RHCSA Study Questions

What is the name of the GUI tool that enables you to easily manage firewalld configurations? a. system-config-firewall b. firewall-gtk c. firewall-config d. firewall-gui

. C. Explanation: The name of the GUI tool that can be used to manage firewall configurations is firewall-config.

What is the grub configuration file the is generated by grub2?

/boot/grub2/grub.cfg

What would the name of the LV called lvvol01 in the Physical Volume vgdata be called the the device mapper name?

/dev/mapper/vgdata-lvvol01

What is the main configuration file of grub2?

/etc/default/grub

What is the name of the GRUB 2 configuration file where you apply changes to GRUB 2?

/etc/default/grub

Which configuration file should you modify to apply common changes to GRUB 2?

/etc/default/grub

Names of configuration files and directories in the main Apache configuration file are relative to the ServerRoot. To which directory is the ServerRoot set by default?

/etc/httpd

What is the default location where RPMs can drop plug-in configuration files that should be considered by the Apache server?

/etc/httpd/conf.d

Which location is preferably used for storing virtual host configuration files?

/etc/httpd/conf.d

What is the name of the default Apache configuration file?

/etc/httpd/conf/httpd.conf

Where is the SELinux main configuration file located?

/etc/sysconfig/selinux

Which file do you need to change if you want to completely disable SELinux?

/etc/sysconfig/selinux

Where are the system-specific modifications for a systemd unit located?

/etc/systemd/system

Where are the systemd wants located?

/etc/systemd/system

What directory will show the services to be stared on a multi-user target?

/etc/systemd/system/multi-user.target.wants

What is the name of the default Kickstart file that is created after installing an RHEL server?

/root/anaconda-ks.cfg

Where is the runtime that is generated automatically for systemd stored?

/run/systemd/system

Where are the system default unit files for systemd located?

/usr/lib/systemd/system

Where are the target files located?

/usr/lib/systemd/system

Name the two locations where the system reads the rules files for devices

/usr/lib/udev/rules.d - shows how devices are initialized /etc/udev/rules.d directory - custom rules for the device

What is the default home directory for the TFTP server?

/var/lib/tftpboot

Where does SELinux log all of its messages?

/var/log/audit/audit.log

Which directory is used as the default Apache document root?

/var/www/html

Where are firewalld service files stored?

1. /usr/lib/firewalld/services 2. /etc/firewalld/

If your GRUB2 boot loader is broken what are the steps to fix it?

1. Make sure that you have made the contents of the /mnt/sysimage directory to your current working environment 2. If your disk is /dev/sda, run the following command grub2-install /dev/sda

Name the eight steps of the boot process

1. POST 2. Select bootable device 3. Loading the boot loader 4. Loading the Kernel 5. Starting /sbin/init 6. Processing initrd.target 7. Switching to the root file system 8. Running the default target

List the order of the layers involved in the LVM architecture

1. Physical Volume(PV) 2. Volume Group(VG) 3. Logical Volume(LV)

What is the procedure the root password where nobody knows what it is?

1. Press e when Grub2 menu is shown 2. Enter rd.break as boot argument to the line that loads the kernel and press Ctrl+X to boot with this option. 3. mount -o remount,rw /sysroot 4. chroot /sysroot 5. Now you can enter passwd and set the new password for the user root. 6. Load SELinux policy: load_policy -i 7. manually set the correct context type to /etc/shadow: chcon -t shadow_t /etc/shadow 8. reboot

What are the three sections a systemd service unite file consist of?

1. [Unit] 2. [Service] 3. [Install]

You need a list of all available Booleans. Which command do you use?

1. getsebool -a 2. semanage boolean -l

To get a list of Booleans on your system, what command do you use?

1. getsebool -a 2. semanage boolean -l (this will provide more details)

What is the procedure to add SELinux-Spoecific Man Pages

1. man -k _selinux 2. yum whatprovides */sepolicy 3. yum -y install policycoreutils-devel 4. sepolicy manpage -a -p /usr/share/man/man8 5. man -k _selinux 6. mandb 7. man -k _selinux 8. man -k _selinux| grep http

What are the two commands to set context type and which one should you use?

1. semange 2. chcon - should be avoided. Everything that is applied with chcon is overwritten when the file system is relabeled, or the original context is restored from the policy to the file system.

I want to reduce the EXT4 file system by 250 megabytes. The LV is lvvol01, VG is vgdata and the mount point is /files

1. umount /files 2. lvreduce -L -250M -r /dev/vgdata/lvvol01

How do you install the tftp server, start and enable it?

1. yum -y install tftp-server 2. vi /etc/xinetd.d/tftp 3. change this to no and save file disable = yes 4. enable: systemctl enable tftp-server 5. start: systemctl start trftp-server 6. If firewal is running add the tftp exception and reload rules firewall-cmd --permanent --add-service=tftp firewall-cmd --reload

How do install sealert?

1. yum install setroubleshoot-server 2. reboot the server to make sure all the processes are restarted correctly

How do you find a package that has the command semanage?

1. yum provides /usr/sbin/semanage 2. yum whatprovides /usr/sbin/semanage

What causes a tainted kernel? a. A kernel driver that is not available as open source driver b. A driver that was developed for a different operating system but has been ported to Linux c. A driver that has failed. d. An unsupported driver. From

A

Where does your system find the default rules that are used for initializing new hardware devices? a. /etc/udev/rules.d b. /usr/lib/udev/rules.d c. /usr/lib/udev.d/rules d. /etc/udev.d/rules

A /etc/udev/rules.d

Which command enables you to find the actual version of the kernel that is used? a. uname -r b. uname -v c. procinfo -k d. procinfo -l

A [root@client ~]# uname -r 3.10.0-957.12.2.el7.x86_64

What is the name of the command that shows kernel events since booting? a. logger b. dmesg c. klogd d. journald

A dmesg

What can you use if you want a minimal boot image to be available to the servers you want to install, but you do not want to provide that through a network PXE server? a. Use the boot.iso image that is provided by Red Hat at RHN. b. Use the installation disk. c. Copy the bootloader to the server you want to install before starting the installation. d. Copy the boot image on the HTTP installation server.

A and B. Explanation: If you do not want to boot from the network, you need to provide a boot image on a local medium. The boot.iso image is a perfect solution to do that. Alternatively, you could choose to start the installation from an installation disk.

You want to see exactly what is happening on system boot. Which two boot options should you remove from the GRUB 2 boot prompt? (Choose two.) a. rhgb b. logo c. quiet d. silent

A and C. Explanation: The rhgb and quiet boot options make it impossible to see what is happening while booting.

What does the SELinux core element Policy do?

A collection of rules that define which source has access to which target.

What does the SELinux core element Context do?

A security label that is used to categorize objects in SELinux

What does the SELinux core element Rule do?

A specific part of the policy that determines which source domain has which access permissions to which target domain.

What is a tainted kernel?

A tainted kernel is a kernel that contains closed source drivers.

What is the simplest definition of a target unit?

A target unit is a group of units

What is a unit?

A unit is a thing that is started by systemd. There are different types of units, such as services, mounts, sockets, and many more.

In firewalld what is a zone?

A zone is a collection of rules that are applied to incoming packets matching a specific source address or network interface

Which of the following shows correct syntax for adding a port persistently to the current firewalld configuration? a. firewall-cmd --addport=2022/tcp --permanent b. firewall-cmd --add-port=2022/tcp --permanent c. firewall-cmd --addport=2022/tcp --persistent d. firewall-cmd --add port=2022/tcp --persistent

A. Explanation: Answer A shows the correct syntax.

Your server shows a blinking cursor only while booting. No GRUB 2 menu is available. What is the first step in troubleshooting this issue? a. From a rescue disk, try the boot from local disk option. b. Start a rescue environment and reinstall GRUB. c. Start a rescue environment and re-create the initramfs. d. Use the rd.break boot argument.

A. Explanation: Because the error occurs before the GRUB 2 menu is loaded, the only option to fix this is by using a rescue disk.

Which of the following items in the context label is the most significant for SELinux system administration tasks? a. Type b. User c. Role d. Mission

A. Explanation: For basic SELinux configuration, you need to make sure that the appropriate context type is set. User and role are for advanced use only

Which of the following is not a standard firewalld zone? a. Untrusted b. Trusted c. External d. Internal

A. Explanation: On a default configuration, there is no untrusted zone in firewalld

Which file contains all information you need to troubleshoot SELinux messages? a. /var/log/audit/audit.log b. /var/log/selinux/selinux.log c. /var/log/messages d. /var/log/selinux.log

A. Explanation: SELinux messages are logged by auditd, which writes the log messages to /var/log/audit/audit.log

Which command shows all service unit files on your system that are currently loaded? a. systemctl --type=service b. systemctl --type=service --all c. systemctl --list-services d. systemctl --show-units | grep services

A. Explanation: The --type=service argument shows all currently loaded services only.

Which virtual host type allows you to run multiple virtual hosts on the same IP address? a. NameBased b. IPBased c. ConfigurationBased d. Default

A. Explanation: The NameBased virtual host is used as the default virtual host type. It allows multiple virtual hosts to be hosted on the same IP address.

Which parameter in the main Apache configuration file defines the location where the Apache process looks for its configuration files? a. ServerRoot b. ServerDocuments c. DocumentRoot d. DocumentIndex

A. Explanation: The ServerRoot parameter defines where Apache will look for its configuration files. All file references in the httpd.conf configuration file are relative to this directory

Which line is used to start the definition of a virtual host that listens on port 80 of all IP addresses on the current server? a. <VirtualHost *:80> b. <VirtualHost *> c. <NameHost *:80 d. <NameHost *>

A. Explanation: The VirtualHost parameter is used to open a virtual host definition. * refers to all IP addresses, and :80 defines the port it should listen on

What is the name of the main Apache configuration file? a. /etc/httpd/conf/httpd.conf b. /etc/httpd/httpd.conf c. /etc/apache2/apache.conf d. /etc/httpd/default-server.conf

A. Explanation: The default Apache configuration file is in /etc/httpd/conf/ httpd.conf

Which of the following commands enables you to see the current SELinux mode? a. sestatus b. lsmode c. semode d. getenforce

A. Explanation: The getenforce command is used to request the current SELinux mode

To allow targets to be isolated, you need a specific statement in the target unit file. Which of the following describes that statement? a. AllowIsolate b. Isolate c. SetIsolate d. Isolated

A. Explanation: The required statement is AllowIsolate . All other statements mentioned here are invalid.

Which RPM package contains the boot loader that is used in a PXE environment to provide all available boot options to the clients? a. syslinux b. lilo c. grub d. grub2

A. Explanation: The syslinux package contains everything that is needed to provide a boot menu through PXE.

Which zones should you use for an interface that is on a network where you need minimal firewall protection because every other computer on that same network is trusted? a. Trusted b. Home c. Work d. Private

A. Explanation: The trusted zone is provided for interfaces that need minimal protection.

Which of the following is not a valid command while working with units in systemctl? a. systemctl unit start b. systemctl status -l unit c. systemctl mask unit d. systemctl disable unit From

A. Explanation: The word order is wrong. It should be systemctl start unit , not systemctl unit start

Which of the following statements is not true about the firewall-config GUI tool? a. All configuration that is created in firewall-config is automatically activated and stored permanently. b. The firewall-config tool provides an easy interface to add ports to zones. c. In its default screen, firewall-config shows all zones. d. firewall-config connects to the firewalld service. If this service is not running, you may have problems working with firewall-config

A. Explanation: When working with firewall-config, you need to choose between the run-time and the permanent mode

What happens when SELinux is enabled and is in permissive mode?

All SELinuxrelated activity is logged, but no access is blocked.

What are the default settings for the firewalld zone trusted?

All network connections are accepted.

Instead using load_polic -i and chcon to correct labels on /etc/shadow, what is an easier way to do it?

An alternative (and easier) method is to create a file with the name /.autorelabel which will force SELinux to restore labels that are set on the entire file system.

During startup, the boot procedure is not completed and the server asks for the root password instead. What is likely to be the reason of this?

An error in /etc/fstab prevents the fsck command on that file system to finish successfully.

Which services do you need to install to create a fully automated installation environment?

An online repository, a TFTP server that provides the boot image, a DHCP server that indicates where the boot image can be found

What are the default settings for the firewalld zone Drop?

Any incoming packets are dropped and there is no reply.

How can firewalld rules be added or removed without any required action of the sys admin?

Applications can request ports to be opened using the DBus messaging system, which means that rules can be added or removed without any direct action required of the system administrator.

Which of the following is not a valid systemd unit type? a. service b. udev c. mount d. socket

B. Explanation :udev is not a valid systemd unit type. All others are.

You want to find out which other systemd units have dependencies to this specific unit. Which command would you use? a. systemd list-dependencies --reverse b. systemctl list-dependencies --reverse c. systemctl status my.unit --show-deps d. systemd status my.unit --show-deps -r

B. Explanation: Answers A and B are very similar, but answer A uses the wrong command. You have to use the systemctl command, not the systemd command.

Which of the following installation server types is not supported? a. NFS b. CIFS c. HTTP d. FTP

B. Explanation: CIFS is not supported as an installation server.

Which command enables you to get an overview of all the current firewall configurations for all zones? a. firewall-cmd --show-current b. firewall-cmd --list-all c. firewall-cmd --list-current d. firewall-cmd --show-all

B. Explanation: The --list-all command without further options shows all configurations for all zones

Your initramfs seems faulty and cannot initialize the LVM volumes on your disk. Which configuration file should you check for options that are used? a. /etc/dracut.d/dracut.conf b. /etc/dracut.conf c. /etc/sysconfig/dracut d. /etc/mkinitrd.conf

B. Explanation: The /etc/dracut.conf file is used for managing the initramfs file system

Which directory contains the main Apache configuration file? a. /etc/httpd b. /etc/htttpd/conf c. /etc/httpd/conf.d d. /etc/httpd/conf.modules.d

B. Explanation: The /etc/http/conf directory contains the main Apache configuration file httpd.conf

You have just entered a kernel argument on the GRUB 2 boot prompt. Which key(s) enables you to start with this boot argument? a. ZZ b. Ctrl+X c. Esc d. Enter

B. Explanation: The Ctrl+X key sequence leaves the GRUB 2 shell and continues booting

In which file do you specify the name of the TFTP server root directory? a. /etc/ftpt.conf b. /etc/xinetd.d/tftp c. /etc/dhcpd.conf d. /etc/pxe.conf

B. Explanation: The TFTP server is defined through xinetd. Xinetd works with configuration files in /etc/xinetd.d. Each service that is managed through xinetd has its own configuration file.

You want to enter the most minimal troubleshooting mode where as few services as possible are loaded. Which boot argument should you use? a. systemd.unit=break.target b. systemd.unit=emergency.target c. systemd.unit=rescue.target d. 1

B. Explanation: The emergency.target systemd target gives just a root shell and not much more than that. All other options that are mentioned also include the loading of several systemd unit files.

After applying changes to the GRUB 2 configuration, you need to write those changes. Which of the following commands will do that for you? a. grub2 -o /boot/grub/grub.cfg b. grub2-mkconfig > /boot/grub2/grub.cfg c. grub2 > /boot/grub2/grub.cfg d. grub2-install > /boot/grub2/grub.cfg

B. Explanation: The grub2-mkconfig command enables you to regenerate the GRUB 2 configuration. The result, by default, is echoed to the screen. Use redirection to write it to a file.

What is the name of the utility that provides a menu-driven interface to create Kickstart files? a. kickstart-config b. system-config-kickstart c. config-kickstart d. system-config-install

B. Explanation: The system-config-kickstart file is used to create Kickstart files manually. Notice that this is one of the few system-config utilities that still remains from a past where many system-config utilities were available to make configuration tasks easier.

Which command enables you to change a Boolean in a way that it survives a reboot? a. chcon boolean -P b. setsebool -P c. setsebool d. semanage boolean

B. Explanation: To change Booleans, use setsebool ; to make the change persistent, use -P .

Which boot argument must be used on the GRUB 2 boot prompt that is provided from the installation DVD to refer to a Kickstart file? a. install= b. ks= c. kickstart= d. anaconda=

B. Explanation: To use a Kickstart file while installing, use the ks= boot argument, followed by the location of the Kickstart file (which is typically on an installation server).

Which command must you run to ensure that it has the appropriate SELinux context after moving a file to another location? a. reboot b. restorecon /new/filename c. chcon d. restorecon -R /etc/selinux -v

B. Explanation: When moving a file, the original file context it moved with the file. To ensure that the file has the context that is appropriate for the new file location, you should use restorecon on the file.

Which yum group contains many useful Apache packages?

Basic Web Server

How do you create a want for a service?

By using systemctl enable on that service

How do you switch the current operational target to the rescue target?

By using systemctl isolate rescue.target

Which command shows the current version of RHEL you are using? a. uname -r b. cat /proc/rhel-version c. cat /etc/redhat-release d. uname -k

C [root@client ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core)

Which of the following comes first in the Red Hat Enterprise Linux 7 boot procedure? a. Systemd b. Kernel c. GRUB 2 d. Initramfs

C. Explanation: During the boot procedure, the GRUB 2 boot loader gets loaded first. From here, the kernel with the associated initramfs are loaded, and once that has completed, systemd can be loaded

Which of the following situations can be resolved only by using a rescue disk? a. The kernel stops loading. b. The initramfs stops loading. c. You never get to a GRUB 2 boot prompt. d. You are prompted to enter the root password for maintenance mode.

C. Explanation: If you do not get a GRUB 2 boot prompt, you cannot select any alternate startup mechanism. This is why his situation requires you to use a rescue disk so that GRUB can be reinstalled. If the kernel or initramfs cannot load successfully, you might need to use a rescue disk also, but in many cases an alternate kernel is provided by default.

Which of the following is the name of firewalling as implemented in the Linux kernel? a. iptables b. firewalld c. netfilter d. firewall-mod

C. Explanation: Netfilter is the name of the firewall implementation in the Linux kernel. Different toolsets exist to manage netfilter firewalls. Iptables has been the default management interface for a long time, and in Red Hat Enterprise Linux 7, firewalld has been added as an alternative solution to manage firewalls

Which of the following statements about virtual hosts is not true? a. When virtual hosts are offered through an httpd process, the default configuration no longer works. b. The names of virtual hosts must be resolvable through /etc/hosts or DNS. c. To use virtual hosts, the mod_virt package must be installed. d. Virtual host configurations can be specified in httpd.conf

C. Explanation: No additional packages need to be installed to enable virtual hosts. Virtual hosts are supported through the default httpd RPM package.

Which command-line switch is used with many commands to display SELinux-related information? a. -S b. -X c. -Z d. -D

C. Explanation: The -Z option displays SELinux-related information and can be used with many commands

What is the name of the default Kickstart file that is created after installing an RHEL server? a. /root/kickstart.cfg b. /root/anaconda.cfg c. /root/anaconda-ks.cfg d. /root/anaconda-kickstart.cfg

C. Explanation: The /root/anaconda-ks.cfg file is created while installing an RHEL server and can be used as a Kickstart file to install other servers.

In which file do you specify the name of the PXE boot image that needs to be handed out to installable clients? a. /etc/ftpt.conf b. /etc/xinetd.d/tftp c. /etc/dhcpd.conf d. /etc/pxe.conf

C. Explanation: The DHCP server communicates to the TFTP server and specifies which file from the TFTP server should be handed out for booting installable clients.

Which parameter in the Apache configuration file is used to specify where Apache will serve its documents from? a. ServerRoot b. ServerDocuments c. DocumentRoot d. DocumentIndex

C. Explanation: The DocumentRoot parameter specifies where the Apache web server will look for its contents

Which command enables you to list all available firewalld services? a. firewall-cmd --list-services b. firewall-cmd --list-all c. firewall-cmd --get-services d. firewall-cmd --show-services

C. Explanation: The firewall-cmd --get-services command shows all services that are available in firewalld

When recovering access to a virtual machine, you need to make the storage devices in the image file available. Which of the following commands would do that, assuming that the name of the image file is /home/user/lab1.img?? a. partx -ax /home/user/lab1.img b. kpartx -ax /home/user/lab1.img c. kpartx -av /home/user/lab1.img d. partx -av /home/user/lab1.img. From

C. Explanation: The kpartx command is used to create device nodes for devices that are found in a block device. The -a option adds device nodes for all devices, and the -v option does that in a verbose way.

You have entered a troubleshooting mode, and disk access is read-only. What should you do? a. Restart the troubleshooting mode and pass the rw boot option to thekernel. b. Use the rd.break boot argument to manually start into the initramfs mode. c. Use mount -o remount,rw / . d. Use mount / .

C. Explanation: The mount -o remount,rw / option remounts the / file system in read/write mode.

Which statement about systemd wants is not true? a. You can create wants by using the systemctl enable command. b. The target to which a specific want applies is agnostic of the associated wants. c. Wants are always administered in the /usr/lib/systemd/system directory. d. Each service knows to which target its wants should be added.

C. Explanation: Wants are specific to a particular system and for that reason are managed through /etc/systemd/system.

Where do you specify kernel module parameters that should be used persistently?

Create a file in /etc/modules.d

What is the name of the file where you should apply changes to the GRUB 2 configuration? a. /boot/grub/menu.lst b. /boot/grub2/grub.cfg c. /etc/sysconfig/grub d. /etc/default/grub

D. Explanation: Changes to GRUB 2 need to be applied to /etc/default/grub, not to /boot/grub2/grub.cfg. The /boot/grub2/grub.cfg file cannot be edited directly, you'll have to apply changes to /etc/default/grub and run the grub2-mkconfig command to write them to the appropriate configuration file

Which of the following statements is true about the --permanent commandline option when used with firewall-cmd? a. Configuration that is added using --permanent is activated immediately and will be activated automatically after (re)starting firewalld. b. Configuration that is added using --permanent is activated immediately. c. Configuration that is added using --permanent is not activated immediately and can be activated only by using systemctl restart firewalld . d. To activate configuration that has been added with the --permanent option, you need to reload the firewall configuration by using firewall-cmd -reload

D. Explanation: Configuration that is added with the --permanent option is not activated immediately and needs either a restart of the firewalld service or the command firewall-cmd --reload

Which of the following is not a valid SELinux mode? a. Enforcing b. Permissive c. Disabled d. Enabled

D. Explanation: Enabled is not a valid mode that can be set using setenforce or the /etc/sysconfig/selinux configuration file

Which of the following is not an advantage of firewalld? a. Rules can be modified through dbus. b. It has an easy to use command-line interface. c. It has an easy to use graphical interface. d. It can be used as an enhancement to iptables.

D. Explanation: Firewalld and iptables are mutually exclusive.

What is the best solution to avoid conflicts between incompatible units? a. Nothing, the unit files have defined for themselves which units they are not compatible with. b. Disable the service using systemctl disable . c. Unmask the service using systemctl unmask . d. Mask the service using systemctl mask .

D. Explanation: Masking a service makes it impossible to enable it

Which of the following is not a valid status for systemd services? a. Running(active) b. Running(exited) c. Running(waiting) d. Running(dead)

D. Explanation: Running(dead) is not a valid status for systemd services.

You want to grep the log file for SELinux log messages. Which of the following strings should you grep upon? a. selinux b. deny c. violatino d. avc

D. Explanation: SELinux log messages always contain the text avc

To which of the following can SELinux security not be applied? a. Users . b. Files . c. Ports . d. It can be applied to all of the above.

D. Explanation: SELinux security can be applied to users, files and ports.

Which directory contains the configuration files for the different Apache modules? a. /etc/httpd b. /etc/htttpd/conf c. /etc/httpd/conf.d d. /etc/httpd/conf.modules.d

D. Explanation: The /etc/httpd/conf.modules.d directory contains configuration files that are used by specific Apache modules

You do not have the root password and want to reset it. Which kernel argument offers the recommended way to reset it? a. init=/bin/bash b. init=/bin/sh c. systemd.unit=emergency.target d. rd.break

D. Explanation: The rd.break boot option enters at the end of the initrd phase. The root file system has not been mounted on / yet, which allows for easy troubleshooting.

Which of the following cannot be specified using system-config-kickstart? a. LVM logical volumes b. Individual RPM packages c. Firewalld services d. All of the above

D. Explanation: The system-config-kickstart utility is old and has not been updated for a long time, which is why all of the above cannot be configured using system-config-kickstart.

Which service needs to be enabled to provide TFTP services? a. tftp b. tftpd c. httpd d. xinetd

D. Explanation: The tftpd service is started through xinetd. Make sure that the xinetd service is enabled for automatic starting using systemctl enable xinetd . The further configuration is done through the /etc/xinetd.d/tftp configuration file, where you have to change the disabled parameter to enabled.

Which of the following commands should be used to set the context type of the directory /web to httpd_sys_content_t? a. chcon -t httpd_sys_content_t /web b. semanage -t httpd_sys_content_t "/web(/.*)?" c. semanage fcontext -t httpd_sys_content_t "/web(/.*)?" d. semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"

D. Explanation: chcon should be avoided at all times. Answer D is the only answer that provides correct usage information about semanage

You are looking for a minimal ISO image that can be used to boot a server before accessing the online repository that that server should be using. Where can you find it?

Download boot.iso from RHN

What are the default settings for the firewalld zone Internal?

For use in internal networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.

What are the default settings for the firewalld zone Public?

For use in public areas. Other computers in the same network are not trusted, and limited connections are accepted. This is the default zone for all newly created network interfaces.

What are the default settings for the firewalld zone work?

For use in work areas. Most computers on the same network are trusted, and only selected incoming connections are accepted.

What are the default settings for the firewalld zone DMZ?

For use on computers in the demilitarized zone. Only selected incoming connections are accepted, and limited access to the internal network is allowed.

What are the default settings for the firewalld zone External?

For use on external networks with masquerading (Network Address Translation [NAT]) enabled, used especially on routers. Only selected incoming connections are accepted.

What are the default settings for the firewalld zone Home?

For use with home networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.

If a file is copied to a directory, how are the SELinux context settings applied?

If a file is moved, or copied while keeping its properties (by using cp -a ), the original context settings of the file are applied.

If a new file is created, how are the SELinux context settings applied?

If a new file is created, it inherits the context settings from the parent directory.

When you are creating a PXE boot server, the boot menu must be created in a file. What is the name of that file?

In the TFTP root directory, create a directory pxelinux.cfg and in this directory create the file default that contains specific bootloader options

What are the default settings for the firewalld zone Block?

Incoming network connections are rejected with an "icmp-host-prohibited" message. Only network connections that were initiated on this system are allowed.

In the linux kernel how is firewalling implemented?

It is implemented through the netfilter subsystem

Which three features cannot be configured using system-config-kickstart?

LVM logical volumes, firewalld firewall configuration, and individual packages

When would you use the chcon command?

Never!

Can iptables be used with firewalld?

No they are mutually exclusive.

If you are checking the status of a service using systemctl status where can you see if the service was enabled of disabled?

On the loaded line Loaded: (loaded /usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)

What does the SELinux core element Labels do?

Same as context label, defined to determine which source domain has access to which target domain.

You start your server and nothing happens. You just see a blinking cursor and that's all. What is the first step to troubleshoot this issue?

Start from a rescue system

What file system is the interface to the Linux kernel?

The /proc file system is an interface to the Linux kernel, and it contains files with detailed actual status information on what is happening on your server

What statement in a Unit section can be used to list units that cannot be used together?

The Conflicts statement is used

In your grub configuration file what is the line that contains the boot arguments for the kernel on your servers?

The most important part that it configures is the GRUB-CMDLINE_LINUX option. This line contains boot arguments for the kernel on your server.

If you have sealert installed where does it log messages that are easier to understand?

The next time an SELinux message is written to the audit log, an easier-to-understand message is written to syslog and by default can be read in /var/log/messages

What does the SELinux core element Source Domain do?

The object that is trying to access a target. Typically a user or a process.

What process is used to initialize hardware?

The systemd-udevd process takes care of loading the appropriate driver and making the hardware device available.

What does the SELinux core element Target Domain do?

The thing that a source domain is trying to access. Typically a file or port.

Why can it happen that you get the message that a target cannot be isolated?

There are two types of targets: targets that can run independently and targets that cannot. Check the target unit file to find out more about this.

What can you do if you get an error message while trying to unload a kernel module?

Use lsmod to find out which other kernel modules currently need this kernel module and unload these kernel modules first. Notice that this will not always work, especially not if the considered hardware currently is in use

Your service does not work as expected and you want to know whether it is due to SELinux or something else. What is the easiest way to find out?

Use setenforce 0 to temporarily switch SELinux to permissive mode and try again.

Which command enables you to make sure that a target is no longer eligible for automatic start on system boot?

Use systemctl mask

You do not see any service-specific SELinux man page. What solution do you need to apply?

Use the sepolicy manpage command.

Every context label has three parts. What are they and how can they be identified?

User: can be recognized by _u in the label Role: can be recognized by _r in the label Type: can be recognized by _t in the label

You want to install a server using the installation disk and a Kickstart file that is available at http://server.example.com/kickstart.cfg . How do you specify to the installer that this file should be used?

While the boot menu shows, press Tab. This opens the GRUB 2 prompt. On the GRUB 2 prompt, add ks=http://server.example.com/kickstart.cfg

What file systems can only be increased and what file systems can be increased and reduced?

XFS - can only be increased EXT4 - can be increased and decreased Btrfs - can be increased and decreased

If you are going to reduce an EXT4 file system, what state must it be in?

You can only reduce the volume when it is offline

What command can you use if the initramfs is damaged?

You can use the dracut command

What do you need to do before you create a physical volume?

You need to create a partition marked as the LVM partition type. In fdisk or gdisk you need to press t to change the partition type. MBR disk is 8e, GUID is 8300

What unit makes firewalld management easier?

Zones

I want to find out where the filename of where the ext4 driver is, what is the command I would use?

[root@client rules.d]# modinfo ext4| grep filename filename: /lib/modules/3.10.0-957.12.2.el7.x86_64/kernel/fs/ext4/ext4.ko.xz

How can you tell if the service cannot be stated on boot?

[root@client system]# systemctl status -l iptables ● iptables.service Loaded: masked (/dev/null; bad) Active: inactive (dead)

Which command should you use to unload a kernel module, including all of its dependencies? a. rmmod b. insmod -r c. modprobe -r d. modprobe

c modprobe -r

Where do you find current version information about your RHEL 7 installation?

cat /etc/redhat-release

While troubleshooting the root password, what do you need to do to make sure the SELinux labels are set correctly?

chcon -t shadow_t /etc/shadow

If you reboot from an installation disk to troubleshoot and you get to a command prompt, what command can you use to mount the root partition?

chroot /mnt/sysimage

If you suspect that you are having a problem with the initramfs, how do you re-create it?

dracut --force

Which key do you need to press to enter the GRUB boot menu editor mode?

e

Which command enables you to test a web server from a server that does not offer a graphical interface?

elinks

How can you see the what the current default zone is in firewalld?

firewall-cmd --get-default-zone

To get a list of all services available on your computer, what command do you use?

firewall-cmd --get-services

How can you see the what the zones are available in firewalld?

firewall-cmd --get-zones

What command can get you the current mode to get the current SELinux mode

getenforce

What is the target equivalent of runlevel 5?

graphical.target

Show a command that will get all of the SELinux messages?

grep AVC /var/log/audit/audit.log

After applying changes to the GRUB 2 configuration, which command should you run?

grub2-mkconfig > /boot/grub2/grub.cfg

You have applied changes to the GRUB 2 boot loader and want to save them. How do you need to do that?

grub2-mkimage > /boot/grub2/grub.cfg

Which file is the Apache process looking for by default in the document root?

index.html

From the shell that you have started to troubleshoot a lost password for user root, you want to load the SELinux policy. Which command enables you to do that?

load_policy -i

How can you display the SELinux context labels on files?

ls -Z

What command gives a hierarchical overview of which disks and partitions are in the LVM volume groups and logical volumes?

lsblk

Lists currently loaded kernel modules

lsmod

Which command shows a list of kernel modules that currently are loaded?

lsmod

Show the command you would use to create a logical volume of 500 megabyte in the physical volume vgdata. Name the logical volume lvvol01

lvcreate -n lvvol01 -L 500M vgdata

Show the command you would use to create a logical volume of half the physical volume vgdata. Name the logical volume lvvol01

lvcreate -n lvvol01 -l 50%FREE vgdata

I want to reduce the logical volume to 750 MB. LV is lvvol01 and VG is vgdata. Show the command you would use

lvreduce -r -l 750M /dev/vgdata/lvvol01

Show the command you would use to remove the logical volume lvvol01. That logical volume resides in the physical volume vgdata.

lvremove /dev/vgdata/lvvol01

I want to add 250 megabytes to the file system /dev/vgdata/lvvol01. Show the command

lvresize -L +250M -r /dev/vgdata/lvvol01

I want to resize the LV to 75 percent of the Volume group. The LV is lvvol01, VG is vgdata and the mount point is /files

lvresize -r -l 75%VG /dev/vgdata/lvvol01

Show the commands you would use to show the logical volumes

lvs - Shows a summary of all available logical volumes lvdisplay - Shows a detailed list of available logical volumes and their properties

You have no clue which context types are available for the ftp service. What command enables you to get more specific information?

man -k _selinux | grep ftp

If you want to make an EXT4 file system out of the logical volume lvvol01 in the PV vgdata, what is the command?

mkfs.ext4 /dev/vgdata/lvvol01

If you want to make an XFS file system out of the logical volume lvvol01 in the PV vgdata, what is the command?

mkfs.xfs /dev/vgdata/lvvol01

Displays information about kernel modules

modinfo

How do you find which kernel module parameters are supported?

modinfo

Loads kernel modules, including all of their dependencies

modprobe

How do you unload a kernel module?

modprobe -r

Unloads kernel modules, considering kernel module dependencies

modprobe -r

Which command enables you to discover kernel module parameters?

modprobe <name>

What is the target equivalent of runlevel 3?

multi-user.target

Assuming that the cdrom module has a parameter "debug" , which must be set to 1 to enable debug mode, which line would you include in the file that will automatically load that module?

options cdrom debug=1

What is the target equivalent of runlevel 0?

poweroff.target

What command shows details about the physical volume?

pvdisplay

What command verifies the physical volumes that were created?

pvs

You want to start troubleshooting a lost root password. Which argument would you pass to the GRUB 2 boot loader?

rd.break

What is the target equivalent of runlevel 6?

reboot.target

What is the target equivalent of runlevel 1?

rescue.target

What makes application makes it easier to decipher the SELinux errors?

sealert

If you want to see the current Boolean setting and the default Boolean setting what would be the command you would want to use?

semanage boolean -l

What commands do you need to run to apply the httpd_sys_content_t context type to the directory /web?

semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" followed by restorecon

What command tells you if SELinux is enabled or disabled?

sestatus

If SELinux is set to permissive how can you temporarily set it to be permissive?

setenforce 0

You want to put SELinux temporarily in permissive mode. Which command do you use?

setenforce 0

If SELinux is set to permissive how can you temporarily set it to be enforcing?

setenforce 1

What is the name of the package you need to install to get easy-to-read SELinux log messages in the audit log?

setroubleshoot-server

What is the command to change the boolean property permanently?

setsebool -P <property> <value>

What is the command to change the boolean property in runtime?

setsebool <property> <value>

Which RPM package contains the bootloader that can be used while doing a PXE boot?

syslinux

What is the name of the utility that can be used to generate Kickstart files?

system-config-kickstart

systemctl command to show all service units that have failed

systemctl --failed --type=service

Which command should you use to show all service units that are currently loaded?

systemctl --type=service

systemctl command to show only service units

systemctl --type=service

To get a list of all targets currently loaded use what command?

systemctl --type=target

For an overview of all targets that exist on your computer, ue what command?

systemctl --type=target --all

How do you enable the httpd service to be started automatically when booting?

systemctl enable httpd

If I wanted to reboot the target using systemctl what would the command be?

systemctl isolate reboot.target

You want to shut down a systemd service, but before doing that you want to know which other units have dependencies to this service. Which command would you use?

systemctl list-dependencies --reverse

Show me the command to list the dependencies of httpd?

systemctl list-dependencies httpd

Show me the command that would list what services are dependent on the httpd service?

systemctl list-dependencies httpd --reverse

You want to find out which units are available in a specific troubleshooting environment. Which command would you use?

systemctl list-units

systemctl command to show all active service units

systemctl list-units --type=service

systemctl command to show all active and inactive service units

systemctl list-units --type=service --all

If I want to make sure iptables never starts upon boot what command can I do to ensure it doesn't start?

systemctl mask iptables

To ensure iptables doesn't screw up firewalld, what command can you use to esure this doesn't happen?

systemctl mask iptables

systemctl command to show detailed status information about a service

systemctl status -l your.service

Which command enables you to see whether the Apache web server is currently running?

systemctl status httpd

You do know the root password on a machine where you want to enter the most minimal troubleshooting mode. Which GRUB 2 boot argument would you use?

systemd.unit.emergency.target

You want to enter troubleshooting mode, but you do not know the root password. Which argument would you pass to the kernel to enter a mode that provides access to most of the machine's functionality?

systemd.unit=rescue.target

Show the command you would use to monitor the plugging and unplugging new hardware devices

udevadm monitor

Which command shows the current version of the kernel that is used on your computer?

uname -r

How do you create a volume of the first partition of the the sdb disk? You want to call the volume vgdata.

vgcreate vgdata /dev/sdb1

I want to remove the physical volume /dev/sdb2 out of the volume group vgdata, show the command you would use

vgredeuce vgdata /dev/sdb2

Give the two commands that will allow you to see the volume group

vgs - Shows a summary of available volume groups vgdisplay - Shows a detailed list of volume groups and their properties

After installing the TFTP server, which service must be enabled and started to give access to the TFTP server?

xinetd. Use systemctl start xinetd and systemctl enable xinetd to make it available

If the wrong context setting is ever applied to the file system, what can you do to fix it?

you just have to type restorecon to reapply if from the policy to the file system

Which command installs the software packages that are needed to configure an Apache web server? a. yum install httpd b. yum install web-server c. yum install apache d. yum install apache2

yum install httpd

How do you install a new version of the kernel?

yum upgrade kernel

There are three places where dracut is configured, what are they?

■ /usr/lib/dracut/dracut.conf.d/*.conf contains the system default configuration files. ■ /etc/dracut.conf.d contains custom dracut configuration files. ■ /etc/dracut.conf is used as the master configuration file.