CompTIA CompTIA Certifications XK0-005 Questions & Answers

• Question 51:

  A Linux administrator is installing a web server and needs to check whether web traffic has already been allowed through the firewall. Which of the following commands should the administrator use to accomplish this task?

  A. firewalld query-service-http

  B. firewall-cmd --check-service http

  C. firewall-cmd --query-service http

  D. firewalld --check-service http

  Correct Answer: C

  Explanation: The command firewall-cmd --query-service http will accomplish the task of checking whether web traffic has already been allowed through the firewall. The firewall- cmd command is a tool for managing firewalld, which is a firewall service that provides dynamic and persistent network security on Linux systems. The firewalld uses zones and services to define the rules and policies for the network traffic. The zones are logical groups of network interfaces and sources that have the same level of trust and security. The services are predefined sets of ports and protocols that are associated with certain applications or functions. The --query-service http option queries whether a service is enabled in a zone. The http is the name of the service that the command should check. The http service represents the web traffic that uses the port 80 and the TCP protocol. The command firewall-cmd --query-service http will check whether the http service is enabled in the default zone, which is usually the public zone. The command will return yes if the web traffic has already been allowed through the firewall, or no if the web traffic has not been allowed through the firewall. This is the correct command to use to accomplish the task. The other options are incorrect because they either do not exist (firewalld query-service- http or firewalld --check-service http) or do not query the service (firewall-cmd --check- service http instead of firewall-cmd --query-service http). References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 392.

• Question 52:

  A Linux systems administrator needs to copy files and directories from Server A to Server B.

  Which of the following commands can be used for this purpose? (Select TWO)

  A. rsyslog

  B. cp

  C. rsync

  D. reposync

  E. scp

  F. ssh

  Correct Answer: CE

  Explanation: The rsync and scp commands can be used to copy files and directories from Server A to Server B. Both commands can use SSH as a secure protocol to transfer data over the network. The rsync command can synchronize files and directories between two locations, using various options to control the copying behavior. The scp command can copy files and directories between two hosts, using similar syntax as cp. The rsyslog command is used to manage system logging, not file copying. The cp command is used to copy files and directories within a single host, not between two hosts. The reposync command is used to synchronize a remote yum repository to a local directory, not copy files and directories between two hosts. References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Networking Fundamentals, pages 440-441.

• Question 53:

  Which of the following directories is the mount point in a UEFI system?

  A. /sys/efi

  B. /boot/efi

  C. /efi

  D. /etc/efi

  Correct Answer: B

  Explanation: The /boot/efi directory is the mount point in a UEFI system. This directory contains the EFI System Partition (ESP), which stores boot loaders and other files required by UEFI firmware. The /sys/efi directory does not exist by default in Linux systems. The /efi directory does not exist by default in Linux systems. The /etc/efi directory does not exist by default in Linux systems. References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing the Linux Boot Process, page 398.

• Question 54:

  A user is unable to remotely log on to a server using the server name server1 and port 22. The Linux engineer troubleshoots the issue and gathers the following information: Which of the following is most likely causing the issue?

  

  A. server 1 is not in the DNS.

  B. sshd is running on a non-standard port.

  C. sshd is not an active service.

  D. serverl is using an incorrect IP address.

  Correct Answer: B

  The sshd is the Secure Shell Daemon, which is a service that allows remote login to a Linux system using the SSH protocol. The output shows that the sshd is running on port 2222, which is a non-standard port for SSH. The default port for SSH is 22, which is what the user is trying to use. Therefore, the statement B is most likely causing the issue. The statements A, C, and D are incorrect because they do not explain why the user cannot log on using port 22. References: [How to Change SSH Port in Linux]

• Question 55:

  Users are reporting that writes on a system configured with SSD drives have been taking longer than expected, but reads do not seem to be affected. A Linux systems administrator is investigating this issue and working on a solution. Which of the following should the administrator do to help solve the issue?

  A. Run the corresponding command to trim the SSD drives.

  B. Use fsck on the filesystem hosted on the SSD drives.

  C. Migrate to high-density SSD drives for increased performance.

  D. Reduce the amount of files on the SSD drives.

  Correct Answer: A

  TRIM is a feature that allows the operating system to inform the SSD which blocks of data are no longer in use and can be wiped internally. This helps to maintain the SSD's performance and endurance by preventing unnecessary write operations and reducing write amplification12. Running the corresponding command to trim the SSD drives, such as fstrim or blkdiscard on Linux, can help to solve the issue of slow writes by freeing up space and optimizing the SSD's internal garbage collection34. References: 1: What is SSD TRIM, why is it useful, and how to check whether it is turned on 2: How to Trim SSD in Windows 10 3: How to run fsck on an external drive with OS X? 4: How to Use the fsck Command on Linux

• Question 56:

  A Linux administrator wants to prevent the httpd web service from being started both manually and automatically on a server. Which of the following should the administrator use to accomplish this task?

  A. systemctl mask httpd

  B. systemctl disable httpd

  C. systemctl stop httpd

  D. systemctl reload httpd

  Correct Answer: A

  The best command to use to prevent the httpd web service from being started both manually and automatically on a server is A. systemctl mask httpd. This command will create a symbolic link from the httpd service unit file to /dev/null, which will make the service impossible to start or enable. This is different from systemctl disable httpd, which will only prevent the service from starting automatically on boot, but not manually. The other commands are either not relevant or not sufficient for this task. For example:

  C. systemctl stop httpd will only stop the service if it is currently running, but it will not prevent it from being started again.

  D. systemctl reload httpd will only reload the configuration files of the service, but it will not stop or disable it.

• Question 57:

  A systems administrator requires that all files that are created by the user named web have read-only permissions by the owner. Which of the following commands will satisfy this requirement?

  A. chown web:web /home/web

  B. chmod -R 400 /home/web

  C. echo "umask 377" >> /home/web/.bashrc

  D. setfacl read /home/web

  Correct Answer: C

  Explanation: The command that will satisfy the requirement of having all files that are created by the user named web have read-only permissions by the owner is echo "umask 377" >> /home/web/.bashrc. This command will append the umask 377 command to the end of the .bashrc file in the web user's home directory. The .bashrc file is a shell script that is executed whenever a new interactive shell session is started by the user. The umask command sets the file mode creation mask, which determines the default permissions for newly created files or directories by subtracting from the maximum permissions (666 for files and 777 for directories). The umask 377 command means that the user does not want to give any permissions to the group or others (3 = 000 in binary), and only wants to give read permission to the owner (7 - 3 = 4 = 100 in binary). Therefore, any new file created by the web user will have read-only permission by the owner

  (400) and no permission for anyone else. References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter

  8: Managing Users and Groups; Umask Command in Linux | Linuxize

• Question 58:

  An administrator runs ping comptia.org. The result of the command is:

  ping: comptia.org: Name or service not known

  Which of the following files should the administrator verify?

  A. /etc/ethers

  B. /etc/services

  C. /etc/resolv.conf

  D. /etc/sysctl.conf

  Correct Answer: C

  The best file to verify when the ping command returns the error "Name or service not known" is C. /etc/resolv.conf. This file contains the configuration for the DNS resolver, which is responsible for translating domain names into IP addresses.

  If this file is missing, corrupted, or has incorrect entries, the ping command will not be able to resolve the domain name and will fail with the error. To fix this issue, the administrator should check that the file exists, has proper permissions, and

  has valid nameserver entries. For example, a typical /etc/resolv.conf file may look like this:

  nameserver 8.8.8.8 nameserver 8.8.4.4

  These are the IP addresses of Google's public DNS servers, which can be used as a fallback option if the default DNS servers are not working.

• Question 59:

  A user generated a pair of private-public keys on a workstation. Which of the following commands will allow the user to upload the public key to a remote server and enable passwordless login?

  A. scp ~/.ssh/id_rsa user@server:~/

  B. rsync ~ /.ssh/ user@server:~/

  C. ssh-add user server

  D. ssh-copy-id user@server

  Correct Answer: D

  Explanation: The command ssh-copy-id user@server will allow the user to upload the public key to a remote server and enable passwordless login. The ssh-copy-id command is a tool for copying the public key to a remote server and appending it to the authorized_keys file, which is used for public key authentication. The command will also set the appropriate permissions on the remote server to ensure the security of the key. The command ssh-copy-id user@server will copy the public key of the user to the server and allow the user to log in without a password. This is the correct command to use for this task. The other options are incorrect because they either do not copy the public key (scp, rsync, or ssh-add) or do not use the correct syntax (scp ~/.ssh/id_rsa user@server:~/ instead of scp ~/.ssh/id_rsa.pub user@server:~/ or rsync ~ /.ssh/ user@server:~/ instead of rsync ~/.ssh/id_rsa.pub user@server:~/). References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 13: Managing Network Services, page 410.

• Question 60:

  Rugged appliances are small appliances with ruggedized hardware and like Quantum Spark appliance they use which operating system?

  A. Centos Linux

  B. Gaia embedded

  C. Gaia

  D. Red Hat Enterprise Linux version 5

  Correct Answer: B

  Explanation: Rugged appliances are small appliances with ruggedized hardware that use Gaia embedded as their operating system. Gaia embedded is a version of Gaia that is optimized for embedded devices such as Rugged appliances and Quantum Spark appliances. Gaia embedded supports features such as VPN, firewall, identity awareness, application control, URL filtering, and anti-bot. Gaia embedded does not use Centos Linux, Gaia, or Red Hat Enterprise Linux version 5 as their operating system. References: Check Point Rugged Appliance Datasheet, page 1.