chain that will accept the incoming TCP packets that have a destination port between 4000 and 5000. This command will enforce the rule and allow the traffic to the specified ports. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong options (-f instead of -t or -D instead of -A) or do not exist (iptables filter -A INPUT -p tcp — dport 4000:5000 -D ACCEPT or iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 543.
B
Explanation:
The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will enforce the rule of allowing incoming traffic to ports in the range of 4000 to 5000 on a Linux server.
The iptables command is a tool for managing firewall rules on Linux systems. The -t option specifies the table to operate on, in this case filter, which is the default table that contains the rules for filtering packets. The -A option appends a new rule to the end of a chain, in this case INPUT, which is the chain that processes the packets that are destined for the local system. The -p option specifies the protocol to match, in this case tcp, which is the transmission control protocol. The –dport option specifies the destination port or port range to match, in this case 4000:5000, which is the range of ports from 4000 to 5000. The -j option specifies the target to jump to if the rule matches, in this case ACCEPT, which is the target that allows the packet to pass through. The command iptables -t filter -A INPUT -p tcp –dport 4000:5000 -j ACCEPT will add a new rule to the end of the INPUT chain that will accept the incoming TCP packets that have a destination port between 4000 and 5000. This command will enforce the rule and allow the traffic to the specified ports. This is the correct command to use to accomplish the task. The other options are incorrect because they either use the wrong options (-f instead of -t or -D instead of -A) or do not exist (iptables filter -A INPUT -p tcp — dport 4000:5000 -D ACCEPT or iptables filter -S INPUT -p tcp –dport 4000:5000 -A ACCEPT).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Securing Linux Systems, page 543.
Question #94
Which of the following commands will display the operating system?
- A . uname -n
- B . uname -s
- C . uname -o
- D . uname -m
Correct Answer: C
C
Explanation:
The command that will display the operating system is uname -o. This command uses the uname tool, which is used to print system information such as the kernel name, version, release, machine, and processor. The -o option stands for operating system, and prints the name of the operating system implementation (usually GNU/Linux).
The other options are not correct commands for displaying the operating system. The uname -n command will display the network node hostname of the system. The uname -s command will display the kernel name of the system. The uname -m command will display the machine hardware name of the system.
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 1: Exploring Linux Command-Line Tools; uname(1) – Linux manual page
C
Explanation:
The command that will display the operating system is uname -o. This command uses the uname tool, which is used to print system information such as the kernel name, version, release, machine, and processor. The -o option stands for operating system, and prints the name of the operating system implementation (usually GNU/Linux).
The other options are not correct commands for displaying the operating system. The uname -n command will display the network node hostname of the system. The uname -s command will display the kernel name of the system. The uname -m command will display the machine hardware name of the system.
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 1: Exploring Linux Command-Line Tools; uname(1) – Linux manual page
Question #95
After listing the properties of a system account, a systems administrator wants to remove the expiration date of a user account.
Which of the following commands will accomplish this task?
- A . chgrp system accountname
- B . passwd Cs accountname
- C . chmod -G system account name
- D . chage -E -1 accountname
Correct Answer: D
D
Explanation:
The command chage -E -1 accountname will accomplish the task of removing the expiration date of a user account. The chage command is a tool for changing user password aging information on Linux systems. The -E option sets the expiration date of the user account, and the -1 value means that the account will never expire. The command chage -E -1 accountname will remove the expiration date of the user account named accountname. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not affect the expiration date (chgrp, passwd, or chmod) or do not exist (chmod -G).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 15: Managing Users and Groups, page 467.
D
Explanation:
The command chage -E -1 accountname will accomplish the task of removing the expiration date of a user account. The chage command is a tool for changing user password aging information on Linux systems. The -E option sets the expiration date of the user account, and the -1 value means that the account will never expire. The command chage -E -1 accountname will remove the expiration date of the user account named accountname. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not affect the expiration date (chgrp, passwd, or chmod) or do not exist (chmod -G).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 15: Managing Users and Groups, page 467.
Question #96
An administrator created an initial Git repository and uploaded the first files.
The administrator sees the following when listing the repository:
The administrator notices the file. DS STORE should not be included and deletes it from the online repository.
Which of the following should the administrator run from the root of the local repository before the next commit to ensure the file is not uploaded again in future commits?
- A . rm -f .DS STORE && git push
- B . git fetch && git checkout .DS STORE
- C . rm -f .DS STORE && git rebase origin main
- D . echo .DS STORE >> .gitignore
Correct Answer: D
D
Explanation:
The correct answer is
D. The administrator should run “echo .DS STORE >> .gitignore” from the root of the local repository before the next commit to ensure the file is not uploaded again in future commits.
This command will append the file name .DS STORE to the end of the .gitignore file, which is a special file that tells Git to ignore certain files or directories that should not be tracked or uploaded to the repository. By adding .DS STORE to the .gitignore file, the administrator will prevent Git from staging, committing, or pushing this file in the future.
The other options are incorrect because:
D
Explanation:
The correct answer is
D. The administrator should run “echo .DS STORE >> .gitignore” from the root of the local repository before the next commit to ensure the file is not uploaded again in future commits.
This command will append the file name .DS STORE to the end of the .gitignore file, which is a special file that tells Git to ignore certain files or directories that should not be tracked or uploaded to the repository. By adding .DS STORE to the .gitignore file, the administrator will prevent Git from staging, committing, or pushing this file in the future.
The other options are incorrect because:
Question #97
A systems administrator needs to create a new service unit file. This new unit file is required to start when all services are running with the command-line interface only.
Which of the following options should the administrator use to accomplish this task?
- A . WantedBy=basic.target
- B . WantedBy=network-online.target
- C . WantedBy=multi-user.target
- D . WantedBy=graphical.target
Correct Answer: C
Question #98
A Linux administrator was informed that the server time zone is incorrect.
Which of the following commands should the administrator use to correct the time zone?
- A . timedatectl set-timezone America/New_York
- B . systemd-timezone set Asia/Tokyo
- C . systemctl configure-timezone Africa/Nairobi
- D . tzconfig configure Europe/London
Correct Answer: A
A
Explanation:
In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:
cpp
CopyEdit
timedatectl set-timezone <TimeZone>
For example, to set the time zone to America/New_York, the command would be:
cpp
CopyEdit
timedatectl set-timezone America/New_York
Why the other options are incorrect?
B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.
C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.
D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.
Reference: CompTIA Linux+ Official Documentation timedatectl Documentation C Red Hat
A
Explanation:
In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:
cpp
CopyEdit
timedatectl set-timezone <TimeZone>
For example, to set the time zone to America/New_York, the command would be:
cpp
CopyEdit
timedatectl set-timezone America/New_York
Why the other options are incorrect?
B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.
C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.
D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.
Reference: CompTIA Linux+ Official Documentation timedatectl Documentation C Red Hat
Question #98
A Linux administrator was informed that the server time zone is incorrect.
Which of the following commands should the administrator use to correct the time zone?
- A . timedatectl set-timezone America/New_York
- B . systemd-timezone set Asia/Tokyo
- C . systemctl configure-timezone Africa/Nairobi
- D . tzconfig configure Europe/London
Correct Answer: A
A
Explanation:
In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:
cpp
CopyEdit
timedatectl set-timezone <TimeZone>
For example, to set the time zone to America/New_York, the command would be:
cpp
CopyEdit
timedatectl set-timezone America/New_York
Why the other options are incorrect?
B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.
C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.
D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.
Reference: CompTIA Linux+ Official Documentation timedatectl Documentation C Red Hat
A
Explanation:
In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:
cpp
CopyEdit
timedatectl set-timezone <TimeZone>
For example, to set the time zone to America/New_York, the command would be:
cpp
CopyEdit
timedatectl set-timezone America/New_York
Why the other options are incorrect?
B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.
C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.
D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.
Reference: CompTIA Linux+ Official Documentation timedatectl Documentation C Red Hat
Question #100
Using AD Query, the security gateway connections to the Active Directory Domain Controllers using what protocol?
- A . Windows Management Instrumentation (WMI)
- B . Hypertext Transfer Protocol Secure (HTTPS)
- C . Lightweight Directory Access Protocol (LDAP)
- D . Remote Desktop Protocol (RDP)
Correct Answer: C
C
Explanation:
Using AD Query, the security gateway connects to the Active Directory Domain Controllers using Lightweight Directory Access Protocol (LDAP). LDAP is a protocol that provides access to directory services over a network. AD Query uses LDAP queries to retrieve information about users and groups from Active Directory Domain Controllers without installing any software on them. AD Query does not use Windows Management Instrumentation (WMI), Hypertext Transfer Protocol Secure (HTTPS), or Remote Desktop Protocol (RDP) to connect to Active Directory Domain Controllers.
Reference: Check Point Certified Security Administrator (CCSA) R80.x Study Guide,
Chapter 5: User Management and Authentication, page 69.
C
Explanation:
Using AD Query, the security gateway connects to the Active Directory Domain Controllers using Lightweight Directory Access Protocol (LDAP). LDAP is a protocol that provides access to directory services over a network. AD Query uses LDAP queries to retrieve information about users and groups from Active Directory Domain Controllers without installing any software on them. AD Query does not use Windows Management Instrumentation (WMI), Hypertext Transfer Protocol Secure (HTTPS), or Remote Desktop Protocol (RDP) to connect to Active Directory Domain Controllers.
Reference: Check Point Certified Security Administrator (CCSA) R80.x Study Guide,
Chapter 5: User Management and Authentication, page 69.