sign in sign up
<<
Home , AppArmor, Comp (command), DenyHosts, Dracut (software), Fail2ban, Iftop

CompTIA + Certification Exam Objectives EXAM NUMBER: XK0-004 About the Exam

Candidates are encouraged to use this document to prepare for CompTIA Linux+ XK0-004. CompTIA Linux+ measures the necessary skills of an IT professional with hands-on experience configuring, monitoring, and supporting servers running the Linux . Successful candidates will have the knowledge required to configure, manage, operate, and troubleshoot a Linux environment by using security best practices, scripting, and . These content examples are meant to clarify the objectives and should not be construed as a comprehensive listing of all the content of this examination. EXAM DEVELOPMENT CompTIA exams result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an IT professional. CompTIA AUTHORIZED MATERIALS USE POLICY CompTIA Certifications, LLC is not affiliated with and does not authorize, endorse or condone utilizing any content provided by unauthorized third-party training sites (aka “brain dumps”). Individuals utilize such materials in preparation for any CompTIA examination will have their certifications revoked and be suspended from future testing in accordance with the CompTIA Candidate Agreement. In an effort to clearly communicate CompTIA’s exam policies on use of unauthorized study materials, CompTIA directs all certification candidates to the CompTIA Certification Exam Policies. Please review all CompTIA policies before beginning the study for any CompTIA exam. Candidates will be required to abide by the CompTIA Candidate Agreement. If a candidate has a question as to whether study materials are considered unauthorized (aka “brain dumps”), he/she should contact CompTIA examsecurity@.org to confirm.

PLEASE NOTE The lists of examples provided in bulleted are not exhaustive lists. Other examples of technologies, processes, or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document. CompTIA is constantly reviewing the content of our exams and updating test questions to be sure our exams are current and the security of the questions is protected. When necessary, we will publish updated exams based on testing exam objectives. Please know that all related exam preparation materials will still be valid.

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) TEST DETAILS Required exam XK0-004 Number of questions Maximum of 90 Type of questions Multiple and performance-based Length of test 90 minutes Recommended experience 9 – 12 months of hands-on experience configuring, monitoring, and supporting servers running the Linux OS Passing score 720 (on a scale of 100–900)

EXAM OBJECTIVES (DOMAINS) The table below lists the domains measured by this examination and the to they are represented:

DOMAIN PERCENTAGE OF EXAMINATION

1.0 Hardware and System Configuration 21% 2.0 Systems Operation and Maintenance 26% 3.0 Security 19% 4.0 Linux Troubleshooting and Diagnostics 20% 5.0 Automation and Scripting 14% Total 100%

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 1.0 Hardware and System Configuration

1.1 Explain Linux boot process concepts.

• Boot loaders • locations - - GRUB - /etc/default/grub - grub2- - GRUB2 - /etc/grub2.cfg - grub2-mkconfig • Boot options - /boot - initramfs - UEFI/EFI - /boot/grub - efi files - PXE - /boot/grub2 - vmlinuz - NFS - /boot/efi - - Boot from ISO • Boot modules and files • - Boot from HTTP/FTP - Commands - mkinitrd

1.2 Given a scenario, install, configure, and monitor kernel modules.

• Commands - dmesg • Locations - lsmod - rmmod - /usr/lib/modules/[kernelversion] - insmod - depmod - /usr/lib/modules - modprobe - /etc/modprobe.conf - modinfo - /etc/modprobe.="tag">d/

1.3 Given a scenario, configure and verify network connection parameters.

• Diagnostic tools • Configuration files - ping - /etc/sysconfig/network-scripts/ - - /etc/sysconfig/network - - /etc/ - dig - /etc/network - host - /etc/nsswitch.conf - - /etc/resolv.conf - ip - /etc/netplan - - /etc/.conf - ss - /etc/dhcp/dhclient.conf - iwconfig • Bonding - nmcli - Aggregation - brctl - Active/passive - nmtui - balancing

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 1.0 Hardware and System Configuration

1.4 Given a scenario, manage storage in a Linux environment.

• Basic partitions - - /dev/mapper - Raw devices - parted - /dev/disk/by- - GPT - - id - MBR - - uuid • hierarchy - - - Real file systems - - multipath - Virtual file systems - - /etc/mtab - Relative paths - umount - //block - Absolute paths - lsblk - /proc/partitions • - blkid - /proc/mounts - LVM - dumpe2fs • File system types - - resize2fs - - Multipath - - • Tools - tune2fs - - XFS tools - e2label - nfs - LVM tools • Location - smb - EXT tools - /etc/ - cifs - Commands - /etc/crypttab - - mdadm - /dev/

1.5 Compare and contrast cloud and concepts and technologies.

• Templates - - Overlay networks - VM - Kickstart - NAT - OVA • Storage - Local - OVF - Thin vs. thick provisioning - Dual-homed - JSON - Persistent volumes • Types of - YAML - Blob • Tools - Container images - Block - • Bootstrapping • Network considerations - virsh - Cloud- - Bridging - vmm

1.6 Given a scenario, configure localization options.

• File locations - hwclock • Character sets - /etc/timezone • Environment variables - UTF-8 - /usr//zoneinfo - LC_* - ASCII • Commands - LC_ALL - Unicode - localectl - LANG - timedatectl - TZ - date

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 2.0 Systems Operation and Maintenance

2.1 Given a scenario, conduct installations, configurations, updates, and removals.

• Package types - • Repositories - .rpm - DNF - Configuration - . - Zypper - Creation - . tools - Syncing - .tgz - Commands - Locations - .gz - • Acquisition commands • Installation tools - make install - - RPM - ldd - - - - APT - Shared libraries

2.2 Given a scenario, manage users and groups.

• Creation • Queries - .bash_profile - useradd - id - .profile - groupadd - - Global entries • Modification - who - /etc/bashrc - usermod - w - /etc/profile.d/ - groupmod - last - /etc/skel - • Quotas - /etc/profile - chage - User quota • Important files and file contents • Deletion - Group quota - /etc/passwd - userdel • Profiles - /etc/group - groupdel - parameters - /etc/shadow - User entries - .bashrc

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 2.0 Systems Operation and Maintenance

2.3 Given a scenario, create, modify, and redirect files.

• Text editors - stderr - - nano - /dev/null - - - /dev/ - • File readers - - scp - - - - - Here documents - rsync - • Text processing - - - grep - - - - - more - - Symbolic (soft) • Output - - Hard - < - awk - unlink - > - - - | - - - << - printf - locate - >> - egrep - grep - 2> - - which - &> - - whereis - stdin • File and operations - - stdout - - updatedb

2.4 Given a scenario, manage services.

management - Targets - Commands - Systemctl - Hostnamectl - - Enabled - Automount - telinit - Disabled • SysVinit - Service - - chkconfig - Restart - Stop - on - Status - Mask - off - Stop - Restart - level - Start - Status - - Reload - -reload - Definitions of 0–6 - Systemd-analyze blame - /etc/init.d - Unit files - /etc/rc.d - Directory locations - /etc/rc.local - Environment parameters - /etc/inittab

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 2.0 Systems Operation and Maintenance

2.5 Summarize and explain roles.

• NTP • Authentication server • Print server • SSH • Proxy • server • Web • Logging • Load balancer • Certificate authority • Containers • Clustering • Name server • VPN • DHCP • Monitoring • File servers • Database

2.6 Given a scenario, automate and schedule jobs.

• bg • Ctrl+z • at • & • • crontab • • fg • Ctrl+

2.7 Explain the use and operation of Linux devices.

• Types of devices • Monitoring and configuration tools • File locations - Client devices - lsdev - /proc - - lsusb - /sys - WiFi - - /dev - USB - lsblk - /dev/mapper - Monitors - dmesg - /etc/X11 - GPIO - lpr • Hot pluggable devices - Network adapters - lpq - /usr/lib//rules.d (System - PCI - abrt rules - Lowest priority) - HBA - CUPS - /run/udev/rules.d (Volatile Rules) - SATA - udevadm - /etc/udev/rules.d (Local - SCSI - add Administration - Highest priority) - Printers - reload-rules - /etc/udev/rules.d - Video - control - Audio - trigger

2.8 Compare and contrast Linux graphical user interfaces.

• Servers - MATE • Console redirection - Wayland - KDE - SSH - X11 • Remote desktop - Local • GUI - VNC - Remote - Gnome - - X11 forwarding - - NX - VNC - Cinnamon - Spice • Accessibility

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 3.0 Security

3.1 Given a scenario, apply or acquire the appropriate user and/or group permissions and ownership.

• File and directory permissions • Context-based permissions - AppArmor - , , execute - SELinux configurations - aa-disable - User, group, other - disabled - aa-complain - SUID - permissive - aa-unconfined - Octal notation - enforcing - /etc/.d/ - - SELinux policy - /etc/apparmor.d/tunables - - targeted • Privilege escalation - SGID - SELinux tools - - Inheritance - setenforce - - Utilities - getenforce - wheel - - sestatus - visudo - - setsebool - sudoedit - - getsebool • User types - getfacl - chcon - Root - setfacl - restorecon - Standard - ls - ls -Z - Service - ulimit - -Z - chage

3.2 Given a scenario, configure and implement appropriate and authentication methods.

• PAM - User-specific access - Public keys - policies - TCP wrappers - Hashing - LDAP integration - /etc/ssh/ - Digital signatures - User lockouts - ssh_config - Message digest - Required, optional, or sufficient - sshd_config • VPN as a client - /etc/pam.d/ - ssh--id - SSL/TLS - pam_tally2 - ssh-keygen - Transport mode - faillock - ssh-add - Tunnel mode • SSH • TTYs - IPSec - ~/.ssh/ - /etc/securetty - DTLS - known_hosts - /dev/tty# - authorized_keys • PTYs - config • PKI - id_rsa - Self-signed - id_rsa.pub - Private keys

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 3.0 Security

3.3 Summarize security best practices in a Linux environment.

• Boot security • Importance of disabling root via SSH - - Boot loader password • Password-less login - - UEFI/BIOS password - Enforce use of PKI • Importance of enabling SSL/TLS • Additional authentication methods • jail services • Importance of enabling auditd - Multifactor authentication • No shared IDs • CVE monitoring - Tokens • Importance of denying hosts • Discouraging use of USB devices - Hardware • Separation of OS data from • Disk encryption - Software application data - LUKS - OTP - Disk partition to maximize • Restrict cron access - Biometrics system availability • Disable Ctrl+Alt+ - RADIUS • Change default ports • Add - TACACS+ • Importance of disabling or uninstalling • MOTD - LDAP unused and unsecure services - Kerberos - FTP - kinit - - klist - Finger

3.4 Given a scenario, implement logging services.

• Key file locations • Log management • lastb - /var/log/secure - Third-party agents - /var/log/messages - logrotate - /var/log/[application] - /etc/rsyslog.conf - /var/log/kern.log - journald - journalctl

3.5 Given a scenario, implement and configure Linux firewalls.

• Access control lists • Technologies • IP forwarding - - - /proc/sys///ip_forward - Destination - Zones - /proc/sys/net//conf/all/forwarding - Ports - Run • Dynamic rule sets - Protocol - - DenyHosts - Logging - Persistency - - Stateful vs. stateless - Chains - IPset - Accept - ufw • Common application - Reject - /etc/default/ufw configurations - Drop - /etc/ufw/ - /etc/services - Log - - Privileged ports

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 3.0 Security

3.6 Given a scenario, backup, restore, and files.

• Archive and restore utilities - Differential - tar - Image - cpio • Off-site/off-system storage - - SFTP • Compression - SCP - gzip - rsync - xz • Integrity checks - bzip2 - MD5 - zip - SHA • Backup types - Incremental - Full - Snapshot clones

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 4.0 Linux Troubleshooting and Diagnostics

4.1 Given a scenario, analyze system properties and remediate accordingly.

• Network monitoring and configuration - - du - Latency - tshark - df - Bandwidth - - LVM tools - Throughput - - fsck - Routing - - partprobe - Saturation - arp • CPU monitoring and configuration - Packet drop - nslookup - /proc/cpuinfo - Timeouts - dig - - Name resolution - host - loadaverage - Localhost vs. Unix socket - whois - - Adapters - ping - sysctl - RDMA drivers - nmcli • Memory monitoring and configuration - Interface configurations - ip - swapon - Commands - tracepath - swapoff - • Storage monitoring and configuration - mkswap - netstat - iostat - - iftop - ioping - Out of memory killer - route - IO - free - - cfq - /proc/meminfo - - noop - Buffer cache output - ipset - deadline • Lost root password - Single user mode

4.2 Given a scenario, analyze system processes in order to optimize performance.

• Process management - Priorities - time - Process states - Kill signals - ps - Zombie - Commands - - Uninterruptible - - - Interruptible sleep - renice - - Running - - PIDs

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 4.0 Linux Troubleshooting and Diagnostics

4.3 Given a scenario, analyze and troubleshoot user issues.

• Permissions • Authentication - exhaustion - File - Local - Immutable files - Directory - External • Insufficient privileges for authorization • Access - Policy violations - SELinux violations - Local • File creation • Environment and issues - Remote - Quotas - Storage

4.4 Given a scenario, analyze and troubleshoot application and hardware issues.

• SELinux context violations • Firewall • Troubleshooting additional • Storage - Restrictive ACLs hardware issues - Degraded storage - Blocked ports - Memory - Missing devices - Blocked protocols - Printers - Missing volumes • Permission - Video - Missing mount point - Ownership - GPU drivers - Performance issues - Executables - Communications ports - Resource exhaustion - Inheritance - USB - Adapters - Service accounts - Keyboard mapping - SCSI - Group memberships - Hardware or software - RAID • Dependencies compatibility issues - SATA - Patching - Commands - HBA - Update issues - dmidecode - /sys/class/scsi_host/host#/scan - Versioning - lshw - Storage integrity - Libraries - Bad blocks - Environment variables - GCC compatibility - Repositories

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) 5.0 Automation and Scripting

5.1 Given a scenario, deploy and execute BASH scripts.

• Shell environments and shell variables • Extensions • Metacharacters - PATH • Commenting • Positional parameters - Global - # • Looping constructs - Local • File globbing - while - export • Shell expansions - for - - ${} - until - set - $() • Conditional statements - printenv - ` ` - if - echo • Redirection and piping - case • #!/bin/bash • codes • Escaping characters • Sourcing scripts - stderr • Directory and file permissions - stdin - chmod - stdout

5.2 Given a scenario, carry out version control using .

• Arguments - merge • Files - clone - branch - .gitignore - push - log - .git/ - pull - init - commit - config

5.3 Summarize orchestration processes and concepts.

• Agent • Infrastructure as code • Agentless • Inventory • Procedures • Automated configuration management • Attributes • Build automation • Infrastructure automation

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) CompTIA Linux+ Acronyms

The following is a list of acronyms that appear on the CompTIA Linux+ exam. Candidates are encouraged to review the complete list and attain a working knowledge of all listed acronyms as part of a comprehensive exam preparation program.

ACRONYM SPELLED OUT ACRONYM SPELLED OUT ACL Access Control List NTP Network Time Protocol ASCII American Standard for OTP One Time Password Information Interchange OVA Virtualization Appliance BASH Bourne Again Shell OVF Open Virtualization Format BIOS Basic Input Output System PAM Pluggable Authentication Module CIFS Common File System PCI Component Interconnect CPU PID Process ID CUPS Common Unix Printing System PKI Public Key Infrastructure CVE Common Vulnerability and Exposures PTY DHCP Dynamic Host Configuration Protocol PXE Pre-execution Boot DTLS Datagram RADIUS Remote Authentication Dial-in User Service EFI Extensible Interface RAID Redundant Array of Independent Disks EPEL Extra Packages for Enterprise Linux RDMA Remote Direct Memory Access FTP RPM RPM GCC GNU Collection SATA Serial Advanced Technology Attachment GPIO General Purpose Input Output SCSI Small Computer Systems Interface GPT GUID Partition Table SELinux Security Enhanced Linux GPU SHA Secure Hash Algorithm GRUB Grand Unified SMB GUI Graphical SNMP Simple Network Management Protocol GUID Global Unique Identifier SSH Secure Shell HBA Host Bus Adapter SSL Secure Sockets Layer HTTP Hypertext Transfer Protocol SUID Set User ID HTTPd Hypertext Transfer Protocol daemon TACACS+ Terminal Access Controller IO Input Output Access Control System Plus IP Internet Protocol TAR Tape Archive IPSEC Internet Protocol Security TCP Transmission Control Protocol ISO International Organization for Standardization TLS Transport Layer Security JSON JavaScript Object Notation TTY Terminal Type KDE UEFI Unified Extensible Firmware Interface LDAP Lightweight Directory Authentication Protocol USB Universal Serial Bus LUKS UTF Unicode Transformation Format LVM Logical Manager VM MBR VNC Virtual Network Computing MD5 Message Digest 5 VPN Virtual Private Network MOTD Message of the Day XFS Extents File System NAT Network Address Translation XRDP XWindows NFS YAML Yet Another Markup Language NTFS New Technology File System YUM Yellowdog Updater Modified

CompTIA Linux+ Certification Exam Objectives Version 5.0 (Exam Number: XK0-004) Linux+ Proposed Hardware and Software List

CompTIA has included this sample list of hardware and software to assist candidates as they prepare for the Linux+ exam. This list may also be helpful for training companies that wish to create a lab component for their training offering. The bulleted lists below each topic are a sample list and not exhaustive.

EQUIPMENT SOFTWARE • or desktop that supports virtualization • Repository access OR access to a cloud service provider • PuTTY or SSH client • Network • Automation tools (e.g. , ) - • Git - Switch • Virtualization software - Network adapter • Internet access RECOMMENDED DISTRIBUTIONS • *CentOS SPARE PARTS/HARDWARE • * • HDD • Fedora • USB OR DVD media • • Open SUSE

© 2018 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 04993-Apr2018