26 KiB
Linux+ Study Targets
This file tracks Linux+ weak areas, missed concepts, exam traps, and future lesson/quiz priorities.
The purpose of this file is to guide future Emacs Lisp lesson and quiz creation. Lessons should be focused, topic-based, and generated using the existing numbered file convention in this repository.
Avoid copying exact copyrighted study-book or practice-exam questions. Prefer paraphrased notes that capture the missed concept, the correct answer pattern, and the exam wording trap.
Current Study Priority
The next lessons should focus on weak areas that have appeared in missed questions, uncertain answers, or repeated review needs.
Highest priority areas:
1. Firewall basics, UFW, firewalld, and IDS recognition
2. Storage, LVM, and quotas
3. Boot process, GRUB2, kernel startup, and systemd
4. Kernel modules and hardware/system inspection
5. Networking services, ports, packet filtering, and bandwidth tools
6. Permissions, ACLs, ownership, and directory traversal
7. Scheduled tasks, cron syntax, and automation
8. Backup, archive, sync, and file transfer tools
9. Mail filtering and redirection
10. Cloud, containers, orchestration, and object storage
11. Databases, web services, and service role recognition
Next Suggested Lesson/Quiz Pair
The next unused pair should continue the repository numbering scheme.
Suggested next files:
104-firewall-review-lesson.el
105-firewall-review-quiz.el
Suggested topic:
Firewall ACLs, packet inspection, persistent firewall configuration,
stateful firewall behavior, firewalld runtime-to-permanent rules,
numbered UFW rules, simple UFW SSH blocking, DenyHosts, and Fail2Ban
Reason:
This topic reinforces several recent missed Linux+ book review questions.
Study Format
Each weak area should be recorded using this pattern:
Missed area:
Correct concept:
Exam wording trap:
Commands/files to remember:
Future lesson topic:
Status:
Possible status values:
Needs lesson
Needs quiz
Needs review
Improving
Solid
Weak Area: Firewall Review
Missed area:
Firewall basics, stateful firewall behavior, firewalld persistence,
UFW command syntax, and DenyHosts/Fail2Ban recognition
Correct concept:
Firewalls use ACLs, inspect network packets, and use configuration
files for persistence.
ACL means access control list. Firewall ACL rules allow or deny
traffic based on details such as source address, destination
address, protocol, port, or interface.
A stateless firewall checks packets against rules without remembering
the state of a connection.
A stateful firewall tracks connection state. For this book review,
remember that a stateful firewall can operate faster for established
connections and can determine if packets are fragmented.
firewalld can use runtime configuration and permanent configuration.
After testing firewalld runtime rules, make them permanent with:
sudo firewall-cmd --runtime-to-permanent
To view numbered UFW rules, use:
sudo ufw status numbered
To block SSH using simple UFW syntax, use:
sudo ufw deny 22/tcp
For this book item, remember DenyHosts and Fail2Ban as IDS tools.
The expected answer associates them with /etc/hosts.deny.
Exam wording trap:
"Make firewalld runtime rules permanent" points to:
firewall-cmd --runtime-to-permanent
"Numbered UFW rules" points to:
sudo ufw status numbered
"Deny SSH with simple UFW syntax" points to:
sudo ufw deny 22/tcp
DenyHosts is strongly associated with /etc/hosts.deny.
Fail2Ban commonly blocks through firewall actions in real-world
configurations, but for the book question, memorize the book's
expected wording.
Commands/files to remember:
sudo firewall-cmd --runtime-to-permanent
sudo ufw status numbered
sudo ufw deny 22/tcp
/etc/hosts.deny
Future lesson topic:
104-firewall-review-lesson.el
105-firewall-review-quiz.el
Status:
Needs lesson
Needs quiz
Needs review
Weak Area: Quotas and repquota
Missed area:
Quota reporting and quota command roles
Correct concept:
repquota reports quota usage.
quotaon enables quotas.
quotaoff disables quotas.
quotacheck checks or builds quota files/databases.
edquota edits user or group quota limits.
Exam wording trap:
"Report quotas" points to repquota, not quotaon.
"Enable quotas" points to quotaon, not repquota.
"Edit quotas" points to edquota.
Commands/files to remember:
repquota -a
quotaon -a
quotaoff -a
quotacheck
edquota
/etc/fstab
usrquota
grpquota
Future lesson topic:
106-storage-lvm-quotas-lesson.el
107-storage-lvm-quotas-quiz.el
Status:
Needs lesson
Needs quiz
Weak Area: LVM
Missed area:
LVM command recognition and PV/VG/LV relationships
Correct concept:
A physical volume is storage prepared for LVM.
A volume group is a pool of storage made from one or more physical volumes.
A logical volume is usable storage created from a volume group.
Exam wording trap:
"Create a volume group" means vgcreate.
"Create a logical volume" means lvcreate.
"List logical volumes" means lvs.
Commands/files to remember:
pvcreate
vgcreate
lvcreate
pvs
vgs
lvs
pvdisplay
vgdisplay
lvdisplay
lvextend
resize2fs
xfs_growfs
Future lesson topic:
106-storage-lvm-quotas-lesson.el
107-storage-lvm-quotas-quiz.el
Status:
Needs lesson
Needs quiz
Weak Area: Filesystem Usage Tools
Missed area:
Choosing between df, du, lsblk, blkid, and findmnt
Correct concept:
df shows mounted filesystem usage.
du shows file or directory space usage.
lsblk lists block devices.
blkid shows block device identifiers and filesystem attributes.
findmnt shows mounted filesystems.
Exam wording trap:
"How full is the filesystem?" usually means df.
"How large is this directory?" usually means du.
"Show disks and partitions" usually means lsblk.
Commands/files to remember:
df -h
du -sh PATH
lsblk
lsblk -f
blkid
findmnt
/etc/fstab
mount -a
Future lesson topic:
106-storage-lvm-quotas-lesson.el
107-storage-lvm-quotas-quiz.el
Status:
Needs lesson
Needs quiz
Weak Area: Boot Process, GRUB2, and systemd
Missed area:
Bootloader location, kernel startup, PID 1, and service management
Correct concept:
GRUB2 loads the Linux kernel and initramfs.
The kernel starts the first userspace process.
On most modern Linux systems, PID 1 is systemd.
systemctl controls systemd services.
Exam wording trap:
"PID 1" usually points to systemd on modern Linux.
"Regenerate GRUB2 configuration" points to grub2-mkconfig or the distro equivalent.
"Enable a service at boot" is not the same as starting it immediately.
Commands/files to remember:
ps -p 1 -o pid,comm,args
systemctl status SERVICE
systemctl start SERVICE
systemctl enable SERVICE
systemctl is-enabled SERVICE
systemctl daemon-reload
grub2-mkconfig
/etc/default/grub
/boot/grub2/grub.cfg
/boot/efi
Future lesson topic:
108-boot-grub-systemd-lesson.el
109-boot-grub-systemd-quiz.el
Status:
Needs review
Weak Area: Kernel Modules
Missed area:
Listing, loading, removing, and inspecting kernel modules
Correct concept:
lsmod lists loaded kernel modules.
modprobe loads or removes modules and handles dependencies.
modinfo shows information about a module.
rmmod removes a module but does not handle dependencies as well as modprobe.
Exam wording trap:
"List loaded modules" means lsmod.
"Load a module with dependencies" means modprobe.
"Remove a module with dependency handling" means modprobe -r.
Commands/files to remember:
lsmod
modprobe MODULE
modprobe -r MODULE
modinfo MODULE
rmmod MODULE
depmod
uname -r
/lib/modules/$(uname -r)/
Future lesson topic:
110-kernel-modules-hardware-lesson.el
111-kernel-modules-hardware-quiz.el
Status:
Needs review
Weak Area: SSH Configuration Precedence
Missed area:
User-specific SSH client config versus system-wide SSH client config
Correct concept:
User SSH client config is normally ~/.ssh/config.
System-wide SSH client config is normally /etc/ssh/ssh_config.
The SSH server config is normally /etc/ssh/sshd_config.
User-specific client settings generally override system-wide client settings.
Exam wording trap:
Do not confuse ssh_config with sshd_config.
ssh_config is client configuration.
sshd_config is server daemon configuration.
Commands/files to remember:
~/.ssh/config
/etc/ssh/ssh_config
/etc/ssh/sshd_config
ssh -F CONFIGFILE HOST
sshd -T
systemctl status sshd
systemctl status ssh
Future lesson topic:
112-ssh-config-precedence-lesson.el
113-ssh-config-precedence-quiz.el
Status:
Needs review
Weak Area: Network Services and Ports
Missed area:
Service name to port/protocol mapping
Correct concept:
/etc/services maps service names to port numbers and protocols.
getent services can query service mappings.
Exam wording trap:
A question asking about named services and port numbers often points to /etc/services.
Commands/files to remember:
/etc/services
getent services ssh
grep '^ssh' /etc/services
ss -tulpen
Future lesson topic:
114-network-services-firewall-lesson.el
115-network-services-firewall-quiz.el
Status:
Needs review
Weak Area: netfilter, iptables, and nftables
Missed area:
Linux packet filtering framework and related tools
Correct concept:
netfilter is the Linux kernel packet filtering framework.
iptables and nftables are userspace tools for managing packet filtering rules.
nftables is the newer framework/tooling commonly replacing many iptables workflows.
Exam wording trap:
"Kernel packet filtering framework" points to netfilter.
"Firewall rules on modern Linux" may point to nftables.
Commands/files to remember:
nft list ruleset
iptables -L
firewall-cmd
ufw status
ss -tulpen
Future lesson topic:
114-network-services-firewall-lesson.el
115-network-services-firewall-quiz.el
Status:
Needs review
Weak Area: Bandwidth and Network Testing Tools
Missed area:
Choosing tools for network scanning, throughput testing, and interface inspection
Correct concept:
nmap scans hosts and ports.
iperf tests network throughput.
ip shows addresses, routes, and links.
ss shows sockets.
tcpdump captures packets.
Exam wording trap:
"Throughput test" usually means iperf.
"Port scan" usually means nmap.
"Socket/listening port inspection" usually means ss.
"Packet capture" usually means tcpdump.
Commands/files to remember:
nmap
iperf
ip addr
ip route
ip link
ss -tulpen
tcpdump
Future lesson topic:
116-network-diagnostics-lesson.el
117-network-diagnostics-quiz.el
Status:
Needs review
Weak Area: Permissions and ACLs
Missed area:
Directory permissions, ACL inspection, and ACL removal
Correct concept:
Directory read permission allows listing names.
Directory execute permission allows traversal.
getfacl views ACLs.
setfacl modifies ACLs.
setfacl -b removes ACL entries.
Exam wording trap:
To access a file inside a directory, execute permission is needed on the directory path.
To list directory contents, read permission is needed on the directory.
ACL questions usually point to getfacl or setfacl.
Commands/files to remember:
ls -ld DIR
chmod
chown
chgrp
getfacl FILE
setfacl -m
setfacl -x
setfacl -b
Future lesson topic:
118-permissions-acls-lesson.el
119-permissions-acls-quiz.el
Status:
Needs review
Weak Area: User and Group Management
Missed area:
Password aging, group membership, and account defaults
Correct concept:
/etc/passwd stores basic user account information.
/etc/shadow stores password hashes and password aging information.
/etc/group stores group information.
usermod -aG appends supplementary group membership.
login.defs defines UID/GID ranges and default password aging policy values.
Exam wording trap:
Password aging is associated with /etc/shadow, chage, and login.defs, not /etc/passwd alone.
When adding a user to a supplementary group, use usermod -aG, not just -G.
Commands/files to remember:
/etc/passwd
/etc/shadow
/etc/group
/etc/login.defs
useradd
usermod -aG GROUP USER
groupmod -n
passwd
chage
id
groups
Future lesson topic:
Already covered in 102-user-management-lesson.el and 103-user-management-quiz.el.
Review if quiz score is weak.
Status:
Needs review
Weak Area: cron and Scheduled Tasks
Missed area:
Cron field order and scheduled command recognition
Correct concept:
Cron field order is minute, hour, day of month, month, day of week, command.
Exam wording trap:
Do not confuse hour and minute fields.
Do not confuse day-of-month with day-of-week.
Commands/files to remember:
crontab -e
crontab -l
/etc/crontab
/etc/cron.d/
/etc/cron.daily/
/etc/cron.hourly/
systemctl list-timers
Future lesson topic:
120-scheduled-tasks-cron-lesson.el
121-scheduled-tasks-cron-quiz.el
Status:
Needs lesson
Needs quiz
Weak Area: Backup, Archive, and Sync Tools
Missed area:
Choosing between rsync, tar, compression tools, and copy commands
Correct concept:
rsync is useful for efficient file synchronization and backups.
tar creates archives.
gzip, bzip2, and xz compress data.
cp copies files.
Exam wording trap:
"Local backup of a large file or directory while preserving metadata" often points to rsync.
"Create an archive" points to tar.
"Compress data" points to gzip, bzip2, or xz.
Commands/files to remember:
rsync -avh SOURCE DEST
rsync -avh --progress SOURCE DEST
tar -cf archive.tar DIR
tar -czf archive.tar.gz DIR
tar -xvf archive.tar
gzip
bzip2
xz
Future lesson topic:
122-backup-archive-sync-lesson.el
123-backup-archive-sync-quiz.el
Status:
Needs review
Weak Area: File and Directory Operations
Missed area:
Using ls -d, mv safety options, sort fields, and command selection
Correct concept:
ls -d shows the directory entry itself instead of listing its contents.
mv can move or rename files.
mv -i prompts before overwrite.
mv -v shows operations.
sort -k sorts by a field.
sort -r reverses sort order.
Exam wording trap:
"Show metadata for the directory itself" points to ls -ld.
"Sort by a specific column" points to sort -k.
"Prompt before overwrite" points to -i.
"Verbose output" points to -v.
Commands/files to remember:
ls -ld DIR
mv -i OLD NEW
mv -v OLD NEW
sort FILE
sort -k 2 FILE
sort -k 2 -n FILE
sort -r FILE
Future lesson topic:
Already partly covered by file-search and permissions topics.
Add focused review only if needed.
Status:
Needs review
Weak Area: Process and CPU Fields
Missed area:
Interpreting top CPU fields and process display output
Correct concept:
top shows CPU and process activity.
%us or us is user CPU time.
%sy or sy is system/kernel CPU time.
%id or id is idle CPU time.
%st or st is stolen CPU time in virtualized environments.
Exam wording trap:
"Stolen time" is associated with virtualization.
"User CPU time" is not the same as system/kernel CPU time.
Commands/files to remember:
top
ps aux
ps -ef
uptime
free -h
Future lesson topic:
Already covered in 20-top-cpu-fields-lesson.el and 21-top-cpu-fields-quiz.el.
Review if quiz score is weak.
Status:
Needs review
Weak Area: Logs and Authentication
Missed area:
Security log locations and filtering log output
Correct concept:
Authentication and security events may appear in /var/log/secure on Red Hat-family systems.
Debian-family systems often use /var/log/auth.log.
journalctl queries the systemd journal.
Exam wording trap:
Distribution family matters for auth/security log file names.
systemd journal questions often point to journalctl.
Commands/files to remember:
/var/log/secure
/var/log/auth.log
journalctl
journalctl -u SERVICE
journalctl -f
grep
awk
sed
tail -f
Future lesson topic:
Already covered in 30-auth-log-lesson.el, 31-auth-log-quiz.el, 80-log-filtering-lesson.el, and 81-log-filtering-quiz.el.
Review if quiz score is weak.
Status:
Needs review
Weak Area: Package Management
Missed area:
Package installation, dependency queries, and package manager recognition
Correct concept:
rpm installs and queries RPM packages directly.
yum or dnf manage packages and dependencies on Red Hat-family systems.
apt manages packages on Debian-family systems.
yum deplist can show dependencies.
Exam wording trap:
rpm works directly with RPM packages but does not resolve dependencies like yum/dnf.
Distribution family matters.
Commands/files to remember:
rpm -ivh PACKAGE.rpm
rpm -qa
rpm -qi PACKAGE
yum deplist PACKAGE
dnf install PACKAGE
apt update
apt install PACKAGE
Future lesson topic:
Already covered in 40-package-management-lesson.el and 41-package-management-quiz.el.
Review if quiz score is weak.
Status:
Needs review
Weak Area: Mail Filtering and Redirection
Missed area:
Automatic mail processing, filtering, and redirection
Correct concept:
Mail filters can automatically process, redirect, sort, or deliver incoming mail based on rules.
Depending on the system, this may involve procmail, sieve, aliases, forwarding files, or MTA rules.
Exam wording trap:
"Automatically redirects incoming mail" points to a mail filter or mail-processing rule, not a user shell alias.
Commands/files to remember:
/etc/aliases
~/.forward
procmail
sieve
postfix
sendmail
mailq
newaliases
Future lesson topic:
124-mail-filtering-redirection-lesson.el
125-mail-filtering-redirection-quiz.el
Status:
Needs lesson
Needs quiz
Weak Area: Web Services and Load Balancing
Missed area:
nginx service role recognition
Correct concept:
nginx can function as a web server, reverse proxy, and load balancer.
Exam wording trap:
Do not limit nginx to static web serving only.
If the question mentions web serving plus load balancing or reverse proxying, nginx may be correct.
Commands/files to remember:
nginx
systemctl status nginx
/etc/nginx/nginx.conf
/etc/nginx/conf.d/
Future lesson topic:
126-web-services-load-balancing-lesson.el
127-web-services-load-balancing-quiz.el
Status:
Needs review
Weak Area: Databases and Data Models
Missed area:
MongoDB storage/data model recognition
Correct concept:
MongoDB is a document database.
MongoDB uses JSON-style documents and stores data internally as BSON.
Exam wording trap:
MongoDB is not a traditional row/table-only relational database.
Questions mentioning JSON-style documents or BSON likely point to MongoDB.
Commands/files to remember:
MongoDB
JSON
BSON
document database
Future lesson topic:
128-databases-data-models-lesson.el
129-databases-data-models-quiz.el
Status:
Needs review
Weak Area: Cloud Storage and Azure Blob
Missed area:
Cloud object storage recognition
Correct concept:
Azure Blob Storage is object storage for unstructured data.
Exam wording trap:
"Object storage" and "unstructured data" may point to Azure Blob Storage in Azure-related questions.
Commands/files to remember:
Azure Blob Storage
object storage
unstructured data
cloud storage
Future lesson topic:
130-cloud-storage-lesson.el
131-cloud-storage-quiz.el
Status:
Needs review
Weak Area: Containers and Orchestration
Missed area:
Container orchestration engine recognition
Correct concept:
Kubernetes is a container orchestration platform.
Container orchestration manages deployment, scaling, scheduling, and operation of containers.
Exam wording trap:
"Container orchestration" often points to Kubernetes.
Commands/files to remember:
Kubernetes
kubectl
container orchestration
pods
deployments
services
Future lesson topic:
132-containers-orchestration-lesson.el
133-containers-orchestration-quiz.el
Status:
Needs review
Weak Area: Git Recognition
Missed area:
Version control tool recognition
Correct concept:
Git is a distributed version control system.
Exam wording trap:
Questions asking about source code version control usually point to Git.
Commands/files to remember:
git status
git add
git commit
git log
git diff
git clone
git pull
git push
Future lesson topic:
134-git-version-control-lesson.el
135-git-version-control-quiz.el
Status:
Needs review
Weak Area: /etc/securetty
Missed area:
Root login terminal restrictions
Correct concept:
/etc/securetty controls which terminals root may log in from on systems that honor it.
Exam wording trap:
"Which terminals permit root login?" points to /etc/securetty.
Commands/files to remember:
/etc/securetty
root login
TTY
console
Future lesson topic:
136-login-security-lesson.el
137-login-security-quiz.el
Status:
Needs review
Weak Area: Shell Navigation
Missed area:
Returning to the previous working directory
Correct concept:
cd - returns to the previous working directory.
Exam wording trap:
cd .. moves to the parent directory.
cd - moves to the previous working directory.
Commands/files to remember:
pwd
cd
cd ..
cd -
cd ~
Future lesson topic:
Can be included in a shell basics or file operations review lesson.
Status:
Needs review
Weak Area: Web Search/File Search Command Recognition
Missed area:
Finding files, searching contents, and matching command to search task
Correct concept:
find searches by file attributes and paths.
grep searches text contents.
locate uses a database to find paths quickly.
which finds commands in PATH.
whereis locates binary, source, and manual page files.
Exam wording trap:
"Search inside files" points to grep.
"Find files by name, size, time, owner, or permissions" points to find.
"Fast path lookup from a database" points to locate.
Commands/files to remember:
find
grep
locate
updatedb
which
whereis
type
Future lesson topic:
Already covered in 90-file-search-lesson.el and 91-file-search-quiz.el.
Review if quiz score is weak.
Status:
Needs review
Review Queue
Use this queue when deciding future lesson order.
Immediate next lesson:
104-firewall-review-lesson.el
105-firewall-review-quiz.el
Recommended follow-up sequence:
106-storage-lvm-quotas-lesson.el
107-storage-lvm-quotas-quiz.el
108-boot-grub-systemd-lesson.el
109-boot-grub-systemd-quiz.el
110-kernel-modules-hardware-lesson.el
111-kernel-modules-hardware-quiz.el
114-network-services-firewall-lesson.el
115-network-services-firewall-quiz.el
120-scheduled-tasks-cron-lesson.el
121-scheduled-tasks-cron-quiz.el
122-backup-archive-sync-lesson.el
123-backup-archive-sync-quiz.el
124-mail-filtering-redirection-lesson.el
125-mail-filtering-redirection-quiz.el
130-cloud-storage-lesson.el
131-cloud-storage-quiz.el
132-containers-orchestration-lesson.el
133-containers-orchestration-quiz.el
Quick Command Association Drill
Review this section frequently.
repquota -a -> report quotas
quotaon -a -> enable quotas
quotaoff -a -> disable quotas
edquota -> edit quotas
quotacheck -> check/build quota files
pvcreate -> create physical volume
vgcreate -> create volume group
lvcreate -> create logical volume
pvs -> list physical volumes
vgs -> list volume groups
lvs -> list logical volumes
lvextend -> extend logical volume
df -h -> mounted filesystem usage
du -sh PATH -> file/directory usage
lsblk -> block devices
blkid -> UUID/filesystem attributes
findmnt -> mounted filesystems
/etc/fstab -> persistent mount configuration
ps -p 1 -> inspect PID 1
systemctl -> manage systemd services
grub2-mkconfig -> generate GRUB2 configuration
lsmod -> list loaded kernel modules
modprobe -> load module with dependencies
modprobe -r -> remove module with dependency handling
modinfo -> show module information
/etc/services -> service names to port/protocol mappings
netfilter -> kernel packet filtering framework
nftables -> modern packet filtering rules tool
iptables -> older/common packet filtering rules tool
getfacl -> view ACLs
setfacl -> modify ACLs
setfacl -b -> remove ACL entries
firewall-cmd --runtime-to-permanent -> save firewalld runtime rules
sudo ufw status numbered -> view numbered UFW rules
sudo ufw deny 22/tcp -> block SSH with UFW
/etc/hosts.deny -> DenyHosts/book IDS association
crontab -e -> edit user cron jobs
crontab -l -> list user cron jobs
minute hour dom month dow command -> cron field order
rsync -avh -> sync/backup while preserving metadata
tar -> archive files
gzip/bzip2/xz -> compress data
nginx -> web server, reverse proxy, load balancer
MongoDB -> JSON-style documents stored as BSON
Azure Blob -> object storage for unstructured data
Kubernetes -> container orchestration
Git -> version control
/etc/securetty -> root login terminal restrictions
cd - -> previous working directory
Score/Status Notes
Add quiz results here after completing topic quizzes.
Example format:
Date:
Lesson:
Quiz:
Score:
Missed:
Next action:
Current Notes
Date:
Lesson:
Quiz:
Score:
Missed:
Next action:
Project maintenance note: file update helpers
The project now includes an Emacs Lisp helper file for safe updates to existing project files:
07-linuxplus-update-files.el
Use this when updating existing Markdown files such as STUDY.md and
RECOVERY.md.
Useful commands:
M-x linuxplus-update-help
M-x linuxplus-apply-firewall-score-update
M-x linuxplus-update-replace-section-with-region
M-x linuxplus-update-insert-region-before-heading
The update helpers create numbered .bak.N backup files before writing
changes. This is preferred over hand-written patch hunks for small
project documentation updates.