XK0-005 CompTIA Linux+ Exam  Dumps and Practice Test Questions Set 1  Q 1 – 20 

Visit here for our full CompTIA XK0-005 exam dumps and practice test questions.

Question 1

Which command would you use to view real-time memory usage and system processes in a Linux environment?

A) free -h
B) top
C) df -h
D) uname -r

Answer B) top

Explanation

A) free -h: This command displays the amount of free and used memory in the system in a human-readable format. It provides a snapshot of memory usage including total, used, free, shared, buffer/cache, and available memory. While this command is useful for quickly assessing memory utilization, it does not provide dynamic, real-time monitoring of memory usage or detailed information about active processes. It is static and only gives a single instance of memory stats at the moment it is run.

B) top: This command is specifically designed to show real-time system processes and resource utilization, including memory and CPU usage. When executed, it provides a continuously updating display of processes sorted by resource consumption. The display includes details such as process ID, user, CPU and memory usage percentages, running time, and priority. It allows administrators to identify processes that are consuming excessive resources, monitor memory trends, and perform administrative tasks such as sending signals to processes directly from the interface. The dynamic nature of the command and the combination of process monitoring and memory statistics make it the correct choice.

C) df -h: This command is used to display disk space usage for all mounted filesystems in a human-readable format. It provides information such as total size, used space, available space, and mount points. While important for storage management, it does not provide any memory usage information nor does it display processes. Therefore, it is not suitable for monitoring real-time memory utilization.

D) uname -r: This command prints the kernel version currently running on the system. While it is useful for identifying the system’s kernel for compatibility or troubleshooting purposes, it does not provide any information regarding memory usage or processes. It is strictly for system information and has no dynamic monitoring capabilities.

The correct answer is top because it combines the ability to monitor system processes and memory utilization in real time, allowing administrators to track performance, diagnose issues, and take immediate action when necessary. It is one of the primary tools for Linux system monitoring.

Question 2

You need to schedule a task to run every day at 3:30 AM using cron. Which line would you add to the crontab file?

A) 30 3 * * * /path/to/command
B) 3 30 * * * /path/to/command
C) @daily /path/to/command
D) 0 3 * * /path/to/command

Answer A) 30 3 * * * /path/to/command

Explanation

A) 30 3 * * * /path/to/command: In the cron syntax, the first field represents minutes, the second field represents hours, followed by day of the month, month, and day of the week. 30 in the first field indicates the 30th minute, and 3 in the second field indicates 3 AM. The asterisks in the remaining fields indicate that the task should run every day, every month, and every day of the week. This correctly schedules the command to run daily at 3:30 AM, making it the correct choice.

B) 3 30 * * * /path/to/command: This would schedule the command at 30:03 AM (30 hours, 3 minutes), which is invalid because the hour field only accepts values from 0 to 23. Therefore, this syntax is incorrect and would either fail or produce an unintended schedule.

C) @daily /path/to/command: The @daily special string in cron schedules a job to run once every day at midnight (00:00). Although it ensures daily execution, it does not run the task at the specific time of 3:30 AM, so it does not meet the requirement.

D) 0 3 * * /path/to/command: This schedules a task at 3:00 AM every day. While it runs daily and is a valid cron expression, it does not match the specified time of 3:30 AM, so it is not correct.

The correct scheduling format in cron requires understanding the positional syntax and the difference between numeric and special string scheduling. 30 3 * * * accurately defines the desired execution time for a daily job at 3:30 AM. It is essential to distinguish between hour and minute placement, as reversing them could lead to incorrect scheduling or failure. Cron is widely used for task automation in Linux, and mastering the syntax ensures precise execution of recurring tasks.

Question 3

Which file contains user account information, including hashed passwords, in most Linux distributions?

A) /etc/passwd
B) /etc/shadow
C) /etc/group
D) /etc/profile

Answer B) /etc/shadow

Explanation

A) /etc/passwd: This file contains basic user account information, including the username, UID, GID, home directory, shell, and an x or placeholder where the password is not stored directly. Historically, passwords were stored here, but for security reasons, modern Linux systems moved password hashes to a separate file. While critical for user information and account management, it does not store the hashed passwords directly in modern systems.

B) /etc/shadow: This file is designed to enhance security by storing hashed passwords for user accounts. Access to /etc/shadow is restricted to the root user to prevent unauthorized users from obtaining sensitive password data. It contains fields such as the username, hashed password, password expiration information, and account aging details. The separation of password storage from /etc/passwd is a fundamental security practice in Linux. Access to /etc/shadow is tightly controlled, and utilities like passwd and shadow-related commands interact with this file for authentication and password management. This makes it the correct answer.

C) /etc/group: This file contains group account information, including group names, GID, and group members. It is essential for defining permissions and access control, but it does not store password hashes. Its function is related to group membership and privileges, not authentication at the individual account level.

D) /etc/profile: This file is a system-wide configuration script executed at login for all users. It sets environment variables, shell settings, and startup commands. It does not contain password information or user authentication details and is strictly used for environment setup.

The security model of Linux separates user information from sensitive password data. /etc/shadow stores hashed passwords in a protected file that only privileged processes can access. Understanding the difference between /etc/passwd and /etc/shadow is crucial for Linux administration, as mismanagement can lead to security vulnerabilities. The hashed passwords in /etc/shadow are used by authentication mechanisms to verify credentials without exposing the actual passwords, maintaining system security.

Question 4

Which command is used to change the permissions of a file in Linux?

A) chmod
B) chown
C) ls -l
D) umask

Answer A) chmod

Explanation

A) chmod: The chmod command is specifically designed to change file permissions. It allows an administrator or user to modify read, write, and execute permissions for the owner, group, and others using either symbolic notation (rwx) or numeric (octal) notation. For example, chmod 755 file.txt sets read/write/execute for the owner, and read/execute for group and others. It is fundamental for managing access control in Linux, making it the correct command.

B) chown: This command changes the ownership of a file or directory, specifying a new owner or group. While important for determining who controls a file, it does not modify the actual permission bits. Changing ownership does not directly affect the read, write, or execute permissions unless combined with a separate chmod command.

C) ls -l: This command lists files in long format, showing permissions, ownership, size, and modification time. It is purely informational and cannot change permissions. While helpful for verifying permissions, it does not modify them.

D) umask: The umask command sets the default permission mask for newly created files and directories. It influences the initial permission settings but does not change existing file permissions. umask works by masking out permission bits from the default values assigned during file creation.

Understanding file permissions is essential for maintaining Linux system security. chmod directly manipulates these permissions, providing granular control over who can read, write, or execute files. While chown, ls, and umask play supporting roles, chmod is the primary tool for permission modification. Proper use ensures sensitive files are protected, and system integrity is maintained.

Question 5

Which command will display the last 50 lines of a log file and update continuously as new lines are added?

A) tail -f -n 50 /var/log/syslog
B) head -n 50 /var/log/syslog
C) cat /var/log/syslog | less
D) more /var/log/syslog

Answer A) tail -f -n 50 /var/log/syslog

Explanation

A) tail -f -n 50 /var/log/syslog: The tail command with the -n flag allows specifying the number of lines to display from the end of a file. The -f flag enables “follow mode,” where the command continuously updates the output as new lines are appended to the file. This is particularly useful for monitoring log files in real-time, allowing administrators to track events, errors, or system messages as they occur. Combining -n 50 with -f ensures that the last 50 lines are shown initially, and new entries are displayed dynamically.

B) head -n 50 /var/log/syslog: The head command displays the first 50 lines of a file. While it is useful for quickly inspecting the beginning of a file, it does not provide real-time updates or monitor changes to the file. Therefore, it cannot achieve the continuous monitoring functionality.

C) cat /var/log/syslog | less: Using cat to display a file and piping it to less allows scrolling through the content interactively. However, it is static and does not automatically update as new lines are added. Less is a pager for viewing files but lacks dynamic monitoring capabilities.

D) more /var/log/syslog: The more command is another pager for viewing file content page by page. Similar to less, it does not support real-time updates. It is limited to static viewing of the current content without continuous tracking of file changes.

Monitoring log files is a critical task for Linux administrators. The combination of tail, -n, and -f provides an efficient, real-time solution. By using this command, system administrators can quickly identify errors, track processes, and respond to system events as they happen, which is indispensable for troubleshooting, auditing, and operational monitoring.

Question 6

Which Linux command is used to search for a specific pattern within a file and display matching lines?

A) grep
B) find
C) locate
D) awk

Answer A) grep

Explanation

A) grep: The grep command is explicitly designed to search for a specific pattern or regular expression within one or more files and display the matching lines. It is one of the most powerful and widely used commands for text searching in Linux. grep allows the use of regular expressions, which enables complex search patterns, including character classes, wildcards, anchors, and repetition operators. Additional options such as -i for case-insensitive search, -v to invert the match, -r for recursive searching through directories, and -n to display line numbers make it extremely versatile for both administrators and developers. For example, grep -i “error” /var/log/syslog searches the system log for any occurrences of the word “error,” ignoring case, and displays each matching line. This command is especially important for troubleshooting system issues, monitoring log files, or processing large amounts of text data efficiently. Its ability to isolate relevant information quickly and accurately is unmatched by other commands in this context, which makes it the correct choice.

B) find: The find command is primarily used to search for files and directories based on various criteria such as name, type, size, modification time, or permissions. While find is extremely powerful for locating files in the filesystem, it does not search inside the content of files for a pattern. For example, find /var/log -name “*.log” lists all log files in the /var/log directory but does not search for specific words or patterns inside those files. Though find can be combined with grep using piping to search inside files, on its own, it cannot fulfill the requirement of displaying matching lines based on a text pattern, making it unsuitable for this task.

C) locate: The locate command searches a prebuilt database (usually updated via updatedb) for file and directory names. It is extremely fast for finding file paths but does not search inside the file content. For instance, locate syslog returns the paths of all files containing “syslog” in their names. This command is useful for quickly locating files but does not provide line-by-line pattern matching inside files. It also depends on the database, which may not always be up to date with the current filesystem contents.

D) awk: The awk command is a powerful text-processing utility that can search for patterns, manipulate text, and generate reports. While awk can be used to search for patterns, it is generally more complex and used for data extraction, formatting, and scripting. For example, awk ‘/error/ {print $0}’ /var/log/syslog can search for lines containing “error,” but this requires more advanced understanding of awk syntax and is overkill for simple pattern matching. Unlike grep, awk is better suited for structured text processing rather than straightforward pattern search.

grep is the most appropriate command for searching for patterns within files because it is simple, efficient, and specifically optimized for this purpose. Its ability to handle large files, use regular expressions, and display results directly makes it the preferred choice for administrators performing log analysis, debugging, or text processing. While find, locate, and awk have related or overlapping functionalities, they do not directly replace grep for straightforward pattern matching.

Question 7

Which command will display all currently mounted filesystems along with their disk usage?

A) df -h
B) du -sh
C) mount
D) lsblk

Answer A) df -h

Explanation

A) df -h: The df command, short for “disk filesystem,” is specifically designed to report disk space usage of mounted filesystems. The -h flag provides a human-readable format, displaying sizes in kilobytes, megabytes, or gigabytes. It shows the filesystem name, total size, used space, available space, usage percentage, and the mount point for each filesystem. For example, df -h might display the usage statistics for /, /home, /boot, and other mounted partitions. This command is essential for system administrators who need to monitor disk utilization, identify full filesystems, and plan capacity management. It provides a high-level overview of storage consumption, allowing quick diagnosis of disk space issues. Because it combines information about mounted filesystems and usage statistics in a clear and readable format, it is the correct choice for this purpose.

B) du -sh: The du command, short for “disk usage,” calculates the space consumed by files and directories, not entire filesystems. The -s flag summarizes the total size, and -h makes it human-readable. For example, du -sh /home/user reports the total space used by the /home/user directory. While extremely useful for investigating which directories are consuming the most space, du does not display information about all mounted filesystems or their overall usage. It is a directory-level analysis tool rather than a filesystem-level monitoring tool.

C) mount: The mount command shows which filesystems are currently mounted and their mount points. For example, mount outputs the filesystem device, mount point, type, and mount options. While it provides useful information about the system’s mounted devices, it does not display disk usage or capacity statistics. Therefore, while mount is useful for checking filesystem configuration, it does not meet the requirement to view disk usage.

D) lsblk: The lsblk command lists all block devices, including partitions, with their size, type, and mount points. For example, lsblk shows /dev/sda and its partitions along with sizes and mount points. While it is helpful for visualizing the storage layout, it does not display disk usage statistics. It is mainly used to understand the physical structure of storage devices rather than monitoring consumption.

df -h is the most suitable command because it combines both filesystem identification and usage statistics. It provides an immediate overview of storage consumption on all mounted filesystems, which is critical for monitoring, troubleshooting, and planning capacity expansion. While du, mount, and lsblk offer related functionalities, only df -h provides a concise summary of disk usage for each mounted filesystem.

Question 8

Which command is used to display or modify the network configuration, including IP addresses, routes, and interface status?

A) ifconfig
B) ping
C) traceroute
D) netstat

Answer A) ifconfig

Explanation

A) ifconfig: ifconfig is a traditional command used to display and configure network interfaces. It can show the IP address, subnet mask, broadcast address, MAC address, interface status, and statistics related to transmitted and received packets. Additionally, it allows administrators to bring interfaces up or down, assign IP addresses, and manage network configurations manually. For example, ifconfig eth0 192.168.1.10 netmask 255.255.255.0 up assigns an IP address to the eth0 interface. While some modern Linux distributions prefer the ip command, ifconfig remains widely used for viewing and adjusting network settings. This makes it the correct choice for managing network interfaces and IP configurations directly.

B) ping: The ping command tests connectivity between the local host and a remote host using ICMP echo requests. While useful for diagnosing network reachability and latency, it does not provide or modify configuration details for network interfaces. It is purely a diagnostic tool rather than a configuration utility.

C) traceroute: traceroute traces the path packets take to reach a destination across the network. It displays each hop along the route and the time taken. While valuable for identifying routing issues and network bottlenecks, it does not display or modify local network interface configuration.

D) netstat: netstat provides information about network connections, routing tables, interface statistics, and socket usage. While it offers insight into active connections and routing, it does not allow direct modification of interface IP addresses or settings. It is a monitoring tool rather than a configuration utility.

ifconfig is correct because it directly provides the ability to view and modify network interfaces, assign IP addresses, and manage interface status. While ping, traceroute, and netstat are important for network troubleshooting and monitoring, they do not provide the configuration capabilities that ifconfig offers. Mastery of ifconfig (or its modern equivalent, ip) is essential for Linux network administration.

Question 9

Which command is used to compress a directory into a tarball and gzip it in Linux?

A) tar -czvf archive.tar.gz /path/to/directory
B) zip archive.zip /path/to/directory
C) gzip -r /path/to/directory
D) compress -c /path/to/directory

Answer A) tar -czvf archive.tar.gz /path/to/directory

Explanation

A) tar -czvf archive.tar.gz /path/to/directory: The tar command combines multiple files or directories into a single archive, and the -c option creates a new archive. The -z flag compresses it using gzip, -v enables verbose output to show progress, and -f specifies the output filename. This combination is widely used in Linux for both backup and distribution purposes. For example, tar -czvf backup.tar.gz /home/user creates a gzip-compressed archive of the /home/user directory. This method preserves directory structure, permissions, and symbolic links, making it a reliable and standard approach for packaging files. It is highly efficient and commonly used in system administration, scripting, and deployment tasks.

B) zip archive.zip /path/to/directory: The zip command also compresses files and directories into a single archive. While effective and widely used, it is not as native to Linux systems as tar and gzip, and it may not preserve all Unix file permissions and symbolic links. It is more commonly used in cross-platform scenarios but does not meet the standard Linux practice for system backups and distribution.

C) gzip -r /path/to/directory: The gzip command compresses individual files, and the -r flag recursively compresses files in subdirectories. However, gzip does not create a single archive for the entire directory; instead, it compresses each file individually. This can make extraction and management cumbersome compared to using tar -czvf, which packages everything into one archive.

D) compress -c /path/to/directory: The compress command is an older compression tool that creates .Z files. It is largely obsolete and lacks many features of gzip and tar, such as directory structure preservation and widespread support in modern Linux systems. While it can compress files, it is not standard practice for creating tarballs in Linux.

tar -czvf is the correct choice because it combines archiving and compression into a single command, preserves file structure and permissions, and is widely used in Linux administration. This makes it the standard method for creating compressed backups and tarballs for distribution.

Question 10

Which command will display detailed information about system hardware, including CPU, memory, and kernel version?

A) lshw
B) free -h
C) uname -r
D) top

Answer A) lshw

Explanation

A) lshw: The lshw command (list hardware) provides a detailed report of system hardware, including CPU architecture, number of cores, RAM size and configuration, storage devices, network interfaces, and the kernel version. It can output results in human-readable text, XML, or HTML for documentation purposes. For example, sudo lshw -short provides a concise summary, while sudo lshw outputs a detailed report. This command is invaluable for system diagnostics, inventory management, and troubleshooting hardware-related issues. It identifies components, capabilities, and potential conflicts, making it a critical tool for Linux administrators and support personnel.

B) free -h: While free -h provides a human-readable summary of memory usage, it does not display detailed information about CPU, storage, or kernel version. Its scope is limited to RAM and swap memory statistics, making it unsuitable for complete hardware inspection.

C) uname -r: This command outputs only the kernel version currently running on the system. It is useful for identifying compatibility and version issues but does not provide information about CPU, memory, or other hardware components.

D) top: The top command displays real-time CPU and memory usage along with process statistics. While useful for monitoring system performance, it does not provide detailed static information about hardware specifications, such as number of cores, memory modules, or storage devices.

lshw is the correct choice because it provides a comprehensive overview of all hardware components along with kernel and system information. It is an essential tool for administrators performing audits, troubleshooting, or planning system upgrades. While free, uname, and top provide specific subsets of system information, only lshw gives a complete hardware profile.

Question 11

Which command can be used to display the running services and their status on a system using systemd?

A) systemctl status
B) service –status-all
C) chkconfig –list
D) ps aux

Answer A) systemctl status

Explanation

A) systemctl status: The systemctl command is the primary utility for interacting with systemd, which is the init system and service manager used by most modern Linux distributions. The status subcommand displays detailed information about the state of a service or unit. For example, systemctl status sshd shows whether the SSH service is active, inactive, or failed, along with recent log entries, process IDs, memory usage, and CPU time. systemctl provides real-time information about all aspects of a service, including dependencies and startup behavior, and can be used to start, stop, restart, enable, or disable services. This makes it a comprehensive tool for system administration and service monitoring, which is why it is the correct choice for checking running services on systemd-based systems.

B) service –status-all: This command lists the status of all services in a legacy SysV init-style format. While it can show whether services are running or stopped, it is less detailed than systemctl and does not integrate with modern systemd units. Additionally, some systemd-based distributions provide service as a compatibility wrapper, so its output may be incomplete or misleading in certain cases. Therefore, while useful on older systems, it is not the most accurate method for modern Linux service management.

C) chkconfig –list: chkconfig is another legacy command used for managing service startup behavior in SysV init systems. It lists which services are enabled to start at different runlevels. While it provides configuration information about startup services, it does not display the real-time status of currently running services. On modern systemd systems, chkconfig is largely deprecated, and its use is limited to compatibility scenarios.

D) ps aux: The ps command displays currently running processes along with their CPU and memory usage, user, and command information. While it can indirectly indicate whether a service is running by showing its processes, it does not provide structured service information such as whether a service is active, inactive, or failed, nor does it show dependencies or logging information. Therefore, it is not a reliable tool for comprehensive service status monitoring.

systemctl status is the correct choice because it integrates with systemd, provides detailed information about service status, dependencies, and logs, and allows administrators to perform control operations on services. Legacy tools like service and chkconfig have limited capabilities and are primarily for backward compatibility. ps aux is useful for process inspection but cannot replace the structured, service-oriented output of systemctl. For modern Linux administration, systemctl is essential for service management, monitoring, and troubleshooting.

Question 12

Which Linux command is used to change the owner and group of a file or directory?

A) chown
B) chmod
C) chgrp
D) ls -l

Answer A) chown

Explanation

A) chown: The chown command is used to change the ownership of a file or directory. It allows administrators to specify both the owner and the group in a single command. For example, chown user:group filename changes the owner to “user” and the group to “group.” Changing file ownership is essential for controlling access permissions and maintaining proper security. By ensuring that only the intended users and groups have ownership rights, chown allows precise management of file access in multi-user environments. It is a core administrative tool for enforcing the principle of least privilege and maintaining security hygiene.

B) chmod: chmod is used to modify file permissions (read, write, execute) for the owner, group, and others. While it controls access to a file or directory, it does not change the actual owner or group. Permissions and ownership are distinct, and chmod only affects the access levels rather than the entity that owns the file.

C) chgrp: chgrp changes the group ownership of a file or directory. While it allows modification of the group, it cannot change the individual user ownership. chgrp is useful when you only need to adjust group permissions, but chown is more versatile because it can change both owner and group simultaneously.

D) ls -l: This command lists files in long format, showing permissions, ownership, size, and modification time. It is informational and cannot modify ownership or permissions. While helpful for verifying ownership and permissions, it does not perform any modification.

chown is the correct choice because it provides comprehensive control over file ownership, which is essential for proper security management and access control. chmod and chgrp are related tools for permissions and group management, but they do not provide the same level of control as chown. ls -l is purely a diagnostic tool. Understanding the difference between ownership and permissions is critical for Linux administration, ensuring files are secured correctly and access is restricted to authorized users.

Question 13

Which command allows a user to view the contents of a compressed .gz file without extracting it?

A) zcat
B) tar -xzvf
C) gzip -d
D) less

Answer A) zcat

Explanation

A) zcat: zcat is specifically designed to display the contents of compressed .gz files without extracting them. It decompresses the data on the fly and outputs it to the standard output, allowing users to view the file content without creating an uncompressed copy. For example, zcat file.gz displays the content of file.gz directly. This is useful for quick inspection of large compressed log files or data files without using extra disk space for decompression. zcat can also be piped into other commands like grep, less, or awk for further analysis, making it a versatile tool for working with compressed files.

B) tar -xzvf: This tar command extracts compressed tar.gz archives. While it can decompress and extract files from a tarball, it does not display content directly. Its primary purpose is archiving and extraction, not immediate content inspection, so it is not suitable for viewing files without extraction.

C) gzip -d: The gzip -d command decompresses a .gz file into its original format, creating an uncompressed copy. While it allows access to the content, it physically creates the decompressed file on disk rather than providing a read-only view of the contents. This makes gzip -d less convenient for quick inspections or for situations where disk space is limited.

D) less: less is a pager that allows viewing of files interactively, but it cannot read compressed .gz files natively. To view a .gz file with less, it must first be decompressed using zcat or gunzip, or piped into less, e.g., zcat file.gz | less. While less is very useful for scrolling through files, it does not directly handle compression.

zcat is the correct choice because it provides immediate access to compressed content without creating an uncompressed file, saving disk space and time. tar -xzvf and gzip -d involve extraction, and less requires an additional step for compression handling. zcat’s ability to integrate with pipes and other commands makes it ideal for quick analysis of compressed data.

Question 14

Which command is used to monitor system logs in real time?

A) tail -f /var/log/syslog
B) cat /var/log/syslog
C) head -n 100 /var/log/syslog
D) more /var/log/syslog

Answer A) tail -f /var/log/syslog

Explanation

A) tail -f /var/log/syslog: The tail command with the -f flag allows real-time monitoring of a log file. It initially displays the last 10 lines of the file and continuously outputs new lines as they are appended. This is essential for administrators who need to observe ongoing system events, detect errors as they occur, or troubleshoot live processes. For example, running tail -f /var/log/syslog allows you to monitor system messages, authentication logs, or daemon outputs in real time. Combining tail -f with grep enables focused monitoring of specific events or errors. This command is widely used for operational monitoring, debugging, and security auditing, making it the correct choice for real-time log monitoring.

B) cat /var/log/syslog: cat displays the entire content of a file from beginning to end. While useful for reading file content, it does not provide real-time updates. It outputs only the current content and terminates, which is insufficient for monitoring ongoing events.

C) head -n 100 /var/log/syslog: head shows the first N lines of a file. It is useful for inspecting the start of log files but does not continuously display new entries. It is static and does not serve the purpose of real-time monitoring.

D) more /var/log/syslog: The more command is a pager that allows scrolling through the file page by page. It does not provide dynamic updating, so any new lines appended to the file after the command starts will not appear. While useful for interactive viewing, it does not meet the requirements for real-time observation.

tail -f is correct because it provides continuous output of new log entries as they occur, making it indispensable for monitoring, debugging, and system administration. cat, head, and more are static viewing tools and cannot achieve real-time log observation. Understanding how to leverage tail -f effectively is a key skill for Linux administrators.

Question 15

Which command is used to display disk usage of a directory and its subdirectories in a human-readable format?

A) du -sh /path/to/directory
B) df -h
C) ls -lhR
D) stat /path/to/directory

Answer A) du -sh /path/to/directory

Explanation

A) du -sh /path/to/directory: The du command reports disk usage for files and directories. The -s flag summarizes the total size of the directory, while -h displays the size in human-readable units (KB, MB, GB). For example, du -sh /home/user shows the total disk space used by that directory and all its contents. du is widely used for identifying space-hungry directories, planning capacity, and cleaning up storage. It can also be combined with sort and head to find the largest directories, which is essential for troubleshooting full disks. It operates recursively, calculating the space used by subdirectories automatically, making it the correct choice for detailed disk usage analysis.

B) df -h: df displays disk space usage for entire filesystems, not individual directories. While it provides a high-level overview of storage consumption, it cannot give detailed directory-level statistics.

C) ls -lhR: The ls command lists files and directories in long format with human-readable sizes. The -R flag enables recursive listing, but it does not summarize total disk usage, nor does it aggregate the sizes of subdirectories. It provides detailed individual file sizes but is not suitable for assessing overall directory disk usage.

D) stat /path/to/directory: stat displays detailed metadata about a file or directory, including size, permissions, modification time, and inode information. However, it does not calculate the total disk usage of a directory and its contents, so it is not appropriate for disk usage monitoring.

du -sh is the correct choice because it provides a concise, human-readable summary of the total disk space used by a directory and all its subdirectories. df provides filesystem-level data, ls -lhR provides individual file sizes without summarization, and stat provides metadata without aggregated usage. du is essential for space management, cleanup, and system administration in Linux.

Question 16

Which command can be used to display the last login time of a user on a Linux system?

A) last
B) whoami
C) w
D) id

Answer A) last

Explanation

A) last: The last command is used to display a list of recent user logins on a Linux system. It reads from the /var/log/wtmp file, which stores login and logout information, and provides detailed information including username, terminal, IP address, login time, and session duration. For example, running last username will display the login history of the specified user. This command is essential for auditing user activity, identifying unauthorized access, and troubleshooting login issues. last can also display system reboots, shutdowns, and runlevel changes, providing a comprehensive view of system activity over time. Its ability to query historical login records and provide detailed session information makes it the correct choice for tracking the last login time.

B) whoami: The whoami command simply prints the username of the currently logged-in user. While it identifies the user running the session, it does not provide any historical login information or details about previous sessions. Its functionality is limited to the current environment.

C) w: The w command shows information about currently logged-in users and their activities, including login time, idle time, and processes being executed. While it is useful for monitoring live sessions, it does not provide historical login information, so it cannot indicate the last login time for a user.

D) id: The id command displays the user ID (UID), group ID (GID), and group membership of the current user or a specified user. While it provides security-related information about user identity and privileges, it does not display login times or session history.

The last command is correct because it provides historical login records for all users, including the last login time, terminal, source IP, and session duration. whoami, w, and id provide information about the current session or user identity but cannot retrieve historical login information. For auditing, security monitoring, and tracking system access, last is indispensable in Linux administration.

Question 17

Which command is used to display active network connections and listening ports on a Linux system?

A) netstat -tulnp
B) ifconfig
C) ping
D) route

Answer A) netstat -tulnp

Explanation

A) netstat -tulnp: The netstat command provides detailed information about active network connections, including TCP and UDP connections, listening ports, routing tables, and interface statistics. The flags -t, -u, -l, -n, and -p refine the output: -t displays TCP connections, -u displays UDP, -l shows listening sockets, -n uses numeric addresses and ports, and -p displays the PID/program associated with each socket. For example, netstat -tulnp lists all listening TCP/UDP ports along with the processes using them. This command is essential for network monitoring, security auditing, and troubleshooting network issues, as it provides visibility into open ports and active connections.

B) ifconfig: The ifconfig command displays and configures network interfaces, including IP addresses, MAC addresses, and interface status. While it provides information about the interfaces themselves, it does not list active network connections or listening ports, so it cannot replace netstat for connection monitoring.

C) ping: ping is used to test network connectivity by sending ICMP echo requests to a target host. While useful for checking reachability and latency, it does not provide information about active connections, listening ports, or processes.

D) route: The route command shows the kernel routing table, detailing how packets are forwarded to different network destinations. While it helps diagnose routing issues, it does not display active connections or listening ports.

netstat -tulnp is the correct choice because it provides a comprehensive view of active network connections and the processes using them. It is widely used for network troubleshooting, security monitoring, and firewall configuration verification. ifconfig, ping, and route serve related but distinct purposes, focusing on interfaces, connectivity tests, and routing rather than active network connections.

Question 18

Which command will recursively search for a file named “config.txt” starting from the root directory?

A) find / -name config.txt
B) locate config.txt
C) grep config.txt /
D) ls -R / | grep config.txt

Answer A) find / -name config.txt

Explanation

A) find / -name config.txt: The find command is designed to search the filesystem for files and directories based on specific criteria. The / specifies the starting directory (root), and -name config.txt restricts the search to files matching that name exactly. find can search recursively through all subdirectories and can also filter results based on type, size, permissions, modification time, and ownership. It is extremely versatile for administrative tasks, troubleshooting missing files, or locating configuration files. find executes a live search on the filesystem, ensuring accuracy and completeness, which makes it the correct choice.

B) locate config.txt: locate searches a prebuilt database of files, usually updated via updatedb. It is very fast compared to find because it queries the database rather than scanning the filesystem. However, its results may be outdated if the database has not been updated recently. While useful for quickly locating files, it is not guaranteed to reflect the current filesystem state, which makes it less reliable for real-time searches.

C) grep config.txt /: grep searches for text patterns within files, not filenames. Using grep in this context would attempt to search inside files under the root directory for the text “config.txt,” which is not the same as searching for a file by name. This approach would fail to locate the actual file if the filename itself is the target.

D) ls -R / | grep config.txt: This command lists all files and directories recursively under / and pipes the output to grep to search for “config.txt.” While it can theoretically locate files by name, it is inefficient for large filesystems, prone to errors with special characters, and much slower than find. It is a workaround rather than a standard method for file searches.

find / -name config.txt is correct because it directly searches the filesystem recursively for the specified file, accurately reflecting the current state. locate is faster but potentially outdated, grep searches within files, and ls -R | grep is inefficient and error-prone. find remains the standard tool for recursive file search in Linux administration.

Question 19

Which command allows you to display, filter, and manipulate real-time system processes in Linux?

A) top
B) ps aux
C) htop
D) uptime

Answer C) htop

Explanation

A) top: top displays running processes in real-time, along with CPU and memory usage, process IDs, and user information. It allows sorting by CPU, memory, or process ID and is interactive to some extent, permitting process termination. While powerful, top has a less intuitive interface compared to modern alternatives, and customization requires memorizing key bindings, making it less user-friendly for some administrators.

B) ps aux: ps aux provides a snapshot of running processes with detailed information including PID, CPU, memory usage, and associated users. While highly informative, ps aux is static and does not refresh automatically. Real-time monitoring requires repeated execution or scripting, so it cannot interactively manipulate running processes as top or htop can.

C) htop: htop is an interactive, improved alternative to top. It displays processes in a colorful, human-readable format, supports scrolling horizontally and vertically, filtering by name, user, or resource usage, and allows process management through function keys (e.g., killing or renicing processes). htop provides real-time monitoring, filtering, and manipulation capabilities, making it superior for interactive process management. For example, pressing F3 allows searching for a process, and F9 can send a signal to terminate a selected process. Its visual interface and extensive functionality make it the correct choice for interactive system process management.

D) uptime: uptime provides a brief summary of system load, current time, and how long the system has been running. While it gives insight into load averages, it does not display individual processes or allow manipulation. It is informative but very limited compared to top or htop.

htop is correct because it allows real-time, interactive monitoring, filtering, and management of processes, making it a preferred choice for administrators. top provides similar functionality but with a less user-friendly interface, ps aux is static, and uptime provides only a high-level summary. Mastery of htop enhances troubleshooting, performance monitoring, and process control in Linux systems.

Question 20

Which command is used to display the kernel version, system architecture, and operating system details in Linux?

A) uname -a
B) lsb_release -a
C) cat /etc/os-release
D) hostnamectl

Answer A) uname -a

Explanation

A) uname -a: The uname command displays system information. The -a flag provides all available details, including the kernel name, kernel version, hostname, architecture, operating system type, and more. For example, uname -a outputs something like Linux hostname 5.15.0-75-generic x86_64 GNU/Linux, providing a complete snapshot of the kernel and architecture. It is critical for verifying system compatibility, troubleshooting hardware or software issues, and documenting system specifications.

B) lsb_release -a: This command provides Linux Standard Base (LSB) information, including distributor ID, description, release number, and codename. While it gives detailed OS release information, it does not provide kernel details or hardware architecture. It is more suitable for identifying the Linux distribution and version for software compatibility.

C) cat /etc/os-release: This command reads the os-release file, which contains information about the Linux distribution, version, and ID. It does not include kernel version or architecture information. This is useful for distribution identification but incomplete for full system details.

D) hostnamectl: This command provides information about the system hostname, kernel, architecture, and some OS information. While informative, it is primarily focused on hostname configuration and provides less comprehensive kernel details than uname -a.

uname -a is correct because it provides the most complete view of kernel, architecture, and OS details in a single command. lsb_release and os-release focus on distribution information, and hostnamectl emphasizes hostname and basic system information. For troubleshooting, documentation, and compatibility checks, uname -a is the standard utility.