Practice Free XK0-005 Exam Online Questions
Question #11
A Linux administrator is configuring a new internal web server fleet. The web servers are up and running but can only be reached by users directly via IP address. The administrator is attempting to fix this inconvenience by requesting appropriate records from the DNS team.
The details are:
Hostname: devel.comptia.org
IP address: 5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4
Name server: 5.5.5.254
Additional names: dev.comptia.org, development.comptia.org
Which of the following types of DNS records should the Linux administrator request from the DNS team? (Select three).
- A . MX
- B . NS
- C . PTR
- D . A
- E . CNAME
- F . RRSIG
- G . SOA
- H . TXT
- I . SRV
Correct Answer: B,D,E
B,D,E
Explanation:
The Linux administrator should request the following types of DNS records from the DNS team:
A: This record type is used to map a hostname to an IPv4 address. The administrator needs four A records for devel.comptia.org, one for each IP address (5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4). This will allow users to access the web servers by using the hostname devel.comptia.org instead of the IP addresses1.
CNAME: This record type is used to create an alias for another hostname. The administrator needs two CNAME records, one for dev.comptia.org and one for development.comptia.org, both pointing to devel.comptia.org. This will allow users to access the web servers by using any of these three hostnames interchangeably1.
NS: This record type is used to delegate a domain or a subdomain to another name server. The administrator needs one NS record for comptia.org, pointing to 5.5.5.254, which is the name server that hosts the records for the subdomain devel.comptia.org2. This will allow users to resolve the hostnames under comptia.org by querying the name server 5.5.5.2542.
The other record types are not relevant for the administrator’s task:
MX: This record type is used to specify the mail exchange server for a domain or a subdomain1. The administrator does not need this record type because the web servers are not intended to handle email traffic.
PTR: This record type is used to map an IP address to a hostname, which is the reverse of an A record1. The administrator does not need this record type because the web servers are not expected to be accessed by their IP addresses.
RRSIG: This record type is used to provide digital signatures for DNSSEC, which is a security extension for DNS that verifies the authenticity and integrity of DNS responses3. The administrator does not need this record type because it is not mentioned in the task requirements.
SOA: This record type is used to provide information about the authoritative name server and other parameters for a domain or a subdomain1. The administrator does not need this record type because it is usually created automatically by the name server software when a new zone file is created4. TXT: This record type is used to store arbitrary text data that can be used for various purposes, such as SPF, DKIM, DMARC, etc1. The administrator does not need this record type because it is not related to the web server functionality.
SRV: This record type is used to specify the location and port number of a service that runs on a domain or a subdomain1. The administrator does not need this record type because the web servers use the standard HTTP port 80, which does not require an SRV record.
: 1: DNS Record Types C CompTIA Network+ N10-007 C 1.8 2: NS Record – DNSimple Help 3: DNSSEC – Wikipedia 4: SOA Record – DNSimple Help
B,D,E
Explanation:
The Linux administrator should request the following types of DNS records from the DNS team:
A: This record type is used to map a hostname to an IPv4 address. The administrator needs four A records for devel.comptia.org, one for each IP address (5.5.5.1, 5.5.5.2, 5.5.5.3, 5.5.5.4). This will allow users to access the web servers by using the hostname devel.comptia.org instead of the IP addresses1.
CNAME: This record type is used to create an alias for another hostname. The administrator needs two CNAME records, one for dev.comptia.org and one for development.comptia.org, both pointing to devel.comptia.org. This will allow users to access the web servers by using any of these three hostnames interchangeably1.
NS: This record type is used to delegate a domain or a subdomain to another name server. The administrator needs one NS record for comptia.org, pointing to 5.5.5.254, which is the name server that hosts the records for the subdomain devel.comptia.org2. This will allow users to resolve the hostnames under comptia.org by querying the name server 5.5.5.2542.
The other record types are not relevant for the administrator’s task:
MX: This record type is used to specify the mail exchange server for a domain or a subdomain1. The administrator does not need this record type because the web servers are not intended to handle email traffic.
PTR: This record type is used to map an IP address to a hostname, which is the reverse of an A record1. The administrator does not need this record type because the web servers are not expected to be accessed by their IP addresses.
RRSIG: This record type is used to provide digital signatures for DNSSEC, which is a security extension for DNS that verifies the authenticity and integrity of DNS responses3. The administrator does not need this record type because it is not mentioned in the task requirements.
SOA: This record type is used to provide information about the authoritative name server and other parameters for a domain or a subdomain1. The administrator does not need this record type because it is usually created automatically by the name server software when a new zone file is created4. TXT: This record type is used to store arbitrary text data that can be used for various purposes, such as SPF, DKIM, DMARC, etc1. The administrator does not need this record type because it is not related to the web server functionality.
SRV: This record type is used to specify the location and port number of a service that runs on a domain or a subdomain1. The administrator does not need this record type because the web servers use the standard HTTP port 80, which does not require an SRV record.
: 1: DNS Record Types C CompTIA Network+ N10-007 C 1.8 2: NS Record – DNSimple Help 3: DNSSEC – Wikipedia 4: SOA Record – DNSimple Help
Question #12
A systems administrator wants to test the route between IP address 10.0.2.15 and IP address 192.168.1.40.
Which of the following commands will accomplish this task?
- A . route -e get to 192.168.1.40 from 10.0.2.15
- B . ip route get 192.163.1.40 from 10.0.2.15
- C . ip route 192.169.1.40 to 10.0.2.15
- D . route -n 192.168.1.40 from 10.0.2.15
Correct Answer: B
B
Explanation:
The command ip route get 192.168.1.40 from 10.0.2.15 will test the route between the IP address 10.0.2.15 and the IP address 192.168.1.40. The ip route get command shows the routing decision for a given destination and source address. This is the correct command to accomplish the task. The other options are incorrect because they either use the wrong commands (route instead of ip route), the wrong options (-e or -n instead of get), or the wrong syntax (to instead of from). CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 379.
B
Explanation:
The command ip route get 192.168.1.40 from 10.0.2.15 will test the route between the IP address 10.0.2.15 and the IP address 192.168.1.40. The ip route get command shows the routing decision for a given destination and source address. This is the correct command to accomplish the task. The other options are incorrect because they either use the wrong commands (route instead of ip route), the wrong options (-e or -n instead of get), or the wrong syntax (to instead of from). CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 379.
Question #12
A systems administrator wants to test the route between IP address 10.0.2.15 and IP address 192.168.1.40.
Which of the following commands will accomplish this task?
- A . route -e get to 192.168.1.40 from 10.0.2.15
- B . ip route get 192.163.1.40 from 10.0.2.15
- C . ip route 192.169.1.40 to 10.0.2.15
- D . route -n 192.168.1.40 from 10.0.2.15
Correct Answer: B
B
Explanation:
The command ip route get 192.168.1.40 from 10.0.2.15 will test the route between the IP address 10.0.2.15 and the IP address 192.168.1.40. The ip route get command shows the routing decision for a given destination and source address. This is the correct command to accomplish the task. The other options are incorrect because they either use the wrong commands (route instead of ip route), the wrong options (-e or -n instead of get), or the wrong syntax (to instead of from). CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 379.
B
Explanation:
The command ip route get 192.168.1.40 from 10.0.2.15 will test the route between the IP address 10.0.2.15 and the IP address 192.168.1.40. The ip route get command shows the routing decision for a given destination and source address. This is the correct command to accomplish the task. The other options are incorrect because they either use the wrong commands (route instead of ip route), the wrong options (-e or -n instead of get), or the wrong syntax (to instead of from). CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 379.
Question #14
Employees in the finance department are having trouble accessing the file /opt/work/file. All IT employees can read and write the file.
Systems administrator reviews the following output:
Which of the following commands would permanently fix the access issue while limiting access to IT and finance department employees?
- A . chattr +i file
- B . chown it:finance file
- C . chmod 666 file
- D . setfacl -m g:finance:rw file
Correct Answer: D
D
Explanation:
The command setfacl -m g:finance:rw file will permanently fix the access issue while limiting access to IT and finance department employees. The setfacl command is a tool for modifying the access control lists (ACLs) of files and directories on Linux systems. The ACLs are a mechanism that allows more fine-grained control over the permissions of files and directories than the traditional owner-group-others model. The -m option specifies the modification to the ACL. The g:finance:rw means that the group named finance will have read and write permissions on the file. The file is the name of the file to modify, in this case /opt/work/file. The command setfacl -m g:finance:rw file will add an entry to the ACL of the file that will grant read and write access to the finance group. This will fix the access issue and allow the finance employees to access the file. The command will also preserve the existing permissions of the file, which means that the IT employees will still have read and write access to the file. This will limit the access to IT and finance department employees and prevent unauthorized access from other users. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not fix the access issue (chattr +i file or chown it:finance file) or do not limit the access to IT and finance department employees (chmod 666
file).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing File Permissions and Ownership, page 352.
D
Explanation:
The command setfacl -m g:finance:rw file will permanently fix the access issue while limiting access to IT and finance department employees. The setfacl command is a tool for modifying the access control lists (ACLs) of files and directories on Linux systems. The ACLs are a mechanism that allows more fine-grained control over the permissions of files and directories than the traditional owner-group-others model. The -m option specifies the modification to the ACL. The g:finance:rw means that the group named finance will have read and write permissions on the file. The file is the name of the file to modify, in this case /opt/work/file. The command setfacl -m g:finance:rw file will add an entry to the ACL of the file that will grant read and write access to the finance group. This will fix the access issue and allow the finance employees to access the file. The command will also preserve the existing permissions of the file, which means that the IT employees will still have read and write access to the file. This will limit the access to IT and finance department employees and prevent unauthorized access from other users. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not fix the access issue (chattr +i file or chown it:finance file) or do not limit the access to IT and finance department employees (chmod 666
file).
Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing File Permissions and Ownership, page 352.
Question #15
A Linux administrator is configuring crontab and needs to schedule a task to run only on Saturday and Sunday at 9:00 a.m. every week of the year.
Which of the following should the administrator use?
- A . 0 9 * * 1-5 root /root/script.sh
- B . 0 9 1 */3 * root /root/script.sh
- C . 0 9 * * 6,0 root /root/script.sh
- D . 0 9 1 * * root /root/script.sh
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Step-by-Step
0 9 * * 6,0 ensures execution at 9:00 AM on Saturdays (6) and Sundays (0).
1-5 would run the script Monday-Friday.
*/3 is incorrect because it runs every three days.
1 * * runs only on the 1st day of each month.
Reference: CompTIA Linux+ Official Study Guide, Chapter on Job Scheduling and Cron
C
Explanation:
Comprehensive and Detailed Step-by-Step
0 9 * * 6,0 ensures execution at 9:00 AM on Saturdays (6) and Sundays (0).
1-5 would run the script Monday-Friday.
*/3 is incorrect because it runs every three days.
1 * * runs only on the 1st day of each month.
Reference: CompTIA Linux+ Official Study Guide, Chapter on Job Scheduling and Cron
Question #16
A Linux administrator was informed that the server time zone is incorrect.
Which of the following commands should the administrator use to correct the time zone?
- A . timedatectl set-timezone America/New_York
- B . systemd-timezone set Asia/Tokyo
- C . systemctl configure-timezone Africa/Nairobi
- D . tzconfig configure Europe/London
Correct Answer: A
A
Explanation:
In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:
cpp
timedatectl set-timezone <TimeZone>
For example, to set the time zone to America/New_York, the command would be:
cpp
timedatectl set-timezone America/New_York
Why the other options are incorrect?
B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.
C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.
D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.
CompTIA Linux+ Official Documentation timedatectl Documentation C Red Hat
A
Explanation:
In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:
cpp
timedatectl set-timezone <TimeZone>
For example, to set the time zone to America/New_York, the command would be:
cpp
timedatectl set-timezone America/New_York
Why the other options are incorrect?
B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.
C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.
D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.
CompTIA Linux+ Official Documentation timedatectl Documentation C Red Hat
Question #17
A user is unable to remotely log on to a server using the server name server1 and port 22. The Linux engineer troubleshoots the issue and gathers the following information:
Which of the following is most likely causing the issue?
- A . server 1 is not in the DNS.
- B . sshd is running on a non-standard port.
- C . sshd is not an active service.
- D . serverl is using an incorrect IP address.
Correct Answer: B
B
Explanation:
The sshd is the Secure Shell Daemon, which is a service that allows remote login to a Linux system using the SSH protocol. The output shows that the sshd is running on port 2222, which is a non-standard port for SSH. The default port for SSH is 22, which is what the user is trying to use. Therefore, the statement B is most likely causing the issue. The statements A, C, and D are incorrect because they do not explain why the user cannot log on using port 22. : [How to Change SSH Port in Linux]
B
Explanation:
The sshd is the Secure Shell Daemon, which is a service that allows remote login to a Linux system using the SSH protocol. The output shows that the sshd is running on port 2222, which is a non-standard port for SSH. The default port for SSH is 22, which is what the user is trying to use. Therefore, the statement B is most likely causing the issue. The statements A, C, and D are incorrect because they do not explain why the user cannot log on using port 22. : [How to Change SSH Port in Linux]
Question #18
A Linux administrator wants to find out whether files from the wget package have been altered since they were installed.
Which of the following commands will provide the correct information?
- A . rpm -i wget
- B . rpm -qf wget
- C . rpm -F wget
- D . rpm -V wget
Correct Answer: D
D
Explanation:
The command that will provide the correct information about whether files from the wget package have been altered since they were installed is rpm -V wget. This command will use the rpm utility to verify an installed RPM package by comparing information about the installed files with information from the RPM database. The verification process can check various attributes of each file, such as size, mode, owner, group, checksum, capabilities, and so on. If any discrepancies are found, rpm will report them using a single letter code for each attribute.
The other options are not correct commands for verifying an installed RPM package. The rpm -i wget command is invalid because -i is used to install a package from a file, not to verify an installed package. The rpm -qf wget command will query which package owns wget as a file name or path name, but it will not verify its attributes. The rpm -F wget command will freshen (upgrade) an already installed package with wget as a file name or path name, but it will not verify its attributes. : rpm(8) – Linux manual page; Using RPM to Verify Installed Packages
D
Explanation:
The command that will provide the correct information about whether files from the wget package have been altered since they were installed is rpm -V wget. This command will use the rpm utility to verify an installed RPM package by comparing information about the installed files with information from the RPM database. The verification process can check various attributes of each file, such as size, mode, owner, group, checksum, capabilities, and so on. If any discrepancies are found, rpm will report them using a single letter code for each attribute.
The other options are not correct commands for verifying an installed RPM package. The rpm -i wget command is invalid because -i is used to install a package from a file, not to verify an installed package. The rpm -qf wget command will query which package owns wget as a file name or path name, but it will not verify its attributes. The rpm -F wget command will freshen (upgrade) an already installed package with wget as a file name or path name, but it will not verify its attributes. : rpm(8) – Linux manual page; Using RPM to Verify Installed Packages
Question #19
A Linux administrator needs to remove all local firewall rules on a Linux system.
Which of the following commands should the administrator run?
- A . iptables -D
- B . iptables -L
- C . iptables -F
- D . iptables -A
Correct Answer: C
C
Explanation:
The iptables -F command flushes all the firewall rules, effectively removing them from the system. This command clears out all existing rules from all chains (INPUT, OUTPUT, and FORWARD), leaving the system with no active iptables rules.
C
Explanation:
The iptables -F command flushes all the firewall rules, effectively removing them from the system. This command clears out all existing rules from all chains (INPUT, OUTPUT, and FORWARD), leaving the system with no active iptables rules.
Question #20
A systems administrator changed the file permissions on the myfile file:
-rwxrwxr-x 1 admin editors … myfile
Then the administrator added an existing user test to the editors group:
sudo usermod -a -G editors test
However, the user test is still unable to edit the file.
Which of the following solutions will fix this issue?
- A . The user "test" needs to log out and log back in before editing the myfile file.
- B . The file is only writable by the root user, and the user "test" needs root permissions.
- C . The group for the user "test" needs to be reloaded by running sudo source /etc/group.
- D . In order to edit the file, additional permissions are required that the user "test" does not have.
Correct Answer: A
A
Explanation:
After modifying a user’s group membership with usermod -aG, the changes do not take effect until logout/login (or new session).
A is correct: Logging out and in refreshes group membership.
Incorrect Options:
B: Group has write permission already.
C: source doesn’t apply to /etc/group; it’s a shell command.
D: User already has the needed group permission.
Reference: CompTIA Linux+ XK0-005 Study Guide, Chapter 8 man usermod
A
Explanation:
After modifying a user’s group membership with usermod -aG, the changes do not take effect until logout/login (or new session).
A is correct: Logging out and in refreshes group membership.
Incorrect Options:
B: Group has write permission already.
C: source doesn’t apply to /etc/group; it’s a shell command.
D: User already has the needed group permission.
Reference: CompTIA Linux+ XK0-005 Study Guide, Chapter 8 man usermod