RHCSA 1
Quiz-summary
0 of 12 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
Information
This is a RHCSA sample exam. You’ve got 2 hours and half.
Prerequisites:
– a file system of 1GB for /home,
– 2GB of free space.
One precision: nobody checks your answers but solutions are provided.
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 12 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
| Average score |
|
| Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- Answered
- Review
-
Question 1 of 12
1. Question
Setup a /home/rhce directory to facilitate collaboration among the rhce group.
Each member should be able to create files and modify each others’ files, but should not be able to delete any one else’s files in this directory.Hint
# mkdir /home/rhce
# chown root:rhce /home/rhce
# chmod 770 /home/rhce
# chmod +t /home/rhce
# chmod g+s /home/rhce -
Question 2 of 12
2. Question
Make sure user bob’s account expires after one week.
Hint
# date -d “+1week”
# usermod -e YYYY-MM-DD bob
or # chage -E YYYY-MM-DD bob
# chage -l bob -
Question 3 of 12
3. Question
Set up a default configuration webserver. In the index file, place the sentence “This is a test.”.
Make this webserver only accessible to your machine and server1.example.com.Hint
# yum install httpd
# chkconfig httpd on
# service httpd start
echo “This is a test.″ > /var/www/html/index.html
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
# service iptables save
# vi /etc/httpd/conf/httpd.conf
Order allow,deny
Allow from 127.0.0.1 server1.example.com
# service httpd reload -
Question 4 of 12
4. Question
Add 100MB of swap space to your machine using a logical volume.
Hint
# lvcreate –name lv_swap2 –size 100M vg
# mkswap /dev/vg/lv_swap2
# swapon /dev/vg/lv_swap2
# vi /etc/fstab
/dev/vg/lv_swap2 swap swap defaults 0 0 -
Question 5 of 12
5. Question
Create user accounts named tony, mike, and john each with the “redhat” password and belonging to a secondary group called “rhce”.
Hint
# groupadd rhce
# useradd tony -G rhce; passwd tony
# useradd mike -G rhce; passwd mike
# useradd john -G rhce; passwd john -
Question 6 of 12
6. Question
Expand the file system on /home to 2GB in size.
Hint
# lvresize -r -L 2G /dev/vg/lv_home
-
Question 7 of 12
7. Question
Set up a default configuration FTP server.
Block ftp connections from hackers.netHint
# yum install vsftpd
# chkconfig vsftpd on
# service vsftpd start
# vi /etc/sysconfig/iptables-config
IPTABLES_MODULES=”nf_conntrack_ftp nf_nat_ftp”
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 20 -j ACCEPT
# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
# service iptables save
# service iptables restart
# vi /etc/hosts.deny
vsftpd: .hackers.net: DENY -
Question 8 of 12
8. Question
Set up a new 100MB logical volume. Encrypt the volume with LUKS and set it up to automatically decrypt and mount to /crypt at boot.
Use the ext4 filesystem and place an empty file in the root of the encrypted filesystem with a name of “test”.Hint
# lvcreate –name crypt –size 100M vg
# mkdir /crypt
# cryptsetup luksFormat /dev/vg/crypt
# cryptsetup luksOpen /dev/mapper/vg-crypt crypt
# mkfs.ext4 /dev/mapper/crypt
# vi /etc/fstab
/dev/mapper/crypt /crypt ext4 defaults 1 2
# mount -a
# cryptsetup luksAddKey /dev/vg/crypt /etc/keyfile
# chmod 400 /etc/keyfile
# vi /etc/crypttab
crypt /dev/vg/crypt /etc/keyfile
# touch /crypt/test -
Question 9 of 12
9. Question
Create a new user “bob”. Give bob, not in the rhce group, read and write access to /home/rhce.
Hint
# useradd bob
# passwd bob
# setfacl -R -m u:bob:rwx /home/rhce -
Question 10 of 12
10. Question
Set up a job to delete all of the regular files in the /home/bob directory on the second day of every month at 8:30 A.M.
Hint
# crontab -e
30 08 02 * * /bin/find /home/bob -type f -exec /bin/rm {} \; -
Question 11 of 12
11. Question
Install the appropriate kernel update from http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages.
The following conditions must also be met:
– the updated kernel is the default kernel when the system is rebooted.
– the original kernel remains available and bootable on the system.Hint
# uname –r
# wget http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/kernel*
# rpm –ivh kernel
# vi /etc/grub.conf
Check for default (0 or 1) -
Question 12 of 12
12. Question
Set up the automounter, and configure it to read the DVD on the /misc/dvd directory.
Hint
# yum install -y autofs
# vi /etc/auto.misc
dvd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
# service autofs start
Thanks!…
I appreciate.
To prevent users from deleting a file belonging to another user, I had to use the recursive option on the Directory….
chmod -R +t /home/rhce
I add your excellent point to the solution, thanks.
there’s no need in -R because it makes sticky bit on files inside folder, and there’s no point doing that (sticky bit on files is just ignored). ONLY sticky bit on folder is important (people inside folder will be able delete only owned files) 🙂
P.S. -> proof also on cbt nuggets lesson about chmod 😉
I did this task without -R. all worked as needed.
Thanks.
You are right. I’m removing this -R option from the proposed solution.
I took the exam the last week and the Q&A were almost the same!Thank you so much for this help-
I have to be clear: the exams offered here shouldn’t be exactly the same as the real ones, this would break the NDA (Non Disclosure Agreement). These exams only present typical exercises, nothing more.
However, I’m glad it has helped you.
Hi for q6 (httpd)
shouldn’t the access rule be :
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 server1.example.com
I think your solution is correct but doesn’t replace the one given, they are both valid.
on “Create a new user “bob”. Give bob, not in the rhce group, read and write access to /home/rhce.” the solution gives bob rwx access to all files inside too, but maybe ‘x’ should not be granted?
also any new file created by other guys in rhce group – are not accessible for bob 🙁 .
how can we make that bob will have rw but not ‘x’ access on all files inside? (rwx for folder of course, to list it)
who knows if giving extra permissions (too much for example, more than what asked) can lead to lose score? I want to allow many SElinux stuff for example on my exam, lot of booleans to allow, that SElinux will relax a bit and stop blocking stuff 😀 , but i afraid it can lead to lose score.
thanks!
bobs account expire in 1 week:
# usermod -e “date+1week” bob –> Gives error on my centos 6.5.
Yes, you are right. The answer should have been: # usermod -e `date +1week` bob
I’m fixing this poor writing.
Thanks.
On question 10, I’m a bit confused by “regular files”….does that mean we should omit the hidden ones? If so, I’d go by
30 8 2 * * /bin/find /home/bob -not -path ‘*/\.*’ -type f -delete
Looks like a trick question to me 😉
Your remark is interesting.
However, don’t bother with “.files”. They are still regular files.
I was wondering the same thing. Theres actually a similar question on Michael Jangs practice exam where you’re to set up a Cron Job every Sunday to delete ‘regular files’ in the /encrypt folder. Now that I think about it the rm command most of the time will ask you something to the effect of “rm: remove regular file ‘blahblahblah.txt” provided you don’t use rm -f.
Personally I set it up as
30 8 2 * * /bin/find /home/bob -type f | xargs rm -vf
Right now I’m reading it that as long as I search using “-type f” I don’t have to worry about non-regular files being put on the chopping block for my cronjob. Is this correct?
I think this is correct.
Which part of the httpd.conf file does this directive go for Question 1?
———————————————–
# vi /etc/httpd/conf/httpd.conf
Order allow,deny
Allow from 127.0.0.1 server1.example.com
——————————————————–
Is it around this section?
——————————
# This controls which options the .htaccess files in directories can
# override. Can also be “All”, or any combination of “Options”, “FileInfo”,
# “AuthConfig”, and “Limit”
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
———————-
If it could be around the .htaccess section, I would personally prefer around the DocumentRoot directory section.
Extract from the httpd.conf file:
I think double quote (“) in echo “This is a Test!” will give you an error, it should be single quote to treat everything inside as text ‘This is a Test!’
You are perfectly right. I fixed the problem.
Thank you.
Thank you for sharing this wonderful website!
I appreciate. Thanks.
Exam 1 , question 7
Why are we allowing port 20 in addition to port 21 for a default FTP server config ? It is not mentioned in the question about the need to allow dport 20 . I believe we dont need to run the below command. Pls confirm …
“# iptables -I INPUT -m state –state NEW -m tcp -p tcp –dport 20 -j ACCEPT “
You are right, it’s not mandatory.
Thanks for sharing this great website. I was able to pass my rhcsa also thanks to this great resource site. Keep up the great work man!
I appreciate. Thanks.
I think wget with an (*) asterisk at the end of the link will not allow you to download multiple files as in your example: kernel* it will just give you an error. You will have to download both the kernel firmware dependency and the kernel one by one.
I agree with you but I don’t know which other command I can use.
I can suggest this command but it’s not really readable:
# curl -l -s http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/ | grep kernel | awk -F ‘>’ ‘{ print $2; }’ | awk -F ‘<' '{ print "http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages/" $1; }' | xargs wget What do you think? 😉
Yeah that’s a good one but it’s also hard to remember. For the RHCSA objective of upgrading the kernel you will only have to download 2 files in a remote directory that contains those files only. Therefore I would simply run:
# wget -r http://mirrors.kernel.org/centos/6.4/updates/x86_64/Packages
the -r option stands for recursive so you will download them all in one shot. Of course if you’d have more than those two files the whole directory will be downloaded locally but in the Red Hat exam you will only find those two.
Pardon me for asking this – I thought there is Internet access in the exam? How is it possible then to download the kernel from mirrors.kernel.org?
No, there isn’t any Internet access during the exam.
Hi CertDepot,
Then, how does one download the kernel files via wget? Or are those files available for down from the host/node machine itself? i.e. we can issue the wget command from the KVM guest to download from the host machine?
Thanks!
A file server link will be provided during the exam, you have to download the files from there. There’s no internet access.
Sitting for the RHCSA & RHCE exams next week. Thanks for this great resource website!
Thanks.
why are none of the QUIZ links working ?
I checked this morning, everything was working fine. I have no idea what was the problem.
Does anybody know how to differentiate the VM and desktop terminal on ex200(RHCSA)? I am going to take the exam soon and I know somebody who could not find VM or didn’t understand how to differentiate the VM and the desktop terminal when he took the exam. It was on kiosk. If anybody can provide answer for this then it would be really helpful.
You should look at the virt-what command.
When typing virt-what you can get two kinds of result:
– nothing: this means that you are on bare-metal,
– kvm or something else: you are in a virtual machine.
Hope this helps.
Thank you for your answer. I didn’t know about this. I have found it really helpful to differentiate the VM and the desktop terminal once I have both. Is the VM going to be open on the screen beforehand or the candidates need to open it through application toolbar? I am asking this because I heard from a candidate who could not even find anything else than a desktop terminal (which has no console). I am getting a bit confused about that so if someone can give some ideas that will be great.
If you are in trouble, ask the proctor: it is one of the proctor’s roles to help you if you don’t understand something.
does any one have idea if I need to reduce a lv to 200MiB then how I am supposed to do it. I know how to do it in 200M or 200G but not sure about MiB.