Visit here for our full LPI 101-500 exam dumps and practice test questions.

Question 76

A Linux administrator needs to view all currently running processes in a hierarchical tree format showing parent-child relationships. Which command should be used?

A) ps aux

B) pstree

C) top

D) pidof

Answer: B

Explanation:

Process management is a fundamental aspect of Linux system administration. Understanding the relationships between processes helps administrators troubleshoot issues, identify resource consumption patterns, and manage system services effectively.

The pstree command displays all currently running processes in a hierarchical tree format showing parent-child relationships. This visualization makes it easy to understand process ancestry and dependencies by showing which processes spawned which child processes. The tree starts from the init process or systemd at the root and branches out to show all descendant processes. Each process appears with its name and process ID, and branches indicate parent-child relationships using ASCII art characters. The pstree command supports various options such as showing command line arguments with the -a flag, displaying process IDs with the -p flag, and showing threads with the -t flag. This tool is particularly valuable when investigating daemon processes and their children, understanding service dependencies, or tracking down processes that may be spawning unexpected children. The hierarchical view provides context that linear process listings cannot match.

The ps aux command displays detailed information about all running processes including CPU usage, memory consumption, process states, and command lines. While extremely useful for comprehensive process information, ps aux presents processes in a flat list format without showing parent-child relationships or hierarchical structure. The output provides extensive details but lacks the visual tree representation.

The top command provides a dynamic real-time view of running processes sorted by resource consumption. Top continuously updates to show current CPU and memory usage, making it excellent for performance monitoring. However, top displays processes in a sorted list format rather than a hierarchical tree, and it focuses on resource metrics rather than process relationships.

The pidof command finds the process ID of a running program by name. This utility returns only the PID numbers of matching processes without showing any hierarchical information, process details, or relationships. Pidof is useful for scripting and quickly finding specific process IDs but does not display process trees.

The pstree command uniquely provides the hierarchical visualization needed to understand process relationships and system structure through its tree-based display format.

Question 77

An administrator needs to change the default runlevel of a systemd-based Linux system to boot into multi-user text mode without a graphical interface. Which command accomplishes this?

A) systemctl set-default multi-user.target

B) telinit 3

C) init 3

D) systemctl isolate multi-user.target

Answer: A

Explanation:

Modern Linux distributions have transitioned from traditional SysV init to systemd as the initialization system and service manager. Understanding how to configure system boot targets is essential for controlling what services start and what environment the system presents after booting.

The systemctl set-default multi-user.target command changes the default boot target to multi-user mode without a graphical interface. In systemd terminology, targets replace the concept of runlevels from traditional init systems. The multi-user.target corresponds to the traditional runlevel 3, providing a full multi-user system with networking but without a graphical desktop environment. The set-default subcommand creates a symbolic link from default.target to the specified target, which systemd reads during boot to determine what services and environment to activate. This change persists across reboots, making it the permanent default boot mode. The command modifies the system configuration stored in /etc/systemd/system/default.target without requiring immediate system changes. After setting the default target, subsequent boots will enter multi-user text mode unless manually overridden.

The telinit 3 command changes the current runlevel on SysV init systems or systemd systems with compatibility support. While this command switches the system immediately to runlevel 3 or its equivalent target, it does not change the default boot target. After a reboot, the system would return to whatever default was previously configured. Telinit provides temporary runlevel changes rather than persistent configuration.

The init 3 command similarly changes the current runlevel immediately but does not alter the default boot target. Like telinit, init 3 affects only the current session and does not persist after reboot. The change is temporary and the system reverts to its configured default on next boot.

The systemctl isolate multi-user.target command immediately switches the running system to multi-user target by stopping services not required by that target and starting those that are required. This command changes the current state but does not modify the default boot target. The isolate operation affects only the current session.

Setting the default target with systemctl set-default provides the persistent configuration change needed to make multi-user mode the permanent default boot state.

Question 78

A user needs to search for all files larger than 100MB in the /home directory and its subdirectories. Which find command accomplishes this task?

A) find /home -size +100M

B) find /home -size 100M

C) locate /home -size +100M

D) grep -r 100M /home

Answer: A

Explanation:

File system navigation and searching are essential skills for Linux administrators. The find command provides powerful capabilities for locating files based on various criteria including name, size, modification time, permissions, and ownership.

The find /home -size +100M command searches for all files larger than 100MB in the /home directory and its subdirectories. The find utility recursively traverses directory trees starting from the specified path. The -size option filters results based on file size, and the +100M syntax specifies files larger than 100 megabytes. The plus sign indicates greater than, M specifies megabytes as the unit, and find automatically converts and compares file sizes. This search examines all files in the directory hierarchy regardless of depth, making it effective for comprehensive file discovery. Additional options can refine the search further, such as -type f to match only regular files excluding directories, -mtime to filter by modification date, or -exec to perform actions on found files. The find command reads the actual file system in real time, ensuring current and accurate results.

The find /home -size 100M command searches for files exactly 100MB in size, which is rarely useful since file sizes seldom match precise values. Without the plus or minus prefix, the size option matches only exact sizes. This would miss files that are 100.1MB or 99.9MB, returning very few or no results in most scenarios. The exact match behavior limits practical utility.

The locate /home -size +100M command attempts to use locate with a size option, but locate does not support size-based filtering. The locate command searches a pre-built database of file paths based only on name patterns. It cannot filter by size, permissions, or other file attributes. The locate database is updated periodically, so results may not reflect recent file system changes.

The grep -r 100M /home command recursively searches file contents for the text string 100M rather than searching for files by size. Grep is a pattern matching tool that examines file contents, not file metadata. This command would find files containing the text 100M but would not identify large files.

The find command with appropriate size syntax provides the precise file system searching capability needed to locate files based on size criteria.

Question 79

An administrator needs to view the last 20 lines of a log file that is actively being written to by a running application. Which command provides continuous output as new lines are added?

A) cat -n /var/log/application.log

B) head -20 /var/log/application.log

C) tail -f -n 20 /var/log/application.log

D) less /var/log/application.log

Answer: C

Explanation:

Log file monitoring is a critical task for system administrators troubleshooting issues, monitoring application behavior, and ensuring system health. Different tools provide various approaches to viewing file contents, but real-time monitoring requires specific functionality.

The tail -f -n 20 /var/log/application.log command views the last 20 lines and provides continuous output as new lines are added. The tail utility displays the end portion of files, with -n 20 specifying that 20 lines should be shown. The -f flag enables follow mode, which keeps the file open and continuously displays new lines as they are appended. This combination is perfect for monitoring active log files because it shows recent context with the last 20 lines while staying updated with ongoing activity. The command continues running until manually interrupted with Ctrl+C, making it ideal for real-time log observation. System administrators frequently use this pattern when troubleshooting applications, monitoring service startups, or observing system events as they occur. The follow mode detects file rotation and handles scenarios where log files are moved and recreated by logging systems.

The cat -n /var/log/application.log command displays the entire file contents with line numbers but does not follow new additions. Cat reads the file once and exits, showing a static snapshot of the file at command execution time. If the application writes new log entries after cat executes, those entries will not appear. Cat is useful for viewing complete files but not for monitoring active logs.

The head -20 /var/log/application.log command displays only the first 20 lines of the file rather than the last 20 lines. Head shows the beginning of files, which contains the oldest log entries rather than the most recent activity. Additionally, head does not support follow mode and exits after displaying the requested lines. This command is appropriate for viewing file beginnings but not for monitoring current activity.

The less /var/log/application.log command provides interactive file viewing with scrolling and searching capabilities. Less allows navigation through file contents using keyboard commands but does not automatically update when new lines are added. While less can be configured to follow files with the +F option, the basic command shown does not enable this functionality.

The tail command with follow mode provides the essential real-time monitoring capability administrators need for observing active log files.

Question 80

A system administrator needs to create a compressed archive of the /etc directory that preserves file permissions and ownership. Which command creates a gzip-compressed tar archive?

A) tar -czvf etc-backup.tar.gz /etc

B) gzip /etc > etc-backup.gz

C) zip -r etc-backup.zip /etc

D) compress /etc etc-backup.Z

Answer: A

Explanation:

Backup and archiving are fundamental system administration tasks that protect data and enable system recovery. Understanding archive formats and compression methods helps administrators efficiently store and transfer directory trees while preserving important file metadata.

The tar -czvf etc-backup.tar.gz /etc command creates a gzip-compressed tar archive that preserves file permissions and ownership. The tar utility creates archives by combining multiple files and directories into a single file while maintaining metadata including permissions, ownership, timestamps, and directory structure. The options specify the operation mode and behavior: -c creates a new archive, -z compresses using gzip, -v enables verbose output showing files being archived, and -f specifies the output filename. By default, tar preserves permissions and ownership when run as root, making it ideal for system backups. The resulting tar.gz file is portable and can be extracted on other Linux systems, restoring the complete directory hierarchy with all attributes intact. Tar is the standard archiving tool in Unix-like systems and integrates seamlessly with various compression utilities.

The gzip /etc > etc-backup.gz command attempts to compress a directory, but gzip only compresses individual files, not directories. Gzip would produce an error when given a directory as input. Additionally, the redirect syntax is incorrect for gzip usage. To compress directories, gzip must be combined with tar as shown in the correct answer.

The zip -r etc-backup.zip /etc command creates a zip archive that includes the directory recursively. While zip archives are widely compatible with Windows and other operating systems, the zip format may not preserve all Unix file attributes like ownership and special permissions as reliably as tar. Zip is useful for cross-platform compatibility but tar is preferred for Linux system backups where preserving all metadata is critical.

The compress /etc etc-backup.Z command uses an older Unix compression utility that is largely obsolete. The compress command syntax shown is incorrect, and like gzip, compress operates on files rather than directories. The compress utility has been superseded by more efficient algorithms like gzip and bzip2 in modern systems.

The tar command with gzip compression provides the standard, reliable method for creating compressed archives that fully preserve file attributes for system backups.

Question 81

An administrator needs to find which package installed the /usr/bin/python3 file on a Debian-based system. Which command provides this information?

A) apt search python3

B) dpkg -S /usr/bin/python3

C) apt list python3

D) which python3

Answer: B

Explanation:

Package management is essential for maintaining Linux systems, tracking installed software, and troubleshooting file ownership issues. Different package management commands serve distinct purposes in querying, installing, and managing software packages.

The dpkg -S /usr/bin/python3 command finds which package installed the specified file on Debian-based systems. The dpkg utility is the low-level package manager for Debian and Ubuntu distributions that handles package installation, removal, and queries. The -S option searches installed packages to identify which package owns a particular file. This search examines the package database to find file ownership information, returning the package name that contains the specified file. This functionality is valuable when troubleshooting issues related to specific executables, libraries, or configuration files. Administrators use this command to understand software origins, verify package integrity, or identify dependencies. The search operates quickly by consulting the dpkg database rather than scanning the file system.

The apt search python3 command searches available packages whose names or descriptions match the search term python3. This command queries the package repository metadata to find packages related to Python 3, but it does not identify which package owns a specific file. The search returns packages that could be installed but does not answer questions about file ownership on the system.

The apt list python3 command displays information about packages matching the name python3, showing whether they are installed, their version, and architecture. While useful for checking package status, this command does not reveal which package owns a particular file. It operates at the package level rather than the file level.

The which python3 command locates the executable in the user’s PATH and displays its full path. This command helps find where executables are located but does not identify which package installed the file. Which searches directories in PATH and returns the first match but provides no package ownership information.

The dpkg command with the search option provides the precise package ownership information needed to identify which package installed specific files.

Question 82

A user needs to change their default login shell from bash to zsh. Which command modifies the user’s default shell?

A) usermod -s /bin/zsh username

B) chsh -s /bin/zsh

C) passwd -s /bin/zsh

D) shell /bin/zsh

Answer: B

Explanation:

User account management includes configuring various attributes such as home directories, group memberships, and login shells. The login shell determines the command interpreter that runs when users log in, affecting their command-line environment and available features.

The chsh -s /bin/zsh command modifies the user’s default shell. The chsh utility, which stands for change shell, allows users to modify their own login shell or administrators to change shells for other users. The -s option specifies the new shell path, which must be listed in the /etc/shells file containing valid login shells. When executed without a username argument, chsh changes the current user’s shell. The command updates the /etc/passwd file, which stores user account information including the login shell field. Users can verify valid shells by examining /etc/shells before attempting to change. After changing the shell, the new shell takes effect on the next login. Some systems may require the new shell to be installed before it can be set as the default.

The usermod -s /bin/zsh username command also changes a user’s default shell but requires specifying the username and typically requires root privileges. The usermod utility modifies user account attributes but is primarily used by administrators to change settings for other users rather than by users changing their own shells. While functionally capable of changing shells, usermod is not the standard command users employ for this purpose.

The passwd -s /bin/zsh command attempts to use passwd with a shell option, but passwd is designed for password management, not shell configuration. The -s option for passwd displays password status information rather than setting shells. This command syntax is invalid for shell modification purposes.

The shell /bin/zsh command is not a valid Linux command. No standard utility named shell exists for changing login shells. This option represents a misconception rather than an actual command that could modify shell configuration.

The chsh command provides the standard user-friendly interface for changing login shells on Linux systems.

Question 83

An administrator needs to schedule a script to run every day at 2:30 AM. Which cron time specification is correct?

A) 30 2 * * *

B) 2 30 * * *

C) * * 2 30 *

D) 30 2 * * 0-6

Answer: A

Explanation:

Task scheduling is a critical system administration capability that enables automated execution of scripts, backups, maintenance tasks, and monitoring jobs. The cron daemon provides time-based job scheduling on Unix-like systems using a simple but powerful syntax.

The 30 2 * * * specification correctly schedules a job to run every day at 2:30 AM. Cron uses a five-field time specification format representing minute, hour, day of month, month, and day of week. The first field 30 specifies the 30th minute of the hour. The second field 2 specifies the 2nd hour of the day in 24-hour format, which is 2 AM. The three asterisks for day of month, month, and day of week indicate the job runs regardless of these values, meaning every day, every month, and every day of the week. This combination results in execution at exactly 2:30 AM every single day. Cron evaluates these fields together, and when all conditions match the current time, the scheduled command executes. Understanding cron syntax is essential because incorrect field ordering or values can cause jobs to run at wrong times or not at all.

The 2 30 * * * specification reverses the minute and hour fields, which would schedule the job at 2 minutes past 30 o’clock. Since hours only go from 0 to 23, the value 30 in the hour field is invalid and would cause cron to reject the entry. Even if interpreted generously, this would represent 2:02 AM rather than 2:30 AM. The field order in cron is strictly defined and cannot be rearranged.

The * * 2 30 * specification places values in the day of month and month fields, which would attempt to schedule a job for the 2nd day of the 30th month. Since only 12 months exist, this specification is invalid. The asterisks in the minute and hour positions mean the job would run every minute of every hour if the date were valid, which is not the intended behavior.

The 30 2 * * 0-6 specification adds unnecessary complexity by explicitly listing days of the week from Sunday to Saturday. While this would function correctly, the 0-6 range is redundant since a single asterisk already means all days. The asterisk is simpler and achieves the same result. However, this would technically work despite being unnecessarily verbose.

The correct cron syntax requires understanding the five-field format and placing time values in the proper positions to achieve desired scheduling.

Question 84

A system administrator needs to find all SUID files on the system for a security audit. Which find command locates all files with the SUID bit set?

A) find / -type f -perm -4000

B) find / -type f -perm 644

C) find / -name suid

D) locate -perm 4000

Answer: A

Explanation:

Security auditing requires identifying files with special permissions that could pose security risks if compromised. SUID files execute with the permissions of the file owner rather than the user running them, making them powerful but potentially dangerous if improperly secured.

The find / -type f -perm -4000 command locates all files with the SUID bit set across the entire filesystem. The find utility searches starting from the root directory indicated by the forward slash. The -type f option restricts results to regular files, excluding directories, symbolic links, and other file types. The -perm -4000 option searches for files where the SUID permission bit is set, using octal notation where 4000 represents the SUID bit. The minus sign prefix indicates that the specified permission bits must be set, but additional permissions may also be present. This search identifies legitimate SUID executables like passwd and sudo that require elevated privileges, as well as any unauthorized SUID files that might have been placed by attackers. Security audits regularly scan for SUID files because they represent potential privilege escalation vectors. Administrators should review the list to ensure only necessary files have SUID permissions and that all SUID files are from trusted sources.

The find / -type f -perm 644 command searches for files with exactly 644 permissions, which represents read and write for owner and read-only for group and others. This is a standard permission set for regular files without any special bits like SUID, SGID, or sticky bit. This search would not identify SUID files since 644 permissions do not include the SUID bit.

The find / -name suid command searches for files or directories named exactly suid. This searches based on filename rather than permissions and would not discover SUID files unless they happen to have suid in their name, which is extremely unlikely. Name-based searching does not identify permission characteristics.

The locate -perm 4000 command attempts to use locate with a permission option, but locate does not support permission-based searching. The locate command uses a pre-built database of filenames and can only search by name patterns. It cannot filter results based on permissions, ownership, or other file attributes that require examining file metadata.

The find command with appropriate permission syntax provides the capability to discover files with specific permission bits for security auditing purposes.

Question 85

An administrator needs to display the amount of free and used memory in the system in human-readable format. Which command provides this information?

A) df -h

B) free -h

C) du -h

D) top

Answer: B

Explanation:

Memory management and monitoring are critical aspects of system administration. Understanding memory usage helps administrators troubleshoot performance issues, optimize applications, and determine when hardware upgrades are necessary.

The free -h command displays the amount of free and used memory in human-readable format. The free utility shows information about physical RAM and swap space, including total memory, used memory, free memory, shared memory, buffer cache, and available memory. The -h option formats output in human-readable units using appropriate suffixes like MiB or GiB rather than displaying raw byte counts. The command provides a quick snapshot of memory utilization showing how much memory is consumed by applications, how much is cached by the kernel for performance, and how much is truly available for new allocations. The available memory column is particularly useful as it indicates memory that can be reclaimed from caches if applications need it. Understanding the distinction between free and available memory is important since Linux aggressively uses unused memory for caching to improve performance. Administrators use free regularly to monitor memory pressure and identify when systems are exhausting physical RAM and swapping to disk.

The df -h command displays disk filesystem usage in human-readable format rather than memory information. The df utility reports free and used disk space on mounted filesystems. While the -h option provides human-readable formatting similar to free -h, df addresses storage rather than RAM. This command helps monitor disk capacity but does not provide memory statistics.

The du -h command estimates disk usage of files and directories in human-readable format. The du utility calculates how much disk space directories and their contents consume. This command is useful for identifying large directories consuming storage but does not report memory utilization. Like df, du addresses disk storage rather than system RAM.

The top command provides dynamic real-time views of system processes and resource utilization including memory usage. While top displays memory information in its header section, it presents a continuously updating interface focused on process monitoring rather than a simple memory report. Top provides more comprehensive system monitoring but is less direct than free for specifically checking memory availability.

The free command provides focused, easy-to-read memory statistics ideal for quick memory status checks and scripting purposes.

Question 86

A user needs to view the manual page for the chmod command. Which command displays this documentation?

A) help chmod

B) man chmod

C) info chmod

D) chmod –help

Answer: B

Explanation:

Documentation access is essential for learning Linux commands and understanding their options and usage. The manual page system provides comprehensive documentation for commands, system calls, library functions, and configuration files.

The man chmod command displays the manual page for chmod. The man utility is the standard documentation viewer on Unix-like systems that presents formatted manual pages. Manual pages are organized into numbered sections with section 1 containing user commands. The man command searches the manual page database, formats the requested page, and displays it through a pager like less for easy reading. Manual pages typically include a synopsis showing command syntax, detailed descriptions of functionality, lists of all options with explanations, usage examples, related commands, and author information. The structured format makes manual pages comprehensive references for command usage. Users can search within manual pages, navigate between sections, and access related documentation. Man pages are installed with software packages and remain available offline, making them reliable references regardless of network connectivity.

The help chmod command works for shell built-in commands in bash but chmod is an external command rather than a shell built-in. The help command provides brief usage information for shell built-ins like cd, echo, and export. When used with external commands like chmod, help either produces an error or provides no useful information. Help is specific to the shell environment rather than a general documentation system.

The info chmod command displays info documentation if available. The info system provides an alternative documentation format with hyperlinked nodes allowing navigation between related topics. Some packages provide extensive info documentation, but many commands lack info pages or have minimal info content that simply directs users to the man page. While info can be useful when comprehensive documentation exists, man pages are more universally available and standardized.

The chmod –help command displays brief usage information that most commands provide. The –help option typically shows a condensed summary of command syntax and available options. This output is useful for quick option references but lacks the detailed explanations, examples, and background information found in full manual pages. Help output goes to stdout rather than through a pager, making long help text difficult to read.

The man command provides access to the comprehensive standardized documentation system that is the primary reference for Linux commands.

Question 87

An administrator needs to configure a network interface with a static IP address 192.168.1.100 and netmask 255.255.255.0 on interface eth0. Which command accomplishes this temporarily until reboot?

A) ip addr add 192.168.1.100/24 dev eth0

B) route add 192.168.1.100 netmask 255.255.255.0

C) netstat -i eth0 192.168.1.100

D) ping 192.168.1.100

Answer: A

Explanation:

Network configuration is a fundamental system administration task required for establishing connectivity, troubleshooting network issues, and managing network services. Modern Linux systems provide multiple tools for network interface management with varying levels of persistence.

The ip addr add 192.168.1.100/24 dev eth0 command configures the network interface with the specified static IP address and netmask temporarily. The ip utility is the modern replacement for older tools like ifconfig and provides comprehensive network configuration capabilities. The addr add subcommand adds an IP address to an interface, and the CIDR notation /24 specifies the netmask 255.255.255.0 more concisely. The dev eth0 parameter identifies which network interface receives the address. This command takes effect immediately without requiring service restarts or reboots. However, the configuration is temporary and will be lost when the system reboots or the interface is restarted. For persistent configuration, administrators must edit network configuration files specific to their distribution such as /etc/network/interfaces on Debian or /etc/sysconfig/network-scripts on Red Hat. The ip command provides flexibility for testing configurations before making them permanent.

The route add 192.168.1.100 netmask 255.255.255.0 command attempts to add a routing table entry rather than configure an interface address. The route command manages the kernel routing table that determines how packets are forwarded. This syntax is invalid for route and would not accomplish IP address assignment. Routing table entries specify destinations and gateways rather than local interface addresses.

The netstat -i eth0 192.168.1.100 command attempts invalid syntax. The netstat utility displays network statistics, connections, routing tables, and interface information. The -i option shows interface statistics but does not accept IP address parameters for configuration. Netstat is a monitoring and diagnostic tool rather than a configuration utility.

The ping 192.168.1.100 command tests network connectivity by sending ICMP echo requests to the specified address. Ping verifies whether hosts are reachable and measures round-trip latency but does not configure network interfaces. This is a diagnostic tool unrelated to interface configuration.

The ip command with appropriate subcommands provides modern network interface configuration capabilities for temporary or testing purposes.

Question 88

A system administrator needs to kill a process that is not responding to the standard termination signal. Which signal should be sent to forcefully terminate the process?

A) SIGTERM (15)

B) SIGKILL (9)

C) SIGHUP (1)

D) SIGSTOP (19)

Answer: B

Explanation:

Process management includes the ability to control process execution through signals. Signals are software interrupts that notify processes of events and can request specific actions including termination. Understanding different signal types helps administrators manage misbehaving processes effectively.

The SIGKILL signal number 9 should be sent to forcefully terminate a process that is not responding. SIGKILL cannot be caught, blocked, or ignored by processes, making it the ultimate method for process termination. When the kernel delivers SIGKILL, it immediately terminates the process without allowing cleanup activities. This signal is necessary when processes are stuck in uninterruptible states, consuming resources, or ignoring polite termination requests. The command kill -9 PID or kill -SIGKILL PID sends this signal. However, SIGKILL should be used as a last resort because it prevents processes from closing files properly, flushing buffers, releasing locks, or performing other cleanup operations. Improper cleanup can lead to corrupted data or orphaned resources. Best practice involves first attempting graceful termination with SIGTERM, waiting briefly for the process to exit, then escalating to SIGKILL only when necessary.

The SIGTERM signal number 15 is the default termination signal that requests processes to terminate gracefully. SIGTERM allows processes to catch the signal and perform cleanup operations before exiting. Well-behaved applications respond to SIGTERM by closing files, disconnecting network connections, and exiting cleanly. However, processes can ignore SIGTERM if they are programmed to do so or if they are stuck. When processes do not respond to SIGTERM, escalation to stronger signals becomes necessary. SIGTERM represents the polite termination request that should be attempted first.

The SIGHUP signal number 1 originally indicated terminal hangup and caused processes to terminate. Modern usage often employs SIGHUP to request configuration reloading without process termination. Many daemons catch SIGHUP and respond by re-reading configuration files. SIGHUP does not forcefully terminate processes and can be ignored by processes that choose to handle it differently.

The SIGSTOP signal number 19 suspends process execution rather than terminating it. SIGSTOP pauses the process and removes it from the CPU scheduler until SIGCONT resumes it. This signal is useful for temporarily halting processes but does not terminate them or free their resources. Like SIGKILL, SIGSTOP cannot be caught or ignored, ensuring suspension occurs.

SIGKILL provides the forceful termination capability needed when processes fail to respond to polite termination requests.

Question 89

An administrator needs to view the kernel ring buffer to diagnose boot-time hardware detection issues. Which command displays kernel messages from system boot?

A) journalctl -k

B) dmesg

C) cat /var/log/messages

D) tail /var/log/syslog

Answer: B

Explanation:

Kernel message logging provides critical information about hardware detection, driver initialization, and system-level events. Accessing these messages helps administrators troubleshoot hardware problems, verify device recognition, and diagnose boot failures.

The dmesg command displays kernel messages from the kernel ring buffer including boot-time messages. The kernel maintains a ring buffer in memory where it stores messages about hardware detection, driver loading, and system events. During boot, the kernel logs messages about detected CPUs, memory, storage devices, network interfaces, and other hardware. These messages include driver initialization success or failure, resource allocation, and hardware errors. The dmesg output provides chronological kernel messages with timestamps showing when events occurred. Administrators use dmesg to verify hardware is recognized correctly, troubleshoot driver issues, investigate system crashes, and monitor ongoing kernel events. The ring buffer has limited size, so older messages are overwritten as new messages arrive. Options like -T display human-readable timestamps, -l filters by log level, and -w follows new messages in real time. The dmesg command requires appropriate permissions, typically requiring root or specific capabilities to access kernel messages.

The journalctl -k command displays kernel messages from the systemd journal rather than directly from the kernel ring buffer. On systems using systemd, journalctl provides comprehensive log access including kernel messages. The -k option filters the journal to show only kernel messages. While functionally similar to dmesg on systemd systems, journalctl reads from persistent logs rather than the kernel ring buffer. This provides access to kernel messages from previous boots and offers more advanced filtering capabilities, but it depends on systemd being the init system.

The cat /var/log/messages command displays the system log file where syslog traditionally stores various system messages including kernel messages. This file contains kernel messages along with messages from system services and applications. While this file includes kernel output, it is a log file written by the logging daemon rather than the kernel ring buffer itself. The file may not exist on all systems, particularly those using systemd journal instead of traditional syslog files.

The tail /var/log/syslog command displays the end of the syslog file on Debian-based systems. Like /var/log/messages, this file contains mixed system logs including some kernel messages. Tail shows recent entries but does not provide a complete boot-time view. This approach depends on log file configuration and may miss early boot messages that occurred before the logging daemon started.

The dmesg command provides direct access to kernel messages from the ring buffer, making it the standard tool for examining kernel output and boot-time hardware detection.

Question 90

A user needs to extract files froma tar archive named backup.tar without decompressing. Which command extracts the contents?

A) tar -xvf backup.tar

B) tar -cvf backup.tar

C) untar backup.tar

D) gzip -d backup.tar

Answer: A

Explanation:

Archive extraction is a common task for restoring backups, deploying software, and accessing distributed file collections. Understanding tar options and operations enables administrators to work with archived data effectively.

The tar -xvf backup.tar command extracts files from the tar archive. The tar utility operates in different modes depending on the options provided. The -x option specifies extract mode, which reads the archive and recreates the files and directories it contains. The -v option enables verbose output, displaying each file as it is extracted to provide progress feedback. The -f option specifies that the following argument is the archive filename. When extracting, tar recreates the directory structure stored in the archive, restores file contents, and by default attempts to preserve permissions and timestamps. Extracted files appear in the current directory unless the archive contains absolute paths or -C is used to specify a different extraction location. Users can extract specific files by listing them after the archive name rather than extracting everything. The tar command automatically detects whether archives are compressed and handles decompression transparently when archives were created with compression options.

The tar -cvf backup.tar command creates a new tar archive rather than extracting from an existing one. The -c option specifies create mode, which builds a new archive. This command would require additional arguments listing files or directories to include in the archive. Using this command would overwrite the existing backup.tar file with a new empty or partially populated archive, destroying the backup.

The untar backup.tar command attempts to use a command named untar, which is not a standard Linux utility. No command called untar exists in typical Linux installations. While some users create aliases or scripts named untar that execute tar -xvf, this is not a built-in command. The proper method uses the tar command with appropriate options.

The gzip -d backup.tar command attempts to decompress a file using gzip. The -d option specifies decompress mode. However, this command expects a gzip-compressed file typically with a .gz extension. A file named backup.tar without compression would not be a gzip file, and attempting to decompress it would produce an error. Even if the file were actually gzip-compressed, decompression would produce the uncompressed tar archive but would not extract the files from the archive. Extraction requires tar, not just decompression.

The tar command with extract options provides the functionality needed to restore files from tar archives to the filesystem.