Red Hat Certification
63 practice questions with correct answers and detailed explanations. Use this guide to review concepts before taking the practice exam.
The Red Hat RHCSA System Administrator (EX200) certification validates professional expertise in Red Hat technologies. This study guide covers all 63 practice questions from our EX200 practice test, complete with correct answers and explanations to help you understand each concept thoroughly.
Review each question and explanation below, then test yourself with the full interactive practice exam to measure your readiness.
You need to configure a static IP address on a system using NetworkManager. Which file should you edit to make persistent changes?
RHEL systems use /etc/sysconfig/network-scripts/ for persistent network configuration. This is the standard location for network interface configuration files.
A user reports they cannot execute a script located at /home/user/script.sh even though it is readable. What is the most likely issue and how would you fix it?
The execute permission (x) is required to run a script. The chmod +x command grants this permission to the file.
You need to find all files larger than 100MB in the /home directory. Which command would you use?
The find command with -size option is the standard tool for searching files by size. The +100M syntax finds files larger than 100 megabytes.
What is the correct syntax to create a logical volume named 'data' with a size of 10GB from the volume group 'vg0'?
The lvcreate command creates logical volumes. The -L flag specifies size, and -n specifies the name followed by the volume group name.
You are configuring firewall rules and need to allow SSH access only from a specific subnet 192.168.1.0/24. Which firewalld command would accomplish this?
Rich rules in firewalld allow granular control over traffic based on source IP and port. The syntax shown uses the correct family, source, and port parameters to restrict SSH.
A cron job needs to run every weekday (Monday-Friday) at 2:30 AM. What is the correct cron expression?
Cron format is minute hour day month day-of-week. The value 1-5 represents Monday through Friday (1=Monday, 5=Friday). 30 2 sets it to 2:30 AM.
You need to configure a user to have sudo access without entering a password for specific commands. Where should this be configured?
The sudoers file, edited with visudo, is the proper location to grant sudo privileges and configure passwordless access for specific commands. This is safer than directly editing /etc/sudoers.
When configuring SELinux, what is the difference between Enforcing and Permissive modes?
Enforcing mode denies operations that violate policy and logs them. Permissive mode logs policy violations but allows the operations to proceed, useful for troubleshooting.
You need to enable a service to start automatically on boot. Which systemctl command accomplishes this?
The systemctl enable command creates symbolic links to start a service at boot time. This is the modern RHEL replacement for chkconfig.
A system is experiencing high disk I/O. Which tool would be best for monitoring I/O statistics per device?
iostat provides detailed input/output statistics by device, including read/write rates and utilization. It's specifically designed for I/O analysis.
You need to change the default runlevel (target) to multi-user mode without graphical interface. What command would you use?
systemctl set-default sets the default target for boot. multi-user.target is the non-graphical multi-user mode. The set-default command persists across reboots.
You need to audit file access on a sensitive system file /etc/passwd. Which tool should you use to configure auditing rules?
auditctl is used to configure the Linux Audit framework for monitoring file and system access. It creates rules that log activities to the audit daemon.
A user accidentally deleted important files from their home directory. How would you recover them from a backup using tar?
To extract specific files from a tar archive, use tar -xvf followed by the archive name, -C to specify extraction directory, and the file path. The path must match what's in the archive.
You need to set up SSH key-based authentication for a user. After generating the key pair, which file permissions are critical for security?
SSH requires strict permissions: private keys (600), authorized_keys file (600), and the .ssh directory (700). Incorrect permissions will cause authentication failures or security warnings.
A service is failing to start and you suspect a syntax error in its configuration file. How would you validate the syntax before restarting?
Most services provide built-in configuration validation commands. For example, nginx -t, sshd -t, and httpd -t check syntax without starting the service.
You need to create a backup of the entire system using tar, excluding certain directories like /proc, /sys, and /dev. What would be the correct command?
The --exclude option in tar prevents directories from being added to the archive. Multiple --exclude flags can be used for each directory to skip.
A system has multiple network interfaces. How would you configure routing so that traffic destined for 10.0.0.0/24 goes through eth1?
The 'ip route add' command is the modern way to add persistent routing rules. It specifies the destination network, gateway, and output interface.
You need to find and remove all empty files in the /tmp directory. Which command would be most efficient?
The find command with -type f -empty -delete is the most efficient method. The -delete option directly removes files matching the criteria without piping to rm.
A directory has mixed ownership with some files belonging to different users. You need to recursively change ownership of all files to a specific user and group. What is the correct command?
The chown command with -R flag recursively changes ownership. The syntax is chown user:group directory. The -R flag must be uppercase.
You need to search for a specific string in compressed log files without decompressing them. Which command would be appropriate?
zgrep is specifically designed to search within gzip-compressed files without requiring decompression. It's efficient and preserves the original compressed file.
A process is consuming excessive memory and needs to be terminated. What is the safest approach to stop it gracefully before using SIGKILL?
SIGTERM (15) allows processes to clean up resources gracefully. SIGKILL (9) forces termination immediately. Best practice is to try SIGTERM first and only escalate if needed.
You need to configure a system to log all authentication attempts to a centralized server. Which service would you configure and what protocol would typically be used?
rsyslog is the system logging daemon that can forward logs to remote servers. It uses UDP port 514 or TCP 514 to send syslog messages to a centralized logging server.
A disk is running out of space and you need to identify which files are consuming the most disk space in a specific directory. What command combination would be most helpful?
du -sh shows disk usage of directories in human-readable format. Piping to sort -rh (sort by size, reverse, human-readable) and head shows the largest directories.
You need to configure automatic package updates on a RHEL system. Which daemon should be enabled for unattended updates?
yum-cron and dnf-automatic are the appropriate tools for RHEL/CentOS systems to perform unattended package updates. The choice depends on whether the system uses yum or dnf.
A system uses GPT partitioning and you need to create a new partition on a disk. Which tool should you use instead of fdisk?
gdisk and parted are the appropriate tools for GPT partition management. fdisk is limited to MBR partition tables and cannot properly manage GPT disks.
You need to monitor real-time system performance including CPU, memory, and I/O. Which single command would provide comprehensive monitoring?
dstat combines functionality of vmstat, iostat, and netstat into one tool, providing real-time statistics on CPU, memory, disk I/O, and network in a single view.
A user's password has expired and they cannot log in. As root, how would you reset their password and force them to change it on next login?
The passwd command changes the password. Using 'chage -d 0' sets the last password change date to epoch, forcing a password change on next login.
Which command is used to display the current runlevel of a RHEL 8 system?
In RHEL 8 with systemd, 'systemctl get-default' shows the current target (equivalent to runlevel). The 'runlevel' command still works but is deprecated; /etc/inittab doesn't exist in systemd-based systems.
What is the purpose of the /etc/sudoers file?
/etc/sudoers defines sudo access rules and permissions. It should only be edited with 'visudo' to prevent syntax errors that could lock out administrative access.
You need to create a new logical volume with 5GB size. Which sequence of commands is correct?
The correct sequence is: create the logical volume with lvcreate, format it with mkfs.xfs, then mount it. Option A follows this proper order for LVM logical volume creation.
A user reports they cannot access a file despite having read permission on the parent directory. Which permission is likely missing?
Execute permission on a directory allows traversal into it. Without execute permission on the parent directory, users cannot access any files within it, regardless of file permissions.
Which file contains the list of packages that should not be updated by the package manager?
The 'exclude' directive in /etc/yum.conf (or /etc/dnf/dnf.conf in RHEL 8+) specifies packages to exclude from updates. This prevents automatic updates of critical packages.
What is the effect of setting SELINUX=disabled in /etc/selinux/config?
Setting SELINUX=disabled completely disables SELinux including the kernel module, requiring a reboot. This differs from permissive mode, which still loads the module but doesn't enforce rules.
You want to schedule a command to run every weekday at 2:30 PM. Which crontab entry is correct?
Cron syntax is minute hour day month day-of-week. Entry '30 14 1-5' means minute 30, hour 14 (2 PM), any day/month, Monday-Friday (1-5 represents weekdays).
A service fails to start and logs indicate 'Address already in use'. Which command would help diagnose which process is using the required port?
Both 'netstat -tlnp' and 'ss -tlnp' show listening ports and associated processes. This directly identifies which service is using the port causing the conflict.
Which statement correctly describes the difference between hard and soft links?
Hard links cannot cross filesystem boundaries and share the same inode. Soft (symbolic) links can cross filesystems but are broken if the target is deleted, as they contain a path, not an inode reference.
How would you view the contents of a compressed tar archive without extracting it?
All three methods list contents of compressed tar files: '-tzf' lists gzip content, 'zcat' decompresses to stdout piped to tar -t, and 'gunzip -c' does the same. All are valid approaches.
A user's home directory has ownership 'root:root' and permissions '700'. The user cannot access their own files. What is the correct remediation?
The directory must be owned by the user (chown) before applying standard permissions. chmod 700 gives the owner full access while restricting others, which is the standard for home directories.
Which of the following accurately describes the effect of the umask value 0077?
umask 0077 removes all group and other permissions. Files default to 666, minus 077 = 600; directories default to 777, minus 077 = 700.
You need to find all files modified in the last 24 hours in the /var/log directory. Which command is appropriate?
The '-mtime -1' option finds files modified less than 1 day ago (within the last 24 hours). Alternatively, '-mmin -1440' (minus 1440 minutes) also works, but '-mtime -1' is simpler for daily searches.
What is the primary purpose of the /boot/grub2/grub.cfg file on a RHEL 8 system?
grub.cfg is auto-generated from /etc/default/grub and scripts in /etc/grub.d/. Administrators should modify the source files and run 'grub2-mkconfig -o /boot/grub2/grub.cfg' to regenerate it.
A system administrator needs to temporarily prevent a user from logging in without deleting their account. Which approach is most appropriate?
'usermod -L' locks the user account by adding '!' to the password hash, preventing login while preserving the account. Setting shell to /sbin/nologin is also valid but less standard for temporary lockout.
Which command correctly displays all currently mounted filesystems with their usage statistics?
'df -h' shows all mounted filesystems with their total size, used space, and available space in human-readable format. 'du' shows directory usage, not filesystem mounts.
You need to configure a network interface to use a static IP address. Which file should be modified on RHEL 8?
RHEL uses /etc/sysconfig/network-scripts/ifcfg-INTERFACE files for network configuration. While NetworkManager is common on desktops, this file-based approach is standard for servers.
What does the 'a' flag in file attributes (viewed with 'lsattr') prevent?
The 'a' (append-only) attribute allows data to be appended but prevents truncation and modification of existing content. This restriction applies even to root, making it useful for log files and audit trails.
Which systemd unit type is used to define a mount point for a filesystem?
systemd uses .mount unit files to define mount points and their properties, replacing traditional /etc/fstab entries. These can coexist with fstab entries but offer more control.
An administrator needs to view real-time system resource usage. Which command provides a dynamic, refreshing display?
'top' and 'htop' provide interactive, real-time monitoring of processes and system resources with automatic refresh. 'ps', 'vmstat', and 'iostat' show snapshots or specific metrics but aren't interactive dashboards.
What is the primary function of the /etc/hosts.allow and /etc/hosts.deny files?
TCP Wrappers uses hosts.allow and hosts.deny to control access to network services at the application layer. These are evaluated before firewall rules for wrapped services.
You want to permanently add a network route to reach 192.168.100.0/24 via gateway 10.0.0.1. Which approach is correct for RHEL 8?
Persistent routes in RHEL are defined in /etc/sysconfig/network-scripts/route-INTERFACE files using the format 'DESTINATION/NETMASK via GATEWAY'. Option D is for systemd-networkd, not standard RHEL.
A log file is growing very large. What is the purpose of logrotate?
logrotate automatically manages log files by rotating, compressing, and removing old logs based on size, age, or other criteria defined in /etc/logrotate.conf or /etc/logrotate.d/.
Which command would you use to check if a specific service will automatically start at the next boot?
'systemctl is-enabled' directly returns whether a service is configured to start at boot. While 'list-unit-files' shows this info too, 'is-enabled' is the specific command designed for this check.
You need to create a user account that cannot use an interactive shell but can receive mail. Which approach is correct?
Using -s /sbin/nologin prevents shell login while allowing system processes like mail delivery. The -m flag creates a home directory, enabling mail delivery to a spool file.
A partition shows as /dev/mapper/cryptvolume. What does this indicate about the filesystem?
Paths under /dev/mapper/ indicate logical volumes or encrypted devices managed by device-mapper. This typically means LUKS encryption is in use and the volume must be decrypted before use.
You need to configure a network interface to use a static IP address of 192.168.1.100/24 with gateway 192.168.1.1. Which file should you edit to make this configuration persistent across reboots on RHEL 8?
On RHEL/CentOS systems, network interface configurations are stored in /etc/sysconfig/network-scripts/ directory. The ifcfg-[interface-name] files contain persistent network settings.
What is the purpose of the 'umask' value in user login configuration files?
The umask (user file-creation mask) is subtracted from default permission values to determine actual file and directory permissions created by that user.
You are tasked with finding all files modified in the last 7 days in the /home directory. Which command accomplishes this?
The -mtime -7 option finds files modified less than 7 days ago (the minus sign means 'less than'). Without the minus, +7 would find files older than 7 days.
A user reports that they cannot create files in /tmp directory despite the directory being world-writable (777). The output of 'ls -ld /tmp' shows: drwxrwxrwt. What is preventing file creation?
The 't' at the end of permissions indicates the sticky bit is set. This allows all users to write to /tmp but only permits them to delete their own files, not others' files.
You need to allow user 'john' to run the command '/usr/bin/systemctl restart httpd' without entering a password using sudo. Which line should you add to the sudoers file?
The correct sudoers syntax is: user hostname=(runas_user) NOPASSWD: command. The NOPASSWD tag must appear before the command specification.
You need to compress a directory '/data/archive' into a tar.gz file while excluding all files larger than 100MB. Which command is most appropriate?
The find command with -size -100M locates files smaller than 100MB, and piping to tar with -T - and --null allows tar to process the filtered file list while excluding larger files.
What is the primary purpose of the '/etc/fstab' file?
/etc/fstab (filesystem table) contains entries that define which filesystems are mounted automatically at boot, including device, mount point, filesystem type, and mount options.
You notice that the systemd service 'nginx.service' is enabled but not running. You run 'systemctl start nginx' and it fails silently with no error message. What is the best way to diagnose this issue?
The systemctl status command and journalctl -xe provide comprehensive service state information and recent journal entries showing why the service failed to start.
A user's home directory is /home/alice. When you run 'ls -la /home/alice', the first character of each line shows 'd' for directories and '-' for files. What is this character indicating?
The first character in ls -l output represents file type: '-' for regular files, 'd' for directories, 'l' for symlinks, 'c' for character devices, 'b' for block devices, 's' for sockets, and 'p' for pipes.
You need to set up LVM on a system with three physical hard drives. You want to create a single logical volume across all three drives with redundancy. Which LVM segment type should you use?
LVM mirroring (using -m flag in lvcreate) replicates logical volume data across multiple physical volumes for redundancy, while linear and striped are performance-oriented without redundancy.
You've reviewed all 63 questions. Take the interactive practice exam to simulate the real test environment.
▶ Start Practice Exam — Free