CertGrid
Linux Certification

LPIC-2: Linux Engineer Practice Exam

Validates advanced Linux administration — kernel, networking services, web/file/email services, and security.

Practice 1,424 exam-style LPIC-2 questions with full answer explanations, then take timed mock exams that score like the real thing.

Start practicing free Sign in
1,424
Practice questions
60
On the real exam
625
Passing score
90 min
Exam length

What the LPIC-2 exam covers

Free LPIC-2 sample questions

A sample of 10 questions with answers and explanations. Sign up free to practice all 1,424.

  1. Question 1Capacity PlanningSelect all that apply

    Which TWO commands report system resource usage? (Choose TWO)

    • Avmstat / free (memory)Correct
    • Bnslookup
    • Ctop / iostat (CPU/IO)Correct
    • Duseradd
    ✓ Correct answer: A, C

    vmstat reports virtual memory statistics including process counts, memory usage, paging activity, block I/O, and CPU scheduling, making it a core tool for capacity planning. free displays current memory and swap utilization in a concise summary. top provides real-time, continuously updated views of CPU and memory usage per process, while iostat breaks down CPU time and per-device I/O throughput. Together these utilities give comprehensive visibility into system resource consumption.

    Why the other options are wrong
    • Bnslookup is incorrect because nslookup is a DNS query tool used to resolve domain names and has no capability to report system resource usage such as CPU, memory, or I/O statistics.
    • Duseradd is incorrect because useradd is a user account creation utility and has no relation to monitoring or reporting system resource usage.
  2. Question 2Capacity Planning

    An administrator wants to see a system-wide summary of all active swap areas, including each device or file, its type, total size, the amount currently used, and its priority, in a single table. Which command produces this?

    • Aswapon --showCorrect
    • Bfree --swap-only
    • Ccat /proc/swaps_detail
    • Ddf -t swap
    ✓ Correct answer: A

    'swapon --show' (equivalently 'swapon -s', or reading /proc/swaps) prints a tabular list of every active swap area with columns for NAME, TYPE (partition or file), SIZE, USED, and PRIO. This is the canonical way to inventory swap configuration and observe how much of each area is consumed and at what priority the kernel will use it. Higher-priority areas are filled before lower-priority ones.

    Why the other options are wrong
    • BIt complements 'free', which only shows aggregate swap totals. free --swap-only is incorrect because 'free' has no '--swap-only' option and reports only aggregate swap totals, not a per-area table with type and priority.
    • Ccat /proc/swaps_detail is incorrect because the kernel exposes swap details at /proc/swaps, not /proc/swaps_detail.
    • Ddf -t swap is incorrect because 'df' reports mounted filesystem usage; swap areas are not mounted filesystems and do not appear in df output.
  3. Question 3Capacity Planning

    A Nagios check should warn before a CPU becomes saturated rather than after. For a 4-core host you want a WARNING when the 5-minute load average exceeds 4 and a CRITICAL when it exceeds 6. Which Nagios concept implements this proactive, threshold-based capacity alert?

    • AA check_load plugin call with warning and critical thresholds (e.g., -w and -c) tuned to the core countCorrect
    • BA passive freshness check that never sets thresholds
    • CAn event handler that reformats the graph colors
    • DA notification escalation that fires only after the host goes down
    ✓ Correct answer: A

    check_load reports the 1/5/15-minute load averages and compares them to administrator-set warning (-w) and critical (-c) thresholds, raising states before the host actually fails. Tuning those thresholds to the CPU count (warn near the core count, critical above it) gives an early, proactive signal that capacity is being approached. This threshold-based plugin model is exactly how Nagios delivers predictive alerting rather than reactive failure detection. It lets you act before saturation bites.

    Why the other options are wrong
    • BA passive freshness check that never sets thresholds is incorrect because freshness only verifies that results arrive on time and sets no load thresholds.
    • CAn event handler that reformats the graph colors is incorrect because event handlers run remediation actions and do not define alert thresholds, and color is irrelevant.
    • DA notification escalation that fires only after the host goes down is incorrect because that is reactive, the opposite of warning before saturation.
  4. Question 4Linux Kernel

    A module named 'thermal' shows a use count greater than zero in lsmod and 'modprobe -r thermal' refuses to remove it. You determine the dependent modules are no longer needed. Which single command removes thermal and recursively unloads the now-unused modules it depended on?

    • Amodprobe -r --remove-dependencies thermalCorrect
    • Brmmod -r thermal
    • Cdepmod -r thermal
    • Dmodprobe --autoclean thermal
    ✓ Correct answer: A

    When you pass --remove-dependencies to 'modprobe -r', it not only unloads the named module but also recursively unloads the modules that depend on it (and their now-unused dependencies), provided their use counts allow removal. This is the targeted way to clear out a module along with its dependency chain in one command. Without --remove-dependencies, modprobe -r only removes the named module and the prerequisites it pulled in.

    Why the other options are wrong
    • Brmmod -r thermal is incorrect because rmmod has no -r recursive option in the modern kmod implementation; rmmod operates on the single module named.
    • Cdepmod -r thermal is incorrect because depmod builds dependency indexes and cannot unload any module.
    • Dmodprobe --autoclean thermal is incorrect because there is no --autoclean option in modern modprobe; autocleaning of unused modules was a legacy kerneld/kmod feature unrelated to this removal.
  5. Question 5System Startup

    In a service unit, the [Service] section uses 'Type=notify'. What behavior does systemd expect from the main process?

    • Asystemd considers the service started as soon as the process is forked
    • BThe process must send a readiness message via sd_notify() before systemd treats it as startedCorrect
    • CThe process must fork into the background and the parent must exit
    • DThe service runs once, exits, and is then considered active
    ✓ Correct answer: B

    With 'Type=notify', systemd holds the unit in the 'activating' state until the daemon calls sd_notify() with 'READY=1' over its $NOTIFY_SOCKET, at which point the unit transitions to 'active (running)'. This gives accurate readiness signaling, so units ordered After= it do not start until the daemon is genuinely ready to serve. It requires the daemon to be written to use the sd_notify protocol, unlike simpler types that infer readiness from process lifecycle.

    Why the other options are wrong
    • Asystemd considers the service started as soon as the process is forked is incorrect because that describes 'Type=simple', where readiness is assumed immediately at exec without any confirmation.
    • CThe process must fork into the background and the parent must exit is incorrect because that double-fork model is 'Type=forking', used for traditional daemons that background themselves.
    • DThe service runs once, exits, and is then considered active is incorrect because that describes 'Type=oneshot', typically used for setup tasks rather than long-running daemons.
  6. Question 6System Startup

    A systemd boot fails because /home (a separate filesystem) has a corrupt superblock that systemd-fsck cannot repair, and the system drops to emergency mode with root mounted read-only. You want to repair /home's ext4 superblock using a backup copy. Which command attempts the repair using an alternate superblock at block 32768?

    • Ae2fsck -b 32768 /dev/sda5Correct
    • Be2fsck -p 32768 /dev/sda5
    • Ctune2fs -s 32768 /dev/sda5
    • Dmke2fs -S -b 32768 /dev/sda5
    ✓ Correct answer: A

    When the primary superblock is corrupt, e2fsck can be pointed at a backup superblock with the '-b' option.

    Why the other options are wrong
    • Be2fsck -p 32768 /dev/sda5 is incorrect because '-p' means automatic (preen) mode and does not take a block number as its argument; the device would be misinterpreted.
    • Ctune2fs -s 32768 /dev/sda5 is incorrect because tune2fs -s toggles the sparse_super feature flag and cannot perform a superblock recovery check. mke2fs -S -b 32768 /dev/sda5 is incorrect because 'mke2fs -S' rewrites the superblocks and group descriptors only, a last-resort that does NOT recover data and is dangerous unless the geometry is recreated exactly; it is not a repair tool like e2fsck.
    • Dext4 keeps redundant superblock copies (located via 'mke2fs -n' or 'dumpe2fs'), commonly at block 32768 for typical block sizes. Running 'e2fsck -b 32768 /dev/sda5' lets the check proceed using that backup copy and repair the filesystem so /home mounts again.
  7. Question 7Filesystem and Devices

    You want mkfs.ext4 to lay down a filesystem on /dev/sdl1 but tune it with one inode per 16384 bytes of space (a larger bytes-per-inode ratio) to suit a filesystem of large files. Which option sets the bytes-per-inode ratio?

    • Amkfs.ext4 -i 16384 /dev/sdl1Correct
    • Bmkfs.ext4 -I 16384 /dev/sdl1
    • Cmkfs.ext4 -N 16384 /dev/sdl1
    • Dmkfs.ext4 -b 16384 /dev/sdl1
    ✓ Correct answer: A

    The lowercase -i option sets the bytes-per-inode ratio: mke2fs creates one inode for every 16384 bytes of filesystem space, so a larger ratio yields fewer total inodes, which is appropriate when storing relatively few large files. Reducing the inode count saves space that would otherwise be reserved for inode tables. This is distinct from -I, which sets the size of each inode rather than how many are created. Choosing the ratio at creation time is important because it cannot be changed afterward without reformatting.

    Why the other options are wrong
    • Bmkfs.ext4 -I 16384 /dev/sdl1 is incorrect because uppercase -I sets the size of each individual inode in bytes, not the bytes-per-inode ratio governing how many inodes are created.
    • Cmkfs.ext4 -N 16384 /dev/sdl1 is incorrect because -N sets an explicit total number of inodes rather than a bytes-per-inode ratio.
    • Dmkfs.ext4 -b 16384 /dev/sdl1 is incorrect because -b sets the block size (and 16384 exceeds the valid ext4 block-size range), having nothing to do with the inode ratio.
  8. Question 8Networking Configuration

    An interface eth0 has accumulated several stale and incorrect IP addresses from prior testing. The administrator wants to remove ALL IPv4 and IPv6 addresses from eth0 in one step before reconfiguring. Which command does this?

    • Aip addr flush dev eth0Correct
    • Bip addr del all dev eth0
    • Cip link set eth0 down
    • Dip route flush dev eth0
    ✓ Correct answer: A

    The 'ip addr flush dev eth0' command removes every address configured on the interface in a single operation, clearing both IPv4 and IPv6 entries unless a family filter is added. This is the intended way to wipe an interface's addressing before applying a clean configuration. Because it operates on the address list maintained by the kernel, no individual deletions are required. The interface itself remains administratively up, ready to receive new addresses.

    Why the other options are wrong
    • Bip addr del all dev eth0 is incorrect because 'ip addr del' requires a specific address argument and 'all' is not a valid address keyword.
    • Cip link set eth0 down is incorrect because bringing the link down does not delete the configured addresses; they reappear when the link is brought back up.
    • Dip route flush dev eth0 is incorrect because it removes routes associated with the interface, not the IP addresses assigned to it.
  9. Question 9Networking ConfigurationSelect all that apply

    An administrator wants to inventory both the local sockets a server is exposing and the open files (including sockets) held by a runaway process. Which TWO commands are appropriate for these complementary tasks? (Choose TWO)

    • Ass -tulnp to list all listening TCP and UDP sockets with owning processesCorrect
    • Blsof -p 4821 to list every open file and socket held by PID 4821Correct
    • Cip neigh flush all to display the listening sockets
    • Dtraceroute -n localhost to enumerate open ports
    ✓ Correct answer: A, B

    The ss -tulnp command shows the full listening footprint: -t and -u for TCP and UDP, -l for listeners, -n for numeric ports, and -p for the owning program, which inventories everything the server exposes. The lsof -p 4821 command lists every file descriptor a specific process holds, including its network sockets, which is ideal for examining a runaway process's resource usage. These two tools complement each other for socket and open-file inventory.

    Why the other options are wrong
    • Cip neigh flush all to display the listening sockets is incorrect because it deletes the ARP/neighbor cache and shows nothing about listening sockets.
    • Dtraceroute -n localhost to enumerate open ports is incorrect because traceroute maps a network path and cannot enumerate listening ports on the local host.
  10. Question 10System Services

    A dnsmasq instance should resolve names from a local hosts-style file for the domain lan, returning fixed addresses without ever forwarding lan queries upstream. Which directive declares lan as a domain answered only from local data?

    • Alocal=/lan/Correct
    • Bserver=/lan/
    • Cdomain-needed=/lan/
    • Drebind-domain-ok=/lan/
    ✓ Correct answer: A

    The local=/lan/ directive tells dnsmasq that the lan domain is served only from local sources such as /etc/hosts, additional addn-hosts files, or address= entries, and that queries for it must never be forwarded to upstream servers. This prevents leaking internal names to the Internet and ensures negative answers for unknown lan names are generated locally. It is functionally equivalent to server=/lan/ with no address, but local is the clearer, intent-revealing form. This is a common way to authoritatively own an internal namespace on a small network.

    Why the other options are wrong
    • Bserver=/lan/ is incorrect as written because server=/lan/ requires a trailing upstream IP (server=/lan/192.168.1.1) to route the domain; with no address it is not the standard local-only form.
    • Cdomain-needed=/lan/ is incorrect because domain-needed takes no argument and simply stops dnsmasq from forwarding plain names with no dots to upstream servers.
    • Drebind-domain-ok=/lan/ is incorrect because that directive whitelists a domain from DNS-rebind protection and does not make a domain locally authoritative.
Unlock all 1,424 LPIC-2 questions

LPIC-2 practice exam FAQ

How many questions are in the LPIC-2 practice exam on CertGrid?

CertGrid has 1,424 practice questions for LPIC-2: Linux Engineer, covering 6 exam domains. The real LPIC-2 exam has about 60 questions.

What is the passing score for LPIC-2?

The LPIC-2 exam passing score is 625, and you have about 90 minutes to complete it. CertGrid scores your practice attempts the same way so you know when you are ready.

Are these official LPIC-2 exam questions?

No. CertGrid is an independent practice platform. Questions are written to mirror the style and concepts of LPIC-2: Linux Engineer, with full explanations, but they are not official or copied vendor exam items. They are original practice questions designed to help you genuinely learn the material.

Can I practice LPIC-2 for free?

Yes. You can start practicing LPIC-2: Linux Engineer for free with daily practice and sample questions. Paid plans unlock full timed exams, complete explanations, and domain analytics.