DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

Red Hat Exam Test Preparation questions & answers

— ny_wk

Red Hat Exam Test Preparation questions & answers

This RHCSA and RHCE exam prep guide walks through the most common practical tasks on the Red Hat performance-based exams (LVM, users and permissions, ACLs, cron, swap, web and FTP servers, NFS, Samba, SELinux, and firewalls) with corrected, working commands and the verification step examiners expect. The original practice set targets RHEL 6, so each section also gives the modern RHEL 8/9 equivalent, because today's exams are graded on current releases.

The Red Hat exams are 100% hands-on: there are no multiple-choice questions. You log into a live system, perform configuration tasks, and a script (or the grading rubric) checks that the result survives a reboot. That last point matters more than anything else: a task that works until you reboot scores zero. Persistence and verification are the whole game.

How the Red Hat exam actually works

You receive a workstation and one virtual machine to configure. You set the root password in single-user (rescue) mode, configure networking and a local yum/dnf repository pointing at the instructor server, then solve each task. A few ground rules apply across every question:

  • Make everything persistent. Anything you change at runtime must also be written to a config file, /etc/fstab, or enabled as a service so it returns after reboot.
  • Do not break networking or the firewall. "Packet filtering should not affect network integrity" means configure the firewall correctly, not disable it.
  • SELinux stays enforcing. Many failures are SELinux denials, not config mistakes. Learn the contexts.
  • Verify after a reboot. Reboot once near the end and re-check your work.

On RHEL 6 the old repo line looked like baseurl=ftp://192.168.0.254/pub/rhel6/dvd. On RHEL 8/9 you create a file in /etc/yum.repos.d/ and use dnf instead of yum (the yum command still works as an alias).

Storage tasks: LVM, resizing, and swap

Storage is the heaviest-weighted RHCSA topic. Expect to build a logical volume, resize one, and add swap. The single most common mistake here is forgetting the /etc/fstab entry, which is exactly what costs points after the reboot check.

Create a logical volume with a specific extent count

Task: Create an LVM volume named wshare using 100 physical extents from volume group devgroup, with a PE size of 8 MB, formatted vfat and mounted on /mnt/secret.

With a PE size of 8 MB, 100 extents = 800 MB, so the underlying partition must be at least that large. Note the corrected filesystem: the task asks for vfat, so format and mount as vfat — do not put ext4 in fstab as the original answer mistakenly did.

  1. Create a partition of type Linux LVM (8e):
    fdisk /dev/vda (create the partition, set type 8e, write changes)
    partprobe /dev/vda
  2. Initialize the physical volume and volume group with an 8 MB extent size:
    pvcreate /dev/vda5
    vgcreate -s 8M devgroup /dev/vda5
  3. Create the logical volume with exactly 100 extents:
    lvcreate -l 100 -n wshare devgroup
  4. Make the filesystem and mount point:
    mkfs.vfat /dev/devgroup/wshare
    mkdir -p /mnt/secret
  5. Add a persistent fstab entry with the correct filesystem type:
    /dev/devgroup/wshare /mnt/secret vfat defaults 0 0
  6. Mount and confirm: mount -a && df -h /mnt/secret

Verify: lvs and vgs should show 100 extents of 8 MB; findmnt /mnt/secret should report type vfat.

Shrink a logical volume safely

Task: Resize a volume so its size ends up between 100 MB and 120 MB after reboot. Shrinking is dangerous: you must reduce the filesystem first, then the volume, or you destroy data. The original note about backing up the data first is good advice.

  1. Unmount the volume: umount /home (stop autofs first if it holds the mount).
  2. Check the filesystem: e2fsck -f /dev/vgsrv/home
  3. Shrink the filesystem, then the LV — order matters:
    resize2fs /dev/vgsrv/home 100M
    lvreduce -L 100M /dev/vgsrv/home
  4. Remount: mount -a

The modern one-liner combines both steps safely: lvreduce -r -L 100M /dev/vgsrv/home (the -r flag resizes the filesystem for you). For XFS (the RHEL 7+ default) you cannot shrink at all — you must back up, recreate, and restore.

Add swap without removing existing swap

Task: Add 200 MB of swap, keeping the current swap. Always reference swap by UUID in fstab so it survives device renumbering.

  1. Create a partition of type 82 (Linux swap) with fdisk, then partprobe.
  2. Format and activate: mkswap /dev/vda6 then swapon /dev/vda6
  3. Get the UUID: blkid /dev/vda6
  4. Add to /etc/fstab: UUID=<uuid> swap swap defaults 0 0

Verify: swapon --show and free -h should show the increased total.

Users, groups, permissions, and ACLs

This cluster of RHCSA tasks tests special permission bits and file access control lists. Memorize what each bit does, because the wording is deliberately tricky.

Users and secondary groups

Task: Users sarah and natasha belong to the manager group as a secondary group; user harry has no interactive shell and is not in manager.

  1. groupadd manager
  2. useradd -G manager sarah and useradd -G manager natasha
  3. useradd -s /sbin/nologin harry (no shell access)
  4. Set passwords non-interactively: echo 'wakennym' | passwd --stdin sarah (on RHEL 8/9 without --stdin, use passwd sarah or chpasswd).

Verify: id sarah shows the secondary group; getent passwd harry shows /sbin/nologin.

Collaborative directory (setgid)

Task: Directory /home/manager owned by group manager, full access for members, none for others, and new files inherit the group. The trick is the setgid bit (g+s / 2000), which forces group inheritance.

  1. mkdir /home/manager
  2. chgrp manager /home/manager
  3. chmod 2770 /home/manager (rwx for owner and group, nothing for others, plus setgid)

Verify: ls -ld /home/manager shows drwxrws---. Create a file as a member and confirm its group is manager.

POSIX ACLs for per-user access

Task: Copy /etc/fstab to /var/tmp; root owns it, group is root, not executable by others; sarah can read/write, natasha can do neither, and all other users can read.

  1. cp /etc/fstab /var/tmp/
  2. Grant sarah read+write: setfacl -m u:sarah:rw /var/tmp/fstab
  3. Deny natasha entirely: setfacl -m u:natasha:--- /var/tmp/fstab

The base "other" permission already provides read for everyone else, so no extra step is needed. Verify: getfacl /var/tmp/fstab shows the two named entries and a + appears in ls -l.

A cron job at a precise time

Task: User sarah runs /bin/echo hyer daily at 14:23. The cron field order is minute hour day month weekday, so 14:23 is 23 14, not the reverse.

Run crontab -e -u sarah and add:

  1. 23 14 * * * /bin/echo "hyer"

Verify: crontab -l -u sarah.

Find files by owner and search text

Two quick utility tasks round out the RHCSA shell skills:

  • Copy all files owned by user dax into /root/found:
    mkdir /root/found
    find / -user dax -exec cp -a {} /root/found/ \; 2>/dev/null
  • Extract lines containing a keyword into a file:
    grep 'strator' /usr/share/dict/words > /root/lists.txt (use the exact keyword the task gives).

SELinux, kernel, and firewall fundamentals

These RHCSA tasks decide whether your services even work, so do them before the service questions.

  • Set SELinux to enforcing permanently: edit /etc/selinux/config with SELINUX=enforcing, then setenforce 1 to apply now without rebooting. Check with getenforce.
  • Enable IP forwarding persistently: add net.ipv4.ip_forward = 1 to /etc/sysctl.conf (or a file under /etc/sysctl.d/ on RHEL 7+), then apply with sysctl -p. Verify with sysctl net.ipv4.ip_forward.
  • Add a kernel boot parameter: on RHEL 6 you edit /etc/grub.conf; on RHEL 7+ use grubby --update-kernel=ALL --args="parameter=value" and confirm it lands in /proc/cmdline after reboot.
  • Update the kernel: install the new kernel package (dnf install kernel or rpm -ivh) — never use rpm -U on a kernel. Installing keeps the old kernel as a fallback bootable entry, which is exactly what the exam expects.

Network services: web, FTP, NFS, Samba, mail, iSCSI

The RHCE half is service configuration. The same pattern repeats for every service: install → configure → open the firewall → set SELinux → enable and start → verify. The two steps people forget are the firewall and SELinux, so build them into muscle memory.

Apache web server and virtual hosts

Task: Serve a site, fetch station.html, rename it to index.html in the document root. Note the corrected package name — it is httpd, not "http":

  1. dnf install -y httpd (RHEL 6: yum install -y httpd)
  2. Place the page: download to /var/www/html/ and rename to index.html without editing its content.
  3. Open the firewall: firewall-cmd --permanent --add-service=http && firewall-cmd --reload (RHEL 6 used iptables).
  4. Restore SELinux context if needed: restorecon -Rv /var/www/html
  5. Enable and start: systemctl enable --now httpd (RHEL 6: chkconfig httpd on; service httpd start).

For a name-based virtual host, drop a config in /etc/httpd/conf.d/ on RHEL 7+ (the old NameVirtualHost directive is obsolete and unnecessary). For a restricted directory accessible only from localhost, use a <Directory> block with Require local (RHEL 7+) instead of the deprecated Order deny,allow syntax. Verify: curl http://serverX.example.com.

vsftpd anonymous and domain-restricted FTP

Task: Allow anonymous access from example.com and block remote.test. Install vsftpd, enable it, and restrict access with firewalld rich rules (modern) rather than the legacy TCP wrappers hosts.deny approach, which no longer applies to most services on RHEL 8/9. For an upload directory, create /var/ftp/upload, set the SELinux boolean setsebool -P ftpd_anon_write on, and apply the public_content_rw_t context.

NFS export and autofs home directories

Export a directory by editing /etc/exports with /common *.example.com(ro,sync), then exportfs -r and systemctl enable --now nfs-server. Open the nfs, rpc-bind, and mountd firewall services. For autofs-mounted LDAP home directories, define a map in /etc/auto.master pointing to a map file that mounts the user's remote home on demand — autofs is the reliable way to make network home directories appear only when a user logs in.

Samba share for a single workgroup

Install samba, create the share directory, and set its SELinux context: chcon -t samba_share_t /common (make it permanent with semanage fcontext + restorecon). Define the share in /etc/samba/smb.conf with valid users, read only = yes, and a hosts allow line limiting access to your subnet. Create the Samba account with smbpasswd -a natasha (the Linux user must exist first), then systemctl enable --now smb.

Postfix mail, aliases, and iSCSI storage

For Postfix, set inet_interfaces = all and a correct mydestination in /etc/postfix/main.cf so the server accepts remote mail, then reload. Add a mail alias in /etc/aliases (e.g. admin: harry) and run newaliases to rebuild the database. For iSCSI, discover the target with iscsiadm -m discovery -t st -p <target-ip>, log in, then partition, format, and mount the new disk using the _netdev mount option in fstab so the system waits for the network before mounting. Always log out of the target before rebooting during practice to avoid boot hangs.

A simple shell script

A classic RHCE scripting task: print usage to stderr when called wrong, and translate input. The corrected logic:

  1. if [ "$1" != "foo" ] && [ "$1" != "bar" ]; then echo "Usage: $0 foo|bar" >&2; exit 1; fi
  2. if [ "$1" = "foo" ]; then echo bar; else echo foo; fi

Make it executable with chmod +x and test both valid and invalid inputs.

RHEL 6 vs modern RHEL: what changed

If you trained on the RHEL 6 material above, here is the quick translation table for the tools the current exam grades on:

TaskRHEL 6 (legacy)RHEL 8/9 (current)
Packagesyumdnf
Servicesservice / chkconfigsystemctl
Firewalliptablesfirewall-cmd
Default FSext4xfs (cannot shrink)
Boot paramsedit grub.confgrubby
Access controlhosts.denyfirewalld rich rules

RHEL 6 reached end of life, so practice on a current release. The concepts (LVM, ACLs, SELinux, persistence) are unchanged — only the front-end commands moved.

Key Takeaways

  • Persistence wins. Every change must survive a reboot — write it to a config file, fstab, or enable the service, then actually reboot and re-check.
  • Read the task wording carefully. Filesystem type (vfat vs ext4), cron field order (23 14 for 14:23), and extent counts are exactly where points are lost.
  • SELinux and the firewall are part of every service task, not optional extras — most "my service won't work" failures trace back to a missing context or closed port.
  • Shrink filesystems before volumes, and remember XFS cannot be shrunk at all on modern RHEL.
  • Learn the modern toolchain (dnf, systemctl, firewall-cmd, grubby) because today's exam is not graded on RHEL 6 commands.

Frequently Asked Questions

Is the RHCSA exam multiple choice?

No. RHCSA (EX200) and RHCE (EX294) are fully performance-based. You configure a live system and are graded on whether the configuration works and persists after a reboot, not on written answers.

What is the difference between RHCSA and RHCE?

RHCSA covers core system administration — users, storage, LVM, permissions, SELinux, and basic services. RHCE builds on it with automation, focused today on Ansible for managing systems at scale. You must hold RHCSA to earn RHCE.

How do I make sure my exam tasks survive a reboot?

Always pair a runtime command with its persistent counterpart: setenforce plus the config file, mount plus an fstab entry, systemctl start plus systemctl enable, and firewall-cmd --add-service plus --permanent. Reboot once before finishing and re-verify everything.

Should I still practice on RHEL 6?

Only to understand legacy systems you may inherit at work — RHEL 6 is end of life. For the current exam, practice on RHEL 9 (or 8) and learn dnf, systemctl, firewalld, and Ansible.

If this breakdown helped your prep, subscribe to @explorenystream on YouTube for more Linux and sysadmin walkthroughs.