Services and User Management
Drill 20 practice questions focused entirely on Services and User Management for the CompTIA XK0-006 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
You added a new administrator, jsmith, to the 'wheel' group with 'usermod -aG wheel jsmith' on a RHEL 9 system where wheel is granted sudo access via /etc/sudoers. jsmith is currently logged in via SSH but reports that 'sudo' commands still fail with a 'not in sudoers' error. What is the most likely reason and correct action?
You administer a BIND9 authoritative DNS server for the zone example.com. After adding a new A record to /var/named/example.com.zone and incrementing the SOA serial number, remote resolvers and secondary name servers still return the old data. The service is running and no errors appear in the journal. Which command should you run to have the primary server reload the updated zone file without restarting the entire daemon?
A contractor's access must be automatically disabled after their contract ends on 2026-12-31. You have created their account 'jdoe' and need to configure the account so that login is completely disabled after that date, without deleting the account or its files. Which command accomplishes this?
A web server administrator runs firewalld on a RHEL 9 host. They temporarily allowed HTTPS traffic during testing with 'firewall-cmd --add-service=https', which worked correctly. However, after rebooting the server, external clients can no longer reach the site on port 443. What should the administrator do to allow HTTPS traffic to survive reboots?
You just created a new account for a contractor using useradd and set an initial password. Company policy requires that the contractor be forced to choose a new password the very first time they log in. Which command accomplishes this?
A developer needs passwordless SSH access from her workstation to a build server (buildsrv). She has no existing SSH keys. Which sequence correctly sets up key-based authentication without manually editing files on the server?
A developer named 'jsmith' already belongs to the groups 'developers' and 'docker'. You need to add jsmith to the 'wheel' group so they can use sudo, without removing them from any of their current groups. Which command accomplishes this correctly?
An employee has left the company. Per policy, you must immediately prevent the user 'jsmith' from logging in via SSH password or console while preserving all their files and home directory for later review. You do not want to delete the account or set an expiration date. Which command accomplishes this most directly?
A systems administrator must export the directory /srv/projects over NFSv4 so that hosts on the 10.20.0.0/24 subnet can mount it read-write, and the export must survive a reboot. After adding the export definition, which command applies the new configuration without requiring a full service restart?
A developer needs to run a rootless container using Podman that serves a web application. The container's data must persist across container restarts and removals by mapping the host directory /srv/appdata to /var/lib/app inside the container. Which command correctly launches the container with this persistent storage?
A shared application server allows any local user to schedule cron jobs, but security policy now requires that only the users 'deploy' and 'backup' be permitted to create personal crontabs. All other users must be denied. Which action correctly enforces this policy?
A junior operator named 'deploy' must be allowed to restart only the nginx service via sudo without a password, but should not gain any other elevated privileges. As the administrator, which entry should you add using visudo to accomplish this securely?
Your company requires all authentication events from a fleet of Linux servers to be centralized on a remote log collector at 10.20.5.10 listening on TCP port 514. On one server running rsyslog, you must forward all auth facility messages to this collector using reliable TCP transport. Which line should you add to a file under /etc/rsyslog.d/ to accomplish this?
You are configuring a Samba file server. The marketing team needs a share named [brochures] mounted at /srv/samba/brochures that any user can access without authentication, but no one should be able to modify its contents through the share. Which set of directives in the share's smb.conf section correctly achieves this?
A development team shares a project workspace. New files created by team members must default to permissions 664 (rw-rw-r--) so that group members can edit each other's files without manual chmod. You need to change the default file creation mask for all interactive login shells system-wide. Which value should you set for umask to achieve this default?
A Linux administrator needs to restrict SSH logins on a public-facing server so that only the accounts 'deploy' and 'admin' can authenticate, while all other local accounts should be denied SSH access. The change must apply globally to the SSH daemon. Which configuration in /etc/ssh/sshd_config, followed by a service reload, accomplishes this?
A Linux administrator manages a fleet of servers joined to a central LDAP directory using SSSD. Users authenticate correctly, but members of the LDAP group 'dbadmins' report they cannot run privileged commands with sudo, even though a rule exists in /etc/sudoers referencing '%dbadmins'. Running 'id' as one of these users shows their LDAP username but does NOT list the 'dbadmins' group. What is the MOST likely cause?
A developer needs to run a backup script via sudo that depends on the custom environment variable BACKUP_TARGET set in their shell. When they run 'sudo ./backup.sh', the script fails because BACKUP_TARGET is empty. You confirm the variable is exported in their session. Which approach correctly passes this single variable through sudo without disabling sudo's environment security globally?
You maintain a reporting server. A daily cleanup script should run at 02:00, but only when the machine happens to be powered on at that time (no catch-up runs are wanted if the server was off). You have created cleanup.service and want to trigger it via a systemd timer. Which OnCalendar timer configuration meets these requirements without any missed-run recovery?
You are deploying a custom monitoring daemon that must run under its own dedicated service account named 'monsvc'. Security policy requires this account to have no interactive login capability, no home directory, and a UID within the system account range. Which command best satisfies these requirements?
More XK0-006 practice
Keep going with the other CompTIA Linux+ (XK0-006) domains, or take a full timed mock exam.
← Back to XK0-006 overview