
RedHat Red Hat Certified System Administrator - RHCSA - EX200 Exam Questions
QUESTION NO: 1
Create a systemd service named backup-now.service that runs /usr/local/bin/backup-now.sh.
Create a systemd service named backup-now.service that runs /usr/local/bin/backup-now.sh.
Correct Answer:
See the solution below in Explanation.
Explanation:
Solution:
Create the script:
mkdir -p /usr/local/bin
cat > /usr/local/bin/backup-now.sh < < 'EOF'
#!/bin/bash
tar -czf /root/etc-$(date +%F).tar.gz /etc
EOF
chmod +x /usr/local/bin/backup-now.sh
Create the unit file:
cat > /etc/systemd/system/backup-now.service < < 'EOF'
[Unit]
Description=Run manual etc backup
[Service]
Type=oneshot
ExecStart=/usr/local/bin/backup-now.sh
[Install]
WantedBy=multi-user.target
EOF
Reload and test:
systemctl daemon-reload
systemctl start backup-now.service
systemctl status backup-now.service
Detailed Explanation:
* Type=oneshot is correct for a task that runs and exits.
* ExecStart points to the script.
* systemctl daemon-reload is required after adding a new unit file.
* RHEL 10 systemd documentation covers manual unit creation and management. ( Red Hat
Documentation )
Explanation:
Solution:
Create the script:
mkdir -p /usr/local/bin
cat > /usr/local/bin/backup-now.sh < < 'EOF'
#!/bin/bash
tar -czf /root/etc-$(date +%F).tar.gz /etc
EOF
chmod +x /usr/local/bin/backup-now.sh
Create the unit file:
cat > /etc/systemd/system/backup-now.service < < 'EOF'
[Unit]
Description=Run manual etc backup
[Service]
Type=oneshot
ExecStart=/usr/local/bin/backup-now.sh
[Install]
WantedBy=multi-user.target
EOF
Reload and test:
systemctl daemon-reload
systemctl start backup-now.service
systemctl status backup-now.service
Detailed Explanation:
* Type=oneshot is correct for a task that runs and exits.
* ExecStart points to the script.
* systemctl daemon-reload is required after adding a new unit file.
* RHEL 10 systemd documentation covers manual unit creation and management. ( Red Hat
Documentation )
QUESTION NO: 2
Build a Podman image, enable lingering for user alex, generate a systemd unit for a user container, and enable it.
Build a Podman image, enable lingering for user alex, generate a systemd unit for a user container, and enable it.
Correct Answer:
See the solution below in Explanation.
Explanation:
Solution:
podman build -t myimage -f Containerfile .
loginctl enable-linger alex
cd ~/.config/systemd/user/
podman generate systemd --name mycontainer --files --new
systemctl --user daemon-reload
systemctl --user enable --now container-mycontainer.service
Detailed Explanation:
* podman build creates the container image.
* loginctl enable-linger alex allows user services to keep running without an active login session.
* podman generate systemd creates a systemd unit file for the container.
* systemctl --user manages the unit in the user session scope.
* On newer Podman releases, behavior and defaults have changed in RHEL 10, but the lab's workflow is
still conceptually valid.
Explanation:
Solution:
podman build -t myimage -f Containerfile .
loginctl enable-linger alex
cd ~/.config/systemd/user/
podman generate systemd --name mycontainer --files --new
systemctl --user daemon-reload
systemctl --user enable --now container-mycontainer.service
Detailed Explanation:
* podman build creates the container image.
* loginctl enable-linger alex allows user services to keep running without an active login session.
* podman generate systemd creates a systemd unit file for the container.
* systemctl --user manages the unit in the user session scope.
* On newer Podman releases, behavior and defaults have changed in RHEL 10, but the lab's workflow is
still conceptually valid.
QUESTION NO: 3
Configure NTP
Configure your system to synchronize with the NTP server of materials.example.com (Note: materials.example.com is an alias for classroom.example.com).
Configure NTP
Configure your system to synchronize with the NTP server of materials.example.com (Note: materials.example.com is an alias for classroom.example.com).
Correct Answer:
Solution:
# Install the chrony service for configuring NTP server
[root@node1 ~]# yum -y install chrony
[root@node1 ~]# vim /etc/chrony.conf
server materials.example.com iburst
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd
# Check
# Set an arbitrary time
[root@node1 ~]# date -s "1982-1-1"
Fri Jan 1 12:00:00 AM EST 1982
# Restart the NTP server
[root@node1 ~]# systemctl restart chronyd
# Check if the time is synchronized
# Execute after 3-5 seconds, too fast won't synchronize the time
[root@node1 ~]# date
Tue Dec 12 11:40:19 PM EST 2023
# Use the chronyc command to check synchronization status
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
^* classroom.lab.example.com 8 6 17 42 -14us[ -11us] +/- 463us
# Install the chrony service for configuring NTP server
[root@node1 ~]# yum -y install chrony
[root@node1 ~]# vim /etc/chrony.conf
server materials.example.com iburst
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# systemctl enable chronyd
# Check
# Set an arbitrary time
[root@node1 ~]# date -s "1982-1-1"
Fri Jan 1 12:00:00 AM EST 1982
# Restart the NTP server
[root@node1 ~]# systemctl restart chronyd
# Check if the time is synchronized
# Execute after 3-5 seconds, too fast won't synchronize the time
[root@node1 ~]# date
Tue Dec 12 11:40:19 PM EST 2023
# Use the chronyc command to check synchronization status
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
^* classroom.lab.example.com 8 6 17 42 -14us[ -11us] +/- 463us
QUESTION NO: 4
Configure User Account
Configure the user account "manalo" with the user ID 3533. The password for this user should be "flectrag".
Configure User Account
Configure the user account "manalo" with the user ID 3533. The password for this user should be "flectrag".
Correct Answer:
Solution:
[root@node1 ~]# useradd -u 3533 manalo
[root@node1 ~]# echo flectrag | passwd --stdin manalo
[root@node1 ~]# useradd -u 3533 manalo
[root@node1 ~]# echo flectrag | passwd --stdin manalo
QUESTION NO: 5
Create /share/projects, make alex the owner, and configure the sticky bit so users cannot delete each other's files.
Create /share/projects, make alex the owner, and configure the sticky bit so users cannot delete each other's files.
Correct Answer:
See the solution below in Explanation.
Explanation:
Solution:
mkdir -p /share/projects
chown alex /share/projects/
chmod a+rwx,+t /share/projects/
ls -ld /share/projects/
Detailed Explanation:
* chmod a+rwx gives read, write, and execute to everyone.
* +t sets the sticky bit.
* Sticky bit on a shared directory means users can create files, but only the file owner, directory owner, or
root can delete them.
* This is the same model used on /tmp.
Explanation:
Solution:
mkdir -p /share/projects
chown alex /share/projects/
chmod a+rwx,+t /share/projects/
ls -ld /share/projects/
Detailed Explanation:
* chmod a+rwx gives read, write, and execute to everyone.
* +t sets the sticky bit.
* Sticky bit on a shared directory means users can create files, but only the file owner, directory owner, or
root can delete them.
* This is the same model used on /tmp.
QUESTION NO: 6
Configure Container as a Service
As the user "wallah," configure a systemd service for the container:
- Container name: ascii2pdf
- Use the image named pdf created earlier.
- Service name: container-ascii2pdf
- Automatically start the service on system reboot without manual intervention.
- Configure the service to automatically mount /opt/file to /dir1 and /opt/progress to /dir2 in the container upon startup.
Configure Container as a Service
As the user "wallah," configure a systemd service for the container:
- Container name: ascii2pdf
- Use the image named pdf created earlier.
- Service name: container-ascii2pdf
- Automatically start the service on system reboot without manual intervention.
- Configure the service to automatically mount /opt/file to /dir1 and /opt/progress to /dir2 in the container upon startup.
Correct Answer:
Solution:
# Note: Perform the following operations by SSHing into localhost as the user "wallah"
[root@node1 ~]# ssh wallah@localhost
# Prepare the relevant mapping directories
[wallah@node1 ~]$ sudo mkdir /opt/{file,progress}
[wallah@node1 ~]$ sudo chown wallah:wallah /opt/{file,progress}
# Start the container and map directories
# :Z changes the SELinux security context of the directory to allow container access.
[wallah@node1 ~]$ podman run -d --name ascii2pdf -v /opt/file:/dir1:Z -v /opt/progress:/dir2:Z pdf
[wallah@node1 ~]$ podman ps -a
# Create systemd service file
[wallah@node1 ~]$ mkdir -p ~/.config/systemd/user
[wallah@node1 ~]$ cd ~/.config/systemd/user/
[wallah@node1 ~]$ podman generate systemd -n ascii2pdf -f --new
[wallah@node1 user]$ ll
total 4
-rw-r--r--. 1 wallah wallah 770 Dec 13 01:07 container-ascii2pdf.service
# Stop and remove the existing ascii2pdf container
[wallah@node1 ~]$ podman stop ascii2pdf
[wallah@node1 ~]$ podman rm ascii2pdf
[wallah@node1 ~]$ podman ps -a
# Enable and start the container-ascii2pdf service
[wallah@node1 ~]$ systemctl --user daemon-reload
[wallah@node1 ~]$ systemctl --user enable --now container-ascii2pdf
# Check container status
[wallah@node1 ~]$ systemctl --user status container-ascii2pdf
[wallah@node1 ~]$ podman ps
# On node1, switch to the root user to perform the following operations
# Ensure that the services for the wallah user start automatically at system boot
[root@node1 ~]# loginctl enable-linger
[root@node1 ~]# loginctl show-user wallah
# Check to ensure the container starts on boot (mandatory operation)
[root@node1 ~]# reboot
[root@node1 ~]# ssh wallah@node1
[wallah@node1 ~]# podman ps
# Note: Perform the following operations by SSHing into localhost as the user "wallah"
[root@node1 ~]# ssh wallah@localhost
# Prepare the relevant mapping directories
[wallah@node1 ~]$ sudo mkdir /opt/{file,progress}
[wallah@node1 ~]$ sudo chown wallah:wallah /opt/{file,progress}
# Start the container and map directories
# :Z changes the SELinux security context of the directory to allow container access.
[wallah@node1 ~]$ podman run -d --name ascii2pdf -v /opt/file:/dir1:Z -v /opt/progress:/dir2:Z pdf
[wallah@node1 ~]$ podman ps -a
# Create systemd service file
[wallah@node1 ~]$ mkdir -p ~/.config/systemd/user
[wallah@node1 ~]$ cd ~/.config/systemd/user/
[wallah@node1 ~]$ podman generate systemd -n ascii2pdf -f --new
[wallah@node1 user]$ ll
total 4
-rw-r--r--. 1 wallah wallah 770 Dec 13 01:07 container-ascii2pdf.service
# Stop and remove the existing ascii2pdf container
[wallah@node1 ~]$ podman stop ascii2pdf
[wallah@node1 ~]$ podman rm ascii2pdf
[wallah@node1 ~]$ podman ps -a
# Enable and start the container-ascii2pdf service
[wallah@node1 ~]$ systemctl --user daemon-reload
[wallah@node1 ~]$ systemctl --user enable --now container-ascii2pdf
# Check container status
[wallah@node1 ~]$ systemctl --user status container-ascii2pdf
[wallah@node1 ~]$ podman ps
# On node1, switch to the root user to perform the following operations
# Ensure that the services for the wallah user start automatically at system boot
[root@node1 ~]# loginctl enable-linger
[root@node1 ~]# loginctl show-user wallah
# Check to ensure the container starts on boot (mandatory operation)
[root@node1 ~]# reboot
[root@node1 ~]# ssh wallah@node1
[wallah@node1 ~]# podman ps
QUESTION NO: 7
Create a script to search for files
* Create a script named myresearch
* Place the script under /usr/local/bin
* The script is used to search for all files under /usr that are smaller than 10 MB and have group write permission, and place these files into /root/myfiles
Create a script to search for files
* Create a script named myresearch
* Place the script under /usr/local/bin
* The script is used to search for all files under /usr that are smaller than 10 MB and have group write permission, and place these files into /root/myfiles
Correct Answer:
Solution:
mkdir /root/myfiles
vim /usr/local/bin/myresearch
#!/bin/bash
find /usr -type f -and -size -10M -and -perm -2000 -exec cp -a {} /root/myfiles \;
:wq
chmod +x /usr/local/bin/myresearch
bash /usr/local/bin/myresearch
ll -h /root/myfiles
Script explanation:
(#!/bin/bash): #! is a conventional marker that tells the system which interpreter should be used to execute the script.
/bin/bash means the script is executed using the default Bash shell.
Here, a for loop is needed to iterate over the found GIDs (group IDs) for processing.
(awk -F':' '{print $3}' /etc/group):
awk is used to split and process text.
-F specifies the field separator.
":" indicates that the colon is used as the delimiter.
{print $3} prints the third field (the group ID).
mkdir /root/myfiles
vim /usr/local/bin/myresearch
#!/bin/bash
find /usr -type f -and -size -10M -and -perm -2000 -exec cp -a {} /root/myfiles \;
:wq
chmod +x /usr/local/bin/myresearch
bash /usr/local/bin/myresearch
ll -h /root/myfiles
Script explanation:
(#!/bin/bash): #! is a conventional marker that tells the system which interpreter should be used to execute the script.
/bin/bash means the script is executed using the default Bash shell.
Here, a for loop is needed to iterate over the found GIDs (group IDs) for processing.
(awk -F':' '{print $3}' /etc/group):
awk is used to split and process text.
-F specifies the field separator.
":" indicates that the colon is used as the delimiter.
{print $3} prints the third field (the group ID).




