XK0-005 CompTIA Linux+ Exam Free Practice Exam Questions (2025 Updated)

Comprehensive and Detailed Explanation From Exact Extract:

To add a new physical disk to LVM, the disk must first be initialized as a physical volume using the pvcreate command. This prepares the new disk for use by the LVM subsystem. After initializing with pvcreate, you would use vgextend to add the new physical volume to an existing volume group.

Other options:

A. vgextend adds a physical volume to a volume group, but you must use pvcreate first.

B. lvextend is used to increase the size of a logical volume, not to add a new disk.

D. pvresize is used to resize an existing physical volume, not to create one.

To capture all traffic from a specific IP address using tcpdump, the correct syntax is:

bash

tcpdump host 10.0.6.5

host is the correct keyword used to filter packets from or to a specific IP address.

ip, addr, and net are not valid or appropriate filters in this context:

ip is a protocol filter, not an address filter.

net would filter an entire subnet, not a single host.

addr is invalid syntax for tcpdump.

As described in CompTIA Linux+ XK0-005 Official Study Guide, Domain 2.0 (Networking Tools):

“The tcpdump utility can be used to capture and analyze packets. Use the keyword host to filter traffic to or from a specific IP address.”

The web server is listening on port 443, but firewalld is not allowing it.

Use: firewall-cmd --permanent --add-port=443/tcp && firewall-cmd --reload

A zombie process is a process that has completed execution but still has an entry in the process table because its parent process has not read its exit status. The best signal to send to the parent process is SIGTERM, which politely asks it to terminate and release the resources held by the zombie child processes.

The correct command is:

bash

top -u Joe

This command shows all running processes for the user Joe in real-time.

Option A (lsof -p 'Joe') is incorrect because lsof uses process IDs (-p), not usernames.

Option C (jobs) lists background jobs for the current shell, not across users.

Option D is invalid syntax; ps -ax does not accept a username directly.

The -i option stands for 'interactive' and it prompts before overwriting any existing files. This ensures that no existing files are accidentally overwritten during the move operation.

Setting vm.nr_hugepage in /etc/sysctl.conf ensures the setting is persisted across reboots.

Incorrect Options:

A: -a displays all; does not set.

B: Typo in variable name (hiigepage).

C: modprobe.conf is for module parameters, not sysctl variables.

The ssh -R command sets up reverse port forwarding, which allows connections from the remote server to be forwarded to the local machine. In this case, ssh -R 8000:localhost:9000 remote will forward traffic on port 8000 on the remote server to port 9000 on the local machine.

This is the standard method for compiling software from source:

./configure: Prepares the build environment.

make: Compiles the source code.

make install: Installs the compiled program.

The /etc/passwd file contains user account information, where each line includes fields separated by colons. To list all user accounts and their UIDs, use cut -d: -f1,3 /etc/passwd. This cuts the first field (username) and the third field (UID) from each line.

The docker build command is used to build an image from a Dockerfile and a context1. The Dockerfile is a text file that contains the instructions for creating the image, and the context is a set of files that can be used in the image creation process1. The file that the developer received is an example of a Dockerfile.

The -t option is used to specify a name and an optional tag for the image1. The name and tag are separated by a colon (:), and the tag is usually used to indicate the version of the image2. For example, -t myimage:1.0 means that the image will be named myimage and tagged as 1.0.

The last argument of the docker build command is the path to the context, which can be a local directory or a URL1. The dot (.) means that the current working directory is the context2. Therefore, docker build -t myimage:1.0 . means that the image will be built from the Dockerfile and the files in the current working directory, and it will be named myimage and tagged as 1.0.

The ~/.ssh/authorized_keys file contains SSH public keys that grant access to the user account. Removing this file ensures that no external entities can log in using previously authorized keys. The ~/.ssh/known_hosts file stores fingerprints of previously connected hosts. Removing this file ensures that SSH doesn't trust any previously connected hosts.

Based on the output from one of the affected systems, the best explanation for the reported issue is that the virtual machine is running out of CPU resources, leading to users experiencing longer response times (D). The output shows that the system use percentage is very high (57.85%), indicating that the virtual machine is using most of its CPU cycles for system processes. This leaves little CPU time for user processes, which results in slower performance. The other explanations are not supported by the output or are contradictory. References:

[CompTIA Linux+ Study Guide], Chapter 8: Optimizing Linux Performance, Section: Monitoring CPU Usage

[How to Interpret CPU Usage Statistics]

The best tool to use to verify the integrity of a file is A. sha256sum. This tool will compute and display the SHA-256 hash of a file, which is a 64-digit hexadecimal number that uniquely identifies the file’s content. By comparing the hash of a downloaded file with the hash provided by the file owner or source, you can confirm that the file has not been altered or corrupted during the transfer. The other tools are either not relevant or not suitable for this task. For example:

B. fsck is a tool for checking and repairing the file system, but it does not verify the integrity of individual files.

C. gpg -d is a tool for decrypting files that have been encrypted with GnuPG, but it does not verify the integrity of unencrypted files.

D. hashcat is a tool for cracking passwords or hashes, but it does not verify the integrity of files.

The setfacl -m u:Oliver:rwx /cloud_users command modifies the ACL (Access Control List) for the directory cloud_users, granting the user Oliver read, write, and execute permissions. This is the correct syntax for assigning specific permissions to a user.

pvs shows warning that a PV is missing.

The LVM volume vgdata-lvdata cannot be mounted.

Comprehensive and Detailed Explanation From Exact Extract:

To temporarily configure a Linux virtual machine as a router, the technician must enable IP forwarding and set up iptables rules to allow and masquerade traffic:

A. echo "1" > /proc/sys/net/ipv4/ip_forward: Enables IPv4 forwarding in the Linux kernel, allowing the VM to forward packets between interfaces.

B. iptables -A FORWARD -j ACCEPT: Adds a rule to the iptables firewall to accept all forwarded packets (allows traffic to be routed).

G. iptables -t nat -s 10.10.204.0/24 -A POSTROUTING -j MASQUERADE: Sets up network address translation (NAT) for outgoing packets from the 10.10.204.0/24 subnet, masquerading them as if they are coming from the VM’s external IP.

Other options:

C. and H. are not relevant for routing/NAT in this context (PREROUTING is generally used for DNAT, not for standard source NAT).

D. is syntactically incorrect and mixes PREROUTING with MASQUERADE, which is not the proper combination for SNAT.

E. disables forwarding.

F. is not related to IP forwarding.

In modern Linux distributions using systemd, the correct way to change the system time zone is by using the timedatectl command:

cpp

timedatectl set-timezone

For example, to set the time zone to America/New_York, the command would be:

cpp

timedatectl set-timezone America/New_York

Why the other options are incorrect?

B. systemd-timezone set Asia/Tokyo → Incorrect, as there is no systemd-timezone command in Linux.

C. systemctl configure-timezone Africa/Nairobi → Incorrect, systemctl does not have a configure-timezone option.

D. tzconfig configure Europe/London → Incorrect, tzconfig was used in older Debian-based systems, but it has been deprecated in favor of timedatectl.

The /sbin/nologin shell is used to prevent a user from logging in. To allow Joe to log in, the administrator should change his shell to /bin/sh, which is a standard login shell in Linux. This change will allow Joe to access the system normally.