This free CompTIA Linux+ study guide walks through every content domain the Linux+ (XK0-006) exam tests, organized to the official CompTIA exam objectives.[1]
It’s interactive, not a wall of text: every module has built-in checkpoint quizzes, flashcards, and practice questions, so you learn by doing — not just reading. Linux+ is a hands-on, command-line exam, so type the commands as you go.
The current XK0-006 (V8) exam tests five official domains, and we teach them as five study modules, leading with the heaviest-weighted content (System Management and Troubleshooting together are 45% of the exam). Read a module, test yourself at each checkpoint, then drill gaps with our free practice test and flashcards. This guide is a high-yield overview that maps the official content — not a full Linux administration manual.
CompTIA Linux+ is one of the 14 CompTIA certifications — explore our CompTIA study guides to compare and prep across the whole family.
Linux+ Exam Snapshot
| Detail | Linux+ Exam |
|---|---|
| Exam code | XK0-006 (V8; launched Jul 2025, replaced the retired XK0-005) |
| Questions | Maximum of 90 (multiple choice + performance-based) |
| Time | 90 minutes |
| Passing score | 720 on a 100–900 scale (scaled score, not a percentage) |
| Certifying body | CompTIA |
| Cost | About $369 (single voucher; varies by region/promo) |
| Prerequisites | None required (A+, Network+, Server+ and ~12 months' experience recommended) |
| Validity | 3 years |
| Renewal | 50 CEUs over 3 years, or pass a higher CompTIA cert |
The XK0-006 Linux+ covers five domains. The two heaviest — System Management and Troubleshooting — together make up 45% of the exam, so that is where to invest first.[1] Study by weight:
Module 1 · System Management
One official domain, 23% of the exam — the single heaviest. This is the foundation of Linux administration: knowing where files live, how the system boots and runs services, how storage is configured, and how the network is set up.
1.1 The Filesystem Hierarchy (FHS)
Linux organizes everything under a single root, /, following the .[3] There are no drive letters — storage is attached at a . Knowing what belongs where is one of the most reliable sources of exam points and the foundation for troubleshooting.
- /
The root of the entire filesystem — everything mounts under it.
- /bin, /sbin
Essential user and system binaries (often symlinked to /usr/bin, /usr/sbin).
- /etc
System-wide configuration files (text). No binaries here.
- /home
Regular users' home directories (e.g., /home/alice).
- /var
Variable data that changes at runtime — logs (/var/log), mail, spools, caches.
- /usr
Read-only user programs, libraries, and documentation — the bulk of installed software.
- /tmp
Temporary files; world-writable with the sticky bit; often cleared on reboot.
- /dev
Device files (e.g., /dev/sda, /dev/null) representing hardware and pseudo-devices.
- /proc, /sys
Virtual (kernel) filesystems exposing process and kernel/device data in memory.
- /boot
The kernel, initramfs, and bootloader (GRUB) files needed to start the system.
- /opt
Optional, self-contained third-party application packages.
/etc = configuration, /var = variable data, /usr = installed software, /proc & /sys = live kernel data.Two distinctions are heavily tested. First, holds text configuration, while /var holds variable data that changes at runtime (logs in /var/log). Second, and /sys are virtual filesystems — they expose live kernel and process data from memory, not files on disk.
| Directory | Holds |
|---|---|
| /etc | System-wide configuration files (text) |
| /var | Variable data — logs, spools, caches, mail |
| /home | Regular users' home directories |
| /usr | Installed programs, libraries, and docs (read-only) |
| /bin, /sbin | Essential user and system binaries |
| /tmp | Temporary files (world-writable, sticky bit) |
| /dev | Device files (e.g., /dev/sda, /dev/null) |
| /proc, /sys | Virtual kernel/process data (in memory) |
| /boot | Kernel, initramfs, and bootloader files |
1.2 Boot Process, systemd & Services
Understand the boot sequence end to end — it is both a System Management topic and a Troubleshooting one. Firmware (UEFI or legacy BIOS) finds a boot device, loads the and , and the kernel then starts as 1.[4]
- 1
Firmware (BIOS / UEFI)
Power-on self-test; firmware locates a bootable device. UEFI reads the EFI System Partition; legacy BIOS reads the MBR.
- 2
Bootloader (GRUB2)
GRUB2 presents the boot menu and loads the selected kernel and the initramfs into memory. Config lives in /boot/grub2/grub.cfg.
- 3
Kernel + initramfs
The kernel decompresses, mounts the temporary initramfs root, loads essential drivers, then mounts the real root filesystem.
- 4
init: systemd (PID 1)
The kernel starts systemd as PID 1 — the first user-space process and the parent of every service.
- 5
Target activation
systemd reaches the default target (multi-user.target = CLI, graphical.target = GUI), starting its required units and services.
- 6
Login / services up
getty or the display manager presents a login prompt; enabled services are running. The system is ready.
journalctl -bto read this boot’s log. supervises everything that runs. A is a managed resource — most often a .service. You control units with : systemctl start, stop, restart, enable (start at boot), disable, and status. A groups units to define a system state, replacing the old SysV runlevels — multi-user.target is multi-user CLI; graphical.target adds the GUI.
| Command | What it does |
|---|---|
| systemctl status sshd | Show a service's state, PID, and recent log lines |
| systemctl start / stop sshd | Start or stop a service now |
| systemctl enable / disable sshd | Start the service at boot (or not) |
| systemctl restart sshd | Restart a running service |
| systemctl get-default | Show the default boot target |
| journalctl -u sshd | Show one service's logs from the journal |
| journalctl -b | Show logs from the current boot |
1.3 Storage & Filesystems
Disks are partitioned (fdisk, gdisk, parted), formatted with a filesystem ( or ), then mounted. lsblk shows block devices; mount attaches a filesystem and makes mounts persistent across reboots. df -h reports free space and du -sh reports directory sizes.
For flexibility, servers use : physical volumes are pooled into a volume group, and resizable logical volumes are carved out — so you can grow a filesystem across disks without repartitioning. Software RAID (via mdadm) adds redundancy or performance across multiple disks.
| Command | Purpose |
|---|---|
| lsblk | List block devices and their mount points |
| fdisk / parted | Create and manage disk partitions |
| mkfs.ext4 / mkfs.xfs | Create a filesystem on a partition |
| mount / umount | Attach or detach a filesystem |
| df -h | Show filesystem disk space (human-readable) |
| du -sh <dir> | Show the total size of a directory |
| pvcreate / vgcreate / lvcreate | Build LVM layers (PV → VG → LV) |
1.4 Networking
On XK0-006, network configuration sits under System Management. The modern tool is ip (which replaces ifconfig): ip addr shows interfaces and addresses, ip route shows the routing table.
On many systems nmcli manages NetworkManager. Name resolution is configured in /etc/resolv.conf and static name entries in /etc/hosts; ss lists listening sockets and connections.
| Item | Purpose |
|---|---|
| ip addr / ip route | Show interfaces/addresses and the routing table |
| nmcli | Manage NetworkManager connections and devices |
| /etc/hosts | Static hostname-to-IP mappings |
| /etc/resolv.conf | DNS resolver (nameserver) configuration |
| ss -tulpn | List listening TCP/UDP sockets and their processes |
| hostnamectl | View or set the system hostname |
Checkpoint · System Management
Question 1 of 10
Which command is used to update the package database in a Debian-based system?
Module 2 · Troubleshooting
One official domain, 22% of the exam — the second-heaviest. Linux+ rewards a disciplined process and knowing which tool reveals which problem across storage, networking, memory, and processes. Expect performance-based questions here.
2.1 The Troubleshooting Methodology
CompTIA tests an exact, ordered . Knowing the order — and that verification and documentation always come last — is one of the most reliable points on the test.[1] Start by reading the logs: for the journal, for kernel messages, and /var/log for text logs.
- 1
Identify the problem
Gather information, question users, identify symptoms, determine what changed, and try to reproduce it.
- 2
Establish a theory of probable cause
Question the obvious; consider multiple causes. Check logs (journalctl, dmesg, /var/log).
- 3
Test the theory to determine cause
Confirm or rule it out. If confirmed, proceed; if not, form a new theory or escalate.
- 4
Establish a plan of action
Plan the fix and identify the potential effects (and a rollback path).
- 5
Implement the solution or escalate
Apply the change — or escalate to someone with more access or expertise.
- 6
Verify full system functionality
Confirm the issue is resolved and implement preventive measures.
- 7
Document findings, actions & outcomes
Record the cause, the fix, and lessons learned.
2.2 Storage & Filesystem Issues
A “disk full” problem is the classic storage call. Use df -h to find the full filesystem, then du -sh * inside it to locate the largest directories. Crucially, also check df -i for exhaustion — a disk can report free space but be unable to create files because it is out of inodes (often from millions of tiny files).
Two more traps: a file deleted while a process still holds it open won’t free space until that process closes — find it with | grep deleted. And a filesystem that won’t mount or shows errors may need (run only on an unmounted filesystem).
| Symptom | Command | Reveals |
|---|---|---|
| No space left | df -h | Which filesystem is full |
| Find the space hog | du -sh * | sort -h | The largest directories |
| Free space but can't write | df -i | Inode exhaustion |
| Space not freed after delete | lsof | grep deleted | A process holding a deleted file open |
| Filesystem errors / won't mount | fsck (unmounted) | Filesystem corruption to repair |
2.3 Network Issues
Diagnose connectivity layer by layer. ip addr confirms the host has an address; ping tests reachability; ip route checks the default gateway; ss -tulpn shows what is listening.
For name resolution, dig or nslookuptest DNS — the classic pattern “can ping by IP but not by name” always points to DNS. traceroute/mtr show where traffic stops, and tcpdump captures packets.
| Command | What it tells you |
|---|---|
| ip addr | The interface's IP, mask, and state |
| ping <host> | Basic reachability and round-trip time |
| ip route | The routing table and default gateway |
| dig / nslookup | DNS resolution problems |
| ss -tulpn | Listening sockets and the owning process |
| traceroute / mtr | The per-hop path — where traffic stops |
| tcpdump | Captured packets for deep inspection |
2.4 CPU, Memory & Process Issues
For performance, top/htop show CPU, memory, and the ; free -h shows memory and swap; vmstat and iostat reveal CPU, memory, and disk-I/O bottlenecks. A load average well above the CPU-core count means processes are queuing for CPU.
Watch for problem processes: a (state Z) is a finished process its parent never reaped — harmless but a sign of a buggy parent. When memory is critically exhausted, the kernel’s terminates a process to recover — look for it in dmesg or the journal. Use kill/pkill to stop runaway processes.
| Tool | Use it for |
|---|---|
| top / htop | Live CPU, memory, load average, and per-process usage |
| free -h | Total, used, and available memory and swap |
| vmstat / iostat | CPU, memory, and disk-I/O bottlenecks |
| uptime | Load average over 1, 5, and 15 minutes |
| dmesg / journalctl | Kernel messages — including OOM killer events |
| kill / pkill | Send a signal to stop a runaway process |
Checkpoint · Troubleshooting
Question 1 of 10
What does the 'lsof' command do in Linux?
Module 3 · Services & User Management
One official domain, 20% of the exam. XK0-006 promotes Services and User Management to its own domain. It covers the accounts and groups that grant access, the processes and jobs that run, the software installed on the system, and the containers that package modern services.
3.1 Users, Groups & Accounts
User accounts live in /etc/passwd, hashed passwords in /etc/shadow, and groups in /etc/group. Manage them with useradd, usermod, userdel, groupadd, and passwd. Every user has a primary group and may belong to secondary groups; group membership is how you grant shared access.
| Item | Purpose |
|---|---|
| /etc/passwd | User accounts (no passwords — fields like UID, home, shell) |
| /etc/shadow | Hashed user passwords and aging policy |
| /etc/group | Group definitions and memberships |
| useradd / usermod / userdel | Create, modify, or delete user accounts |
| groupadd / passwd | Create groups; set or change passwords |
| id / groups | Show a user's UID, GID, and group memberships |
3.2 Processes & Scheduling
A is a running program with a . Inspect them with ps aux, top, or htop; control them by sending signals with kill (TERM to ask politely, KILL/-9 to force). Adjust scheduling priority with nice and renice, and keep a job running after logout with nohup or by appending &.
For recurring work, runs jobs on a schedule. A line has five time fields — minute, hour, day-of-month, month, day-of-week — then the command.[7] For example, 0 2 * * * runs a job daily at 2:00 a.m. systemd timers are the modern alternative, and at schedules a one-time job.
| Field | Range | Example value |
|---|---|---|
| Minute | 0–59 | 0 |
| Hour | 0–23 | 2 |
| Day of month | 1–31 | * |
| Month | 1–12 | * |
| Day of week | 0–7 (0/7 = Sunday) | * |
3.3 Package Management
Software is installed through a that pulls from a configured and resolves dependencies. The exam expects you to know which tool belongs to which distribution family.[1]
Debian / Ubuntu
- Format
- .deb
- High-level
- apt / apt-get
- Low-level
- dpkg
- Update index
- apt update
- Install
- apt install <pkg>
RHEL / Fedora / CentOS
- Format
- .rpm
- High-level
- dnf (yum)
- Low-level
- rpm
- Update index
- dnf check-update
- Install
- dnf install <pkg>
openSUSE / SLES
- Format
- .rpm
- High-level
- zypper
- Low-level
- rpm
- Update index
- zypper refresh
- Install
- zypper install <pkg>
snap and flatpak — work across families. Know which tool belongs to which family on the exam.Debian and Ubuntu use (over the low-level dpkg) with .deb packages; RHEL, Fedora, and CentOS use (successor to yum) over with .rpm packages; openSUSE uses zypper. Universal, sandboxed formats — snap and flatpak — work across families, and software can still be compiled from source with ./configure && make && make install.
3.4 Containers
A packages an application with its dependencies into a lightweight, isolated process that shares the host kernel (unlike a virtual machine, which runs a whole guest OS). A is the read-only template, built from a ; a container is a running instance of that image.
| Term / command | Meaning |
|---|---|
| Image | Read-only template built from a Dockerfile |
| Container | A running instance of an image |
| docker build | Build an image from a Dockerfile |
| docker run / ps | Start a container / list running containers |
| Docker Compose (YAML) | Define and run multi-container apps |
| Podman | A daemonless, rootless container engine (drop-in for Docker) |
Checkpoint · Services and User Management
Question 1 of 10
In Linux, what is the primary function of the 'systemd' system and service manager?
Module 4 · Security
One official domain, 18% of the exam. Linux+ security is practical: file permissions, mandatory access control, authentication, firewalls, and encryption — the controls that protect a real server.
4.1 Permissions & Ownership
Standard Linux have three triplets — owner, group, others — each granting read (4), write (2), and execute (1).[5] You change them with (numeric like 754 or symbolic like u+x) and change ownership with . The subtracts default bits from new files.
Owner (user)
rwx
octal 7
read + write + execute (4+2+1)
Group
r-x
octal 5
read + execute (4+0+1)
Others
r--
octal 4
read only (4+0+0)
- file, d directory, l link). Each triplet is read=4, write=2, execute=1, summed. Special bits prepend a 4th digit: SUID 4, SGID 2, sticky 1.Beyond the basics are three special bits: (4) runs a program as its owner (e.g., passwd runs as root); (2) runs as the group or makes new files inherit a directory’s group; the (1) lets users delete only their own files in a shared directory like /tmp. For finer control, (setfacl/getfacl) grant per-user permissions beyond owner/group/others.
| Symbol | Value | Meaning |
|---|---|---|
| r | 4 | Read |
| w | 2 | Write |
| x | 1 | Execute (enter a directory) |
| SUID | 4 (leading) | Run a file as its owner — chmod 4755 |
| SGID | 2 (leading) | Run as group / inherit group — chmod 2755 |
| Sticky | 1 (leading) | Delete only your own files — chmod 1777 |
4.2 SELinux & AppArmor
Standard permissions are discretionary — the file owner decides. goes further: the system enforces an administrator-defined policy that even root cannot casually override. The two implementations Linux+ tests are and .[9]
SELinux (label-based)
- Label/context-based MAC (every file & process is labeled)
- Modes: enforcing, permissive, disabled
- Default on RHEL / Fedora / CentOS
- Tools: getenforce, setenforce, sestatus, semanage, restorecon
- Denials logged to the audit log (ausearch / audit2allow)
AppArmor (path-based)
- Path-based MAC (profiles target program paths)
- Modes: enforce, complain
- Default on Ubuntu / Debian / SUSE
- Tools: aa-status, aa-enforce, aa-complain
- Generally simpler to read and write profiles
is label-based and default on RHEL-family systems; it has three modes — enforcing (block + log), permissive (log only), and disabled. Check it with getenforce or sestatus; switch temporarily with setenforce; set persistently in /etc/selinux/config. is path-based and default on Ubuntu and SUSE, with enforce and complain modes.
4.3 Authentication & Hardening
Authentication is handled by , the modular framework that decides how users log in and what policies apply. For privilege escalation, runs a single command as another user (usually root) per rules in /etc/sudoers — always edited with visudo — enforcing least privilege without sharing the root password.
Remote access uses . Prefer key-based authentication: keep the private key on the client and place the public key in the server’s ~/.ssh/authorized_keys. On hardened servers, disable root login and password authentication in /etc/ssh/sshd_config so only keys work.
| Mechanism | Role |
|---|---|
| PAM | Pluggable framework that enforces how users authenticate |
| sudo / visudo | Run commands as root per least-privilege rules in /etc/sudoers |
| SSH keys (ssh-keygen) | Stronger, automatable login than passwords |
| /etc/ssh/sshd_config | Harden SSH: disable root login and password auth |
| /etc/shadow | Stores hashed passwords and aging policy |
4.4 Firewalls & Encryption
A host firewall controls which ports are reachable. RHEL systems use (zone- and service-based); Ubuntu commonly uses , a friendly front-end to the underlying packet filter. The exam expects you to open or close a service/port and to reason about default-deny posture.
For data protection, provides full-disk (block-device) encryption, gpg encrypts and signs files, and TLS certificates secure services in transit. Pair encryption at rest with least-privilege permissions and MAC for defense in depth.
| Tool | Use it for |
|---|---|
| firewalld (firewall-cmd) | Zone/service-based firewall (RHEL family) |
| ufw | Simple firewall front-end (Ubuntu) |
| iptables / nftables | Low-level packet-filter rules (nftables is the successor) |
| LUKS (cryptsetup) | Full-disk / block-device encryption at rest |
| gpg | Encrypt, decrypt, and sign files |
Checkpoint · Security
Question 1 of 10
In Linux, what is the purpose of the 'chroot' command?
Module 5 · Automation, Orchestration & Scripting
One official domain, 17% of the exam. Modern Linux administration is automated. This domain covers Bash scripting, version control with Git, and configuration management and orchestration (Ansible) — and on XK0-006 it also touches Python basics and version-control workflows.
5.1 Bash Scripting
A Bash script starts with a (#!/bin/bash) and must be made executable (chmod +x).[8] Scripts use variables, conditionals (if, [[ ... ]], case), and loops (for, while, until). The of the last command lives in $? (0 = success).
Scripts shine by combining commands with a (|) and (>, >>, <). The text-processing trio — (search), (edit streams), and (work with columns) — turns log files and command output into useful data.
| Element | Example / meaning |
|---|---|
| Shebang | #!/bin/bash — names the interpreter |
| Variable | name="value" → echo "$name" |
| Conditional | if [[ $x -gt 5 ]]; then ... fi |
| Loop | for f in *.log; do ... done |
| Exit code | $? — 0 means success, non-zero an error |
| Pipe & redirect | cmd1 | cmd2 ; cmd > file ; cmd >> file |
5.2 Git & Version Control
tracks changes to files so teams can collaborate and roll back. The core flow: edit files, stage them with git add, save a snapshot with git commit, and share with git push/git pull. Branches (git branch, git checkout) let you work on changes in isolation, then git merge them back.
| Command | What it does |
|---|---|
| git clone <url> | Copy a remote repository locally |
| git add <file> | Stage changes for the next commit |
| git commit -m "msg" | Save a snapshot of staged changes |
| git push / git pull | Send to / fetch from the remote |
| git branch / git checkout | Create and switch branches |
| git merge <branch> | Combine another branch into the current one |
5.3 Automation & Orchestration
Configuration management tools enforce a desired state across many servers. is the one Linux+ leans on: it is agentless (works over SSH), uses YAML playbooks, and is — re-running a playbook changes only what differs from the goal.[1] Puppet and Chef are agent-based alternatives, and Terraform provisions infrastructure as code.
The unifying idea is : instead of configuring servers by hand, you describe the desired state in version-controlled files, so deployments are repeatable, auditable, and consistent — eliminating the manual errors that cause most outages.
| Tool | Model | Notes |
|---|---|---|
| Ansible | Agentless (SSH), YAML playbooks | Idempotent; the Linux+ favorite |
| Puppet | Agent-based, declarative | Pull model with a central server |
| Chef | Agent-based, Ruby 'recipes' | Pull model with a central server |
| Terraform | Declarative IaC | Provisions infrastructure/cloud resources |
Checkpoint · Automation, Orchestration & Scripting
Question 1 of 10
In Linux, what is the function of the 'crontab' command?
How to Use This Linux+ Study Guide
This guide is built to be worked at a terminal, not just read. The most efficient path to a pass:
- Study by weight. System Management (23%) and Troubleshooting (22%) are 45% of the exam — master the filesystem hierarchy, systemd, storage, and the troubleshooting commands first.
- Get hands-on. Linux+ is a practical exam with performance-based questions. Run every command in a VM or container as you read — don’t just memorize them.
- Check off as you go. Use the Study Guide Contents to mark each section done; it raises your exam-readiness score.
- Take every checkpoint. The end-of-module quizzes show you exactly which domains need another pass.
- Drill the weak domain. Send your weak area into the flashcards and a practice test until the score climbs.
Linux+ Concept Questions
Common Linux+ concepts candidates search while studying — each answered briefly and backed by an official source. Test yourself, then drill them as flashcards.
Linux+ Glossary
The high-yield Linux+ terms in one place — hover any dotted term in the guide, or flip the whole deck here as a self-grading flashcard set.
- /etc
- The directory holding system-wide configuration files (text), such as /etc/passwd and /etc/fstab.
- /etc/fstab
- The file listing filesystems to mount automatically at boot, with their mount points and options.
- /proc
- A virtual filesystem exposing live kernel and per-process information from memory, not disk.
- ACL
- Access Control List — fine-grained per-user/per-group permissions beyond the standard owner/group/others, set with setfacl.
- Ansible
- An agentless automation tool that configures systems with idempotent YAML playbooks over SSH.
- AppArmor
- A path-based mandatory access control system using profiles, default on Ubuntu and SUSE.
- apt
- The high-level package manager for Debian and Ubuntu; installs .deb packages and resolves dependencies.
- awk
- A text-processing language for working with columns and fields.
- chmod
- The command to change a file's permission bits, in numeric (754) or symbolic (u+x) form.
- chown
- The command to change a file's owner (and optionally group).
- Container
- A lightweight, isolated process packaging an application and its dependencies, sharing the host kernel.
- cron
- The time-based job scheduler daemon; jobs are defined in crontabs with five time fields plus a command.
- crontab
- A user's table of scheduled cron jobs; edit with crontab -e, list with crontab -l.
- dmesg
- Displays the kernel ring buffer — hardware, driver, and boot messages.
- dnf
- The high-level package manager for RHEL, Fedora, and CentOS (successor to yum); installs .rpm packages.
- Docker image
- A read-only template built from a Dockerfile; containers are running instances of an image.
- Dockerfile
- A text file of instructions used to build a Docker image.
- Exit code
- The numeric status a command returns ($?); 0 means success, non-zero means an error.
- ext4
- A widely used, mature Linux journaling filesystem.
- FHS
- Filesystem Hierarchy Standard — the standard layout of Linux directories under root (/), defining where configuration, data, and programs live.
- firewalld
- A dynamic firewall manager (zones/services) common on RHEL-family systems.
- fsck
- The filesystem check-and-repair tool, run on an unmounted filesystem.
- Git
- A distributed version-control system tracking changes to files via commits, branches, and merges.
- grep
- Searches text for lines matching a pattern (regular expression).
- GRUB2
- The GRand Unified Bootloader (version 2) — the bootloader that loads the Linux kernel and initramfs at startup.
- IaC (infrastructure as code)
- Managing infrastructure through version-controlled configuration files rather than manual changes.
- Idempotency
- The property that running an automation repeatedly yields the same end state, changing only what differs.
- initramfs
- A temporary, in-memory root filesystem containing the drivers the kernel needs to mount the real root filesystem.
- Inode
- A filesystem data structure storing a file's metadata; a filesystem can exhaust inodes even with free space.
- iptables / nftables
- Packet-filtering frameworks that define firewall rules; nftables is the modern successor to iptables.
- journalctl
- The command to query the systemd journal (logs); supports filtering by unit, boot, time, and priority.
- Kernel
- The core of the operating system that manages hardware, memory, processes, and system calls.
- Load average
- The average number of processes wanting CPU over 1, 5, and 15 minutes; shown by uptime and top.
- lsof
- Lists open files and the processes holding them (useful for finding what holds a deleted file or a port).
- LUKS
- Linux Unified Key Setup — the standard for full-disk (block-device) encryption on Linux.
- LVM
- Logical Volume Management — abstracts disks into physical volumes, volume groups, and resizable logical volumes.
- MAC (mandatory access control)
- A model where the system enforces an administrator-defined policy that users cannot override.
- Mount point
- A directory where a filesystem is attached so its contents become accessible (e.g., a disk mounted at /data).
- OOM killer
- The kernel's Out-Of-Memory killer that terminates processes when memory is critically exhausted.
- Package manager
- A tool that installs, updates, and removes software and resolves dependencies (apt, dnf/yum, zypper).
- PAM
- Pluggable Authentication Modules — the framework Linux uses to authenticate users and enforce policy.
- Permissions
- The read (r), write (w), and execute (x) access bits set for the owner, group, and others on a file.
- PID
- Process ID — the unique number identifying a running process; systemd is PID 1.
- Pipe
- The | operator that sends one command's output as the next command's input.
- Process
- A running instance of a program, identified by a PID, with a state, owner, and resources.
- Redirection
- Sending a command's output to a file (>) or appending (>>), or reading input from a file (<).
- Repository
- A configured source of packages that a package manager downloads from.
- Root filesystem
- The top-level filesystem mounted at /, under which every other directory and mount point lives.
- rpm
- The low-level package format and tool used by RHEL-family distributions.
- sed
- A stream editor for filtering and transforming text.
- SELinux
- Security-Enhanced Linux — a label-based mandatory access control system with enforcing, permissive, and disabled modes.
- SGID
- Set Group ID — a special bit (2) that runs a file as its group, or makes new files inherit a directory's group.
- Shebang
- The #! line at the top of a script naming the interpreter that runs it (e.g., #!/bin/bash).
- SSH
- Secure Shell — an encrypted protocol for remote login and file transfer; supports key-based authentication.
- Sticky bit
- A special bit (1) on a directory that lets users delete only files they own (used on /tmp).
- sudo
- Runs a command with another user's privileges (usually root) per rules in /etc/sudoers; enforces least privilege.
- SUID
- Set User ID — a special bit (4) that runs a program with the privileges of its file owner (e.g., passwd).
- systemctl
- The command to control systemd: start, stop, restart, enable, disable, and status of units.
- systemd
- The modern init system and service manager; runs as PID 1 and supervises services (units) and targets.
- Target
- A systemd grouping of units that defines a system state (e.g., multi-user.target, graphical.target), replacing SysV runlevels.
- Troubleshooting methodology
- CompTIA's ordered process: identify, theorize, test, plan, implement/escalate, verify, document.
- ufw
- Uncomplicated Firewall — a simplified front-end to iptables/nftables, common on Ubuntu.
- umask
- A mask that subtracts default permission bits from newly created files and directories.
- Unit
- A systemd-managed resource — most commonly a service (.service), but also sockets, mounts, timers, and targets.
- XFS
- A high-performance journaling filesystem, the default on RHEL.
- Zombie process
- A finished process whose exit status hasn't been reaped by its parent; shows a Z state in ps.
Linux+ Study Guide FAQ
The Linux+ XK0-006 exam has a maximum of 90 questions and you get 90 minutes. Questions are a mix of multiple choice (single and multiple response) and performance-based questions (PBQs) that require hands-on tasks in a simulated Linux environment.
You need a scaled score of 720 on a scale of 100 to 900. It is not a simple percentage — CompTIA converts your raw score so every exam form demands the same ability level, so don't try to estimate it as a percent correct.
System Management (23%), Services and User Management (20%), Security (18%), Automation, Orchestration, and Scripting (17%), and Troubleshooting (22%). System Management and Troubleshooting together are 45% of the exam, so master them first.
Study by weight: lead with System Management (23%) and Troubleshooting (22%) — master the filesystem hierarchy, systemd, storage, and the troubleshooting commands first. Read each module, take the checkpoint, then drill gaps with our free practice test and flashcards.
XK0-006 (V8) is the current exam, launched July 15, 2025; it replaced XK0-005, which CompTIA retired on January 13, 2026. XK0-006 restructured the content into five domains — splitting out Services and User Management — and refreshes coverage of cloud, containers, automation, and scripting. This guide targets the current XK0-006.
A single exam voucher is about $369 USD (it varies by region and promotion). There are no required prerequisites, though CompTIA recommends CompTIA A+, Network+, and Server+ plus about 12 months of hands-on Linux administration experience.
The certification is valid for three years. You renew through the CompTIA Continuing Education (CE) program — earning 50 continuing-education units (CEUs) over the three years, or by passing a higher-level CompTIA certification.
Yes — this study guide, the module checkpoints, the glossary, the concept questions, the practice test, and the flashcards are 100% free with no account required.
Linux+ is considered moderately challenging because it tests applied, command-line skills across system management, services and user management, security, automation and scripting, and troubleshooting — plus performance-based questions you complete in a real Linux environment. Hands-on practice at a terminal, not just reading, is the key to passing.
References
- 1.CompTIA. “Linux+ (XK0-006) Certification Exam Objectives.” comptia.org. ↑
- 2.CompTIA. “CompTIA Continuing Education (renewal & CEUs).” comptia.org. ↑
- 3.Linux Foundation. “Filesystem Hierarchy Standard 3.0.” refspecs.linuxfoundation.org. ↑
- 4.kernel.org. “The Linux kernel — Administration guide.” kernel.org. ↑
- 5.The Linux man-pages project. “chmod(1) — change file mode bits.” man7.org. ↑
- 6.The Linux man-pages project. “systemctl(1) — control systemd.” man7.org. ↑
- 7.The Linux man-pages project. “crontab(5) — schedule cron jobs.” man7.org. ↑
- 8.The Linux man-pages project. “bash(1) — GNU Bourne-Again SHell.” man7.org. ↑
- 9.The SELinux Project. “SELinux Overview.” github.com/SELinuxProject. ↑
- 101.The Linux man-pages project. “grep(1) — print lines that match patterns.” man7.org, accessed 19 June 2026. ↑
- 102.The Linux man-pages project. “df(1) — report file system disk space usage.” man7.org, accessed 19 June 2026. ↑
- 103.The Linux man-pages project. “ps(1) — report a snapshot of current processes.” man7.org, accessed 19 June 2026. ↑

Career Employer
Career Employer is the ultimate resource to help you get started working the job of your dreams. We cover topics from general career information, career searching, exam preparation with free study materials, career interviewing, and becoming successful in your career of choice.
All PostsCareer Employer’s Editorial Process
Here at Career Employer, we focus a lot on providing factually accurate information that is always up to date. We strive to provide correct information using strict editorial processes, article editing, and fact-checking for all of the information found on our website. We only utilize trustworthy and relevant resources. To find out more, make sure to read our full editorial process page here.
