Free CompTIA Linux+ Security Practice Test 2026 — XK0-005 Questions

This free CompTIA Linux+ Security practice test covers file permissions, ACLs, SELinux, AppArmor, firewalld, iptables, SSH hardening, PAM, sudo, and Linux encryption with LUKS and GPG. Each question includes a detailed explanation with Linux command-line context — perfect for XK0-005 exam prep.

Key Topics in CompTIA Linux+ Security

6 Free CompTIA Linux+ Security Practice Questions with Answers

Each question below includes 4 answer options, the correct answer, and a detailed explanation. These are real questions from the FlashGenius CompTIA Linux+ XK0-005 question bank for the Security domain (21% of the exam).

Sample Question 1 — Security

Which command is used to modify the SELinux mode to 'permissive' on a RHEL-based system?

  1. A. setenforce 0 (Correct answer)
  2. B. selinux-configure permissive
  3. C. selinux-mode permissive
  4. D. setenforce permissive

Correct answer: A

Explanation: The correct command to set SELinux to 'permissive' mode is 'setenforce 0'. This command temporarily changes the SELinux mode until the next reboot. Option B is incorrect because there is no such command as 'selinux-configure'. Option C is incorrect because 'selinux-mode' is not a valid command. Option D is incorrect because 'setenforce' requires a numeric value, not a string.

Sample Question 2 — Security

You need to configure a firewall on a CentOS server to allow incoming SSH connections. Which command should you use?

  1. A. firewall-cmd --add-service=ssh --permanent (Correct answer)
  2. B. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  3. C. ufw allow ssh
  4. D. systemctl enable ssh

Correct answer: A

Explanation: On CentOS, 'firewall-cmd --add-service=ssh --permanent' is used to allow SSH connections through the firewall. Option B uses iptables, which is not the recommended method on CentOS systems using firewalld. Option C uses 'ufw', which is not the default firewall on CentOS. Option D enables the SSH service but does not configure the firewall.

Sample Question 3 — Security

In a hybrid cloud environment, which tool would be most suitable for managing security policies across multiple Linux distributions?

  1. A. Ansible (Correct answer)
  2. B. Puppet
  3. C. Chef
  4. D. Terraform

Correct answer: A

Explanation: Ansible is a configuration management tool that is agentless and supports managing multiple Linux distributions, making it suitable for hybrid cloud environments. Puppet and Chef are also configuration management tools but require agents and are less flexible in hybrid environments. Terraform is primarily used for infrastructure provisioning, not direct security policy management.

Sample Question 4 — Security

A user reports that they cannot access a service running on port 8080 on a SUSE Linux server. Which command would you use to check if the firewall is blocking this port?

  1. A. firewall-cmd --list-all
  2. B. iptables -L -n (Correct answer)
  3. C. ufw status
  4. D. netstat -tuln

Correct answer: B

Explanation: The command 'iptables -L -n' lists all firewall rules and is useful for checking if a specific port is blocked. 'firewall-cmd --list-all' is used with firewalld, not iptables. 'ufw status' is used on systems with UFW, not SUSE. 'netstat -tuln' shows listening ports but does not show firewall rules.

Sample Question 5 — Security

You are tasked with ensuring that all user passwords on an Ubuntu server expire every 90 days. Which file should you modify?

  1. A. /etc/passwd
  2. B. /etc/shadow
  3. C. /etc/login.defs (Correct answer)
  4. D. /etc/security/limits.conf

Correct answer: C

Explanation: The '/etc/login.defs' file contains settings for password expiration policies. '/etc/passwd' contains user account information but not password policies. '/etc/shadow' contains password hashes and expiration dates but is not used for setting global policies. '/etc/security/limits.conf' is for resource limits, not password policies.

Sample Question 6 — Security

A Linux server in your cloud infrastructure is suspected of being compromised. Which log file should you check first to investigate unauthorized SSH access?

  1. A. /var/log/auth.log (Correct answer)
  2. B. /var/log/syslog
  3. C. /var/log/dmesg
  4. D. /var/log/messages

Correct answer: A

Explanation: The '/var/log/auth.log' file contains authentication-related logs, making it the first place to check for unauthorized SSH access. '/var/log/syslog' and '/var/log/messages' contain general system logs but may not have detailed authentication information. '/var/log/dmesg' contains kernel ring buffer messages and is not related to SSH access.

How to Study CompTIA Linux+ Security

Combine these CompTIA Linux+ Security practice questions with hands-on labs in a Linux VM (Ubuntu, Rocky, or Fedora). The XK0-005 exam emphasizes practical command-line work, so always test commands in a sandbox — that hands-on muscle memory is what separates passing and failing scores.

About the CompTIA Linux+ XK0-005 Exam

Other CompTIA Linux+ Domains

Start the free CompTIA Linux+ Security practice test now | 10-question quick start | All CompTIA Linux+ domains | CompTIA Linux+ Cheat Sheet