Linux + Practice Test 1
Violet, a system administrator at Dion Training, wants to redirect the standard input to a file. Which of the following redirectors should be used to accomplish this? A. < B. > C. << D. >>
A. < The (<) reads the input from a file rather than from the keyboard or mouse. The (>>) operator appends the standard output to the end of the destination file. The (>) operator redirects the standard output to a file. The (<<{string}) operator provides input data from the current source, stopping when a line containing the provided string occurs. When placed in a script, this is called a here document.
Jill, a system administrator at Dion Training, wants to redirect the system output to the end of a file instead of to the standard output. Which of the following operators should be used to accomplish this? A. >> B. > C. $ D. <
A. >> The >> characters redirect the output to a file and append the results to the end of that target file. The > character redirects the output to a file and replaces the target file with the results. The $ character is used to indicate variables in Linux and is not used to redirect and append output to the end of a target file. The < character is used to redirect the input to another command and does not redirect the output to a file.
Abigail, a system administrator at Dion Training, wants to apply more granular permissions to an object than traditional file permissions normally allow. She needs to configure permissions on a file so that group one has RWX permissions and group two has R-X permissions. Which of the following should be configured to accomplish this? A. ACL B. SUID C. SGID D. Sticky bit
A. ACL An access control list (ACL) is a list of permissions attached to an object. ACLs can be used for situations where the traditional file permissions are not sufficient to configure the proper permissions for an object. The SUID (setuid) permission allows a user to have similar permissions as the owner of the file. A sticky bit is a special permission bit that protects files in a directory. Sticky bits ensure that only the owner of a file or directory (or root) can delete the file or directory. The SGID (setgid) permission allows a user to have permissions that are similar to those of the file's group owner.
Arnold, a system administrator at Dion Training, wants to select an orchestration tool that is commonly used with Red Hat Enterprise Linux deployments, is agentless, and relies on the Python programming language. Which of the following orchestration tools would meet these requirements? A. Ansible B. Chef C. Puppet D. SaltStack
A. Ansible Ansible is an orchestration tool that is commonly used for Red Hat Enterprise Linux deployments, is agentless, and relies on the Python programming language. Chef is an orchestration tool that utilizes agents and the Ruby programming language. Puppet is an orchestration tool that is agentless and recognizes configuration files in Bash, Python, Ruby, YAML, and PowerShell. SaltStack is an orchestration tool that utilizes both agent and agentless options and supports the use of Python and YAML.
Natalie, a software developer at Dion Training, wants to configure a microservice-based web application that can automatically deploy additional containers as demand increases. Which of the following should be configured to enable the automation of multiple related tasks to deploy, manage, scale, and configure the containers that support this microservice? A. Orchestration B. Looping C. Compilation D. Logging
A. Orchestration Orchestration enables the automation of multiple related tasks or even an entire workflow. Orchestration can be used to automate the deployment, management, scaling, and networking of containers to support increased demand for a service. Orchestration is an essential part of creating a microservice-based application that can respond automatically to changes in demand. A loop is any control statement that executes code repeatedly based on a certain condition. A loop is usually used as part of a script or program, but it alone would not enable the automation of multiple related tasks for a given microservice. Logging is the process of tracking and recording important events in a Linux system. Logs can contain messages about the Linux server, including the kernel, services, and applications running on it. Compilation is the process of converting high-level programming language to machine-readable code that the computer can understand and execute.
Mark, a system administrator at Dion Training, wants to install a storage system that will provide performance benefits and additional fault tolerance. Which of the following should be used to accomplish this? A. RAID B. Firewall C. Yum D. UPS
A. RAID A RAID is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units to ensure data redundancy, performance improvement, or both. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. An uninterruptible power supply (UPS) is a device that allows a computer to keep running for at least a short time when incoming power is interrupted. The yum (Yellowdog Updater) is a modern and more advanced manager used by Red Hat-based distributions.
Gertrude, a system administrator at Dion Training, has implemented journaling to help prevent data loss from unplanned system interruptions. Which of the following BEST describes the purpose of journaling? A. To create a description of all the changes that must be made to a drive B. To provide a common software interface that sits between the kernel and a real file system C. To store metadata about a file or directory on a file system as an object D. To provide a protocol for shared user access to files and other resources on a local area network
A. To create a description of all the changes that must be made to a drive Journaling is a feature included in most modern filesystems. Journaling creates a log of the changes that have not yet been committed to the file system's main part by recording the goal of such changes in a circular log or data structure known as a journal. This journal can be used to rapidly reconstruct corruptions that may occur due to events such as a system crash or power outage. The journal is an on-disk log containing data about the filesystem and it is kept up-to-date as the filesystem changes.
Marc, a system administrator at Dion Training, wants to place an exact duplicate of a text file containing the company's acceptable use policy (AUP) into 3 different directories on a Linux file server. Which of the following commands should be used to accomplish this? A. cp B. rm C. mkdir D. mv
A. cp The cp command (copy) is used to copy or duplicate a file or directory into a new location. The mv (move) command is used to move the contents of the specified file. The rm (remove) command is used to delete the contents of the specified file. The mkdir (make directory) command is used to create (or make) a new directory.
Eduardo, a software developer, needs to create a new file 512 MB file using the /dev/zero special device file to test a new import function for an application being developed. Which of the following commands is used to copy and convert files from one media type to another? A. dd B. xz C. cpio D. awk
A. dd The dd command copies and converts files to enable them to be transferred from one media type to another. The cpio (copy in out) tool copies files to and from archives. The xz command is a data compression utility that reduces the size of selected files and manages files in the .xz file format. The awk command is a pattern-matching tool that is used to search a file for the specified information and can then perform specified actions once the string is found.
Martin, a system administrator at Dion Training, wants to configure a Linux server to start up in a graphical user interface by default instead of using the command line interface. Which of the following unit files should be modified to accomplish this? A. default.target B. rescue.target C. multi-user.target D. graphical.target
A. default.target The default.target unit file points to the unit file that will be used upon system startup. By modifying the default.target unit file to select the multi-user.target (CLI) or graphical.target (GUI), that target will be loaded during the system start-up process by default.
Lesley, a system administrator at Dion Training, suspects that inode exhaustion is occurring on a Linux server's ext2-based file system. They want to display the percentage of inodes currently consumed by the system. Which of the following commands should be used to accomplish this? A. df -i B. nmap C. du -h D. ioping
A. df -I The df (disk free) command is used to view the device's free space, the file system, the total size, the total amount of space used, the percentage of space used, and the mount point. The df -i command displays the inode information instead of block usage information. The du (disk usage) command displays how a device is used, including the size of directory trees and files within it. The du -h command displays disk usage in a human-readable format but does not include inode usage. Nmap is highly configurable, but at its most basic it displays the network configuration of the remote system. Nmap displays the network configuration of the remote system, including its listening ports, firewall status, operating system identification, and other values. The ioping command is used to generate a report of a device's input/output (I/O) latency in real-time.
Robert, a network administrator at Dion Training, wants to use the firewall daemon to manage the firewall on a Linux server. Which of the following commands should be used to accomplish this? A. firewall-cmd B. iptables C. nftables D. ufw
A. firewall-cmd The firewall-cmd is the front-end management tool for the firewall daemon (firewalld). The nftables firewall is a modern, scalable, high-performance replacement for iptables. The iptables tool enables you to manage packet filtering as well as stateful firewall functionality within Linux through various tables. Each table applies to a certain context and consists of rule sets, called chains, that the table uses to implement the firewall. The Uncomplicated Firewall (UFW) is a firewall management tool that makes it easier to configure the nftables or iptables service.
Norma, a network administrator, wants to use the command line interface (CLI) to allow SSH connections to the DMZ portion of the network. Which of the following commands should be used to implement this configuration change in the firewall? A. firewall-cmd --zone=dmz --add-port=22/tcp B. firewall-cmd --zone=dmz --remove-service=http C. firewall-cmd --reload D. firewall-cmd --get-zones
A. firewall-cmd --zone=dmz --add-port=22/tcp The firewall-cmd --zone=dmz --add-port=22/tcp will allow connections over port 22 (SSH) to the DMZ (demilitarized zone) portion of the network. The firewall-cmd --zone=dmz -remove-service=http would block access to port 80 (http) to the DMZ portion of the network. The firewall-cmd --reload will reload the firewall's zone configurations to the active firewall. The firewall-cmd --get-zones will list out all of the firewall zones, but it will not allow SSH connections or modify the firewall's current settings.
Tamera, a system administrator, wants to modify the resolv.conf file to designate specific DNS servers for her Linux environment. Which of the following tools should she use to accomplish this task? A. nano B. printf C. awk D. lsusb
A. nano Nano is an easy-to-use command line text editor in Linux that is used to edit text and configuration files. The awk command is a pattern-matching tool that is used to search a file for the specified information and can then perform specified actions once the string is found. The printf command displays and outputs formatted data. The lsusb command displays information about devices attached to the USB bus of the system.
Melanie, a system administrator at Dion Training, wants to configure access control for users to be able to execute non-privileged processes while allowing those same processes to communicate with privileged ones. Which of the following commands or tools should be used to accomplish this? A. polkit B. traceroute C. iostat D. tcpdump
A. polkit The PolicyKit (polkit) uses polkitd daemon works with systemd to permit administrators to delegate more granular control to users than sudo allows. The pkexec command is a part of the polkit toolset that allows a user to execute an action they are authorized to perform. Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. The traceroute command is used to display the network path between a client and a server, including any routers or firewalls used between the two systems. The tcpdump command is used to conduct packet captures and analysis in Linux. The iostat command is used to generate a report on CPU and device utilization. The iostat command does not provide latency in real-time but can provide some statistics concerning the input/output requests for a storage device and the percentage of time that the CPU was idle while the system had outstanding disk input/output requests.
Grayson, a system administrator at Dion Training, wants to remove the tcp_lp module during runtime. He has already verified that all of the dependencies are running. Which of the following commands should he use to accomplish this? A. rmmod B. insmod C. modinfo D. lsmod
A. rmmod The rmmod command removes a module from the currently running kernel. The insmod command installs a module into the currently running kernel by inserting only the specified module without inserting any dependent modules. The lsmod command displays the currently loaded kernel modules, their sizes, usage details, and their dependent modules. The modinfo command displays information about a particular kernel module, such as the file name of the module, license, description, author's name, module version number, dependent modules, and other parameters or attributes.
Which of the following terms best describes a dedicated infrastructure layer that is designed to manage service-to-service interaction in a container environment? A. service mesh B. pod C. sidecar D. ambassador container
A. service mesh A service mesh is a dedicated infrastructure layer managed by code that provides service-to-service interaction in a container environment. Kubernetes is a container orchestration solution that supports dynamic, scalable, and intertwined container environments. A pod in Kubernetes consists of one or more containers. A sidecar is a separate container that runs alongside an application container in a Kubernetes pod. A proxy in Kubernetes is run on each node in a cluster to maintain network rules for that nodes. An ambassador container is a special container that is configured to handle communications on behalf of the rest of the containers in a pod.
Sidney, a system administrator at Dion Training, is using the Kubernetes container orchestration solution. She needs to utilize a component that can facilitate communications and extend functionality within a pod. Which of the following components should be used to accomplish this? A. sidecar B. ambassador container C. pod D. compose
A. sidecar A sidecar is a separate container that runs alongside an application container in a Kubernetes pod. Kubernetes is a container orchestration solution that supports dynamic, scalable, and intertwined container environments. A pod in Kubernetes consists of one or more containers. A proxy in Kubernetes is run on each node in a cluster to maintain network rules for that nodes. An ambassador container is a special container that is configured to handle communications on behalf of the rest of the containers in a pod. Compose is a docker function that can be used to build multi-container clusters.
Which of the following commands is used to start a service during the next system boot? A. systemctl enable B. systemctl start C. systemctl restart D. systemctl stop
A. systemctl enable The systemctl enable command allows a service to be started up during the next system boot. The systemctl restart command restarts the service or daemon. The systemctl stop command is used to stop a service or daemon, but it is not persistent and the service will restart once the system reboots. The systemctl start command activates a service immediately.
Matthew, a system administrator at Dion Training, noticed that the httpd.service was found to be turned off after a scheduled reboot. Matthew wants to ensure that the httpd.service always starts up when the server is booting up. Which of the following systemd commands should be used to accomplish this? A. systemctl enable httpd.service B. systemctl start httpd.service C. chkconfig httpd on D. firewall-cmd --reload
A. systemctl enable httpd.service The systemctl enable command is used to enable a service to be started on boot. To ensure the httpd.service always starts up when the server is booted, the systemctl enable https.service command should be run in the terminal. The systemctl start command is used to start or activate a service immediately. Using the systemctl start command will only start up the service once, and the service will not be restarted automatically when the server is rebooted. The chkconfig httpd on command is the SysVinit version of the systemctrl enable command and is not used used by the Systemd suite. The firewall-cmd --reload command is used to reload the current firewall configuration.
Samuel, a software developer at Dion Training, just installed a new version of a custom, proprietary application on a Linux server. The software is designed to listen for incoming network connections over port 4577 using TCP. Which of the following commands could be used to analyze and ensure that clients can properly connect to the server's listening port? (Select TWO) A. tcpdump B. hostnamectl C. netstat D. nslookup
A. tcpdump C. netstat The netstat (network statistics) command gathers information about TCP connections to the system. Netstat can be used to display existing connections, listening ports on the server, and network adapter information. The tcpdump command is used to conduct packet captures and analysis in Linux. The hostnamectl command is used to view the system's hostname, display the version of the Linux kernel being used, and display other information about the system's hardware. The systemd hostnamectl set-hostname command can be used to configure or change the hostname of the current Linux server. The nslookup command is sued to gather name resolution information and to test the name resolution process on a Linux system using either interactive or non-interactive modes.
Layla, a network engineer at Dion Training, has encountered an issue when trying to connect to the company's web development server located in the development screened subnet. Which network analysis should Layla use to identify each hop (router or firewall) between her workstation and the development server? A. traceroute B. scp C. tcpdump D. netstat
A. traceroute The traceroute command is used to display the network path between a client and a server, including any routers or firewalls used between the two systems. The scp (secure copy) command is used to copy data to/from a remote host using SSH. The netstat (network statistics) command gathers information about TCP connections to the system. Netstat can be used to display existing connections, listening ports on the server, and network adapter information. The tcpdump command is used to conduct packet captures and analysis in Linux.
Which of the following commands is considered a highly configurable text editor that can be used within Linux? A. vim B. nmcli C. du D. xfs
A. vim Vim (Vi Improved) is a highly configurable text editor that was designed as an improved clone of the legacy vi text editor. Vim is a modal editor that contains different modes to provide different functionality, including text editing and script execution. The nmcli command is a fundamental tool for interacting with the Network Manager interfaces and is used to view and configure network information. The xfs filesystem is a modern Linux filesystem that recognizes larger partition sizes, utilizes larger file sizes, and avoids inode exhaustion as compared with ext4. The du (disk usage) command displays how a device is used, including the size of directory trees and files within it.
Neil, a system administrator at Dion Training, wants to display the public keys for any users that are authorized to connect to a Linux server using the SSH protocol for remote access. Which of the following files should be reviewed to determine which users are authorized to connect to a given server? A. ~/.ssh/authorized_keys B. /etc/ssh/sshd_config C. ~/.ssh/known_hosts D. /etc/ssh/ssh_config
A. ~/.ssh/authorized_keys The ~/.ssh/authorized_keys file stores the keys on the remote SSH servers that the client machine connects to and allows key-based authentication to occur. The /etc/ssh/sshd_config file must be edited to configure who is allowed to remotely connect to the server, what level of remote access they will have when connecting, and to present a warning or instructional message to the user when connecting. The ~/.ssh/known_hosts file stores the public keys of any remote systems that the client has connected to. The /etc/ssh/ssh_config file is used to define the SSH client settings and is not usually customized.
Which of the following operators is used for logical AND operations in a Bash script? A. | B. && C. || D. <
B. && The (&&) operator represents the logical AND condition. The (||) operator represents the logical OR condition. The pipe operator (|) is used to combine the standard I/O streams of two or more commands. The pipe operator takes the standard output of one command and redirects it as the standard input for another command. The (<) reads the input from a file rather than from the keyboard or mouse.
Which of the following patterns would be used to redirect both the standard output and the standard error message to a file? A. < B. &> C. >> D. 2>
B. &> The pattern &> is used to redirect both the standard output and the standard error message to a file. For example, we assume that file1.txt exists and file3.txt does not, then we type 'ls file1.txt file3.txt &> errorfile.txt' on the command line, the resulting output and errors will not be displayed on the screen, but they will be redirected to a file named errorfile.txt. The pattern 2> is used to redirect only the standard error message to a file. The pattern >> is used to append the output of a given command to the end of a file. The pattern < is used to read a file and use it as input to a given command.
Sahra, a system administrator at Dion Training, wants to uninstall a package from a Debian-based Linux server. Which of the following dpkg command options should she use? A. -i B. -r C. -l D. -s
B. -r The dpkg command is used to install, build, remove and manage Debian packages on a Linux system. The -r option in dpkg uninstalls or removes the package. The -s option in dpkg reports the package's installation status. The -i option in dpkg installs a software package. The -l option in dpkg lists package information.
Which of the following special device files is a writable location used as a destination to discard specified data? A. /dev/urandom B. /dev/null C. /dev/zero D. /tmp
B. /dev/null The /dev/null special file is a writeable location that is used as a target for generated data that should be discarded. This data is often error messages that are redirected to /dev/null by using the 2> redirector. The /dev/zero file is a way of filling storage capacity with a series of zeroes. For example, using the dd command, a sysadmin can create a file of a specified size as part of testing. The /dev/urandom file can create is a source of random characters for tasks such as creating completely randomized passwords. The /tmp folder stores temporary files that are susceptible to loss if the Linux system is shutdown abruptly.
Which of the following is used to store a company's container images in a public or private central repository? A. Service mesh B. Container registry C. Ambassador container D. Cloud-init
B. Container registry Container images are usually centrally stored in public or private repositories known as container registries. Container registries are used for images within a community, a single organization, or the entire world. An ambassador container is a special container that is configured to handle communications on behalf of the rest of the containers in a pod. A service mesh is a dedicated infrastructure layer managed by code that provides service-to-service interaction in a container environment. Cloud-init scripts are used for automating tasks and bootstrapping cloud-based virtual machines to place each VM in a repeatable, well-known baseline state.
Which of the following types of encryption functions is SHA256 used for? A. Public key B. Hashing C. Private key D. Wildcard certificate
B. Hashing SHA256 is a hashing algorithm. Private and public keys use asymmetric encryption algorithms. A wildcard certificate is not an encryption function.
Joel, a network administrator at Dion Training, wants to configure the company's containers to obtain network access by using special network drivers. The drivers will provide networking between the container and the host and will use the host's network access. Which of the following should be used to accomplish this? A. Overlay B. Host C. NAT D. Bridge
B. Host The container's host network driver provides networking between the container and host while using the host's network access. The container's overlay driver provides connectivity between containers run by different daemons. The container's bridge network driver provides the standard configuration for standalone containers that need network access. Network Address Translation (NAT) is used to track all of the IP addresses between the containers, hosts, and remote services.
Russell, a system administrator at Dion Training, is troubleshooting an application that is frequently crashing. He wants to gather details for a crash report so that he can send it to the lead developer. Which of the following should be used to accomplish this? A. Decompile the application B. Perform a core dump C. Patch the operating system D. Reset the network connection
B. Perform a core dump A core dump will provide the running state of the application at the time of the crash and any virtual memory information associated with it. A core dump serves as a crash report and can be sent to the software developer for further analysis. Decompiling an application would only provide the source code or an assembly language version of the code. Patching the operating system and resetting the network would not provide the detailed information the developer would need to identify why the application is continually crashing.
The National Security Agency (NSA) wanted to implement a context-based permissions schema to existing Linux distributions so that Mandatory Access Controls (MAC) could be enforced on the system. Which of the following tools did the NSA create to achieve this? A. chroot B. SELinux C. ufw D. AppArmor
B. SELinux SELinux was created by National Security Agency to enforce mandatory access control (MAC) in Linux environments. SELinux is the default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux. SELinux provides additional file system and network security so that unauthorized processes cannot access or tamper with data, bypass security mechanisms, violate security policies, or execute untrustworthy programs. AppArmor is an alternative context-based permissions schema and MAC implementation for Linux, but it was not created by the NSA. The uncomplicated firewall (ufw) manages firewall rules in Arch Linux, Debian, or Ubuntu. The ufw command is a command-line interface tool that seeks to make firewall configurations easier to perform. The chroot command is used to change the root directory used by a running process and its children by creating a chroot jail or jailed directory for them to utilize.
Mateo, a system administrator, has identified a process that is slowing down the system's performance and needs to be terminated immediately. He issues the following command in the command line interface: $ sudo kill -9 {PID} Using the command above, which of the following types of signals did he issue? A. SIGTERM B. SIGKILL C. SIGHUP D. CTRL+Z
B. SIGKILL The SIGKILL (signal -9) signal is used when an application refuses to exist gracefully using the SIGTERM signal. The SIGTERM (signal -15) signal is used to graceful exit from a program. The SIGHUP signal requests that a process exit when the terminal running the process closes. This allows the operating system to terminate the process once the terminal closes since it is assumed that the user is no longer interested in the results of the command. The CTRL+Z key combination is used to send a temporary stop signal to the currently running program in the Linux CLI.
Evelyn, a system administrator at Dion Training, noticed that the Deadline I/O Scheduler reverts to the system default after each reboot. Which of the following should be configured to ensure the Deadline I/O Scheduler remains set after each reboot? A. RAID configuration B. System boot loader C. Logical volume manager D. SSD trim
B. System boot loader To configure the Deadline I/O Scheduler to be used after each reboot, you need to modify the system's bootloader to use the 'elevator=deadline' argument. The deadline scheduler performs sorting of input/output (I/O) operations using three queues: a standard pending request queue, a read first in first out (FIFO) queue, and a write FIFO queue. The read FIFO and write FIFO queues are sorted by submission time and have expiration values associated with them.
Danny, a network administrator at Dion Training, reconfigured a network device and now three Linux workstations cannot ping their default gateway. After running the ip addr command, he notices the client IP address is 172.16.2.3/24 and the gateway's address is 172.16.1.2/24. Which of the following is MOST likely the issue with this new network configuration? A. The network gateway's IP must be the first IP address on the network B. The client and gateway must be on the same network C. Each workstation must use be configured with a public IP address D. The gateway must be configured to use a public IP address
B. The client and gateway must be on the same network Both the gateway and the workstations must be configured with IP addresses on the same network/subnet to communicate. The gateway and workstations can use any valid public or private IP address as long as they are on the same network. While a gateway is commonly given the first IP address in a network, it is not required. Since both addresses are using a /24 subnet, this indicates that the gateway is on the 172.16.1.0 network and the workstations are on the 172.16.2.0 network.
Jay, a network administrator at Dion Training, is having issues with downloading packages from the internet on a Linux server. The server has an IP address of 172.16.2.3/24. Jay is able to ping the server from a workstation with an IP address of 172.16.2.4/24, but he cannot ping the server from a second workstation with an IP address of 172.16.3.1/24. Which of the following is MOST likely preventing the server from downloading the packages? A. The server is assigned an invalid IP address B. The server does not have a connection to the default gateway C. The server's network interface card (NIC) is powered off D. A server with a private IP address assigned cannot connect to the internet
B. The server does not have a connection to the default gateway The server most likely has lost connection its connection to its default. gateway. The default gateway is used by the server to communicate outside of its local subnet. The IP address assigned to the server is a valid private IP address. The NIC is not powered off since another workstation within the subnet can ping the server. A server with a private IP can access the internet by connecting through its default gateway and using network address translation.
The path to a storage device dynamically changes when devices are added or removed from a Linux server, such as /dev/sda1 becoming /dev/sdb1. Which of the following commands is used to identify the UUID of a storage device instead of relying on the storage device's path? A. lsscsi B. blkid C. fcstat D. lspci
B. blkid The blkid command displays known information about the partitions on a specified device. The fcstat command displays information about existing Fibre Channel adapters. The lspci command is used to display information about hardware devices connected to the Peripheral Component Interconnect (PCI) bus. The lsscsi command displays information about hardware storage devices connected to the Small Computer System Interface (SCSI) bus.
Malcolm, a system administrator at Dion Training, is worried that a Linux server's primary hard drive may be running low on storage space. Which of the following commands is used to display the current amount of free storage space available on the server's hard disk drive? A. du B. df C. cp D. mv
B. df The df (disk free) command is used to view the device's free space, the file system, the total size, the total amount of space used, the percentage of space used, and the mount point. The du (disk usage) command displays how a device is used, including the size of directory trees and files within it. The mv (move) command is used to move the contents of the specified file. The cp command (copy) is used to copy a file or directory into a new location.
Lionel, a system administrator at Dion Training, wants to determine which containers are currently running on a given Linux server by listing out the running containers, how long ago each container was created, and how long each container has been running. Which of the following commands should be used to accomplish this? A. docker info B. docker ps C. docker pull D. docker push
B. docker ps The docker command is used as the primary command to interact with docker containers on a Linux system. The docker ps command is used to list the containers on a system, as well as information like their creation date, uptime, and the ports in use by those containers. The docker info is used to display system-wide information, including the number of running, paused, and stopped containers. The docker pull command is used to pull a container image from a registry. The docker push command is used to upload a container image to a registry.
Which of the following commands would be used to display the file type of a specified file? A. stat B. file C. awk D. netcat
B. file The file command displays the file type of a specified file. The stat command displays file metadata in a user-friendly structure containing the file's size, access information, and storage data. The nc (netcat) command is used to test connectivity and send data across a network connection. The nc command is also used by penetration testers and system administrators to conduct a banner grab of the web server. The awk command is a pattern-matching tool that is used to search a file for the specified information and can then perform specified actions once the string is found.
Marion, a cybersecurity analyst at Dion training, wants to add a firewall rule using service identification within the firewall-cmd utility. Which of the following commands should be used to accomplish this? A. firewall-cmd --zone=dmz --remove-port=123/udp B. firewall-cmd --zone=dmz --add-service=ntp C. firewall-cmd --get-zones D. firewall-cmd --zone=dmz --list-all
B. firewall-cmd --zone=dmz --add-service=ntp The firewall-cmd --zone=dmz --add-service=ntp allows NTP communications by using the service identification. The firewall-cmd --zone=dmz --remove-port=123/udp removes NTP communications. The firewall-cmd --get-zones lists all zones. The firewall-cmd --zone=dmz --list-all list all rules in the dmz zone.
Damien, a service desk analyst at Dion Training, is receiving complaints that users are experiencing an unresponsive state when they try to save their work. He wants to determine if the storage system is causing this issue due to low throughput being experienced by the device. Which of the following commands should be used to accomplish this? A. ping B. ioping C. mtr D. ps
B. ioping The ioping command is used to generate a report of a device's input/output (I/O) latency in real-time. The ioping command is commonly used to determine the speed of a storage device, such as a hard disk drive, in terms of input/output speed and access time latency. The mtr command is a combination of the ping and traceroute tools that includes additional improvements to enable testing of the quality of a network connection. The ping (Packet Internet Groper) command is used to check the network connectivity between a client and a server. The ps command is used to display the process table that summarizes the currently running processes on a system.
Claire, a service desk analyst at Dion Training, has received a large number of trouble tickets from users complaining that there is currently high latency being experienced on the network. She wants to determine the maximum throughput currently being experienced over a given network interface on a Linux system to aid in her troubleshooting efforts. Which of the following commands should be used to accomplish this? A. mtr B. iperf C. dig D. ps
B. iperf The iperf command is used to test the maximum throughput an interface will support. The throughput of a given interface is the actual amount of data being sent over a connection in each amount of time. The bandwidth of a connection is the theoretical maximum amount of data that could be sent over a connection in each amount of time. It is important to remember that throughput is the actual amount and bandwidth is the theoretical amount. The mtr utility is a combination of ping and traceroute that enables testing of a network connection's quality and latency. The dig command invokes a tool for gathering information and testing domain name resolution services. The ps command is used to invoke and display the process table that summarizes the currently running processes on a system.
Which of the following commands automatically searches for a makefile to compile? A. ./configure B. make C. make install D. apt get
B. make The make command automatically looks for the makefile in the current directory. The make install command installs the program, its configuration files, and its associated log files on the system. The ./configure script creates a makefile containing the instructions for compiling custom software on Linux. The apt-get is a command line tool for interacting with the Advanced Package Tool (APT) library (a package management system for Linux distributions). It allows you to search for, install, manage, update, and remove software. The tool does not build software from the source code.
Mila, a network administrator at Dion Training, is troubleshooting an issue with a recently installed software application on a Linux server. The application is supposed to be listening for client requests on port 4242, but clients appear to be having issues connecting to the application or transferring data to/from the application. Which of the following commands should Mila use to troubleshoot these connectivity issues? A. mtr B. nc C. rsync D. sftp
B. nc The nc (netcat) command is used to test connectivity and send data across a network connection. The nc command is also used by penetration testers and system administrators to conduct a banner grab of the web server. The mtr command is a combination of the ping and traceroute tools that includes additional improvements to enable testing of the quality of a network connection. The rsync command is a data transfer tool that only transfers changed files and avoids copying duplicate information that already exists at the remote destination to drastically reduce network traffic. The SFTP (SSH File Transfer Protocol) command is used to access, manage, and transfer files over an encrypted SSH connection.
Charlotte has completed partitioning some hard disks in a Linux server. Which of the following commands would allow Linux to detect changes in the hard disk's partitions? A. fdisk B. partprobe C. df D. du
B. partprobe The partprobe command causes the system to redetect the storage disks and any partition changes. The partprobe command can be run to confirm the new partitions exist as expected. The df (disk free) command is used to view the device's free space, the file system, the total size, the total amount of space used, the percentage of space used, and the mount point. The du (disk usage) command displays how a device is used, including the size of directory trees and files within it. The fdisk utility is a menu-driven program that is used to create, modify, or delete partitions on a storage drive. Using fdisk, you can create a new partition table or modify existing entries on the partition table.
The network administrators at Dion Training are concerned that their network connection is being saturated due to a large number of files being backed up across the local area network. Olivia, a Linux administrator, has been asked to choose a command line utility to back up and copy the files from a Linux server to a backup server. Which of the following tools should Olivia choose so that only files containing changed data will be copied to the remote server? A. xz B. rsync C. scp D. nc
B. rsync The rsync command is a data transfer tool that only transfers changed files and avoids copying duplicate information that already exists at the remote destination to drastically reduce network traffic. The nc (netcat) command is used to test connectivity and send data across a network connection. The scp (secure copy) command is used to copy data to/from a remote host using SSH. The xz command is a data compression utility that reduces the size of selected files and manages files in the .xz file format.
Megan, a software developer at Dion Training, is testing a new software application. The application has a bug that is causing the process to runaway. Megan wants to immediately and forcefully end the process. Which of the following commands should be used to accomplish this? A. sudo kill {PID} B. sudo kill -9 {PID} C. pkill -15 {PID} D. kill -15 {PID}
B. sudo kill -9 {PID} The sudo kill -9 {PID} command sends the SIGKILL signal to the application which results in an immediate shutdown or termination of the process. The SIGKILL (signal -9) process is used when an application refuses to exist gracefully using the SIGTERM signal. The sudo kill {PID}, sudo kill -15 {PID}, and pkill -15 {PID} commands would perform a graceful shutdown.
Susan, a system administrator at Dion Training, is having issues with services she disabled still starting on boot by other services. Which command prevents the service from being started by any other service? A. systemctl disable B. systemctl mask C. systemctl restart D. systemctl stop
B. systemctl mask The systemctl mask command prevents a service from being started by any other service. The systemctl restart command restarts the service or daemon. The systemctl stop command is used to stop a service or daemon, but it is not persistent and the service will restart once the system reboots. The systemctl disable command sets the service or daemon not to start at boot and is persistent across system reboots.
Which of the following commands is used to start a service? A. systemctl enable B. systemctl start C. systemctl restart D. systemctl stop
B. systemctl start The systemctl start command activates a service immediately. The systemctl restart command restarts the service or daemon. The systemctl stop command is used to stop a service or daemon, but it is not persistent and the service will restart once the system reboots. The systemctl enable command allows a service to be started up during the next system boot.
Which of the following is the first process to start outside of the kernel during the system boot up process? A. sshd B. systemd C. cpuhp D. watchdog
B. systemd The init system is the first process that starts outside of the kernel and is generally the backend service that controls when and how services are started. The init daemon is initialized using systemd or sysvinit. If you run the ps command, you will usually see systemd (on modern Linux systems) or sysvinit (on older Linux systems) listed as the first process on the system and has a process ID of 1. The other process (sshd, cpuhp, and watchdog) would be initiated by the systemd or sysvinit daemon, have higher process ID numbers, and are considered children of the systemd or sysvinit processes.
Wayne, a system administrator at Dion Training, wants to display the last ten lines of a configuration file to the terminal. Which of the following commands should be used to accomplish this? A. head B. tail C. source D. read
B. tail The tail command displays the last ten lines of the specified file. The head command displays the first ten lines of the specified file. The source command is used to execute another command within the current shell process. The read command in Bash is used to collect input from a user and then processes that input as part of a script.
Rosemary, a system administrator at Dion Training, wants to execute the ps command and have its results displayed to the standard output, as well as to a text file called processes.txt. Which of the following commands should be used to accomplish this? A. grep B. tee C. sed D. xargs
B. tee The tee command reads the standard input, sends the output to the command line interface, as well as copying the output to each specified file. The grep command is used to perform pattern matching to display a specified string or search term in its output. The xargs command reads from standard input and executes a command for each argument provided to the command. When using the xargs command, each argument must be separated by spaces. The sed (stream editor) command can be used to modify text files or for global search and replace actions.
Diane, a system administrator at Dion Training, needs to add some user accounts to a Linux server. Which of the following commands should be used to accomplish this? A. userdel B. useradd C. usermod D. groupadd
B. useradd The useradd command is used to create user accounts and configure the default settings for a new user. The usermod command is used to modify the system account files to reflect changes for a given user account. The userdel command is used to delete or remove an existing user account on a system. The groupadd command is used to create a new group.
Sarah, a system administrator at Dion Training, notices that a Linux server is running slow when processing kernel-related functions. She runs the top command and several metrics are displayed. Which of the following metrics should she look at to troubleshoot kernel-related issues? A. %wa B. %id C. %s D. %us
C. %s The top command dynamically displays the processes consuming the most system resources. The %s metric displays the CPU time spent running the Linux kernel.The %wa metric displays the I/O wait time. If the %wa is high, this indicates that the run queue is too high. The %id displays CPU idle time and if this is too high then this indicates that the CPU is working too hard. The %us displays CPU time spent running user processes.
Aria, a system administrator at Dion Training, wants to improve name resolution performance on a Linux server by prioritizing which resources are used for DNS name resolution by the system. Which of the following files can be used by a system administrator to define the order in which name resolution methods will be used? A. /etc/hosts B. /boot/initrd.img C. /etc/nsswitch.conf D. /proc/mdstat
C. /etc/nsswitch.conf The /etc/nsswitch.conf file includes configuration options for name resolutions that define the order in which name resolution methods will be used. The /proc/mdstat file contains status information related to RAID arrays. The /etc/hosts file is used to manually configure the list of hostnames and IP addresses used for local name resolution. The /boot/initrd.img file is used to contain a ramdisk image of the root file system that is temporarily loaded into memory during the system bootup process.
Rebecca, a system administrator at Dion Training, is creating a quick start guide for new users that includes tips on how to navigate a Linux system and its key file locations. She wants to ensure that this file is copied into the home directory every time a new user is created on the system. Which of the following files or directories should the file be copied to accomplish this? A. /etc/passwd B. /etc/profile C. /etc/skel D. /etc/group
C. /etc/skel The /etc/skel directory contains files that will be copied automatically to the home directory of any new user. The /etc/group file contains a list of groups and group IDs. The /etc/profile to set system-wide environment variables and startup programs for new user shells. The /etc/passwd file stores the actual user account and maintains various settings related to accounts.
Denise, a cybersecurity analyst at Dion Training, must review a CentOS server's logs weekly to check for any authentication failures. Which of the following files should be reviewed to find evidence of any failed login attempts? A. /var/log/syslog B. /var/log/messages C. /var/log/secure D. /var/log/kern.log
C. /var/log/secure The /var/log/secure file contains all of the authentication messages in RHEL and CentOS distributions. To determine if there were any failed logging attempts during the past week, the analyst should review the contents of the /var/log/secure file. The /var/log/syslog file contains all types of system events except for authentication messages in Debian-based distributions. The /var/log/messages file contains all general non-critical system events in RHEL and CentOS distributions. The /var/log/kern.log file contains all of the kernel messages and the output from the dmesg command.
Reece, a network administrator at Dion Training, wants to configure the company's containers to obtain network access by using special network drivers. The drivers will track all the IP addresses used by the containers, hosts, and remote services. Which of the following should be used to accomplish this? A. Overlay B. Host C. NAT D. Bridge
C. NAT Network Address Translation (NAT) is used to track all of the IP addresses between the containers, hosts, and remote services. The container's host network driver provides networking between the container and host while using the host's network access. The container's overlay driver provides connectivity between containers run by different daemons. The container's bridge network driver provides the standard configuration for standalone containers that need network access.
Which of the following type of RAIDs uses parity to provide fault tolerance? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10
C. RAID 5 A RAID 5 provides fault tolerance by using disk striping with parity. A RAID 5 writes the data and parity information to each disk in the array. This parity information is used to recreate the missing data from a failed storage drive. Disk cloning is the process of creating a bit-by-bit copy of a storage device to another device. Disk cloning is not a feature used by RAIDs. A RAID 0 provides disk striping across at least two storage disks. The disk partitions are divided into sections called stripes and data is written sequentially across the different stripes. A RAID 1 provides disk mirroring by duplicating the data on two different storage disks to provide complete redundancy. Disk mirroring is considered an inefficient use of storage capacity, though, since two full copies are made of each piece of data.
Which of the following is the host command used for in Linux? A. Network latency reports B. Package management C. Testing name resolution D. Resolving a MAC address from a specified IP address
C. Testing name resolution The host {domain name} {IP address} command will resolve the domain name against the DNS server specified by the IP address. Package management is performed using commands like rpm, yum, dnf, apt, dpkg, and zypper. The ioping command is used to generate network latency reports. The arp command is used to discover information about known MAC addresses and IP bindings.
Maxine, a system administrator at Dion Training, needs to modify the password expiration for user accounts on a Linux server. Which of the following commands should be used to accomplish this? A. chown B. chgrp C. chage D. chmod
C. chage The chage (change age) command is used to control password expiration, expiration warnings, inactive days, and other information for existing user accounts. The chmod (change modification) command is used to modify the permissions of a file or directory, but only the file or directory's owner or a system administrator can change the permissions for an object. The chown (change ownership) command is used to change the owner, the group, or both the owner and the group for a given file or directory. The chown command allows permissions to be set so that someone else can manage an object's permissions other than the user who created that object. The chgrp (change group) command is used to change the group ownership of a given file or directory.
Fred, a system administrator at Dion Training, needs to rename a misspelled user's account from Jayson to Jason on the company's Linux server. Which of the following commands should be used to accomplish this? A. userdel B. useradd C. usermod D. groupadd
C. usermod The usermod command is used to modify the system account files to reflect changes for a given user account. The userdel command is used to delete or remove an existing user account on a system. The useradd command is used to create user accounts and configure the default settings for a new user. The groupadd command is used to create a new group.
Sebastian, a network administrator at Dion Training, recently installed a new server and needs to configure the ip address for its network adapter, enp0s8. Which of the following commands would allow Sebastian to add an ip address directly to enp0s8? A. ifconfig B. hostname C. ifcfg D. arp
C. ifcfg The ifcfg command is an alternative to ifconfig or the ip command for managing IP addressing. The ifconfig command enables a user to view the current IP address information for each network adapter recognized by the system. The arp command is used to discover information about known MAC addresses and IP bindings. The hostname command displays the system's current network name configuration.
Noel, a system administrator at Dion Training, wants to determine if a particular NIC is experiencing high latency and saturation. Which of the following commands should be used to accomplish this? A. firewall-cmd B. top C. iftop D. ping
C. iftop The iftop command is used to display the bandwidth usage information for the system, including how much bandwidth is being utilized on a particular NIC. The ping (Packet Internet Groper) command is used to check the network connectivity between a client and a server. The top command is used to dynamically display the processes consuming the most system resources. The firewall-cmd is the front-end management tool for the firewall daemon (firewalld).
Elaine, a system administrator at Dion Training, wants to display the current configuration in use by a Linux server's logical volumes. Which of the following commands should be used to accomplish this? A. mdadm B. pvscan C. lvdisplay D. multipathd
C. lvdisplay The logical volume manager (LVM) is a tool for logical volume management that includes allocating disks, striping, mirroring, and resizing logical volumes. The lvdisplay command shows the current configuration and lists attributes of logical volumes. The pvscan command is used to scan for all of the physical devices that are being used as physical volumes. The mdadm (multiple device administration) command is used to manage RAID systems from within the Linux CLI. The multipathd command is responsible for checking and displaying information about paths. The multipathd daemon manages the paths and reconfigures the network map as needed to react to changes in the paths, including failures.
Jeffrey, a cybersecurity analyst at Dion Training, wants to remove or unload a module not currently being used by the Linux kernel to increase the security of a Linux server. Which of the following commands would you use to remove the kernel module? A. lsmod B. auditd C. modprobe D. cryptsetup
C. modprobe The modprobe command is used to add or remove modules from a kernel. The modprobe command can load all the dependent modules before inserting the specified module and is preferred over using the insmod and rmmod commands. The lsmod command displays the currently loaded kernel modules, their sizes, usage details, and their dependent modules. The auditd (audit daemon) is used to ensure records are being properly written to the storage device. The cryptsetup command is used as a front-end tool to interact with the Linux Unified Key Setup (LUKS).
Elsie, a system administrator at Dion Training, wants to configure a Linux server to start up in the command line interface by default instead of the graphical user interface. Which of the following targets should be set in the default.target unit file to accomplish this? A. network-online B. rescue.target C. multi-user.target D. graphical.target
C. multi-user.target The default.target unit file points to the unit file that will be used upon system startup. By modifying the default.target unit file to select the multi-user.target (CLI) or graphical.target (GUI), that target will be loaded during the system start-up process by default. The multi-user.target file creates a command line interface (CLI) environment which uses fewer resources than the traditional GUI environment. The graphical.target file creates a graphical user interface (GUI) environment. The rescue.target unit file starts rescue mode used to troubleshoot the Linux system. The network-online target is used to start the specified network services and delay the target until the network service is established.
Ralph, a cybersecurity analyst at Dion Training, wants to gather information about a remote server's current TLS/SSL certificate and its status. Which of the following commands should be used to accomplish this? A. nmap B. pvscan C. openssl_s client D. lvscan
C. openssl_s client OpenSSL provides SSL connectivity between clients and servers. SSL relies on certificates generated as part of the Public Key Infrastructure (PKI) design. When there are issues connecting to webservers using SSL or TLS, the openssl s_client command can be used to gather information about the server's certificate and aid in troubleshooting the issue. Nmap is highly configurable, but at its most basic it displays the network configuration of the remote system. Nmap displays the network configuration of the remote system, including its listening ports, firewall status, operating system identification, and other values. The pvscan command is used to scan for all of the physical devices that are being used as physical volumes. The lvscan command scans all physical devices for logical volumes on a Linux server.
Joseph, a system administrator at Dion Training, wants to remove MySQL and replace it with MongoDB on one of the company's database servers. Which of the following command options can be used with the APT command to uninstall the MySQL package and its configuration files on the Linux server? A. install B. remove C. purge D. delete
C. purge The purge subcommand uninstalls the package and all of its configuration files. The remove subcommand uninstalls the package but the configuration files remain on the Linux system. The install subcommand is used to install a software package on a Linux system. The apt command does not have a delete subcommand.
Gareth, a cybersecurity analyst at Dion Training, wants to enforce the SELinux security policies on a Linux server. Which of the following commands would he use to accomplish this? A. setenforce 0 B. getenforce C. setenforce 1 D. sudo nano /etc/setlinux/config then change SELINUX disabled
C. setenforce 1 The setenforce command temporarily changes SELinux modes, whereas a value of 0 is Permissive mode and a value of 1 is Enforcing mode. The getenforce command displays the current mode. The sudo nano /etc/setlinux/config command and setting the SELINUX variable to disabled are used to disable SELinux.
Fiona, a system administrator at Dion Training, wants to transfer the public key for user 'jasondion' to DBserver02 so that it can be used with a remote SSH connection. Which of the following commands should be used to accomplish this? A. ssh-keygen jasondion DBserver02 B. ssh-copy-id DBserver02 C. ssh-copy-id jasondion@DBserver02 D. ssh-add jasondion@DBserver02
C. ssh-copy-id jasondion@DBserver02 The ssh-copy-id jasondion@DBserver02 command is the correct syntax needed to transfer a public key to a remote host. The ssh-copy-id command is used to transfer local keys to a remote system for authentication. Its purpose is to provide access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.
Janice, a system administrator at Dion Training, wants to convert a string of characters from lowercase to uppercase within a given filename. Which of the following commands should be used to accomplish this? A. which B. tee C. tr D. xargs
C. tr The tr (translate) command is used to translate a string of characters from the input. Usually, the tr command is used to change the capitalization of letters within a filename. The xargs command reads from standard input and executes a command for each argument provided to the command. When using the xargs command, each argument must be separated by spaces. The tee command reads the standard input, sends the output to the command line interface, as well as copying the output to each specified file. The which command displays where a command executable file is stored.
Carly, a system administrator at Dion Training, wants to issue superuser privileges to a new system administrator on a Linux server. She wants to ensure that there are no errors when she is done modifying the sudoers file. Which of the following commands should be used to accomplish this? A. vim B. nano C. visudo D. gedit
C. visudo Visudo edits the sudoers file in a protected and safer manner. Visudo locks the sudoers file against multiple simultaneous edits, provides basic syntax checking, and also checks for parsing errors to ensure the sudoers file doesn't get corrupted during editing. Vim (Vi Improved) is a highly configurable text editor that was designed as an improved clone of the legacy vi text editor. Nano is an easy-to-use command line text editor for Unix and Linux operating systems. Gedit is a simple GUI-based text editor used in some Linux distributions.
Lynne, a system administrator at Dion Training, ran the top command to see the currently running processes. She wants to review the metric used to measure the amount of time a virtual CPUI is waiting for access to the physical CPU. Which of the following metrics should be used to accomplish this? A. %id B. %wa C. %us D. %st
D. %st The top command dynamically displays the processes consuming the most system resources. The %st displays steal which indicates how often a virtual CPU is waiting for access to the physical CPU. The %wa metric displays the I/O wait time. If the %wa is high, this indicates that the run queue is too high. The %id displays CPU idle time and if this is too high then this indicates that the CPU is working too hard. The %us displays CPU time spent running user processes. The %s displays the CPU time spent running the Linux kernel.
Pauline, a system administrator at Dion Training, notices that a Linux server is running slowly. She runs the top command and several metrics are displayed. Which of the following metrics should she look at to verify the amount of CPU time being spent running user processes? A. %wa B. %id C. %s D. %us
D. %us The top command dynamically displays the processes consuming the most system resources. The %us displays CPU time spent running user processes. The %s metric displays the CPU time spent running the Linux kernel.The %wa metric displays the I/O wait time. If the %wa is high, this indicates that the run queue is too high. The %st displays steal which indicates how often a virtual CPU is waiting for access to the physical CPU. The %id displays CPU idle time and if this is too high then this indicates that the CPU is working too hard.
Nora, a system administrator, is about to install a very large software package using the apt command on a Linux server. Which of the following options should she use to display hash marks or a progress bar during the installation process? A. -i B. -U C. -F D. -v
D. -v The apt command is used to install, update, remove, and manage .deb packages on Ubuntu, Debian, and other Debian-based distributions. The -v option in the apt command is used to specify a verbose or detailed output that provides a progress bar showing the installation progress. The -i option in the apt command is used to install a software package. The -U option in the apt command is used to upgrade a package to a newer version, or it will install the software if that software is not already installed on the system. The -F option in the apt command is used to freshen a package to a newer version (similar to an upgrade), but this option will not install the software if it is not already installed on the system.
Barry, a system administrator at Dion Training, wants to configure his Linux server's system time to synchronize with another server's time using chrony. Which of the following default ports must be opened to allow access to the server's time service? A. 514/UDP B. 22/TCP C. 443/TCP D. 123/TCP
D. 123/TCP The chrony service provides a more flexible and consistent time synchronization service and is used in cases where the ntpd service is unreliable. The chrony service uses port 123 using TCP to communicate. The rsyslog and syslog both use port 514 with UDP by default. The Hypertext Transmission Protocol Secure (HTTPS) uses port 443 with TCP by default. The Secure Shell (SSH) uses port 22 with TCP by default.
Jodie, a network administrator at Dion Training, wants to configure the company's containers to obtain network access by using special network drivers. The drivers will utilize the standard configuration for a standalone container which requires network access. Which of the following should be used to accomplish this? A. Overlay B. Host C. NAT D. Bridge
D. Bridge The container's bridge network driver provides the standard configuration for standalone containers that need network access. The container's host network driver provides networking between the container and host while using the host's network access. The container's overlay driver provides connectivity between containers run by different daemons. Network Address Translation (NAT) is used to track all of the IP addresses between the containers, hosts, and remote services.
Which part of the PKI system maintains the associated private/public key pair for entities? A. Self-signed certificate B. Digital signature C. Wildcard certificate D. Certificate authority
D. Certificate authority A certificate authority (CA) is a server that issues digital certificates for entities and maintains the associated private/public key pair. Internal CAs issue self-signed certificates—certificates that are owned by the same entity that signs them. In other words, the certificate does not recognize any authority and is essentially certifying itself. Self-signed certificates require the client to trust the entity directly. Digital signatures are used for sender authentication and message integrity. Digital signatures are created by encrypting a hash digest of the data with the user's private key. Wildcard certificates support multiple subdomains of a single parent domain, such as www.diontraining.com, mail.diontraining.com, and ftp.diontraining.com using a single digital certificate.
Ernest, a system administrator at Dion Training, wants to select an orchestration tool that supports both agent and agentless operations. The selected tool should also support the use of Python and YAML. Which of the following orchestration tools would meet these requirements? A. Ansible B. Chef C. Puppet D. SaltStack
D. SaltStack SaltStack is an orchestration tool that utilizes both agent and agentless options and supports the use of Python and YAML. Ansible is an orchestration tool that is commonly used for Red Hat Enterprise Linux deployments, is agentless, and relies on the Python programming language. Chef is an orchestration tool that utilizes agents and the Ruby programming language. Puppet is an orchestration tool that is agentless and recognizes configuration files in Bash, Python, Ruby, YAML, and PowerShell.
Craig, a system administrator at Dion Training, is trying to resolve a trouble ticket stating that a user's files are being accidentally deleted by other users on the server. Currently, any user with read or execute privileges for a given file can delete that file. The system administrator wants to assign special permissions to the files to prevent other users from being able to delete them. Which of the following special permission sets should be configured to accomplish this? A. ACL B. SUID C. SGID D. Sticky bit
D. Sticky bit A sticky bit is a special permission bit that protects files in a directory. Sticky bits ensure that only the owner of a file or directory (or root) can delete the file or directory. The SGID (setgid) permission allows a user to have permissions that are similar to those of the file's group owner. An access control list (ACL) is a list of permissions attached to an object. ACLs can be used for situations where the traditional file permissions are not sufficient to configure the proper permissions for an object. The SUID (setuid) permission allows a user to have similar permissions as the owner of the file.
Ivy, a data analyst at Dion Training, is trying to edit a script with the location of this week's files before she uses it to generate her weekly report. Ivy and other members of the accounting department are receiving a 'permission denied' error message every time they attempt to modify and save the script with the updated directory path. Ivy verified that the group owner of the script is Accounting, that she is a part of the Accounting group, and the script's permissions are set to rwxr-x---. Which of the following is MOST likely causing the issue with modifying and saving this script? A. The group permission field doesn't have execute permissions B. The other permission field has no permissions set C. The user must run the script with root privileges D. The user's group doesn't have write permissions
D. The user's group doesn't have write permissions To modify and save a file in Linux, the file must have write permissions in the group field. The execution privileges for the group field are properly assigned. The other permissions field doesn't need to have permissions assigned since Ivy is part of the group that owns the script. The script does not need to be run using root permissions as long as the user or group has the proper permissions.
Roger, a system administrator at Dion Training, ran the top command and sees an abnormally high value for the %us metric. Which of the following BEST describes what this metric is used for? A. This metric represents the amount of time a virtual CPU is waiting for access to the physical CPU B. This metric represents the amount of time the CPU is waiting for I/O access C. This metric represents the amount of time the CPU is idle D. This metric represents the amount of time the CPU spent running user processes
D. This metric represents the amount of time the CPU spent running user processes The top command dynamically displays the processes consuming the most system resources. The %us displays CPU time spent running user processes. The %s metric displays the CPU time spent running the Linux kernel.The %wa metric displays the I/O wait time. If the %wa is high, this indicates that the run queue is too high. The %st displays steal which indicates how often a virtual CPU is waiting for access to the physical CPU. The %id displays CPU idle time and if this is too high then this indicates that the CPU is working too hard.
Lindsey, a system administrator at Dion Training, wants to check the status of service using the SysVinit init method. The sshd service has a system status of disabled. Lindsey can remotely connect to a server using SSH, so they assume there is a status issue for the service and want to reset the status without stopping the SSH service. Which of the following commands should be used to accomplish this? A. chkconfig sshd on B. chkconfig sshd off C. chkconfig sshd reset D. chkconfig sshd restart
D. chkconfig sshd restart The chkconfig command is used to control services in each runlevel, start services, and stop services. The chkconfig {service} restart command resets the status of a service. The chkconfig {service} reset command stops a service immediately. The chkconfig {service} on command enables a service to be started on boot. The chkconfig {service} off command disables a service so that it is no longer started on boot.
Nancy, a cybersecurity analyst at Dion Training, created a new work from home policy. The file containing this policy needs to be readable by all of the company's users. The Human Resources department should own the file and be assigned full permissions to the file. Which of the following commands should be used to accomplish this? A. chmod u+rwx, g+wx, o+r wfhpolicy.pdf B. chmod a+rwx wfhpolicy.pdf C. chmod u+rwx, g+rwx, o+rwx wfhpolicy.pdf D. chmod u+rwx, g+rwx, o+r wfhpolicy.pdf
D. chmod u+rwx, g+rwx, o+r wfhpolicy.pdf The chmod u+rwx, g+rwx, o+r wfhpolicy.pdf command correctly sets the needed permissions. Based on the requirements the owner should have read, write and execute privileges. The group should have read, write, and execute privileges. The other (world) field should have only read privileges.
Christopher, a network administrator at Dion Training, wants to deny the use of FTP services by blocking it in the firewall on a Linux server. Which of the following commands should be used to accomplish this? A. firewall-cmd --get-zones B. firewall-cmd --zone=dmz --list-all C. firewall-cmd --zone=dmz --add-port=21/tcp D. firewall-cmd --zone=dmz --remove-port=21/tcp
D. firewall-cmd --zone=dmz --remove-port=21/tcp the firewall-cmd --zone=dmz --remove-port=21/tcp is used to block FTP communications through the firewall. The firewall-cmd --zone=dmz --add-port=21/tcp would allow FTP communications to occur through the firewall using port 21. The firewall-cmd --get-zones is used to list all zones in the firewall. The firewall-cmd --zone=dmz --list-all would list all rules in the dmz zone.
RANGE SIZE STATE REMOVABLE BLOCK 0X0000000000000-00000008ffffff 2.3G online no 0-17 0x00000010000000-0x0000026ffff 5.8G online no 32-77 Consider the screenshot above. Which of the following commands was executed to create this output? A. ls -l / B. lsmod C. lscpu D. lsmem
D. lsmem The lsmem command lists the ranges of available memory with their online status. The listed memory blocks correspond to the memory block representation in sysfs. The lsmem command also shows the memory block size and the amount of memory in an online and offline state. The lsmod command displays the currently loaded kernel modules, their sizes, usage details, and their dependent modules. The lscpu command is used to gather CPU architecture information from sysfs, /proc/cpuinfo and any applicable architecture-specific libraries). The lscpu command output includes information about the number of CPUs, threads, cores, sockets, Non-Uniform Memory Access (NUMA) nodes, and more. The ls -l command is used to list the contents of a directory in tabular format, including content permissions, owner of the content, and the size of the content in bytes.
Betty, a system administrator at Dion Training, wants to scan all of the physical storage devices to detect any logical volumes contained within them. Which of the following commands should be used to accomplish this? A. lvcreate B. pvscan C. lvchange D. lvscan
D. lvscan The lvscan command scans all physical devices for logical volumes on a Linux server. The pvscan command is used to scan for all of the physical devices that are being used as physical volumes. The pvcreate command initializes a drive or partition to use as a physical volume on a Linux server. The vgcreate command creates volume groups on a Linux server.