Practice Free XK0-005 Exam Online Questions
Question #101
A network administrator issues the dig www.comptia.org command and receives an NXDOMAIN response.
Which of the following files should the administrator check first?
- A . /etc/resolv.conf
- B . /etc/hosts
- C . /etc/sysconfig/network-scripts
- D . /etc/nsswitch.conf
Correct Answer: A
A
Explanation:
Step-by-Step Comprehensive Detailed
Command
The dig command queries DNS servers. If NXDOMAIN is received, the system cannot resolve the domain. The /etc/resolv.conf file contains the DNS server configuration.
Why Other Options are Incorrect:
B: /etc/hosts maps IP addresses to hostnames but is not queried unless configured in /etc/nsswitch.conf.
C: /etc/sysconfig/network-scripts contains network interface configurations, unrelated to DNS.
D: /etc/nsswitch.conf defines the order of name resolution methods, but it does not directly resolve domain names.
Reference: CompTIA Linux+ Study Guide: Network Configuration man dig
A
Explanation:
Step-by-Step Comprehensive Detailed
Command
The dig command queries DNS servers. If NXDOMAIN is received, the system cannot resolve the domain. The /etc/resolv.conf file contains the DNS server configuration.
Why Other Options are Incorrect:
B: /etc/hosts maps IP addresses to hostnames but is not queried unless configured in /etc/nsswitch.conf.
C: /etc/sysconfig/network-scripts contains network interface configurations, unrelated to DNS.
D: /etc/nsswitch.conf defines the order of name resolution methods, but it does not directly resolve domain names.
Reference: CompTIA Linux+ Study Guide: Network Configuration man dig
Question #102
The users of a Linux system are unable to use one of the application filesystems.
The following outputs have been provided:
bash
$ cd /app
$ touch file
touch: cannot touch ‘file’: Readonly file system
Output 2
/dev/sdcl on /app type ext4 (ro,relatime,seclabel,data=ordered)
Output 3
/dev/sdcl /app ext4 defaults 0 0
Output 4
[302.048075] Buffer I/O error on dev sdcl, logical block 0, async page read
[302.048490] EXT4-fs (sdcl): Attempt to read block from filesystem resulted in short read while trying to re-open /dev/sdcl
Which of the following actions will resolve this issue?
- A . umount /app fsck -y /dev/sdcl mount /app
- B . xfs_repair /dev/sdcl mount -o rw,remount /app
- C . umount /app xfs_repair /dev/sdcl mount /app
- D . fsck -y /dev/sdcl mount -o rw,remount /app
Correct Answer: D
D
Explanation:
The filesystem is in read-only mode, likely due to corruption or errors detected. Running fsck -y will check and repair the filesystem, and mount -o rw,remount will remount it as read-write, making it usable again. This is a common troubleshooting step for filesystems with errors.
D
Explanation:
The filesystem is in read-only mode, likely due to corruption or errors detected. Running fsck -y will check and repair the filesystem, and mount -o rw,remount will remount it as read-write, making it usable again. This is a common troubleshooting step for filesystems with errors.
Question #103
Joe, a user, is unable to log in to the system.
The Linux administrator checks the /etc/passwd file and reviews the following output:
Joe:x:1002:1002::/home/Joe:/sbin/nologin
Which of the following should the administrator do to fix this issue?
- A . Remove the x entry in the /etc/passwd file for Joe
- B . Change the /sbin/nologin entry to /bin/sh for Joe
- C . Issue the usermod -l Joe command
- D . Ensure that a corresponding entry is in the /etc/shadow file for Joe
Correct Answer: B
B
Explanation:
The /sbin/nologin shell is used to prevent a user from logging in. To allow Joe to log in, the administrator should change his shell to /bin/sh, which is a standard login shell in Linux. This change will allow Joe to access the system normally.
B
Explanation:
The /sbin/nologin shell is used to prevent a user from logging in. To allow Joe to log in, the administrator should change his shell to /bin/sh, which is a standard login shell in Linux. This change will allow Joe to access the system normally.
Question #104
A systems administrator received a notification that a system is performing slowly.
When running the top command, the systems administrator can see the following values:
Which of the following commands will the administrator most likely run NEXT?
- A . vmstat
- B . strace
- C . htop
- D . lsof
Correct Answer: A
A
Explanation:
The command vmstat will most likely be run next by the administrator to troubleshoot the system performance. The vmstat command is a tool for reporting virtual memory statistics on Linux systems. The command shows information about processes, memory, paging, block IO, interrupts, and CPU activity. The command can help the administrator identify the source of the performance issue, such as high CPU usage, low free memory, excessive swapping, or disk IO bottlenecks. The command can also be used with an interval and a count to display the statistics repeatedly over time and observe the changes. The command vmstat will provide useful information for diagnosing the system performance and finding the root cause of the issue. This is the most likely command to run next after the top command. The other options are incorrect because they either do not show the virtual memory statistics (strace or lsof) or do not provide more information than the top command (htop).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, page 425.
A
Explanation:
The command vmstat will most likely be run next by the administrator to troubleshoot the system performance. The vmstat command is a tool for reporting virtual memory statistics on Linux systems. The command shows information about processes, memory, paging, block IO, interrupts, and CPU activity. The command can help the administrator identify the source of the performance issue, such as high CPU usage, low free memory, excessive swapping, or disk IO bottlenecks. The command can also be used with an interval and a count to display the statistics repeatedly over time and observe the changes. The command vmstat will provide useful information for diagnosing the system performance and finding the root cause of the issue. This is the most likely command to run next after the top command. The other options are incorrect because they either do not show the virtual memory statistics (strace or lsof) or do not provide more information than the top command (htop).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Processes and Scheduling Tasks, page 425.
Question #105
During a security scan, the password of an SSH key file appeared to be too weak and was cracked.
Which of the following commands would allow a user to choose a stronger password and set it on the existing SSH key file?
- A . passwd
- B . ssh
- C . ssh-keygen
- D . pwgen
Correct Answer: C
C
Explanation:
The command that would allow a user to choose a stronger password and set it on the existing SSH key file is ssh-keygen -p -f <keyfile>. This command uses the ssh-keygen tool, which is used to generate, manage, and convert authentication keys for SSH. The -p option stands for passphrase, and it allows the user to change or remove the passphrase of an existing private key file. The -f option specifies the filename of the key file. The command will prompt the user for the old passphrase, and then for the new passphrase twice.
The other options are not correct commands for changing the password of an SSH key file. The passwd command is used to change the password of a user account on a Linux system, not an SSH key file. The ssh command is used to log in to a remote system using SSH, not to change the password of an SSH key file. The pwgen command is used to generate random passwords, not to change the password of an SSH key file.
Reference: ssh-keygen (1) – Linux manual page; How To: Change Passphrase for SSH Private Key – Unix Tutorial
C
Explanation:
The command that would allow a user to choose a stronger password and set it on the existing SSH key file is ssh-keygen -p -f <keyfile>. This command uses the ssh-keygen tool, which is used to generate, manage, and convert authentication keys for SSH. The -p option stands for passphrase, and it allows the user to change or remove the passphrase of an existing private key file. The -f option specifies the filename of the key file. The command will prompt the user for the old passphrase, and then for the new passphrase twice.
The other options are not correct commands for changing the password of an SSH key file. The passwd command is used to change the password of a user account on a Linux system, not an SSH key file. The ssh command is used to log in to a remote system using SSH, not to change the password of an SSH key file. The pwgen command is used to generate random passwords, not to change the password of an SSH key file.
Reference: ssh-keygen (1) – Linux manual page; How To: Change Passphrase for SSH Private Key – Unix Tutorial
Question #106
Which of the following concepts describes the approach of keeping all configurations in a repository?
- A . Inventory
- B . Infrastructure as Code
- C . Orchestration
- D . Agentless deployment
Correct Answer: B
Question #107
A Linux administrator is configuring a new internal web server fleet. The web servers are up and running but can only be reached by users directly via IP address. The administrator is attempting to fix this inconvenience by requesting appropriate records from the DNS team.
The details are:
Hostname: devel.comptia.org
IP address: 5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4
Name server: 5.5.5.254
Additional names: dev.comptia.org, development.comptia.org
Which of the following types of DNS records should the Linux administrator request from the DNS team? (Select three).
- A . MX
- B . NS
- C . PTR
- D . A
- E . CNAME
- F . RRSIG
- G . SOA
- H . TXT
- I . SRV
Correct Answer: B,D,E
B,D,E
Explanation:
The Linux administrator should request the following types of DNS records from the DNS team:
A: This record type is used to map a hostname to an IPv4 address. The administrator needs four A records for devel.comptia.org, one for each IP address (5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4). This will allow users to access the web servers by using the hostname devel.comptia.org instead of the IP addresses1.
CNAME: This record type is used to create an alias for another hostname. The administrator needs two CNAME records, one for dev.comptia.org and one for development.comptia.org, both pointing to devel.comptia.org. This will allow users to access the web servers by using any of these three hostnames interchangeably1.
NS: This record type is used to delegate a domain or a subdomain to another name server. The administrator needs one NS record for comptia.org, pointing to 5.5.5.254, which is the name server that hosts the records for the subdomain devel.comptia.org2. This will allow users to resolve the hostnames under comptia.org by querying the name server 5.5.5.2542.
The other record types are not relevant for the administrator’s task:
MX: This record type is used to specify the mail exchange server for a domain or a subdomain1. The administrator does not need this record type because the web servers are not intended to handle email traffic.
PTR: This record type is used to map an IP address to a hostname, which is the reverse of an A record1. The administrator does not need this record type because the web servers are not expected to be accessed by their IP addresses.
RRSIG: This record type is used to provide digital signatures for DNSSEC, which is a security extension for DNS that verifies the authenticity and integrity of DNS responses3. The administrator does not need this record type because it is not mentioned in the task requirements.
SOA: This record type is used to provide information about the authoritative name server and other parameters for a domain or a subdomain1. The administrator does not need this record type because it is usually created automatically by the name server software when a new zone file is created4. TXT: This record type is used to store arbitrary text data that can be used for various purposes, such as SPF, DKIM, DMARC, etc1. The administrator does not need this record type because it is not related to the web server functionality.
SRV: This record type is used to specify the location and port number of a service that runs on a domain or a subdomain1. The administrator does not need this record type because the web servers use the standard HTTP port 80, which does not require an SRV record.
Reference: 1: DNS Record Types C CompTIA Network+ N10-007 C 1.8 2: NS Record – DNSimple Help 3:
DNSSEC – Wikipedia 4: SOA Record – DNSimple Help
B,D,E
Explanation:
The Linux administrator should request the following types of DNS records from the DNS team:
A: This record type is used to map a hostname to an IPv4 address. The administrator needs four A records for devel.comptia.org, one for each IP address (5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4). This will allow users to access the web servers by using the hostname devel.comptia.org instead of the IP addresses1.
CNAME: This record type is used to create an alias for another hostname. The administrator needs two CNAME records, one for dev.comptia.org and one for development.comptia.org, both pointing to devel.comptia.org. This will allow users to access the web servers by using any of these three hostnames interchangeably1.
NS: This record type is used to delegate a domain or a subdomain to another name server. The administrator needs one NS record for comptia.org, pointing to 5.5.5.254, which is the name server that hosts the records for the subdomain devel.comptia.org2. This will allow users to resolve the hostnames under comptia.org by querying the name server 5.5.5.2542.
The other record types are not relevant for the administrator’s task:
MX: This record type is used to specify the mail exchange server for a domain or a subdomain1. The administrator does not need this record type because the web servers are not intended to handle email traffic.
PTR: This record type is used to map an IP address to a hostname, which is the reverse of an A record1. The administrator does not need this record type because the web servers are not expected to be accessed by their IP addresses.
RRSIG: This record type is used to provide digital signatures for DNSSEC, which is a security extension for DNS that verifies the authenticity and integrity of DNS responses3. The administrator does not need this record type because it is not mentioned in the task requirements.
SOA: This record type is used to provide information about the authoritative name server and other parameters for a domain or a subdomain1. The administrator does not need this record type because it is usually created automatically by the name server software when a new zone file is created4. TXT: This record type is used to store arbitrary text data that can be used for various purposes, such as SPF, DKIM, DMARC, etc1. The administrator does not need this record type because it is not related to the web server functionality.
SRV: This record type is used to specify the location and port number of a service that runs on a domain or a subdomain1. The administrator does not need this record type because the web servers use the standard HTTP port 80, which does not require an SRV record.
Reference: 1: DNS Record Types C CompTIA Network+ N10-007 C 1.8 2: NS Record – DNSimple Help 3:
DNSSEC – Wikipedia 4: SOA Record – DNSimple Help
Question #108
A junior systems administrator has just generated public and private authentication keys for passwordless login.
Which of the following files will be moved to the remote servers?
- A . id_dsa.pem
- B . id_rsa
- C . id_ecdsa
- D . id_rsa.pub
Correct Answer: D
D
Explanation:
The file id_rsa.pub will be moved to the remote servers for passwordless login. The id_rsa.pub file is the public authentication key that is generated by the ssh-keygen command. The public key can be copied to the remote servers by using the ssh-copy-id command or manually. The remote servers will use the public key to authenticate the user who has the corresponding private key (id_rsa). This will allow the user to log in without entering a password. The other options are incorrect because they are either private keys (id_rsa, id_dsa.pem, or id_ecdsa) or non-existent files (id_dsa.pem or id_ecdsa).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing
Network Services, page 410.
D
Explanation:
The file id_rsa.pub will be moved to the remote servers for passwordless login. The id_rsa.pub file is the public authentication key that is generated by the ssh-keygen command. The public key can be copied to the remote servers by using the ssh-copy-id command or manually. The remote servers will use the public key to authenticate the user who has the corresponding private key (id_rsa). This will allow the user to log in without entering a password. The other options are incorrect because they are either private keys (id_rsa, id_dsa.pem, or id_ecdsa) or non-existent files (id_dsa.pem or id_ecdsa).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing
Network Services, page 410.
Question #109
A Linux administrator is providing a new Nginx image from the registry to local cache.
Which of the following commands would allow this to happen?
- A . docker pull nginx
- B . docker attach nginx
- C . docker commit nginx
- D . docker import nginx
Correct Answer: A
A
Explanation:
The command that would allow this to happen is docker pull nginx. Docker is a software platform that allows the administrator to create, run, and manage containers on Linux systems. Containers are isolated and lightweight environments that can run applications and services without affecting the host system. Docker uses images to create containers, which are files that contain the code, libraries, dependencies, and configuration of the applications and services. Docker uses a registry to store and distribute images, which is a service that hosts and serves images. Docker Hub is the default public registry that provides a large number of official and community images. Nginx is a popular web server and reverse proxy that can run as a container. The command docker pull nginx will download the latest version of the Nginx image from the Docker Hub registry to the local cache, which is the storage location for the images on the host system. This will allow the administrator to provide a new Nginx image from the registry to the local cache. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not download an image from the registry (docker attach nginx or docker commit nginx) or do not exist (docker import nginx).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 571.
A
Explanation:
The command that would allow this to happen is docker pull nginx. Docker is a software platform that allows the administrator to create, run, and manage containers on Linux systems. Containers are isolated and lightweight environments that can run applications and services without affecting the host system. Docker uses images to create containers, which are files that contain the code, libraries, dependencies, and configuration of the applications and services. Docker uses a registry to store and distribute images, which is a service that hosts and serves images. Docker Hub is the default public registry that provides a large number of official and community images. Nginx is a popular web server and reverse proxy that can run as a container. The command docker pull nginx will download the latest version of the Nginx image from the Docker Hub registry to the local cache, which is the storage location for the images on the host system. This will allow the administrator to provide a new Nginx image from the registry to the local cache. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not download an image from the registry (docker attach nginx or docker commit nginx) or do not exist (docker import nginx).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 19: Managing Cloud and Virtualization Technologies, page 571.
Question #110
A Linux administrator needs to determine whether a hostname is in the DNS.
Which of the following would supply the information that is needed?
- A . nslookup
- B . rsynс
- C . netstat
- D . host
Correct Answer: A
A
Explanation:
The commands nslookup or host can be used to determine whether a hostname is in the DNS. The DNS is the domain name system, which is a service that translates domain names into IP addresses and vice versa. The nslookup command is a tool for querying the DNS and obtaining information about a domain name or an IP address. The host command is a similar tool that performs DNS lookups. Both commands can be used to check if a hostname is in the DNS by providing the hostname as an argument and seeing if the command returns a valid IP address or an error message. For example, the command nslookup www.google.com or host www.google.com will return the IP address of the Google website, while the command nslookup www.nosuchdomain.com or host www.nosuchdomain.com will return an error message indicating that the hostname does not exist. These commands will supply the information that is needed to determine whether a hostname is in the DNS. These are the correct commands to use for this task. The other options are incorrect because they do not query the DNS or obtain information about a hostname (rsync or netstat).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12:
Managing Network Connections, page 378.
A
Explanation:
The commands nslookup or host can be used to determine whether a hostname is in the DNS. The DNS is the domain name system, which is a service that translates domain names into IP addresses and vice versa. The nslookup command is a tool for querying the DNS and obtaining information about a domain name or an IP address. The host command is a similar tool that performs DNS lookups. Both commands can be used to check if a hostname is in the DNS by providing the hostname as an argument and seeing if the command returns a valid IP address or an error message. For example, the command nslookup www.google.com or host www.google.com will return the IP address of the Google website, while the command nslookup www.nosuchdomain.com or host www.nosuchdomain.com will return an error message indicating that the hostname does not exist. These commands will supply the information that is needed to determine whether a hostname is in the DNS. These are the correct commands to use for this task. The other options are incorrect because they do not query the DNS or obtain information about a hostname (rsync or netstat).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12:
Managing Network Connections, page 378.