Test yourself
Linux essentials
Final exam · 80 questions · answers explained as you pick
Command reference
16 questions
01ls -lah shows…
Incorrect — -a includes hidden files, but -l and -h do more.
Correct — the everyday combination.
Incorrect — that would need -S; these flags do format/all/human.
Incorrect — ls lists names/metadata, not contents.
02In ls -l, a leading "d" on a line means the entry is…
Correct — - = file, d = directory, l = symlink.
Incorrect — no such marker.
Incorrect — that would be c or b.
Incorrect — hidden is by name (leading dot), not the type field.
03cd - (dash) does what?
Incorrect — that is cd /.
Incorrect — that is cd ..
Correct — toggles between two locations.
Incorrect — that is cd with no argument.
04To copy a whole directory and its contents, you use…
Incorrect — plain cp refuses a directory without -r.
Correct — -r = recursive.
Incorrect — that moves, not copies.
Incorrect — that makes a symlink, not a copy.
05tail -f /var/log/app.log is used to…
Incorrect — that is head.
Incorrect — it only reads.
Correct — watch a log in real time.
Incorrect — that is wc -l.
06You are stuck in vim. To quit without saving you press Esc then type…
Incorrect — that saves AND quits.
Correct — quit, forcibly, discarding changes — the escape hatch.
Incorrect — does not exit vim.
Incorrect — opens help, does not quit.
07grep -v "200" access.log prints…
Correct — -v inverts — useful to see the non-200 responses.
Incorrect — that is grep without -v.
Incorrect — that is -c.
Incorrect — -v is invert, not -i.
08The pipeline sort | uniq -c is used to…
Incorrect — it works on text lines, not files.
Correct — sort first (uniq only collapses adjacent), then count.
Incorrect — that is not what this does.
Incorrect — no.
09cut -d: -f1 /etc/passwd extracts…
Incorrect — it extracts one field.
Incorrect — -f1 is the first field.
Correct — -d sets the delimiter, -f picks the field.
Incorrect — those are in /etc/shadow, and -f1 is the name.
10sed 's/info/debug/g' does what?
Correct — the classic find-and-replace.
Incorrect — that is grep; sed here substitutes.
Incorrect — that would be a different sed command.
Incorrect — no.
11tar czf backup.tar.gz mydir/ …
Incorrect — that is xzf; c = create.
Correct — c=create, z=gzip, f=file.
Incorrect — that is tzf.
Incorrect — tar does not delete the source.
12To extract a .tar.gz into a chosen directory, you use…
Incorrect — that creates an archive.
Incorrect — that only decompresses a .gz, not a tar.
Correct — x=extract, z=gzip, f=file, -C=target dir.
Incorrect — unzip is for .zip, not .tar.gz.
13rsync -avz ./site/ user@host:/var/www/ is preferred over scp for large syncs because it…
Correct — fast re-syncs after small changes.
Incorrect — scp uses SSH too.
Incorrect — -z compresses the transfer, not the disk.
Incorrect — it is about transfer efficiency, not at-rest encryption.
14df -h reports a partition at 96% but du finds nothing large. The usual cause is…
Incorrect — possible but not the classic cause.
Correct — find with lsof | grep deleted, restart the holder.
Incorrect — du would still account for their size.
Incorrect — swap is not counted by df on the data partition.
15find . -name "*.log" -mtime +7 -delete will…
Incorrect — only those older than 7 days.
Incorrect — -delete removes them; drop -delete to just list.
Correct — the printed list is your dry run.
Incorrect — it deletes; it does not compress.
16which python3 tells you…
Correct — useful when several versions are installed.
Incorrect — that is python3 --version.
Incorrect — no.
Incorrect — that is man / whereis.
16 questions · explanations appear as you answer
The shell & filesystem
10 questions
01pwd tells you…
Incorrect — no — it prints the working directory.
Correct — "print working directory".
Incorrect — that is ps.
Incorrect — that is ls -l / id.
02An absolute path is one that…
Correct — unambiguous from anywhere on the system.
Incorrect — that is a relative path.
Incorrect — paths contain slashes; that is not the distinction.
Incorrect — absolute paths can point anywhere.
03When you do not know a command, the first move is…
Incorrect — unrelated.
Incorrect — never.
Correct — the manual works offline on every box.
Incorrect — man tells you; guessing is risky.
04tail -f a log file does what?
Incorrect — that is head; -f is not "first".
Correct — ideal for watching logs in real time.
Incorrect — it only reads.
Incorrect — it does not modify anything.
05grep is used to…
Correct — e.g. grep -rn "listen" /etc/nginx/.
Incorrect — that is find.
Incorrect — that is chmod.
Incorrect — that is ps.
06A pipe (|) in the shell…
Incorrect — no — it passes it along.
Incorrect — it connects them.
Correct — the basis of composing small tools.
Incorrect — that is #.
07command > file.txt does what?
Correct — use >> to append instead.
Incorrect — that is >>.
Incorrect — that is <.
Incorrect — not what redirection does.
08find / -perm -4000 -type f lists…
Incorrect — that is -perm -0002.
Correct — each runs as its owner — potential escalation paths.
Incorrect — that is -empty.
Incorrect — that is -mtime.
09System configuration files mostly live in…
Correct — editable text config for the system and services.
Incorrect — that is logs.
Incorrect — that is live kernel/process state.
Incorrect — that is user home directories.
10/proc and /sys are special because they…
Incorrect — size is not the point.
Incorrect — no.
Correct — "everything is a file" — cat/grep work on them.
Incorrect — they are not general-purpose writable dirs.
10 questions · explanations appear as you answer
Permissions & ownership
10 questions
01The three permission categories on a file are…
Incorrect — those are the permission bits, not the categories.
Correct — each gets its own rwx set.
Incorrect — not how file permissions are grouped.
Incorrect — not the Linux model.
02Mode 0640 means…
Correct — read it as rw- / r-- / ---.
Incorrect — others get 0 (nothing).
Incorrect — the group can read too.
Incorrect — group is 4 (read only).
03In octal, rwx equals…
Incorrect — that is r-x (4+1).
Incorrect — that is rw- (4+2).
Correct — read 4 + write 2 + execute 1.
Incorrect — that is r-- only.
04On a directory, the execute (x) bit means…
Incorrect — you do not "run" a directory.
Correct — without x you cannot cd in even if you can see it.
Incorrect — that depends on the parent and sticky bit.
Incorrect — it is meaningful — it gates traversal.
05chmod 600 ~/.ssh/id_ed25519 is required because…
Correct — a world/group-readable key is a leak.
Incorrect — permissions do not affect speed.
Incorrect — permissions are not encryption.
Incorrect — SSH enforces it.
06Ownership of a file decides…
Incorrect — unrelated.
Incorrect — that is the leading character in ls -l.
Correct — your identity picks the triad.
Incorrect — unrelated.
07A SUID binary executes with…
Incorrect — that is the normal case, without SUID.
Correct — a SUID-root binary runs as root for any caller — a classic escalation target.
Incorrect — the opposite.
Incorrect — not a Linux concept.
08The sticky bit on /tmp means…
Correct — shown as t in drwxrwxrwt.
Incorrect — the opposite — /tmp is world-writable.
Incorrect — unrelated.
Incorrect — that is SUID, not sticky.
09A umask of 027 makes new files…
Incorrect — the opposite — it restricts.
Incorrect — umask subtracts; it does not open up.
Correct — a stricter default that avoids world-readable files.
Incorrect — umask does not add execute to files.
10An unfamiliar SUID-root binary outside system paths is…
Incorrect — no — it is a classic persistence trick.
Correct — attackers drop SUID shells to keep root access.
Incorrect — sudo has its own known binary.
Incorrect — size is irrelevant to the risk.
10 questions · explanations appear as you answer
Users, groups & sudo
10 questions
01UID 0 is…
Correct — the all-powerful account.
Incorrect — normal users start at 1000 (typically).
Incorrect — it is very much used — it is root.
Incorrect — nobody has a high UID, not 0.
02Password hashes are stored in…
Incorrect — passwd holds account info but not the hashes.
Correct — so ordinary users cannot even see the hashes.
Incorrect — that is group membership.
Incorrect — logs, not hashes.
03A service account with shell /usr/sbin/nologin…
Incorrect — unrelated to privilege.
Incorrect — it can own files.
Correct — good for daemons that never need to log in.
Incorrect — it still runs services; it just cannot log in.
04Every human should have…
Correct — shared logins destroy attribution.
Incorrect — no — escalate via sudo instead.
Incorrect — never.
Incorrect — only root is UID 0.
05The main security benefit of sudo is…
Incorrect — speed is not the point.
Correct — attribution + least privilege.
Incorrect — the opposite — it records them.
Incorrect — root still exists; sudo governs elevation.
06sudo -l shows…
Incorrect — that is last / the auth log.
Incorrect — no.
Correct — your effective sudo privileges.
Incorrect — it summarizes your rights, not the raw file.
07You should edit the sudoers file with…
Correct — a broken sudoers can lock out admin access.
Incorrect — a typo can lock you out; visudo prevents that.
Incorrect — that changes permissions, not content.
Incorrect — risky — no validation.
08Least-privilege sudo means granting…
Incorrect — that is passwordless root — the opposite.
Correct — e.g. only systemctl restart nginx.
Incorrect — then admins cannot work.
Incorrect — never share root.
09Granting sudo on an editor or scripting interpreter is dangerous because…
Incorrect — not the issue.
Incorrect — not the issue.
Correct — a narrow-looking grant becomes total.
Incorrect — logging is good, not the risk.
10When a person leaves the team, their account should be…
Correct — a lingering active account is a standing way in.
Incorrect — that is a security hole; keep logs, not the login.
Incorrect — never reuse/share accounts.
Incorrect — accounts are not "given" like that.
10 questions · explanations appear as you answer
Processes & services
10 questions
01A process’s owner (the user it runs as) determines…
Correct — why a web server should not run as root.
Incorrect — unrelated.
Incorrect — the kernel assigns PIDs independently.
Incorrect — not a real property.
02PID 1 is…
Incorrect — sshd has its own PID, not 1.
Correct — everything descends from it.
Incorrect — PIDs are not users.
Incorrect — the kernel is not a normal PID-1 process.
03To see live CPU/memory usage by process, you use…
Incorrect — lists files.
Incorrect — searches text.
Correct — a live, updating view — first stop when a server is slow.
Incorrect — prints files.
04/proc/<pid>/exe points to…
Correct — great for spotting a process masquerading under a fake name.
Incorrect — no.
Incorrect — no.
Incorrect — that is in status/ppid, not exe.
05kill -15 (SIGTERM) versus kill -9 (SIGKILL): TERM…
Incorrect — that describes KILL.
Correct — try TERM first; KILL is the last resort.
Incorrect — it requests termination.
Incorrect — that is SIGSTOP.
06kill -9 is a last resort because SIGKILL…
Incorrect — it is immediate, not slow.
Incorrect — it does not restart anything.
Correct — why databases can be corrupted by -9.
Incorrect — you can -9 your own processes.
07systemctl enable nginx does what?
Correct — use --now to also start it immediately.
Incorrect — that is start, not enable.
Incorrect — no.
Incorrect — that is status/journalctl.
08A service can be "running now but not enabled," which means…
Incorrect — no — it is just not set to auto-start.
Correct — start (now) and enable (boot) are independent.
Incorrect — unrelated.
Incorrect — unrelated to enable/start.
09A systemd unit with User=appuser and NoNewPrivileges=true…
Incorrect — the opposite.
Incorrect — unrelated.
Correct — far less dangerous if compromised.
Incorrect — it starts, just confined.
10To see only error-level logs for nginx since 2 hours ago, you run…
Correct — unit + priority + time filters.
Incorrect — that is config, not logs.
Incorrect — that lists processes, not logs.
Incorrect — that lists files, not filtered logs.
10 questions · explanations appear as you answer
Networking & packages
10 questions
01To see which programs are listening on which ports, you use…
Incorrect — that shows routing, not listeners.
Correct — TCP, listening, numeric, with owning process.
Incorrect — that tests reachability.
Incorrect — unrelated.
02A service bound to 127.0.0.1 is reachable…
Correct — localhost-only — good for internal services like a DB.
Incorrect — that would be 0.0.0.0.
Incorrect — no — loopback is local-only.
Incorrect — binding address is unrelated to TLS.
03A service bound to 0.0.0.0 is…
Incorrect — the opposite.
Incorrect — that is 127.0.0.1.
Correct — every 0.0.0.0 listener is an exposed door — account for each.
Incorrect — binding address is not encryption.
04nc -zv host 22 checks…
Correct — a quick reachability test for a specific port.
Incorrect — unrelated.
Incorrect — unrelated.
Incorrect — that is ip route.
05The main package managers are…
Incorrect — those are dev tools, not OS package managers.
Correct — .deb and .rpm respectively.
Incorrect — those are language package managers.
Incorrect — those are container/k8s tools.
06Signed repositories matter because the package manager…
Incorrect — signing is not about speed.
Incorrect — unrelated.
Correct — rejects tampered or impostor-served packages — OS-level supply-chain trust.
Incorrect — not the security point.
07Keeping packages patched is important because…
Correct — patching is a top-impact security control.
Incorrect — not the reason.
Incorrect — unrelated.
Incorrect — systems boot unpatched — that is the danger.
08unattended-upgrades / dnf-automatic provide…
Incorrect — no — they handle updates.
Correct — critical fixes land without waiting on a human.
Incorrect — unrelated.
Incorrect — unrelated.
09curl https://... | sudo bash is dangerous because it…
Incorrect — not the concern.
Incorrect — the issue is trust, not tooling.
Correct — read scripts before piping them to a root shell.
Incorrect — it needs the network, but that is not the risk.
10The safest way to add third-party software is…
Correct — verified provenance, like the CI/CD supply-chain lessons.
Incorrect — that removes the security boundary.
Incorrect — arbitrary root code, unverified.
Incorrect — no provenance or verification.
10 questions · explanations appear as you answer
Everyday shell
14 questions
01You read the value of an environment variable with…
Incorrect — without the $ it prints the literal word "VAR".
Correct — the $ tells the shell to expand the variable.
Incorrect — cat reads files, not variables.
Incorrect — export makes it available to programs; it does not print it.
02A variable set with NAME=value but NOT exported is…
Correct — export makes it available to child processes.
Incorrect — that requires export.
Incorrect — it vanishes when the shell closes.
Incorrect — variables are plain text.
03$PATH is…
Incorrect — that is $HOME.
Incorrect — that is pwd / $PWD.
Correct — first match wins, left to right.
Incorrect — no.
04To make an environment variable persist across new terminals, you put it in…
Incorrect — that is account info, not shell config.
Correct — the shell reads it on startup; source it to apply now.
Incorrect — wiped and not a startup file.
Incorrect — that schedules jobs, not shell config.
05ssh deploy@web-01 does what?
Correct — you run commands on the remote server.
Incorrect — that is scp.
Incorrect — that is ping.
Incorrect — no.
06The standard SSH authentication method is…
Incorrect — possible, but keys are the standard and safer.
Correct — no password to brute-force.
Incorrect — SSH always authenticates.
Incorrect — never — and root login is usually disabled.
07Your SSH private key (id_ed25519, no .pub)…
Incorrect — that is the PUBLIC key; the private one stays with you.
Incorrect — never — it is your login credential.
Correct — anyone who copies it can log in as you.
Incorrect — never commit a private key.
08The wildcard *.log is expanded…
Correct — why you preview with ls before using it in rm.
Incorrect — the shell expands it first for most commands.
Incorrect — the shell expands it (unless quoted).
Incorrect — globbing is a general shell feature.
09make && ./deploy runs ./deploy…
Incorrect — that is ; not &&.
Correct — && chains on success — a broken build stops the deploy.
Incorrect — that is ||.
Incorrect — that would be &.
10Ctrl-R in the shell…
Incorrect — that is Ctrl-L.
Incorrect — that is Ctrl-C.
Correct — type a few chars of a past command to recall it.
Incorrect — no.
11The cron schedule 0 3 * * * means…
Correct — minute 0, hour 3, every day/month/weekday.
Incorrect — that would be */3 in the minute field.
Incorrect — day-of-month is the 3rd field, here *.
Incorrect — it runs daily at 3am.
12A common reason a cron job works in your shell but fails under cron is…
Incorrect — no.
Correct — python3 may not be found; /usr/bin/python3 is.
Incorrect — each user has their own crontab.
Incorrect — no.
13Cron job output goes nowhere by default, so a failing job is silent. The fix is to…
Incorrect — that does not make failures visible.
Incorrect — irrelevant.
Correct — capture stdout+stderr so you can see failures.
Incorrect — privilege does not make output visible.
14A cron job running as root whose script is world-writable is…
Correct — keep root scripts non-writable; run jobs least-privileged.
Incorrect — it is a classic privesc.
Incorrect — irrelevant.
Incorrect — cron does not require world-writable scripts.
14 questions · explanations appear as you answer