Linux Study Guide

Red Hat Certified System Administrator (RHCSA, EX200-style) Study Guide

The Red Hat Certified System Administrator (RHCSA, EX200) is a 2.5-hour, entirely hands-on performance exam that validates core Red Hat Enterprise Linux administration skills with no multiple-choice questions. Candidates must complete real tasks on live systems covering the shell, file systems, storage, users and permissions, SELinux, services, software management, and basic security. It is intended for system administrators who manage RHEL servers and is the prerequisite foundation for the RHCE certification.

Domain 1 Domain 2 Domain 3 Domain 4 Domain 5

Practice Red Hat Certified System Administrator (RHCSA, EX200-style) questions free Create free account

Domain 1: Operate Running Systems

Key concepts you must know · 345 practice questions

systemctl get-default shows the persistent default boot target; systemctl set-default multi-user.target changes it, and systemctl isolate <target> switches the running system immediately without persisting across reboot.
To reset a lost root password: interrupt GRUB and append rd.break to the kernel line, then mount -o remount,rw /sysroot, chroot /sysroot, passwd root, and create /.autorelabel before exiting so SELinux contexts are fixed on next boot.
Common systemd targets are multi-user.target (text, like old runlevel 3), graphical.target (GUI, runlevel 5), rescue.target (single-user with most services), and emergency.target (minimal, root filesystem mounted read-only).
hostnamectl set-hostname server1.example.com sets the static hostname persistently in /etc/hostname; hostnamectl status also shows transient and pretty hostnames plus OS and kernel info.
journalctl -u <unit> filters the systemd journal by service unit; -b limits to the current boot, -f follows live, -p err filters by priority, and --since/--until filter by time.
The systemd journal is volatile by default; create /var/log/journal (and restart systemd-journald or set Storage=persistent in journald.conf) to make it persist across reboots.
Limit journal disk usage with journalctl --vacuum-size=200M or --vacuum-time=2weeks at runtime, or set SystemMaxUse= in /etc/systemd/journald.conf for a permanent cap.
find searches the filesystem live: find /var -type f -size +100M finds large files, find / -user bob finds files by owner, and find / -perm -4000 finds SUID files.
tar -czpf home.tar.gz /home creates a gzip-compressed archive preserving permissions (-p); -x extracts, -t lists, and -j uses bzip2 while -J uses xz compression.
Process priority is set with nice (launch with a niceness) and renice (change a running PID); niceness ranges from -20 (highest priority) to 19 (lowest), and only root can lower the value.
Signals: kill -15 (SIGTERM) requests graceful shutdown and can be caught; kill -9 (SIGKILL) forces termination and cannot be caught or ignored; kill -1 (SIGHUP) often reloads config.
A process in state D is in uninterruptible sleep (usually blocked on I/O) and cannot be killed even with SIGKILL until the I/O completes; high %wa in top indicates I/O wait.
Schedule recurring tasks with systemd timers (OnCalendar= with Persistent=true to run missed jobs after downtime) or cron; crontab -e edits the current user's jobs and changes take effect immediately.
After editing or adding any unit file you must run systemctl daemon-reload before systemctl will see the change; a unit symlinked to /dev/null is masked and must be unmasked before it can start.

Domain 2: Local Storage and File Systems

Key concepts you must know · 320 practice questions

Standard MBR partitioning uses fdisk and GPT-aware tasks use gdisk or parted; after partitioning a running disk run partprobe or udevadm settle so the kernel re-reads the partition table.
Create swap with mkswap /dev/vdb2 then activate with swapon /dev/vdb2; make it persistent with an /etc/fstab entry using type swap, and verify with swapon --show or free -h.
Always reference filesystems in /etc/fstab by UUID= or LABEL= rather than device names like /dev/vdb1, because kernel device naming can change between boots.
After editing /etc/fstab run mount -a to mount everything and catch syntax errors; a bad fstab entry can drop the system into emergency mode at boot, so always test before rebooting.
Use the nofail option (and _netdev for network filesystems) on non-critical or NFS mounts so a missing device does not block boot; _netdev defers the mount until networking is up.
mkfs.xfs creates the default RHEL filesystem; XFS can grow online with xfs_growfs but cannot be shrunk; ext4 (mkfs.ext4) can be shrunk offline with resize2fs.
Mount an NFS export by adding an entry of type nfs with the server:/export source plus _netdev and nofail options, then mount -a; the nfs-utils package must be installed.
XFS user quotas require the uquota (or gquota for groups) mount option at mount time; configure limits with xfs_quota -x -c 'limit bhard=5g alice' /mountpoint.
tmpfs is a RAM-backed filesystem; mount it with type tmpfs and a size= option (e.g. size=512M) for fast temporary storage that is cleared on reboot.
Stratis provides a simplified storage management layer over device-mapper and XFS via the stratisd service and stratis CLI, creating pools and filesystems with single commands.
lsblk shows block devices and mount points in a tree, blkid shows UUIDs and filesystem types, and df -h shows mounted filesystem usage while du -sh summarizes directory size.
Linux permissions are read(4)/write(2)/execute(1) per owner/group/other; chmod 640 gives owner read-write, group read, others nothing, and chmod uses either octal or symbolic (u+x) notation.
The sticky bit (chmod +t or leading 1, e.g. 1777 on /tmp) lets only a file's owner or root delete or rename files inside a world-writable directory.
chown user:group file changes ownership; chgrp changes only group; chown :group is equivalent to chgrp, and only root can give away ownership of a file.

Domain 3: Users and Groups

Key concepts you must know · 323 practice questions

useradd creates accounts and updates /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow; useradd -u 1500 -d /home/sara -s /bin/bash sara sets a specific UID, home, and shell.
usermod -aG wheel bob appends a supplementary group; omitting -a with -G replaces all supplementary groups, so usermod -G wheel alice removes alice from every other secondary group.
Lock an account with usermod -L user (or passwd -l), unlock with -U; a non-login service account uses a shell of /sbin/nologin so it cannot log in interactively.
Members of the wheel group get sudo access by default in RHEL; add a user with usermod -aG wheel <user>, and group membership only takes effect at next login or after newgrp.
chage manages password aging: chage -E 2026-12-31 user sets account expiration, -M sets max password age, -m sets minimum, and chage -l user lists current settings.
Systemwide account defaults come from /etc/login.defs (UID/GID ranges, password aging) and /etc/default/useradd (default shell, home base, skel directory).
/etc/skel holds files copied into each new user's home directory at creation time; edit it to give every new user a default shell config or files.
id user and getent passwd user return identity information; id shows UID, primary GID, and all groups, while getent also queries network sources like LDAP via NSS.
Set up a collaborative shared directory by creating a group, chgrp-ing the directory to it, and setting the setgid bit (chmod g+s) so new files inherit the directory's group.
A restrictive default umask such as 027 (set in /etc/profile or /etc/bashrc) makes new files group-readable and inaccessible to others by removing those permission bits.
Centralize authentication by joining a domain with SSSD (configured via realm join or authselect) and define sudo rules centrally rather than on each host.
Passwords are hashed in /etc/shadow (root-only readable), not in the world-readable /etc/passwd; passwd changes a user's hash and prompts for confirmation.
userdel removes an account but leaves the home directory unless userdel -r is used; groupdel removes a group, and groupmod -n renames one.
Grant a group a specific command set via a sudoers rule edited with visudo (e.g. %admins ALL=(ALL) NOPASSWD: /usr/bin/systemctl), preferably in a drop-in file under /etc/sudoers.d/.

Domain 4: Deploy and Manage Software

Key concepts you must know · 308 practice questions

dnf is the RHEL 8/9 package manager: dnf install/remove/update manage packages and resolve dependencies from repos, while rpm -i installs a single local file without resolving dependencies.
Install a local RPM with its dependencies using dnf install ./package.rpm; dnf provides /usr/sbin/httpd and rpm -qf <path> identify which package supplies a file.
Add a repository by creating a .repo file in /etc/yum.repos.d/ or running dnf config-manager --add-repo <url>; each repo needs a unique id, baseurl, and enabled setting.
Enable GPG signature checking by importing the key and setting gpgcheck=1 in the repo definition so dnf verifies package authenticity before installing.
DNF application streams (modules) let you pick a software version: dnf module list shows streams, dnf module enable nodejs:18 selects one, then dnf install nodejs installs it.
Only one stream of a module can be enabled at a time; switching to a different stream often requires dnf module reset <name> first to clear the prior selection.
dnf history lists transactions; dnf history undo <id> reverses one, dnf history redo replays it, and dnf history userinstalled lists packages a user explicitly installed.
Install a specific version with dnf install package-1.2.3-4.el9; dnf info <pkg> and rpm -qi <pkg> show package version, size, and description details.
Build a local/internal repository directory with createrepo_c /path/to/repo, then point clients' .repo files at it so packages download once and are served internally.
RHEL keeps multiple installed kernels (default protect_running_kernel and installonly_limit=3) so GRUB can boot a previous kernel; grubby --set-default selects the default kernel.
Register systems and attach subscriptions with subscription-manager register and subscription-manager attach so Red Hat CDN repositories become available.
dnf repolist shows enabled repositories with IDs and package counts; dnf repolist --all also lists disabled repos, and dnf clean all clears cached metadata.
metadata_expire in /etc/dnf/dnf.conf or a repo file controls how long cached repo metadata is trusted before dnf refreshes it from the source.
dnf group install (e.g. 'Development Tools') installs predefined package groups; dnf grouplist shows available groups and dnf groupinfo details their contents.

Domain 5: Manage Security

Key concepts you must know · 244 practice questions

SELinux enforces Mandatory Access Control by labeling processes and files with security contexts (user:role:type:level) and applying policy, independent of standard user/group DAC permissions.
getenforce shows the current mode (Enforcing, Permissive, or Disabled); setenforce 0/1 changes it at runtime, and the persistent mode is set in /etc/selinux/config; sestatus gives a full summary.
Set persistent SELinux file contexts with semanage fcontext -a -t httpd_sys_content_t '/web(/.*)?' then apply with restorecon -Rv /web; restorecon resets labels to the policy-defined value.
chcon changes a context immediately but the change is reverted by a relabel or restorecon; only a semanage fcontext rule survives a filesystem relabel, so prefer semanage for permanence.
SELinux booleans toggle policy behavior: getsebool -a lists them, setsebool httpd_can_network_connect on sets it at runtime, and the -P flag (setsebool -P) makes it persist.
Diagnose SELinux denials by reading AVC messages with ausearch -m AVC or sealert; never disable SELinux to fix a service - adjust the context, boolean, or port instead.
Allow a non-standard port for a service by adding it to the right SELinux port type, e.g. semanage port -a -t http_port_t -p tcp 8888, so the service can bind to it.
Generate a custom policy module from logged denials with audit2allow (e.g. ausearch -m AVC | audit2allow -M mymodule, then semodule -i mymodule.pp) only after confirming the access is legitimate.
firewall-cmd manages firewalld; runtime changes are lost on reload unless made with --permanent followed by --reload, or captured with firewall-cmd --runtime-to-permanent.
firewall-cmd --permanent --add-service=http and --add-port=8080/tcp open access; --zone=public --list-all shows a zone's active rules, services, and ports.
firewalld groups rules into zones (public, internal, trusted, etc.); assign an interface to a restrictive zone and add only the services it needs to limit exposure.
Harden SSH in /etc/ssh/sshd_config by setting PermitRootLogin no and PasswordAuthentication no, then restart sshd; require named users to escalate with sudo instead of direct root login.
Configure key-based SSH login by generating a key pair with ssh-keygen on the client and copying the public key to the server with ssh-copy-id user@host.
Persistent sudo privileges are defined in /etc/sudoers or drop-in files in /etc/sudoers.d/, always edited with visudo so syntax is validated before saving.

Red Hat Certified System Administrator (RHCSA, EX200-style) exam tips

RHCSA is 100% hands-on with no multiple-choice; practice executing real tasks in a RHEL 9 VM until commands are muscle memory, since you are graded on the resulting system state, not on theory.
Make every change persistent and verify it survives a reboot - the most common point loss is configuring something at runtime (mounts, firewall rules, SELinux booleans) but forgetting to make it permanent.
Reboot your exam machine at least once midway through to confirm nothing you changed breaks boot; a broken /etc/fstab or default target can cost you multiple tasks at the end if discovered too late.
Lean on built-in documentation: man -k <keyword>, the examples in man pages, /usr/share/doc, and command --help are all available during the exam, so know how to search them quickly.
Use UUIDs or LABELs in /etc/fstab, run mount -a to validate before rebooting, and remember to run restorecon and daemon-reload after changes that affect SELinux labels or unit files.

Study guide FAQ

How long is the RHCSA exam and what is the passing score?

The EX200 exam is a 2.5-hour (150-minute) performance-based test. The passing score is 210 out of 300 points (70%), and results are typically emailed within a few business days rather than shown immediately.

Is the RHCSA exam multiple choice?

No. There are no multiple-choice or written questions. You are given live RHEL systems and a list of real administrative tasks to complete, and you are scored automatically on whether each task produced the correct, persistent end state.

Which RHEL version and tools should I study?

Current RHCSA tracks RHEL 9 (RHEL 8 is also widely used). Focus on systemd (systemctl, journalctl, timers), dnf and modules, LVM and XFS/Stratis storage, firewalld, and SELinux management with semanage, restorecon, and booleans.

Can I use the internet or notes during the exam?

No external internet, notes, or personal materials are allowed. However, the installed system documentation - man pages, man -k searches, /usr/share/doc, and command --help output - is available, so practice finding answers there.

Test yourself: 1,540 Red Hat Certified System Administrator (RHCSA, EX200-style) practice questions