Practice Test 2 RHCSA (EX200)

Question 1

1. Assume you have forgotten the root password for ServerB. Reset the root password to "secret" to regain access to the
system.
e on grub kernel selector
Type rd.break after the ro term
Ctrl + X
mount -o remount rw /sysroot
chroot /sysroot
passwd root
change password to 'secret'
touch /.autorelabel
exit
reboot

Question 2

2. On ServerB, set up a local Yum/DNF repository using the /RHEL-9.iso image mounted on the /repo directory. Ensure the
repository is accessible for package installation and updates, and address any potential issues with Red Hat Subscription
Management registration.
Mount iso Image
mount /dev/sr0 /repo
cd /etc/yum.repos.d/
cat redhat.repo // To see format of a repo file
vi /etc/yum.repos.d/rhel9.repo

File editor:

[BaseOS]
name=BaseOS Packages Red Hat Enterprise Linux 9
metadata_expire=-1
gpgcheck=1
enabled=1
baseurl=file:///mnt/disc/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[AppStream]
name=AppStream Packages Red Hat Enterprise Linux 9
metadata_expire=-1
gpgcheck=1
enabled=1
baseurl=file:///mnt/disc/AppStream/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

dnf clean all

dnf repolist
 dnf install nfs-utils

Question 3

3. On ServerB, modify your active network interface configuration to follow the following specifications statically:
IPV4 – 192.168.1.3/24
GW – 192.168.1.1
DNS – 8.8.8.8
nmcli connection modify enp0s3 ipv4.addresses 192.168.1.3/24
nmcli connection modify enp0s3 ipv4.method manual
nmcli connection modify enp0s3 ipv4.gateway 192.168.1.1
nmcli connection modify enp0s3 ipv4.dns 8.8.8.8
nmcli connection down enp0s3 && nmcli connection up enp0s3
ifconfig

Question 4

4. On ServerB, add the following secondary IPV4 address statically to your current running interface. Do this in a way that
doesn’t compromise your existing settings:
IPV4 – 10.0.0.3/24
nmcli connection modify enp0s3 +ipv4.addresses 10.0.0.3/24
nmcli connection down enp0s3 && nmcli connection up enp0s3
ip addr

Question 5

5. On ServerB, add the following IPV6 address statically to your current running interface. Do this in a way that doesn’t
compromise your existing settings:
IPV6 – fd01::103/64
nmcli connection modify enp0s3 ipv6.addresses fd01::103/64
nmcli connection modify enp0s3 ipv6.method manual
nmcli connection down enp0s3 && nmcli connection up enp0s3
ifconfig

Question 6

6. On ServerB, set the system time to your nearest timezone.

timedatectl list-timezone | grep Chihuahua
timedatectl set-timezone "America/Chihuahua"
timedatectl show

Question 7

7. On ServerB, ensure NTP sync is configured.

systemctl status chronyd
 timedatectl set-ntp true
vi /etc/chrony.conf
Add the line: server 8.8.8.8
systemctl restart chronyd
chronyc
sources // To see dns.google listed

Question 8

8. Enable IPV4 packet forwarding on ServerB persistently.

sysctl net.ipv4.ip_forward // Read the current state of IP forwarding
vi /etc/sysctl.conf
Add the line: net.ipv4.ip_forward = 1
sysctl -p // To read changes from file
cat /proc/sys/net/ipv4/ip_forward

Question 9

9. Enable IPV6 packet forwarding on ServerB. This should persist after a reboot.
sysctl net.ipv6.conf.all.forwarding // Read the current state of IP forwarding
vi /etc/sysctl.conf
Add the line: net.ipv6.conf.all.forwarding = 1
sysctl -p
reboot

Question 10

10. On ServerB, boot messages should be present (not silenced).

vi /etc/default/grub
Delete rhgb quiet from the end of the GRUB_CMDLINE_LINUX= line
grub2-mkconfig -o /boot/grub2/grub.cfg

Question 11

11. On ServerB, use /dev/sdb to do the following:

1. Create a 4GiB volume group named “vgmyvg”.
2. Create a 1GiB logical volume named “lvmylv” inside the “vgmyvg” volume group.
3. The “lvmylv” logical volume should be formatted with the ext4 filesystem and mounted persistently on the /lvmylv
directory
4. Extend the ext4 filesystem on “lvmylv” by 500M.
fdisk -l
fdisk /dev/sdb
p n p 1 Enter +4G p l t 8e p w

pvcreate /dev/sdb1
pvdisplay
 vgcreate vgmyvg /dev/sdb1
vgdisplay
lvcreate -n lvmylv -L 1G vgmyvg
mkfs.ext4 /dev/vgmyvg/lvmylv
mount /dev/vgmyvg/lvmylv /lvmylv/
vi /etc/fstab
Add the line: /dev/mapper/vgmyvg-lvmylv /lvmylv ext4 defaults 0 0
lvextend -L +500M /dev/vgmyvg/lvmylv

Question 12

12. On ServerB, configure Apache to serve a basic website that shows the text "Hello World!"
dnf install httpd \
systemctl status httpd
firewall-cmd --list-all
firewall-cmd --add-service=http --permanent
vi /var/www/html/index.html
Add the line: Hello World!
curl http://localhost

Question 13

13. On ServerB, write a script "/yes-no.sh" that does the following:

a. If the argument is 'yes', the script should run the command echo “that's nice”.
b. If the argument is 'no', the script should run the command echo "I am sorry to hear that".
c. If the argument is anything else, the script should run the command echo "unknown argument provided".
vi /yes-no.sh

File editor:

#!/bin/bash
if [ $1 == "yes" ]
then
echo "that's nice"
elif [ $1 == "no" ]
then
echo "I am sorry to hear that"
else
echo "unknown argument provided"
fi

chmod a+x /yes-no.sh

/yes-no.sh yes

Question 14

14. On ServerB, change the hostname to rhel.server.com and make it persistent.

vi /etc/hostname
 Change line to: rhel.server.com
reboot

Question 15

15. On ServerB, install the appropriate kernel update. The following criteria must also be met:
a. The updated kernel is the default kernel when the system is rebooted.
b. The original kernel remains available and bootable on the system.
dnf update -y
dnf update kernel -y
reboot

Question 16

16. On ServerB, find the regular files owned by the user root in the “/usr/bin” and copy the files into the “/find/rootfiles/”
directory.
mkdir /find
mkdir /find/rootfiles
find /usr/bin -type f -user root -exec cp {} /find/rootfiles/ \;
ls -l /find/rootfiles

Question 17

17. On ServerB, all new users should have a file name “Note” in their home directory after account creation.
touch /etc/skel/Note

Question 18

18. On ServerB, all user passwords should expire after 100 days and be at least 9 characters in length.
vi /etc/login.defs
Change line to: PASS_MAX_DAYS 100
vi /etc/security/pwquality.conf
Uncomment and change line to: minlen = 9

Question 19

19. On ServerB, create a user sam whose UID is 1500, and he doesn't have access to any interactive shell on the system.
useradd -u 1500 -s /sbin/nologin sam
id sam
tail -1 /etc/passwd // Check user on /etc/passwd file

Question 20
20. On ServerB, copy the file “/etc/fstab” to “/var/tmp”, then do the following:
a. Configure the permissions of “/var/tmp/fstab” so that the file “/var/tmp/fstab” is owned by the root user, belongs to the
group root, and should not be executable by anyone.
b. The user stewart can read & write “/var/tmp/fstab”.
c. The user kevin can neither write nor read “/var/tmp/fstab”.
cp /etc/fstab /var/tmp/
chown root /var/tmp/fstab
chgrp root /var/tmp/fstab
chmod a-x /var/tmp/fstab
useradd stewart
useradd kevin
`setfacl -m u:stewart:rw- fstab`
setfacl -m u:kevin:--- fstab
getfacl fstab

Question 21

21. On ServerB, as root create a cron job that deletes empty files from /tmp at 12:45 am daily.

crontab -e
Add the line: 45 0 * * * find /tmp/ -type f -empty -delete // Note 0 is 12 am

Question 22

22. On ServerB, create a compressed tar file “/archive/myetc.tbz2” of the “/etc” directory. Then restore the archived data in the
“/restored/myetc/” directory.
mkdir /archive
mkdir /restored
mkdir /restored/myetc
tar cvjpf /archive/myetc.tbz2 /etc // The 'p' option is to preserver permissions
tar xvjpf /archive/myetc.tbz2 -C /restored/myetc // The -C option is to change archive content to a specified
directory

Question 23

23. On ServerB, optimize the system to run in a virtual machine for the best performance and concurrently tunes it for low
power consumption. Low power consumption is the priority.
dnf install tuned
systemctl start tuned
tuned-adm list
tuned-adm active
tuned-adm profile virtual-guest powersave

Question 24

24. Setup SSH Passwordless Login in ServerA for the user Sam.
 (On ServerA)
systemctl status sshd
(On ServerB)
ssh-keygen
ssh-copy-id Sam@192.168.1.11

Question 25

25. Disable password authentication on rhel.server.com.

vi /etc/ssh/sshd_config
Uncomment and change line to: PasswordAuthentication no
systemctl restart sshd

Question 26

26. On rhel.server.com, set SELinux to “enforcing” mode.

getenforce
setenforce 1
sestatus

Question 27

27. On rhel.server.com, using /dev/sdb create a 500MiB swap partition which takes effect automatically at boot start.
free -m
fdisk -l
fdisk /dev/sdb
p n p 2 Enter +500M p l t 2 82 p w

mkswap /dev/sdb2
blkid
vi /etc/fstab
Add the line: UUID=... swap swap defaults 0 0
mount -a
swapon /dev/sdb2
lsblk
free -m

Question 28

28. Restrict root login on rhel.server.com.

vi /etc/ssh/sshd_config
Change line to: PermitRootLogin no
systemctl restart sshd

Question 29
29. On rhel.server.com, do the following:
1. Install container-tools.
2. Set up a local image repository in “/var/lib/registry” on port 5000 with Podman.
3. Push the httpd container image to the image repository.
dnf install container-tools -y
mkdir -p /var/lib/registry
podman run --priviliged -d --name registry -p 5000:5000 -v /var/lib/reistry:/var/lib/registry:Z
registry // 'registry' is an alias for an image
vi /etc/containers/registries.conf
Uncomment the line: [[registry]]
Uncomment and change line to: insecure = true
Uncomment and change line to: location = "localhost:5000"
podman search httpd --filter=is-official
podman pull docker.io/library/httpd
podman tag docker.io/library/httpd localhost:5000/httpd
podman push localhost:5000/httpd
ls -l /var/lib/registry/docker/... // to verify

!!! Question 30

30. What is the user-specific startup files?

~/.bash_profile
~/.bashrc
~/.profile
~/.bash_login
~/.bash_logout

Question 31

31. Run "sleep 100" in the background with a priority value of "30".
PR = 20 + NI
NI needs to be 10 so that PR is 30
nice -n 10 sleep 100 &
ps -eo pid,ni,pri,args | grep sleep

Question 32

32. Which of the following commands kills the process with the PID 112 but allows the process to "clean up" before exiting?
kill -TERM 112
The TERM signal is the default kill command signal and lets the process "clean up" before exiting

Question 33

33. Which of the following commands redirects the output of “echo cmd” to the file “cmd.txt”, in which an existing file is
overwritten?
 echo cmd > cmd.txt

Question 34

34. When given the following command line.

$ echo "foo bar" | tee bar | cat
Which of the following output is created?
foo bar // the tee command only outputs the echo command into the bar file

Question 35

35. How can the current directory and its subdirectories be searched for a file named MyFile.xml?
grep -r MyFile.xml .
find . -name MyFile.xml
search Myfile.xml ./
grep MyFile.xml | find
find . -name MyFile.xml

Question 36

36. Configure rhel.server.com (the NFS client) to automatically mount the share rhcsa.server.com:/share on the /nfs directory.
mkdir /nfs
vi /etc/fstab
Add the line: rhcsa.server.com:/share /nfs nfs defaults 0 0
mount -a

Question 37

37. On rhel.server.com, build an image named "hello_world" from a Containerfile that installs and configures a web server
(httpd) to start automatically by the systemd service (/sbin/init) when the container is running on your host system. Then
run a new container from the "hello_world" image and name it "hello_world_run". The Containerfile should follow these
instructions:
Base Image: Red Hat Universal Base Image 8 Init (ubi8/ubi-init).
The Web server should display "Hello World!" Once you connect to it.
Expose the Web server to port 80.
mkdir ~/Hello_World
cd ~/Hello_World
vi Containerfile

File editor:

FROM registry.access.redhat.com /ubi8/ubi-init #image name on podman

RUN yum -y isntall httpd; yum clean all; systemctl enable httpd;
RUN echo "Hello World!" > /var/www/html/index.html
RUN mkdir /etc/systemd/system/httpd.service.d/; echo -e '[Service]\nRestart=always' >
/etc/systemd/system/httpd.service.d/httpd.conf
 EXPOSE 80
CMD ["/sbin/init"]

podman build --format=docker -t hello_world . // The -t option is to apply tag name

podman images
setsebool -P container_manage_cgroup 1
systemctl stop httpd // Stop current httpd since it is using port 80
podman run -d --name hello_world_run -p 80:80 hello_world
podman ps
curl localhost

Question 38

38. On rhel.server.com, prevent all users from using the crontab command except tom.
echo "ALL" >> /etc/cron.deny
echo "tom" >> /etc/cron.allow

!!! Question 39

39. On rhel.server.com, create a directory hierarchy /V1/V2/V3/, and recursively apply the SELinux context of the /etc
directory.
mkdir -p /V1/V2/V3
ls -ldZ /etc // See the etc_t type
semanage fcontext -a -t etc_t "/V1(/.*)?" // The (/.*)? expression allows to modify the context recursively
including /V1
restorecon -Rv /V1
ls -ldZ /V1/V2/V3

Question 40

40. On rhel.server.com, find the string blank in "/etc/passwd" and send it to the file "/home/blankword" without removing the file
content.
grep blank /etc/passwd >> /home/blankword

!!! Question 41

41. On rhel.server.com, install the package zsh . The package named zsh is dumped on ftp://server.example.com under the
/pub/updates directory.
Credentials
Username: admin
Password: admin
ftp server.example.com
cd /pub/updates
binary
ls
get zsh.rpm
 exit
rpm -ivh zsh.rpm

Question 42

42. Create a hard and symbolic link to a file called "data.txt". The original file is located in the /home/$USER/ directory. The
hard link should be created in the same directory, while the symbolic link should be created in the /var/tmp/ directory.
mkdir /home/$USER
touch /home/$USER/data.txt
ln /home/$USER/data.txt data-link // Give a different name than the file because they will be in the same
directory
ls -ltr /home/$USER
cd /var/tmp
ln -s /home/$USER/data.txt
ls -ltr

Question 43

43. Create a directory named "/collaboration" on ServerB, and configure it so that any files or subdirectories created within that
directory are owned by the group "managers".
mkdir /collaboration
groupadd managers
chgrp managers /collaboration
chmod g+s /collaboration
ls -ld /collaboration