LFCS Practice Test

A. × Incorrect: Mounts filesystems is incorrect because it does not answer this stem as directly as Disables swap areas.

B. × Incorrect: Enables swap areas is incorrect because it does not answer this stem as directly as Disables swap areas.

C. ✓ Correct: Disables swap areas is the correct answer because 'swapoff' disables devices and files for paging and swapping. It is not used to enable or mount filesystems.

D. × Incorrect: Unmounts filesystems is incorrect because it does not answer this stem as directly as Disables swap areas.

A. × Incorrect: /etc/systemd/container.conf is incorrect because it does not answer this stem as directly as /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.

B. × Incorrect: /var/run/docker.pid is incorrect because it does not answer this stem as directly as /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.

C. ✓ Correct: /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile is the correct answer because use podman inspect to find the pidfile location at /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile. The other options are not specific to Podman containers.

D. × Incorrect: /proc/self/cgroup is incorrect because it does not answer this stem as directly as /run/containers/storage/${storage-driver}-containers/$CID/userdata/pidfile.

A. ✓ Correct: +D /path is the correct answer because the +D option recursively searches the named directory tree for open files; -i is a real lsof option for network sockets, but it does not walk a directory tree.

B. × Incorrect: -i is incorrect because it does not answer this stem as directly as +D /path.

C. × Incorrect: -p PID is incorrect because it does not answer this stem as directly as +D /path.

D. × Incorrect: -u USER is incorrect because it does not answer this stem as directly as +D /path.

A. ✓ Correct: groupadd is the correct answer because groupadd creates a new local group account; useradd is real and related, but it creates user accounts rather than standalone group accounts.

B. × Incorrect: useradd is incorrect because it does not answer this stem as directly as groupadd.

C. × Incorrect: newgrp is incorrect because it does not answer this stem as directly as groupadd.

D. × Incorrect: sg is incorrect because it does not answer this stem as directly as groupadd.

A. × Incorrect: /etc/systemd/timesyncd.conf is incorrect because it does not answer this stem as directly as /var/lib/systemd/timesyncd.conf.

B. ✓ Correct: /var/lib/systemd/timesyncd.conf is the correct answer because the valid configuration files for systemd-timesyncd include /etc/systemd/timesyncd.conf, /usr/local/lib/systemd/timesyncd.conf.d/*.conf, and others listed in the source. The file /var/lib/systemd/timesyncd.conf is not mentioned as a valid location.

C. × Incorrect: /run/systemd/timesyncd.conf is incorrect because it does not answer this stem as directly as /var/lib/systemd/timesyncd.conf.

D. × Incorrect: /usr/local/lib/systemd/timesyncd.conf.d/*.conf is incorrect because it does not answer this stem as directly as /var/lib/systemd/timesyncd.conf.

A. × Incorrect: To specify block device is incorrect because it does not answer this stem as directly as To add a tag to the logical volume.

B. × Incorrect: To activate the logical volume is incorrect because it does not answer this stem as directly as To add a tag to the logical volume.

C. × Incorrect: To set allocation policy is incorrect because it does not answer this stem as directly as To add a tag to the logical volume.

D. ✓ Correct: To add a tag to the logical volume is the correct answer because '--addtag Tag' is used specifically for adding tags to the logical volume. Activating, setting policies, or specifying devices are handled by other options.

A. × Incorrect: permissive is incorrect because it does not answer this stem as directly as enforcing.

B. ✓ Correct: enforcing is the correct answer because enforcing mode actively enforces the defined security policy, including Type Enforcement. Permissive mode logs actions but does not enforce them.

C. × Incorrect: disabled is incorrect because it does not answer this stem as directly as enforcing.

D. × Incorrect: audit is incorrect because it does not answer this stem as directly as enforcing.

A. × Incorrect: chgrp is incorrect because it does not answer this stem as directly as chown.

B. ✓ Correct: chown is the correct answer because the correct answer is chown because it changes the user and/or group ownership of files. Chgrp only changes the group, not the user owner.

C. × Incorrect: chmod is incorrect because it does not answer this stem as directly as chown.

D. × Incorrect: chattr is incorrect because it does not answer this stem as directly as chown.

A. ✓ Correct: -m is the correct answer because the -m option creates the new user home directory when needed; -s is real and useful, but it sets the login shell rather than creating the home directory.

B. × Incorrect: -r is incorrect because it does not answer this stem as directly as -m.

C. × Incorrect: -g GROUP is incorrect because it does not answer this stem as directly as -m.

D. × Incorrect: -s SHELL is incorrect because it does not answer this stem as directly as -m.

A. ✓ Correct: --bound-inactive is the correct answer because the --bound-inactive option shows TCP sockets that are bound but not listening, connecting, etc. The -l option only displays listening sockets.

B. × Incorrect: -l is incorrect because it does not answer this stem as directly as --bound-inactive.

C. × Incorrect: -a is incorrect because it does not answer this stem as directly as --bound-inactive.

D. × Incorrect: --listening is incorrect because it does not answer this stem as directly as --bound-inactive.

A. ✓ Correct: To initialize a device for use by LVM is the correct answer because 'pvcreate' initializes a Physical Volume (PV) on a device so it can be used by LVM. The other options describe actions performed by different commands, not 'pvcreate'.

B. × Incorrect: To create a new logical volume is incorrect because it does not answer this stem as directly as To initialize a device for use by LVM.

C. × Incorrect: To remove a physical volume is incorrect because it does not answer this stem as directly as To initialize a device for use by LVM.

D. × Incorrect: To display information about physical volumes is incorrect because it does not answer this stem as directly as To initialize a device for use by LVM.

A. × Incorrect: crontab is incorrect because it does not answer this stem as directly as at.

B. × Incorrect: cron is incorrect because it does not answer this stem as directly as at.

C. × Incorrect: batch is incorrect because it does not answer this stem as directly as at.

D. ✓ Correct: at is the correct answer because 'at' is used specifically for scheduling one-time jobs. Cron and crontab are better suited for tasks that need to be run repeatedly.

A. × Incorrect: chmod 755 script.sh is incorrect because it does not answer this stem as directly as chmod u+s script.sh.

B. × Incorrect: chmod g+w script.sh is incorrect because it does not answer this stem as directly as chmod u+s script.sh.

C. ✓ Correct: chmod u+s script.sh is the correct answer because the setuid bit is added with 'u+s', making the file executable as if it were run by its owner. The other options change group write permissions, adjust general file mode, or change ownership without affecting execution rights.

D. × Incorrect: chown root:root script.sh is incorrect because it does not answer this stem as directly as chmod u+s script.sh.

A. ✓ Correct: ldap_uri is the correct answer because the ldap_uri directive specifies the URL of the LDAP server. The other options are used for different purposes such as specifying the search base and Kerberos servers.

B. × Incorrect: ldap_search_base is incorrect because it does not answer this stem as directly as ldap_uri.

C. × Incorrect: auth_provider is incorrect because it does not answer this stem as directly as ldap_uri.

D. × Incorrect: krb5_server is incorrect because it does not answer this stem as directly as ldap_uri.

A. ✓ Correct: ip -6 route add 2001:db8::/32 via fe80::1 is the correct answer because 'ip -6 route' is the correct command to configure IPv6 static routes, specifying both destination and gateway. The other commands use incorrect tools or formats for IPv6 routing.

B. × Incorrect: route -A inet6 add 2001:db8::/32 gw fe80::1 is incorrect because it does not answer this stem as directly as ip -6 route add 2001:db8::/32 via fe80::1.

C. × Incorrect: netstat -r6 add 2001:db8::/32 via fe80::1 is incorrect because it does not answer this stem as directly as ip -6 route add 2001:db8::/32 via fe80::1.

D. × Incorrect: ifconfig route6 add 2001:db8::/32 via fe80::1 is incorrect because it does not answer this stem as directly as ip -6 route add 2001:db8::/32 via fe80::1.

A. × Incorrect: /etc/passwd is incorrect because it does not answer this stem as directly as /etc/fstab.

B. ✓ Correct: /etc/fstab is the correct answer because the correct answer is /etc/fstab because it contains static information about filesystems that can be mounted. The /etc/passwd file stores user account information, not filesystem details.

C. × Incorrect: /proc/mounts is incorrect because it does not answer this stem as directly as /etc/fstab.

D. × Incorrect: /etc/crontab is incorrect because it does not answer this stem as directly as /etc/fstab.

A. ✓ Correct: -p is the correct answer because the -p option limits ps output to specific process IDs; -u is a real process-selection option too, but it filters by user instead of PID.

B. × Incorrect: -u is incorrect because it does not answer this stem as directly as -p.

C. × Incorrect: -t is incorrect because it does not answer this stem as directly as -p.

D. × Incorrect: -C is incorrect because it does not answer this stem as directly as -p.

A. × Incorrect: openssl genrsa -out private.key 2048 is incorrect because it does not answer this stem as directly as openssl x509 -text -in cert.pem.

B. × Incorrect: openssl verify -CAfile ca.crt cert.pem is incorrect because it does not answer this stem as directly as openssl x509 -text -in cert.pem.

C. × Incorrect: openssl req -x509 -newkey rsa:2048 -nodes -out cert.pem -keyout key.pem is incorrect because it does not answer this stem as directly as openssl x509 -text -in cert.pem.

D. ✓ Correct: openssl x509 -text -in cert.pem is the correct answer because the x509 subcommand inspects X.509 certificate data and the -text flag prints readable certificate details; openssl verify is real and useful for trust-chain checks, but it does not dump the certificate fields for troubleshooting.

A. × Incorrect: chmod u+r file is incorrect because it does not answer this stem as directly as setfacl -m u:lisa:r file.

B. × Incorrect: getfacl -m u:lisa:r file is incorrect because it does not answer this stem as directly as setfacl -m u:lisa:r file.

C. ✓ Correct: setfacl -m u:lisa:r file is the correct answer because the correct command is setfacl -m u:lisa:r file, which grants read access to the user 'lisa'. The other options either modify permissions in a different way or change ownership rather than ACLs.

D. × Incorrect: chown lisa:file is incorrect because it does not answer this stem as directly as setfacl -m u:lisa:r file.

A. × Incorrect: MaxSessions is incorrect because it does not answer this stem as directly as MaxStartups.

B. × Incorrect: LoginGraceTime is incorrect because it does not answer this stem as directly as MaxStartups.

C. ✓ Correct: MaxStartups is the correct answer because the MaxStartups directive sets the maximum number of concurrent unauthenticated connections to the SSH server. MaxSessions controls the maximum number of simultaneous sessions per connection.

D. × Incorrect: MaxAuthTries is incorrect because it does not answer this stem as directly as MaxStartups.

A. × Incorrect: NFS (Network File System) is incorrect because it does not answer this stem as directly as NBD (Network Block Device) support.

B. × Incorrect: iSCSI Initiator is incorrect because it does not answer this stem as directly as NBD (Network Block Device) support.

C. × Incorrect: SMB/CIFS is incorrect because it does not answer this stem as directly as NBD (Network Block Device) support.

D. ✓ Correct: NBD (Network Block Device) support is the correct answer because the correct answer is NBD (Network Block Device) support because the Linux Kernel needs to have NBD enabled to use remote block devices like NBD. NFS, iSCSI Initiator, and SMB/CIFS are other network protocols for accessing storage but do not provide direct support for using NBD.

A. × Incorrect: yum update is incorrect because it does not answer this stem as directly as apt-get update && apt-get upgrade.

B. ✓ Correct: apt-get update && apt-get upgrade is the correct answer because use 'apt-get update && apt-get upgrade' to refresh package lists and then upgrade all installed packages. The other commands are not specific to Debian's APT system.

C. × Incorrect: dpkg --configure -a is incorrect because it does not answer this stem as directly as apt-get update && apt-get upgrade.

D. × Incorrect: apt-cache update is incorrect because it does not answer this stem as directly as apt-get update && apt-get upgrade.

A. × Incorrect: It treats CR characters as line endings is incorrect because it does not answer this stem as directly as It removes CR characters to ensure proper regex matching.

B. × Incorrect: It converts all text into uppercase for consistency is incorrect because it does not answer this stem as directly as It removes CR characters to ensure proper regex matching.

C. ✓ Correct: It removes CR characters to ensure proper regex matching is the correct answer because grep strips CR characters from the original file contents to make regular expressions with ^ and $ work correctly. The other options describe actions not supported by grep's functionality.

D. × Incorrect: It ignores file type and processes everything as text is incorrect because it does not answer this stem as directly as It removes CR characters to ensure proper regex matching.

A. × Incorrect: change ownership of the file is incorrect because it does not answer this stem as directly as read access to the file's ACLs.

B. × Incorrect: write access to the file's mode bits is incorrect because it does not answer this stem as directly as read access to the file's ACLs.

C. × Incorrect: execute access to the file itself is incorrect because it does not answer this stem as directly as read access to the file's ACLs.

D. ✓ Correct: read access to the file's ACLs is the correct answer because the correct answer is 'read access to the file's ACLs' because processes with search permission on a directory are granted read access to the ACLs within that directory. The other options pertain to different types of permissions and do not apply specifically to viewing ACLs.

A. ✓ Correct: nft list ruleset is the correct answer because nft list ruleset displays the active nftables ruleset for review; iptables -L is a real legacy firewall command, but it does not list nftables rulesets.

B. × Incorrect: iptables -L is incorrect because it does not answer this stem as directly as nft list ruleset.

C. × Incorrect: ip route show is incorrect because it does not answer this stem as directly as nft list ruleset.

D. × Incorrect: firewall-cmd --list-all is incorrect because it does not answer this stem as directly as nft list ruleset.

A. × Incorrect: smartctl is incorrect because it does not answer this stem as directly as iostat.

B. × Incorrect: iotop is incorrect because it does not answer this stem as directly as iostat.

C. × Incorrect: hdparm is incorrect because it does not answer this stem as directly as iostat.

D. ✓ Correct: iostat is the correct answer because the iostat command is specifically designed for reporting CPU and input/output statistics, making it the best tool for monitoring storage I/O performance. While iotop provides disk I/O usage by process, hdparm tests and calibrates hard drives, and smartctl monitors drive health, none of these are as directly relevant to real-time I/O performance metrics.

A. ✓ Correct: Ensure time-sync.target is enabled is the correct answer because on systems without an RTC, it's wise to ensure that time-sync.target is enabled to synchronize system time accurately before activating services.

B. × Incorrect: Disable the timer unit is incorrect because it does not answer this stem as directly as Ensure time-sync.target is enabled..

C. × Incorrect: Use a different activation method is incorrect because it does not answer this stem as directly as Ensure time-sync.target is enabled..

D. × Incorrect: Enable the RTC is incorrect because it does not answer this stem as directly as Ensure time-sync.target is enabled..

A. × Incorrect: --diff is incorrect because it does not answer this stem as directly as --one-top-level.

B. × Incorrect: --same-owner is incorrect because it does not answer this stem as directly as --one-top-level.

C. × Incorrect: --extract is incorrect because it does not answer this stem as directly as --one-top-level.

D. ✓ Correct: --one-top-level is the correct answer because the --one-top-level option extracts all files into a specified directory or subdirectory named by the base name of the archive. The --same-owner option is unrelated to specifying extraction directories.

A. × Incorrect: -g, --gid is incorrect because it does not answer this stem as directly as -a, --append.

B. ✓ Correct: -a, --append is the correct answer because the -a or --append option is used to add a new group to the existing list of supplementary groups for a user. The -g option changes the user's primary group.

C. × Incorrect: -s, --shell is incorrect because it does not answer this stem as directly as -a, --append.

D. × Incorrect: -u, --uid is incorrect because it does not answer this stem as directly as -a, --append.

A. ✓ Correct: $ timedatectl status is the correct answer because the command $ timedatectl status provides information about the system clock synchronization. While other commands are related to time services, they do not directly show if the system clock is synchronized with an NTP service.

B. × Incorrect: $ ntpq -p is incorrect because it does not answer this stem as directly as $ timedatectl status.

C. × Incorrect: $ systemctl status systemd-timesyncd is incorrect because it does not answer this stem as directly as $ timedatectl status.

D. × Incorrect: $ chronyc sources is incorrect because it does not answer this stem as directly as $ timedatectl status.