CompTIA XK0-006 Online Practice Questions and Exam Preparation

CompTIA XK0-006 Online Questions & Answers

• Question 91:

  A Linux administrator needs to set the permissions on a server. The administrator wants to have the files within the directory set to read-write permissions and the directory set to read-write-execute permissions.

  Which of the following commands should the administrator use?

  A. chmod 0022
  B. chown 0027
  C. setfacl 0007
  D. umask 0077
  C. setfacl 0007

  ---

  Explanation

  setfacl (Set File Access Control Lists) is used to define more granular permissions for files and directories. chmod 0022 sets specific permissions on files but does not affect newly created files. chown 0027 is incorrect because chown is used to change file ownership, not permissions. umask 0077 restricts permissions too much, making files private rather than just read/write.

  CompTIA Linux+ Official Study Guide, Chapter on File Permissions and ACLs

• Question 92:

  An administrator receives reports that a web service is not responding. The administrator reviews the following outputs:

  

  Which of the following is the reason the web service is not responding?

  A. The private key needs to be renamed from server.crt to server, key so the service can find it.
  B. The private key does not match the public key, and both keys should be replaced.
  C. The private key is not in the correct location and needs to be moved to the correct directory.
  D. The private key has the incorrect permissions and should be changed to 0755 for the service.
  C. The private key is not in the correct location and needs to be moved to the correct directory.

  ---

  Explanation

  This issue falls under the Troubleshooting domain of the CompTIA Linux+ V8 objectives, specifically service startup failures and certificate-related errors. The provided output clearly indicates that the NGINX service fails during startup due to an inability to locate the private key file.

  The critical error message is: cannot load certificate key "/etc/pki/nginx/private/server.key": No such file or directory

  This message confirms that NGINX is explicitly configured to look for the private key in the directory /etc/pki /nginx/private/. However, the directory listing shows that the private directory exists but is empty, while the server.key file is located in /etc/pki/nginx/ instead. Because NGINX cannot find the private key at the configured path, the configuration test (nginx -t) fails, and systemd prevents the service from starting.

  Option C correctly identifies the root cause: the private key is not in the correct location.

  Moving server.key into /etc/pki/nginx/private/ (or updating the NGINX configuration to match the current location) would resolve the issue. Linux+ V8 documentation stresses that service failures often result from misaligned configuration paths rather than corrupted files.

  The other options are incorrect.

  Option A incorrectly refers to renaming a certificate file and does not address the path issue.

  Option B suggests a key mismatch, which would generate a different SSL error rather than a "file not found" error.

  Option D is also incorrect because private keys should not have executable permissions like 0755; typically, they are restricted (for example, 0600) for security reasons.

• Question 93:

  A systems administrator is receiving complaints about slow performance and system crashes. The administrator suspects memory and CPU issues.

  Which of the following is the first action the administrator should take to troubleshoot and resolve these issues?

  A. Run resource monitoring tools like top or htop to view the current CPU and memory use.
  B. Look through the system logs and error messages to find any faults involving the CPU and memory.
  C. Remove and replace the CPU and memory components to address hardware issues.
  D. Reboot the server to clear any CPU and memory congestion.
  A. Run resource monitoring tools like top or htop to view the current CPU and memory use.

  ---

  Explanation

  The initial troubleshooting step when experiencing slow performance and potential memory or CPU issues is to analyze the current resource usage. Running tools like top or htop allows the administrator to observe real-time data on CPU, memory, and processes, providing insights into high resource usage. This is a non-invasive first step, helping to identify whether issues are due to overuse, application memory leaks, or specific processes. CompTIA Linux+ recommends understanding system resource behavior before taking further action.

  CompTIA Linux+ Study Guide.

• Question 94:

  Which of the following describes how a user's public key is used during SSH authentication?

  A. The user's public key is used to hash the password during SSH authentication.
  B. The user's public key is verified against a list of authorized keys. If it is found, the user is allowed to log in.
  C. The user's public key is used instead of a password to allow server access.
  D. The user's public key is used to encrypt the communication between the client and the server.
  B. The user's public key is verified against a list of authorized keys. If it is found, the user is allowed to log in.

  ---

  Explanation

  During SSH public key authentication, the server checks if the user's public key is present in the ~/.ssh /authorized_keys file. If the key is found, the server uses it to verify the user's identity by sending a challenge that can only be answered by the corresponding private key.

  This process does not involve password hashing or using the public key directly for encryption of the communication stream. Instead, the public key is simply used as a reference for authentication.

  CompTIA Linux+ Study Guide: Exam XK0-006, Sybex, Chapter 11: "Securing Linux", Section: "SSH Key- Based Authentication"

  CompTIA Linux+ XK0-006 Objectives, Domain 3.0: Security

• Question 95:

  A systems administrator wants to prevent the current contents of a file from being overwritten and wants to allow new additions at the end of the file.

  Which of the following commands should the administrator use?

  A. setenforce file
  B. setfacl -m m::t file
  C. chattr +a file
  D. chmod +t file
  C. chattr +a file

  ---

  Explanation

  File attribute management is an important system administration skill included in Linux+ V8. In this scenario, the administrator needs to ensure that a file cannot be modified or truncated, while still allowing data to be appended.

  The correct solution is chattr +a file , which sets the append-only attribute on the file. When this attribute is enabled, the file's existing contents cannot be altered or deleted, but new data can be appended to the end of the file. This is commonly used for protecting log files from tampering while still allowing normal logging operations.

  The other options are incorrect. setenforce controls SELinux enforcement mode and does not affect file write behavior. setfacl modifies access control lists but does not enforce append-only semantics. chmod +t applies the sticky bit, which is primarily used on directories to prevent users from deleting files they do not own.

  Linux+ V8 documentation explicitly references chattr and immutable or append-only attributes as mechanisms for protecting critical files from accidental or malicious modification.

• Question 96:

  A systems administrator is deploying a web server using the following code:

  name "Web Server"

  description "The role contains nodes, which act as a web server"

  run_list "recipe[ntp]"

  default_attributes "ntp" => {

  "ntpdate" => {

  "disable" => true

  }

  }

  Which of the following technologies is the administrator using to create this web server?

  A. Chef
  B. Ansible
  C. Puppet
  D. Terraform
  A. Chef

• Question 97:

  A systems administrator needs to disable root login for SSH.

  Which of the following commands should the administrator use?

  A. touch /etc/ssh/sshd_config | awk 's/PermitRootLoginX yes/PermitRootLoginX no/'
  B. sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
  C. touch /etc/ssh/sshd_config | print* 1PermitRootLogin/PermitRootLogin no/'
  D. cat /etc/ssh/sshd_config | grep 's/PermitRootLogin yes/PermitRootLogin no/'
  B. sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config

• Question 98:

  A Linux administrator attempts to log in to a server over SSH as root and receives the following error message: Permission denied, please try again. The administrator is able to log in to the console of the server directly with root and confirms the password is correct. The administrator reviews the configuration of the SSH service and gets the following output:

  

  Based on the above output, which of the following will most likely allow the administrator to log in over SSH to the server?

  A. Log out other user sessions because only one is allowed at a time.
  B. Enable PAM and configure the SSH module.
  C. Modify the SSH port to use 2222.
  D. Use a key to log in as root over SSH.
  D. Use a key to log in as root over SSH.

  ---

  Explanation

  The SSH configuration option PermitRootLogin prohibit-password prevents the root user from logging in with password authentication. This setting means root cannot use a password to log in via SSH; only key- based authentication is permitted for root. The administrator can still log in as root locally, which is not affected by this SSH configuration. To allow SSH access as root, the administrator must use an SSH key instead of a password.

  Other options:

  A. MaxSessions controls the number of simultaneous SSH sessions but is not causing the login denial here.

  B. PAM (Pluggable Authentication Modules) is disabled, but enabling it is not required for basic SSH authentication.

  C. Changing the SSH port is unrelated to the authentication method issue.

  CompTIA Linux+ Study Guide: Exam XK0-006, Sybex, Chapter 11: "Securing Linux", Section: "Securing SSH Access" CompTIA Linux+ XK0-006 Objectives, Domain 3.0: Security

• Question 99:

  An administrator wants to reorganize the /etc/sudoers configuration file by department groups.

  Which of the following actions should the administrator take?

  A. Configure #includedir /etc/sudoers.d directive inside /etc/sudoers file.
  B. Create a symlink in each user's home directory to /etc/sudoers.
  C. Copy /etc/sudoers and name each group with incremental numbers (/etc/sudoers1, /etc/sudoers2).
  D. Execute setfacl commands on /etc/sudoers and add permissions for each group.
  A. Configure #includedir /etc/sudoers.d directive inside /etc/sudoers file.

• Question 100:

  Which of the following cryptographic functions ensures a hard drive is encrypted when not in use?

  A. GPG
  B. LUKS
  C. PKI certificates
  D. OpenSSL
  B. LUKS

  ---

  Explanation

  Disk encryption is a key Linux+ V8 security objective, especially for protecting data at rest. LUKS (Linux Unified Key Setup) is the standard Linux framework for full-disk and partition-level encryption.

  Option B is correct. LUKS provides strong encryption for storage devices, ensuring that data remains unreadable when the system is powered off or the disk is removed. It integrates with tools like cryptsetup and supports key management, passphrases, and multiple unlock methods.

  The other options are incorrect. GPG encrypts files, not entire disks. PKI certificates are used for identity and trust, not disk encryption. OpenSSL is a cryptographic library, not a disk encryption mechanism.

  Linux+ V8 documentation explicitly identifies LUKS as the primary solution for disk encryption on Linux systems.