CompTIA Linux+ (XK0-005) Practice Exam

What the CompTIA Linux+ (XK0-005) exam covers

• System Management310 questions
• Scripting and Automation300 questions
• Security300 questions
• Troubleshooting304 questions

Free CompTIA Linux+ (XK0-005) sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 1,214.

1. Question 1System ManagementSelect all that apply

   Which TWO commands display running processes? (Choose TWO)

   • AtopCorrect
   • Bchmod
   • CpsCorrect
   • Duseradd
   ✓ Correct answer: A, C

   Both top and ps commands display running processes on a Linux system, though with different interfaces. The ps command captures a static snapshot of processes with options like aux for all-user processes with detailed information (USER, PID, CPU%, MEM%, COMMAND). The top command provides an interactive, real-time monitor showing dynamic CPU and memory usage.

   Why the other options are wrong

   • Bchmod is incorrect because it modifies file permissions, not displaying processes.
   • Duseradd is incorrect because it creates user accounts in the system; neither command provides process monitoring.
2. Question 2System Management

   A filesystem reports it is full when applications try to write, yet 'df -h' shows the partition is only 60% used. Which command should the administrator run to investigate the most likely cause?

   • Adf -iCorrect
   • Bdu -sh /
   • Cfree -m
   • Dlsblk -f
   ✓ Correct answer: A

   The df -i command reports inode usage rather than block usage. A filesystem can have plenty of free disk space (low block usage) yet refuse new writes because it has exhausted its inodes, which happens when a directory contains an enormous number of very small files. Comparing IUse% from df -i against the block usage from df -h quickly confirms inode exhaustion as the cause.

   Why the other options are wrong

   • Bdu -sh / is incorrect because du summarizes space consumed by files, which is useful for finding large directories but does not reveal inode exhaustion when blocks are not full.
   • Cfree -m is incorrect because it reports RAM and swap, not filesystem space or inodes.
   • Dlsblk -f is incorrect because it lists block devices and their filesystem types and UUIDs, not inode utilization.
3. Question 3Security

   An SELinux denial is suspected but no AVC messages appear in the audit log. The administrator wants to ensure dontaudit rules are not hiding the denials so they can be analyzed. Which command temporarily disables dontaudit rules?

   • Asemodule -DBCorrect
   • Bsetenforce 0
   • Caudit2allow -d
   • Dsealert -a /var/log/audit/audit.log
   ✓ Correct answer: A

   SELinux policy includes dontaudit rules that suppress logging of expected, benign denials to keep logs clean. semodule -DB (disable dontaudit, then build/reload the policy) turns off dontaudit suppression so all denials, including previously hidden ones, are written to the audit log for troubleshooting. You re-enable normal behavior afterward with semodule -B.

   Why the other options are wrong

   • Bsetenforce 0 is incorrect because permissive mode logs denials but still lets actions through; it does not reveal denials that are suppressed by dontaudit rules.
   • Caudit2allow -d is incorrect because -d makes audit2allow read denials from dmesg; it generates policy from existing AVCs but cannot expose dontaudit-suppressed events.
   • Dsealert -a /var/log/audit/audit.log is incorrect because it analyzes denials already present in the log and cannot surface entries that were never recorded due to dontaudit.
4. Question 4System Management

   You want a one-line, easily scriptable answer that prints 'enabled' and returns exit status 0 only if firewalld is configured to start at boot, regardless of whether it is currently running. Which command provides this?

   • Asystemctl status firewalld
   • Bsystemctl is-active firewalld
   • Csystemctl is-enabled firewalldCorrect
   • Dsystemctl list-units firewalld
   ✓ Correct answer: C

   The 'systemctl is-enabled' subcommand reports the boot-time enablement state of a unit, printing 'enabled' and returning exit status 0 when the service is set to start automatically at boot. It examines the [Install]-created symlinks rather than the live process, so its answer is independent of whether the service is currently running. This makes it the precise tool for checking persistent autostart configuration in a script.

   Why the other options are wrong

   • Asystemctl status firewalld is incorrect because it produces multi-line human-oriented output mixing runtime and enablement info, which is awkward to parse and whose exit code reflects active state, not enablement.
   • Bsystemctl is-active firewalld is incorrect because it reports only the current running state, not whether the unit starts at boot.
   • Dsystemctl list-units firewalld is incorrect because it lists loaded units with their active/sub state and shows nothing about boot enablement.
5. Question 5System Management

   A user's crontab has '@reboot /opt/startup.sh'. What does this special string cause cron to do?

   • ARun /opt/startup.sh once each time the system bootsCorrect
   • BRun /opt/startup.sh every time any user reboots their session
   • CReboot the system and then run /opt/startup.sh
   • DRun /opt/startup.sh hourly until the next reboot
   ✓ Correct answer: A

   cron supports special nickname strings that replace the five time fields.

   Why the other options are wrong

   • BRun /opt/startup.sh every time any user reboots their session is incorrect because @reboot is tied to system/cron startup, not to individual user login or session events. Reboot the system and then run /opt/startup.sh is incorrect because @reboot does not initiate a reboot; it merely runs the job after one occurs.
   • CThe '@reboot' nickname schedules the command to run a single time when cron starts up after the system boots, which is the typical place users put per-user startup tasks. Other nicknames include @daily, @weekly, @monthly, and @yearly as shorthands for common schedules.
   • DRun /opt/startup.sh hourly until the next reboot is incorrect because @reboot fires only once at startup and has no recurring hourly behavior.
6. Question 6Scripting and Automation

   A script must read /etc/hosts line by line, preserving each full line including any leading or trailing whitespace, and process every line including the last one even if the file has no trailing newline. Which construct is correct?

   • AWhile IFS= read -r line || [ -n "$line" ]; do process "$line"; done < /etc/hostsCorrect
   • BFor line in $(cat /etc/hosts); do process "$line"; done
   • CWhile read line; do process $line; done < /etc/hosts
   • Dcat /etc/hosts | while line=read; do process "$line"; done
   ✓ Correct answer: A

   Setting IFS= prevents read from stripping leading and trailing whitespace, and -r prevents backslash interpretation so the raw line is preserved exactly.

   Why the other options are wrong

   • Bfor line in $(cat /etc/hosts); do process "$line"; done is incorrect because command substitution undergoes word splitting on IFS and globbing, so it iterates over individual words rather than whole lines and mangles whitespace. while read line; do process $line; done < /etc/hosts is incorrect because without IFS= read strips leading/trailing whitespace, without -r it eats backslashes, and unquoted $line undergoes further word splitting and globbing.
   • CThe '|| [ -n "$line" ]' clause ensures a final line lacking a trailing newline is still processed, because read returns non-zero at EOF but may still have populated line. Redirecting the file into the loop with '< /etc/hosts' avoids a subshell so variable changes persist.
   • Dcat /etc/hosts | while line=read; do process "$line"; done is incorrect because 'line=read' is a variable assignment, not the read command, so it never actually reads input and the loop body sees an empty line.
7. Question 7Scripting and Automation

   You want sort to order a file of version-like strings (1.2, 1.10, 1.9) so that 1.10 comes after 1.9. Which option produces correct natural version ordering?

   • Asort -V versions.txtCorrect
   • Bsort -n versions.txt
   • Csort -r versions.txt
   • Dsort versions.txt
   ✓ Correct answer: A

   The -V (version sort) option compares strings by treating embedded numeric segments as numbers, so it correctly orders 1.2, 1.9, then 1.10, matching how software version numbers should rank. Plain numeric or lexical sorting cannot handle multiple dot-separated number groups. -V is purpose-built for version and release-name ordering.

   Why the other options are wrong

   • Bsort -n versions.txt is incorrect because -n parses only a single leading number, so it would compare just the major component (all '1') and then fall back inconsistently, misordering 1.10 and 1.9.
   • Csort -r versions.txt is incorrect because -r merely reverses the default lexical order and does not interpret numeric segments.
   • Dsort versions.txt is incorrect because the default lexical comparison sorts character by character, placing 1.10 before 1.2 because '1' < '2' at the third character.
8. Question 8Security

   An administrator hardening sshd wants to keep a host key for the modern elliptic-curve algorithm only and reviews the HostKey directive. Which file is the Ed25519 server host key that sshd presents to clients?

   • A/etc/ssh/ssh_host_ed25519_keyCorrect
   • B/etc/ssh/ssh_host_ed25519_key.pub
   • C~/.ssh/id_ed25519
   • D/etc/ssh/known_hosts
   ✓ Correct answer: A

   Server host keys live in /etc/ssh/ with names like ssh_host_ed25519_key (private) and ssh_host_ed25519_key.pub (public). The HostKey directive points sshd at the PRIVATE host key file, which the daemon uses to prove its identity to connecting clients. The matching .pub is what clients store in their known_hosts.

   Why the other options are wrong

   • B/etc/ssh/ssh_host_ed25519_key.pub is incorrect because that is the public component; HostKey must reference the private key the server signs with.
   • C~/.ssh/id_ed25519 is incorrect because that is a USER's personal key for client authentication, not a server host key.
   • D/etc/ssh/known_hosts is incorrect because that file caches the host keys of remote servers a client has connected to, not the local server's own host key.
9. Question 9Security

   A hardening guideline requires that new and changed passwords be hashed with SHA-512 and a higher computational cost. On a system using libpam, which pam_unix.so options in the password stack enforce SHA-512 hashing with an increased number of rounds?

   • Apassword ... pam_unix.so md5 rounds=5000
   • Bpassword ... pam_unix.so sha512 rounds=65536Correct
   • Cauth ... pam_unix.so sha512 nullok
   • Dpassword ... pam_pwquality.so sha512 retry=3
   ✓ Correct answer: B

   In the password management group, pam_unix.so performs the actual hashing of stored credentials; the sha512 option selects the SHA-512 crypt scheme, and rounds= sets the number of SHA-512 iterations, with a higher value such as 65536 increasing the work factor against brute force.

   Why the other options are wrong

   • AThese options must appear on the pam_unix.so line in the 'password' stack so they apply when a password is set or changed. The resulting hash carries a $6$rounds=65536$ prefix in /etc/shadow. password ... pam_unix.so md5 rounds=5000 is incorrect because md5 selects the weak MD5 algorithm rather than SHA-512. auth ...
   • Cpam_unix.so sha512 nullok is incorrect because hashing of stored passwords is configured in the 'password' management group, not the 'auth' group, which only verifies credentials. password ...
   • Dpam_pwquality.so sha512 retry=3 is incorrect because pam_pwquality enforces complexity rules and does not perform hashing; the sha512 option is not valid for it.
10. Question 10Troubleshooting

    You want a single tool that combines ping and traceroute behavior, continuously updating per-hop packet loss and latency statistics in a live display so you can watch a flaky path over time. Which command launches this in its interactive mode against host db.example.com?

    • Amtr db.example.comCorrect
    • Bping -A db.example.com
    • Ctraceroute --interactive db.example.com
    • Dtracepath -l db.example.com
    ✓ Correct answer: A

    mtr (My TraceRoute) merges the functionality of ping and traceroute into one diagnostic, sending probes to every hop on the path and continuously refreshing a table of each hop's loss percentage, last/average/best/worst latency, and standard deviation. Running it without --report opens the live, full-screen interactive display that updates until you quit, which is ideal for spotting an intermittently lossy hop. This makes it the standard tool for watching a flaky path over time.

    Why the other options are wrong

    • Bping -A db.example.com is incorrect because -A only enables adaptive ping timing to a single destination; it gives no per-hop information.
    • Ctraceroute --interactive db.example.com is incorrect because traceroute has no interactive continuous mode and no such option; it runs once and exits.
    • Dtracepath -l db.example.com is incorrect because tracepath only discovers the path and path MTU once with -l setting the initial packet length; it does not provide continuously updating loss/latency statistics per hop.

CompTIA Linux+ (XK0-005) practice exam FAQ