Free Preparation Discussions
MENU
CompTIA XK0-005 Exam Questions
- Topic 1: System Management: This topic includes summarizing Linux fundamentals, managing files and directories given a scenario, configuring and managing storage using appropriate tools given a scenario, configuring and using appropriate processes and services given a scenario, and using appropriate networking tools given a scenario.
- Topic 2: Security: It covers summarizing security best practices in a Linux environment, implementing identity management given a scenario, configuring and executing remote connectivity given a scenario, and applying appropriate access controls given a scenario.
- Topic 3: Scripting, Containers, and Automation: The topic involves creating simple shell scripts to automate common tasks given a scenario, performing basic container operations given a scenario, performing basic version control using. Moreover, the topic summarizes common infrastructure as code technologies, container, cloud, and orchestration concepts.
- Topic 4: Troubleshooting: It includes analyzing and troubleshooting storage issues, network resource issues, CPU and memory issues, and user access and file permissions. The topic also focuses on using systemd to diagnose and resolve common problems with a Linux system given a scenario.
Free CompTIA XK0-005 Exam Actual Questions
Note: Premium Questions for XK0-005 were last updated On Aug. 20, 2025 (see below)
A systems engineer deploys a new application server, but the server cannot communicate with the back-end database hostname. The engineer confirms that the application server can ping the database server's IP address. Which of the following is the most likely cause of the issue?
If the application server can ping the database server by its IP address but not by its hostname, it indicates a DNS resolution issue. The most likely cause is incorrect DNS server configuration. The engineer should verify the DNS settings in /etc/resolv.conf or the network configuration.
Users report that they are unable to reach the company website https://www.comptia.org. A systems administrator confirms the issue with the following command:
# curl https://www.comptia.org
curl: (7) Failed to connect to www.comptia.org port 443: No route to host
The administrator logs in to the company's web server to check its configuration and sees the following output:
root@comptia.org:-># firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: dummy0 eth0
sources:
services: cockpit dhcpv6-client http ssh
ports: 3001/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="61.177.173.6" port port="ssh" protocol="tcp" reject type="icmp-port-unreachable"
rule family="ipv4" source address="185.143.45.164" port port="ssh" protocol="tcp" reject type="icmp-port-unreachable"
rule family="ipv4" source address="143.198.60.41" port port="ssh" protocol="tcp" reject type="icmp-port-unreachable"
root@comptia.org:-># ip route
default via 172.31.1.1 dev eth0 proto dhcp src 65.21.187.65 metric 100
10.0.6.0/24 dev dummy0 proto kernel scope link src 10.0.6.65 metric 550
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
172.18.0.0/16 dev br-28ac2eaeeca1 proto kernel scope link src 172.18.0.1
172.19.0.0/16 dev br-fb3897555ca3 proto kernel scope link src 172.19.0.1 linkdown
172.31.1.1 dev eth0 proto dhcp scope link src 65.21.187.65 metric 100
192.168.224.0/20 dev br-e949ab177d79 proto kernel scope link src 192.168.224.1 linkdown
192.168.240.0/20 dev br-6adf72ac0ae3 proto kernel scope link src 192.168.240.1 linkdown
Which of the following is causing the issue?
The curl error 'No route to host' suggests that the server is unreachable on port 443 (HTTPS).
The firewall-cmd --list-all output shows the active firewall rules:
The firewall is only allowing the following services:services: cockpit dhcpv6-client http ssh
The firewall is only allowing the following services:services: cockpit dhcpv6-client http ssh
The firewall is only allowing the following services:services: cockpit dhcpv6-client http ssh
The firewall is only allowing the following services:services: cockpit dhcpv6-client http ssh
Port 443 (HTTPS) is missing from the allowed services list.
Port 3001/tcp is open, but port 443 is not listed, which means HTTPS traffic is being blocked.
The routing table (ip route output) appears correct, as the default route is properly set to 172.31.1.1 via eth0. This rules out option B.
Option A is incorrect because eth0 is active and configured (default via 172.31.1.1 dev eth0), meaning the network interface is not down.
Option D is misleading because the firewall rules are only rejecting SSH traffic from specific IP addresses, not HTTPS traffic.
Fixing the Issue:
To allow HTTPS traffic, the administrator should enable HTTPS in the firewall:
# firewall-cmd --add-service=https --permanent
# firewall-cmd --reload
This will allow HTTPS (port 443) through the firewall.
:
CompTIA Linux+ Official Documentation
firewalld Documentation - Red Hat
Linux Firewall Configuration - CompTIA Security+ Guide
Which of the following files holds the system configuration for journal when running systemd?
The file that holds the system configuration for journal when running systemd is /etc/systemd/journald.conf. This file contains various settings that control the behavior of the journald daemon, which is responsible for collecting and storing log messages from various sources. The journald.conf file can be edited to change the default values of these settings, such as the storage location, size limits, compression, and forwarding options of the journal files. The file also supports a drop-in directory /etc/systemd/journald.conf.d/ where additional configuration files can be placed to override or extend the main file.:CompTIA Linux+ (XK0-005) Certification Study Guide, Chapter 18: Automating Tasks;journald.conf(5) - Linux manual page
A systems administrator creates a public key for authentication. Which of the following tools is most suitable to use when uploading the key to the remote
servers?
The best tool to use when uploading the public key to the remote servers is B. ssh-copy-id. This tool will copy the public key from the local computer to the remote server and append it to the authorized_keys file, which is used for public key authentication. This tool will also create the necessary directories and files on the remote server if they do not exist. The other tools are either not suitable or not relevant for this task. For example:
A . scp is a tool for securely copying files between hosts, but it does not automatically add the public key to the authorized_keys file.
C . ssh-agent is a tool for managing private keys and passphrases, but it does not upload the public key to the remote server.
D . ssh-keyscan is a tool for collecting public keys from remote hosts, but it does not upload the public key to the remote server.
A developer is unable to access a Linux server via SSH. Given the following output:
SSH server configuration (/etc/ssh/sshd_config):
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication yes
GSSAPIAuthentication yes
X11Forwarding no
User Information (/etc/passwd):
developer:x:1000:1000:comptia:/home/developer:/bin/bash
User Shadow File (/etc/shadow):
developer:!!::0:99999:7:::
Which of the following explains why the developer is unable to log in to the server?
The reason the developer cannot log in is because their account is locked. This is indicated by the '!!' in the /etc/shadow file:
developer:!!::0:99999:7:::
The '!!' in the password field means the account is locked, and the user cannot authenticate using a password.
To unlock the account, the administrator must reset the password:
passwd developer
OR, if SSH key authentication is used, the administrator can remove the lock without setting a password:
usermod -U developer
Why the other options are incorrect?
A . The developer's private key has been deleted from the server. Incorrect, because the login attempt is failing before key authentication even starts.
C . The developer's public key is in the wrong location. Incorrect, because the SSH configuration (PubkeyAuthentication yes) allows key-based authentication, but the user is still unable to log in. The issue is with the account lock.
D . SSH has been disabled for user log-in. Incorrect, because PasswordAuthentication yes confirms SSH is enabled for users (except root).
CompTIA Linux+ Official Documentation
Linux User Management -- Red Hat
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Evangelina
2 months agoBlair
3 months agoJonell
4 months agoMaddie
5 months agoTrina
6 months agoMicheline
7 months agoAlona
7 months agoLanie
8 months agoVeronica
8 months agoLashon
9 months agoViki
9 months agoNenita
9 months agoNoe
10 months agoMyong
10 months agoFlo
10 months agoCristy
11 months agoOmega
11 months agoLore
11 months agoGarry
11 months agoLynette
12 months agoKrissy
12 months agoMiriam
12 months agoVeda
1 years agoRickie
1 years agoQueen
1 years agoLeota
1 years agoYolando
1 years agoMatilda
1 years agoLynette
1 years agoFabiola
1 years agoValentine
1 years agomeezo
1 years agohekeho
1 years agoMark james
1 years agotokyo
1 years agoarmstrong
1 years ago