Real CompTIA XK0-005 Exam Questions [Updated 2026]
XK0-005 Exam Dumps Pass with Updated 2026 CompTIA Linux+ Certification Exam
NEW QUESTION # 322
A Linux administrator modified the SSH configuration file. Which of the following commands should be used to apply the configuration changes?
- A. systemctl mask sshd
- B. systemctl reload sshd
- C. systemctl start sshd
- D. systemctl stop sshd
Answer: B
NEW QUESTION # 323
Joe, a user, is unable to log in to the Linux system. Given the following output:
Which of the following commands would resolve the issue?
- A. chage -E 90 joe
- B. usermod -s /bin/bash joe
- C. passwd -u joe
- D. pam_tally2 -u joe -r
Answer: B
NEW QUESTION # 324
Which of the following commands allow an administrator to determine if the current system is a virtual machine?
- A. mdadm
- B. vgdisplay
- C. lspci
- D. vmstat
Answer: C
NEW QUESTION # 325
SIMULATION
As a Systems Administrator, to reduce disk space, you were tasked to create a shell script that does the following:
Add relevant content to /tmp/script.sh, so that it finds and compresses rotated files in /var/log without recursion.
INSTRUCTIONS
Drag and drop snippets to fill the blanks to build a script that performs the actual compression of rotated log files.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 326
A new file was added to a main Git repository. An administrator wants to synchronize a local copy with the contents of the main repository. Which of the following commands should the administrator use for this task?
- A. git reflog
- B. git push
- C. git pull
- D. git status
Answer: C
Explanation:
Explanation
The command iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
192.0.2.25:3128 adds a rule to the nat table that redirects all incoming TCP packets with destination port 80 (HTTP) to the proxy server 192.0.2.25 on port 3128. This is the correct way to achieve the task. The other options are incorrect because they either delete a rule (-D), use the wrong protocol (top instead of tcp), or use the wrong port (81 instead of 80). References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 12: Managing Network Connections, page 381.
NEW QUESTION # 327
A senior administrator has placed a private key for user admin in your home directory.
The server you need to remotely access is server1 and SSH is listening on port 2222.
INSTRUCTIONS
Part 1
Review the command output and build the correct command to place the private key into your SSH folder.
Part 2
Review the command output and build the correct command to set the file permissions.
Part 3
Review the command output and build the correct command to set the correct ownership.
In each part, click on objects to build a complete command. Command objects may be used more than once, but not all will be used. Use _ as the spacebar. Click the arrow to remove any unwanted objects from your command.
Part 4
Select the proper file to edit for remote server access. Then, build the correct configuration output based on the server name, ports, and files.












Answer:
Explanation:
See the Explanation part for detailed answer of each part.
Explanation:
Part 1
Here is the step-by-step command construction process:
1. Move the private key (likely named server1 based on the provided details) to the .ssh directory:
mv ~/server1 ~/.ssh/id_rsa
This command moves the private key (assuming it's named server1) from the home directory (~) to the .ssh directory and renames it to id_rsa (which is the default SSH private key file name).
2. Set the correct permissions for the private key file:
chmod 600 ~/.ssh/id_rsa
The private key file should be readable and writable only by the owner to maintain security.
3. Connect to the server using the private key and the correct port (2222):
ssh -i ~/.ssh/id_rsa -p 2222 admin@server1
This command tells ssh to use the specified private key (-i ~/.ssh/id_rsa), connect on port 2222 (-p 2222), and log in as the admin user on server1.
Part 2: Setting File Permissions
The correct command to set the file permissions based on the screenshots would likely involve using chmod.
Here is the command to set permissions correctly:
chmod 600 ~/.ssh/id_rsa
This restricts the private key's permissions so that only the user can read and write it.
Part 3: Setting Ownership
If ownership needs to be set, the command would look like this:
chown comptia:comptia ~/.ssh/id_rsa
This command ensures that the file is owned by the correct user (comptia) and the correct group (comptia).
In part 4, it asks you to select the proper file for editing to enable remote server access. Based on standard SSH configuration requirements, the proper file to edit for remote server access would be ~/.ssh/config.
Here's why:
* ~/.ssh/config: This file allows you to set up configuration options for different hosts, including specifying ports, user names, and the identity file (private key). You would add the necessary configuration for server1 to this file for easier access.
* Other options:
* ~/.ssh/authorized_keys: This file lists public keys that are authorized to log in to the local system.
It's not meant for configuring remote access to another server.
* ~/.ssh/known_hosts: This file stores the host keys of servers you've connected to. It doesn't allow for editing remote access settings.
* ~/.ssh/server1: This seems like a private key file or another custom file, but it's not typically used to configure SSH options.
For configuring access to server1 on port 2222, you would add a block like this to the ~/.ssh/config file:
Host server1
HostName server1
Port 2222
User admin
IdentityFile ~/.ssh/id_rsa
NEW QUESTION # 328
A Linux administrator needs to harden a system and guarantee that the Postfix service will not run, even after a restart or system upgrade. Which of the following commands allows the administrator to fulfill the requirement?
- A. systemctl stop postfix.service
- B. systemctl -n restart postfix.service
- C. systemctl mask postfix.service
- D. systemctl disable postfix.service
Answer: C
Explanation:
The systemctl mask postfix.service command prevents the Postfix service from being started manually or automatically by symlinking its service file to /dev/null. This ensures that even if a system restart or upgrade occurs, the service will remain disabled and will not start.
NEW QUESTION # 329
A Linux administrator provisioned a new web server with custom administrative permissions for certain users.
The administrator receives a report that user1 is unable to restart the Apache web service on this server. The administrator reviews the following output:
[ root@server ] # id user1
UID=1011 (user1) gid=1011 (USER1) groups=1011 (user1), 101 (www-data), 1120 (webadmin)
[ root@server ] # cat /etc/sudoers.d/custom.conf
user1 ALL=/usr/sbin/systemctl start httpd, /usr/sbin/systemctl stop httpd webadmin ALL=NOPASSWD: /etc/init.d.httpd restart, /sbin/service httpd restart, /usr/sbin/apache2ctl restart
#%wheel ALL=(ALL) NOPASSWD: ALL
Which of the following would most likely resolve the issue while maintaining a least privilege security model?
- A. The wheel line in the custom. conf file should be uncommented.
- B. User1 should have "NOPASSWD:" after the "ALL=" in the custom. conf.
- C. Webadmin should be listed as a group in the custom. conf file.
- D. User1 should be added to the wheel group to manage the service.
Answer: C
Explanation:
Explanation
The custom.conf file grants sudo privileges to user1 and webadmin for managing the Apache web service, but it uses different commands for each of them. User1 is allowed to use systemctl to start and stop the httpd service, while webadmin is allowed to use init.d, service, or apache2ctl to restart the httpd service. However, the user1 is unable to restart the service, only start and stop it. To fix this, user1 should be able to use the same commands as webadmin, which can be achieved by listing webadmin as a group in the custom.conf file, using the syntax %groupname. This way, user1 will inherit the sudo privileges of the webadmin group, and be able to restart the Apache web service without compromising the least privilege security model.
References
Sudo and Sudoers Configuration | Servers for Hackers, section "Groups"
Chapter 12. Managing sudo access - Red Hat Customer Portal, section "12.1. Configuring sudo access for users and groups"
NEW QUESTION # 330
A systems administrator is receiving tickets from users who cannot reach the application app that should be listening on port 9443/tcp on a Linux server.
To troubleshoot the issue, the systems administrator runs netstat and receives the following output:
Based on the information above, which of the following is causing the issue?
- A. The IP address 0.0.0.0 is not valid.
- B. The application is listening on port 1234.
- C. The application is listening on the loopback interface.
- D. The application is not running.
Answer: C
Explanation:
The server is in a "Listen" state on port 9943 using its loopback address. The "1234" is a process-id
NEW QUESTION # 331
A systems administrator receives a report about performance issues in a Linux production system. Which of the following commands should the administrator use to help diagnose the performance issues?
- A. pkill
- B. jobs
- C. renice
- D. top
Answer: D
NEW QUESTION # 332
A Linux administrator is working with a CPU-intensive program called data-analysis1. The administrator needs to prevent the program from monopolizing CPU resources and ensure that other critical processes are not impacted when the program starts. Which of the following commands would start the program with a reduced level of impact to the system?
- A. nice data-analysis1
- B. data-analysis1 --nice 15
- C. nice -15 data-analysis1
- D. data-analysis1 & nice +5
Answer: A
NEW QUESTION # 333
A Linux administrator rebooted a server. Users then reported some of their files were missing. After doing some troubleshooting, the administrator found one of the filesystems was missing. The filesystem was not listed in /etc/f stab and might have been mounted manually by someone prior to reboot. Which of the following would prevent this issue from reoccurring in the future?
- A. Sync the mount units.
- B. Remount all the missing filesystems
- C. Create a mount unit and enable it to be started at boot.
- D. Mount the filesystem manually.
Answer: C
Explanation:
Explanation
The best way to prevent this issue from reoccurring in the future is to create a mount unit and enable it to be started at boot. A mount unit is a systemd unit that defines how and where a filesystem should be mounted. By creating a mount unit for the missing filesystem and enabling it with systemctl enable, the administrator can ensure that the filesystem will be automatically mounted at boot time, regardless of whether it is listed in
/etc/fstab or not. Syncing the mount units will not prevent the issue, as it will only synchronize the state of existing mount units with /etc/fstab, not create new ones. Mounting the filesystem manually will not prevent the issue, as it will only mount the filesystem temporarily, not permanently. Remounting all the missing filesystems will not prevent the issue, as it will only mount the filesystems until the next reboot, not after. References: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 14: Managing Disk Storage, page 457.
NEW QUESTION # 334
An administrator attempts to connect to a remote server by running the following command:
Which of the following can be said about the remote server?
- A. The SSH server is not running on the remote server.
- B. The SSH host key on the remote server has expired.
- C. The remote SSH server is using SSH protocol version 1.
- D. A firewall is blocking access to the SSH server.
Answer: D
Explanation:
This is because the port 22/tcp is shown as filtered by nmap, which means that nmap cannot determine whether the port is open or closed because a firewall or other device is blocking its probes. If the SSH server was not running on the remote server, the port would be shown as closed, which means that nmap received a TCP RST packet in response to its probe. If the remote SSH server was using SSH protocol version 1, the port would be shown as open, which means that nmap received a TCP SYN/ACK packet in response to its probe. If the SSH host key on the remote server had expired, the port would also be shown as open, but the SSH client would display a warning message about the host key verification failure. Therefore, the best explanation for the filtered state of the port 22/tcp is that a firewall is preventing nmap from reaching the SSH server.
NEW QUESTION # 335
A systems administrator installed a new software program on a Linux server. When the systems administrator tries to run the program, the following message appears on the screen.
Which of the following commands will allow the systems administrator to check whether the system supports virtualization?
- A. lscpu
- B. dmidecode -s system-version
- C. sysctl -a
- D. cat /sys/device/system/cpu/possible
Answer: A
Explanation:
The command that will allow the systems administrator to check whether the system supports virtualization is lscpu. This command will display information about the CPU architecture, such as the number of CPUs, cores, sockets, threads, model name, frequency, cache size, and flags. One of the flags is vmx (for Intel processors) or svm (for AMD processors), which indicates that the CPU supports hardware virtualization. If the flag is present, it means that the system supports virtualization. If the flag is absent, it means that the system does not support virtualization or that it is disabled in the BIOS settings.
The other options are not correct commands for checking whether the system supports virtualization. The dmidecode -s system-version command will display the version of the system, such as the product name or serial number, but not the CPU information. The sysctl -a command will display all the kernel parameters, but not the CPU flags. The cat /sys/devices/system/cpu/possible command will display the range of possible CPUs that can be online or offline, but not the CPU features. References: lscpu(1) - Linux manual page; How To Check If Virtualization is Enabled in Windows 10 / 11
NEW QUESTION # 336
The applications team is reporting issues when trying to access the web service hosted in a Linux system. The Linux systems administrator is reviewing the following outputs:
Output 1:
* httpd.service = The Apache HTTPD Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl(8) Output 2:
16:51:16 up 28 min, 1 user, load average: 0.00, 0.00, 0.07
Which of the following statements best describe the root cause? (Select two).
- A. The httpd service is enabled to auto start at boot time, but it failed to start.
- B. The httpd service is currently started.
- C. The httpd service is not enabled to auto start at boot time.
- D. The httpd service runs without problems.
- E. The httpd service did not start during the last server reboot.
- F. The httpd service was manually stopped.
Answer: C,F
Explanation:
The httpd.service is the Apache HTTPD Server, which is a web service that runs on Linux systems. The output 1 shows that the httpd.service is inactive (dead), which means that it is not running. The output 1 also shows that the httpd.service is disabled, which means that it is not enabled to auto start at boot time. Therefore, the statements C and D best describe the root cause of the issue. The statements A, B, E, and F are incorrect because they do not match the output 1. Reference: [How to Manage Systemd Services on a Linux System]
NEW QUESTION # 337
Ann, a junior Linux administrator, needs to copy software from her local machine to assist in developing a software application on a remote machine with the IP address 192.168.3.22. The file needs to be placed on the /tmp directory. After downloading the RPM to the local machine, which of the following commands would be BEST to use to copy the software?
- A. scp [email protected] ~/software.rpm :/tmp
- B. scp ~/software.rpm [email protected] /tmp
- C. scp ~/software.rpm [email protected]:/tmp
- D. wget [email protected]:/tmp -f ~/software.rpm
Answer: C
Explanation:
To transfer the /root/sample file on a remote computer called appserver to the /var directory on the local computer, you could run the following scp command:
[root@server1 ~]# scp root@appserver:/root/sample /var
Similarly, to copy the /root/sample file to the /var directory on appserver, you could use the following scp command:
[root@server1 ~]# scp /root/sample root@appserver:/var
NEW QUESTION # 338
The Apache web server was recently installed on a Debian/Ubuntu server. The web server fails and a review of log messages on another partition reveals the installation was not completed properly due to lack of disk space. After clearing the files, the systems administrator has requested the installation to be performed again.
Which of the following command lines will perform this task? (Choose two.)
- A. apt-get install apache2
- B. apt-get --reinstall install apache2
- C. apt-get --reinstall apache2
- D. apt-get --purge remove acache2
Answer: A,D
NEW QUESTION # 339
A Linux administrator is trying to remove the ACL from the file /home/user/dat a. txt but receives the following error message:
Given the following analysis:
Which of the following is causing the error message?
- A. The filesystem is mounted with the wrong options.
- B. The administrator is not using a highly privileged account.
- C. File attributes are preventing file modification.
- D. SELinux file context is denying the ACL changes.
Answer: C
Explanation:
File attributes are preventing file modification, which is causing the error message. The output of lsattr /home/user/data.txt shows that the file has the immutable attribute (i) set, which means that the file cannot be changed, deleted, or renamed. The command setfacl -b /home/user/data.txt tries to remove the ACL from the file, but fails because of the immutable attribute. The administrator needs to remove the immutable attribute first by using the command chattr -i /home/user/data.txt and then try to remove the ACL again. The other options are incorrect because they are not supported by the outputs. The administrator is using a highly privileged account, as shown by the # prompt. The filesystem is mounted with the correct options, as shown by the output of mount | grep /home. SELinux file context is not denying the ACL changes, as shown by the output of ls -Z /home/user/data.txt. Reference: CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 11: Managing Files and Directories, pages 357-358.
NEW QUESTION # 340
......
To prepare for the CompTIA Linux+ certification exam, candidates can choose from various resources, including books, online courses, practice exams, and hands-on experience. XK0-005 exam consists of 90 multiple-choice and performance-based questions, and candidates have 90 minutes to complete it. The passing score for the exam is 720 out of 900.
XK0-005 Exam Dumps, XK0-005 Practice Test Questions: https://braindumps.testpdf.com/XK0-005-practice-test.html
