CompTIA Linux+ V8 Exam XK0-006 Practice Questions

Answer : B

The correct answer is B. systemctl enable httpd because it configures a service to start automatically during system boot in systems that use systemd as the init system. The enable command creates the necessary symbolic links between the service unit file and the appropriate target (such as multi-user.target), ensuring the service is launched when the system starts.

In Linux systems managed by systemd, services are controlled using the systemctl command. While systemctl start httpd (Option A) will immediately start the service, it does not persist across reboots. This means that after a system restart, the service would not automatically run unless it has been explicitly enabled.

Option C (systemctl status httpd) is used to check the current status of the service, including whether it is running, stopped, or failed, along with logs and other diagnostic information. It does not modify the service behavior.

Option D (systemctl reload httpd) is used to reload the service configuration without stopping it, typically after making configuration changes. It does not affect whether the service starts at boot.

From a Linux+ Services and User Management perspective, understanding the distinction between starting and enabling services is critical. Administrators must ensure that essential services, such as web servers or databases, are configured to start automatically to maintain system availability. The systemctl enable command is the correct method for achieving persistent service startup behavior in systemd-based systems.

Answer : A

The correct answer is A. High CPU load because the uptime command output clearly shows elevated load averages (7.75, 5.72, 5.17), which indicate that the system is experiencing significant processing demand. Load average represents the number of processes that are either actively using the CPU or waiting for CPU time. When this value is consistently higher than the number of available CPU cores, it suggests that the CPU is overloaded and processes are being delayed.

In this scenario, the application is not completing tasks within the expected time frame, which aligns with CPU contention. When too many processes compete for CPU resources, scheduling delays occur, causing slower execution of applications and services. This is a common performance bottleneck in Linux systems.

Option B (Insufficient disk space) is incorrect because disk space issues typically manifest as write failures or application errors related to storage, not high load averages.

Option C (Network latency) is incorrect because network issues would not directly impact the system's load average. Tools like ping or netstat would be more relevant for diagnosing such problems.

Option D (Memory leak) is partially plausible but not the most direct conclusion from the given data. A memory leak would typically be identified through high memory usage using tools like free, top, or vmstat, rather than load average alone.

From a Linux+ troubleshooting perspective, analyzing load average is critical for diagnosing performance issues. High load values strongly indicate CPU resource exhaustion, which directly impacts application responsiveness and task completion times.

Answer : D

Security compliance and vulnerability management are critical components of Linux system administration, and CompTIA Linux+ V8 places strong emphasis on automated security assessment tools. OpenSCAP is specifically designed to address these requirements.

OpenSCAP is an open-source framework that implements the Security Content Automation Protocol (SCAP), a set of standards used for automated vulnerability scanning, configuration compliance checking, and security auditing. It allows administrators to assess Linux systems against established security baselines such as CIS benchmarks, DISA STIGs, and organizational security policies. This makes OpenSCAP the most appropriate tool for automating both compliance and vulnerability management.

The other options serve different security-related purposes but do not fulfill the automation requirement. SELinux is a mandatory access control system that enforces security policies at runtime but does not perform compliance scanning or vulnerability assessments. Nmap is a network scanning and discovery tool used to identify open ports and services, not compliance automation. AIDE (Advanced Intrusion Detection Environment) is a file integrity monitoring tool that detects unauthorized file changes but does not evaluate overall system compliance.

Linux+ V8 documentation highlights OpenSCAP as a tool used to automate security audits, generate compliance reports, and integrate with configuration management workflows. Its ability to standardize security checks across multiple systems makes it essential in enterprise and regulated environments.

Therefore, the correct answer is D. OpenSCAP.

Answer : C

This scenario involves firewall configuration and service accessibility, which falls under the Security domain of the CompTIA Linux+ V8 objectives. The key to resolving this issue is interpreting both the firewall output and the web server status correctly.

The web server output shows that the service is actively listening on TCP port 443, which is the standard port for HTTPS (secure web traffic). The line tcp LISTEN 0 4096 *:443 *:* confirms that the web server is running properly and is ready to accept incoming connections on port 443 from any interface. This indicates that the problem is not with the web server configuration itself.

However, the firewall output clearly shows that incoming connections to port 443 are being blocked. The rules 443/tcp DENY Anywhere and 443/tcp (v6) DENY Anywhere (v6) indicate that the Uncomplicated Firewall (UFW) is explicitly denying HTTPS traffic for both IPv4 and IPv6. As a result, external clients cannot establish a secure connection to the server, even though the service is running correctly.

To resolve this issue securely and correctly, the administrator must remove the firewall rule that denies HTTPS traffic. Option C, ufw delete deny https/tcp, directly removes the blocking rule while preserving the rest of the firewall configuration. This aligns with Linux+ best practices, which emphasize making precise firewall changes rather than disabling security controls entirely.

The other options are incorrect. Option A, ufw disable, would completely turn off the firewall, creating a significant security risk. Option B, ufw allow 80/tcp, only opens HTTP traffic on port 80 and does not resolve HTTPS connectivity issues. Option D, ufw allow 4096/tcp, incorrectly attempts to open an internal socket backlog value rather than a valid service port.

Therefore, the correct and most secure solution is C.

Answer : D

In the systemd architecture, service configurations are stored in unit files (e.g., .service, .timer, .mount) located in directories like /etc/systemd/system/ or /usr/lib/systemd/system/. When an administrator modifies these files or creates new ones, the systemd manager does not automatically detect the changes. According to the CompTIA Linux+ V8 curriculum, the command systemctl daemon-reload is required to notify systemd that it needs to rescan the configuration directories and rebuild its internal dependency tree.

Without running daemon-reload, attempting to start or restart the service would result in systemd using the old, cached version of the unit file, or it might generate a warning stating that 'the unit file on disk has changed.' This command is a safe operation that does not stop running services; it simply refreshes the manager's awareness of the current configuration.

The other options are insufficient for 'implementing the changes' to the configuration files themselves. systemctl enable (Option A) creates the links for starting the service at boot. systemctl start (Option B) attempts to launch the service. systemctl restart (Option C) stops and then starts a service, but if the unit file was changed and daemon-reload was not run, it may fail or use outdated settings.

Thus, systemctl daemon-reload is the essential first step after any modification to a systemd unit file.

Answer : D

Shell scripting is a primary method for automating repetitive tasks in Linux. According to the CompTIA Linux+ V8 scripting objectives, administrators must understand the syntax for various control structures, including loops.

A for loop in Bash and other POSIX-compliant shells has a specific required structure:

The for statement (to define the iteration).

The do keyword (to start the block of commands).

The loop body (the commands to execute).

The done keyword (to terminate the loop block).

In the script provided, the administrator has correctly initiated the loop with for i in ... and opened the execution block with do. However, the script lacks the concluding done token. Without done, the shell interpreter will continue waiting for more input or return a syntax error because it does not know where the loop ends. This is why the script 'does not complete' or run correctly.

The other options are related to different control structures. fi (Option A) is the closing token for an if statement, not a for loop. else (Option B) is an optional branch within an if statement. while (Option C) is a different type of loop entirely and is not a required token for a for loop.

Therefore, the missing token is verified as done.

Answer : D, F

Securing dormant or temporarily unused user accounts is a best practice emphasized in the Security domain of CompTIA Linux+ V8. When a user goes on extended leave, the goal is to prevent unauthorized access while preserving the user's data and account for future use.

The most effective approach is to disable authentication and interactive login access without deleting the account. Option D, running passwd -l user, locks the user's password by prepending an invalid character to the encrypted password in /etc/shadow. This prevents password-based authentication while retaining the account, files, and ownership information. Linux+ V8 documentation highlights password locking as a standard method for temporarily disabling accounts.

Option F, changing the user's shell to /sbin/nologin, further strengthens account security by preventing interactive shell access entirely. Even if another authentication mechanism were attempted, the user would be denied a login shell. This is a common defense-in-depth measure and is explicitly referenced in Linux+ V8 objectives for access control and account hardening.

The other options are incorrect or inappropriate. Option A (immutable files) does not prevent account access and may interfere with system operations. Option B defeats the purpose of securing an inactive account. Option C deletes user data, which is unnecessary and risky. Option E has no security effect, as filesystem timestamps do not control access.

Linux+ V8 stresses that secure account management should be reversible, auditable, and minimally disruptive. Locking the password and disabling the login shell meet these criteria and are commonly used together in enterprise environments.