System Management for CompTIA Linux+ (XK0-006)

Sample Practice Questions

1. Question 1

   To perform a live migration, which of the following must match on both host servers? (Choose two).
   1. A. USB ports
   2. B. Network speed
   3. C. Available swap
   4. D. CPU architecture
   5. E. Available memory
   6. F. Disk storage path
   Explanation

   The correct answers are: D. CPU architecture, F. Disk storage path.

   For a live virtual-machine migration to succeed, two host-level prerequisites must match between the source and destination. CPU architecture must be compatible because the guest kernel and userspace are running against a specific instruction set extension profile (x86-64 baseline plus features like AVX, SSE4); switching to a host with a different family or missing features mid-execution would crash the guest. The disk storage path (or the underlying shared/replicated storage) must also match so the destination host can attach the same disk image without copying it during the migration; live migration with shared storage is the simplest model. Identical USB ports are unnecessary — passthrough USB devices are typically not present during migration. Matching network speed is desirable for performance but not strictly required for correctness; mixed-speed migrations work, just slower. Available swap and memory size on the destination must be sufficient, but they need not match the source — the destination only needs enough capacity for the guest. Architecture and storage path are the two hard requirements.

2. Question 2

   A Linux systems administrator needs to extract the contents of a file named /home/dev/web.bkp to the /var/www/html/ directory. Which of the following commands should the administrator use?
   1. A. cd /var/www/html/ && gzip -c /home/dev/web.bkp | tar xf -
   2. B. pushd /var/www/html/ $$ cpio -idv < /home/dev/web.bkp && popd
   3. C. tar -c -f /home/dev/web.bkp /var/www/html/
   4. D. unzip -c /home/dev/web.bkp /var/www/html/
   Explanation

   The correct answer is: B. pushd /var/www/html/ $$ cpio -idv < /home/dev/web.bkp && popd.

   cpio archives are extracted in copy-in mode with cpio -i, and the -d flag creates leading directories as needed while -v reports each file. The recipe pushd /var/www/html/ && cpio -idv < /home/dev/web.bkp && popd changes into the destination, extracts the archive into the current directory, and returns to the original directory; the redirection feeds the archive file to cpio's standard input. The intermediate $$ in the question's option is a typographical rendering of the && operator. cd /var/www/html/ && gzip -c /home/dev/web.bkp | tar xf - assumes the file is gzip-compressed; if it is a plain cpio archive this would fail. tar -c -f writes a new tar archive instead of extracting, and the operand order is wrong for the operation requested. unzip -c writes contents to stdout for inspection rather than extracting them to the destination directory; -c is not the extract flag in unzip's usage. cpio -idv is the canonical cpio-extract recipe.

3. Question 3

   Which of the following filesystems contains non-persistent or volatile data?
   1. A. /boot
   2. B. /usr
   3. C. /proc
   4. D. /var
   Explanation

   The correct answer is: C. /proc.

   /proc is a virtual filesystem populated by the kernel at runtime; its contents — process information, kernel parameters, hardware tables, mount info — exist only in memory and are regenerated on every boot, which is the textbook definition of non-persistent or volatile data. Reading /proc/cpuinfo or /proc/meminfo, for example, returns information the kernel computes on demand, never written to disk. /boot holds the kernel image, initrd, and bootloader configuration; these files are very persistent because the system cannot start without them. /usr contains program binaries, libraries, and shared documentation that persist across reboots and are typically read-only after installation. /var holds variable persistent state (logs, mail spool, package caches); the data changes over time but is preserved across reboots, which is the opposite of volatile. /proc is the canonical Linux pseudo-filesystem for runtime kernel state.

4. Question 4

   An administrator needs to verify the user ID, home directory, and assigned shell for the user named “accounting.” Which of the following commands should the administrator use to retrieve this information?
   1. A. qetent passwd accounting
   2. B. id accounting
   3. C. grep accounting /etc/shadow
   4. D. who accounting
   Explanation

   The correct answer is: A. qetent passwd accounting.

   The getent command reads from the Name Service Switch sources (files, sss, ldap, etc., per /etc/nsswitch.conf) and prints matching entries; getent passwd accounting returns the user's full passwd record — UID, GID, GECOS, home directory, and login shell — regardless of whether the entry lives in /etc/passwd or in a directory service like LDAP/AD. The question's typo (qetent for getent) does not change the intended answer. id accounting prints the user's UID, primary GID, and supplementary group memberships but not the home directory or shell. grep accounting /etc/shadow returns the password-aging fields but does not include UID or shell. who accounting is malformed; who reports active login sessions and does not take a username argument. getent passwd is the right command for the full account record.

5. Question 5

   Which of the following describes the method of consolidating system events to a single location?
   1. A. Log aggregation
   2. B. Health checks
   3. C. Webhooks
   4. D. Threshold monitoring
   Explanation

   The correct answer is: A. Log aggregation.

   Log aggregation is the discipline of consolidating log events from many sources — application servers, network devices, security appliances — into a single searchable repository, often implemented with rsyslog/syslog-ng forwarders feeding into a central store like Elasticsearch, Splunk, Graylog, or Loki. The central location enables cross-system correlation, retention policies, and security review. Health checks are point-in-time probes that report whether a service is functioning; they generate events but do not consolidate them. Webhooks are HTTP-based callbacks that one service makes to another in response to a trigger; they are an integration mechanism rather than a logging strategy. Threshold monitoring compares observed metrics against limits and fires alerts when they are crossed; it is a downstream consumer of metrics or aggregated logs, not the consolidation method itself. Log aggregation is the canonical name for the consolidation discipline.

Other CompTIA Linux+ (XK0-006) domains

• Scripting, Containers, and Automation (27 questions)
• Security (30 questions)
• Troubleshooting (34 questions)