RedHat Certified Engineer-7 (RHCE) – Questions with Solution

By | March 31, 2018

In this blog, We will discuss the questions and its Solutions related to the Redhat Certified Engineer-7 (RHCE) (RHEL7 Q & A) Examination. I’m writing this post, as I have already gone through this examination and based on that questions, I thought of writing a post on it. You can practice this on your Virtual machine and can appear for your examination. Few things need to be kept under considerations.

  • For Secure Web Server question, you have to generate your self-signed certificate first.
  • Get a sample Dynamic Script and use it for the Dynamic Web Server Configuration.
  • You will have to generate keytab for Kerberos Authentication (Qs 14)
  • Ldap Server needs to be configured for Qs 14
  • Sample MySQL dump required.

Note/Caution: This blog has been written to show you the exam pattern and to provide you the high level of understanding for some server level configuration. DevOpsAGE Technologies does not guarantee the passing of RedHat Certified Engineer Exam.

Qs-1. SELinux should be in enforcing mode on your both systems.

Solutions:

# getenforce
enforcing

If it is not in enforcing mode, then change it to enforcing mode by,

# vim /etc/selinux/config
SELINUX=enforcing
:wq!

# reboot

Note: In order to reflect the changes, it is mandatory to reboot the system.

===================================================================================

Qs-2. Configure yum client-side repository using the following URL: http://link_will_be_given_in_the_question/content/rhel7.0/x86_64/dvd

Note: This is not actually a question which contains marks, but in order to solve the rest of the questions you will have to configure Yum other wise installing packages will hardly be possible in the given time period.

Solution:

# yum repolist      // To check the repositories
# cd /etc/yum.repos.d/
# vim devopsage.repo

[devopsage]
gpgcheck = 0
enabled = 1
baseurl = http://link_will_be_given_in_the_question/content/rhel7.0/x86_64/dvd
name = devopsage-tech
:wq!

# yum repolist

===================================================================================

Qs-3. Configure SSH access on your both systems as follows.

  • Users should have SSH access to your systems from remotely.
  • Clients within my133t.org should not have SSH access to your systems.

Solution:

Note: By default in both of your systems SSH Service is already enabled.

Note: Address provided = “my133t.org(192.168.114.128)”   // Ip will be different, make sure to change the provided IP.

# systemctl status sshd.service   // just verify
# firewall-cmd --list-all    // verify the port

# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.12.23/24" service name="ssh" reject' --permanent
# firewall-cmd --reload

Note: You can find above command from the manual page of firewalld.richlanguage. refer the example 3 and make changes accordingly.

# firewall-cmd --list-all

Note: Make Sure, you apply these changes on both the virtual machines during your examinations.

===================================================================================

Qs-4. Create a new customized envoirment for your users.

  • Create a new custom command called “userstat” whos output should be similar to “/bin/ps -Ao pid,tt,user,fname,rsz”
  • Make sure “userstat” command should available by-default for all users on both systems.

Solution:

# vim /etc/bashrc     // Add at the end of the file

alias userstat="/bin/ps -Ao pid,tt,user,fname,rsz"
:wq!

# logout  or  ctrl+d
# ssh root@ServerIP -X
# userstat  // verify whether the Alias is working as expected or not.

Note: Don’t forget to set this alias in both the machines.

===================================================================================

Qs-5. Configure port forwarding on your server.

  • The traffic coming from the desktop on port 415/tcp should be forwarded to port 22/tcp on your system1.

Solution:

# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="172.10.1.10" forward-port to-addr="172.10.1.11" to- port="22"protocol="tcp" port="415"' --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
# ssh -p 415 root@serverIP   // verify whether the above applied rule is working or not.

Note: You can find above command from the manual page of firewalld.richlanguage. refer the example 5 and make changes accordingly.

====================================================================================

Qs-6. Configure a new network teaming link on both systems.

  • Both systems have a network interface “eno1” and “eno2”
  • These two interfaces should be Slaved for the new teaming device called “team1”. (Make sure “team1” should remain active even if one of the interfaces goes down)
  • Assign the given IP address for “team1” on a 1st system – 192.168.X.111
  • Assign the given IP address for “team1” on a 2nd system – 192.168.X.222

Solution:

Note: In the examination, you will be provided with 2 network interfaces, While practicing on your local machine you have to first configure 2 network interfaces, between which you will be creating teaming link.

# nmcli con add con-name devopsage ifname team1 type team config '{"runner": {"name": "activebackup"}}'
# nmcli con add con-name team-slave1 ifname eno1 type team-slave master team1
# nmcli con add con-name team-slave2 ifname eno2 type team-slave master team1
# nmcli con modify devopsage ipv4.addresses "192.168.X.111/24" ipv4.method manual
# teamdctl team1 state
# systemctl restart network
# ifconfig // Verify whether teaming link has been created or not

Note: Make Sure you configure this on both the machines.

====================================================================================

Qs-7. Configure the following IPV6 IP address for interface eth0 on your both systems.

  • IPV6 address for system1 – “fddb:fe2a:ab1e::c0a8:1/64”
  • IPV6 address for system2 – “fddb:fe2a:ab1e::c0a8:fe/64”

Solution:

On Syetem 1:

# nmcli con modify "System eth0" ipv6.addresses "fddb:fe2a:ab1e::c0a8:1/64" ipv6.method manual
# systemctl restart network
# ifconfig

On System 2:

# nmcli con modify "System eth0" ipv6.addresses "fddb:fe2a:ab1e::c0a8:fe/64" ipv6.method manual
# systemctl restart network
# ifconfig

====================================================================================

Qs-8. Implement a web server for the site http://serverX.example.com, then perform the following steps:

  • Download http://classroom.example.com/server.html
  • Rename the downloaded file to index.html
  • Copy this index.html to the DocumentRoot of your web server
  • Do NOT make any modifications to the content of index.html

Solution:

# yum groupinstall 'basic web server' -y
# cd /var/www/html/
# wget -O index.html http://link_provided/server.html
# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
# firewall-cmd --list-all  // Verify Whether http port is added on firewall or not. 

# systemctl enable httpd.service 

# systemctl restart httpd.service 

# cd /etc/httpd/conf.d/      // here we will be creating our own configurations for web servers 

# vim devopsage.conf

<virtualhost *:80>

 servername serverX.example.com

 documentroot /var/www/html

 directoryindex index.html

 </virtualhost>

:wq!

# systemctl restart httpd.service  # firefox   // Verify on firefox http://serverX.example.com, you can also use curl http://serverX.example.com

====================================================================================

Qs-9. Extend your web server to include a virtual host for the site, http://wwwX.example.com, then perform the following steps:

  • Set the DocumentRoot to /var/www/virtual
  • Download http://classroom.example.com/pub/www.html
  • Rename the downloaded file to index.html
  • Copy this index.html to the DocumentRoot of the virtual host
  • Do NOT make any modifications to the content of index.html
  • Ensure that harry is able to create content in /var/www/virtual

Solution:

# mkdir /var/www/virtual
# cd /var/www/virtual/
# wget -O index.html http://link_provided/www.html
# useradd harry
# setfacl -m u:harry:rwx /var/www/virtual/
# vim /etc/httpd/conf.d/devopsage.conf

<virtualhost *:80>
servername wwwX.example.com
documentroot /var/www/virtual
directoryindex index.html
</virtualhost>

:wq!

# httpd -t  // This command will check for any syntax error.
# systemctl restart httpd.service
# firefox    // http://wwwX.example.com

====================================================================================

Qs-10. Secure web service.

  • Configure TLS encryption for the web server “http://serverX.example.com”
  • A signed certificate for the web server is available at http://link_provided/pub/tls/certs/serverX.crt
  • The required key for this certificate file is available at http://link_providedclassroom.example.com/pub/tls/private/serverX.key
  • The certificate for signing authority is provided at http://classroom.example.com/pub/example-ca.crt

Solution:

Note: For this question, generate a self-signed certificate if you are practicing on your local machine.

# cd /etc/pki/tls/certs/
# wget http://link_provided/pub/tls/certs/serverX.crt
# wget http://link_provided/pub/example-ca.crt
# cd ..
# cd private/
# wget http://classroom.example.com/pub/tls/private/serverX.key
# cd /etc/httpd/conf.d/
# vim devopsage.conf

<virtualhost *:443>
servername serverX.example.com
documentroot /var/www/html
directoryindex index.html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/serverX.crt
SSLCertificateKeyFile /etc/pki/tls/private/serverX.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
</virtualhost>

:wq!

# httpd -t  // Check Syntax
# firewall-cmd --add-service=https --permanent
# firewall-cmd --reload
# firewall-cmd --add-port=443/tcp --permanent
# firewall-cmd --reload
# systemctl restart httpd.service
# firefox // https://serverX.example.com.

Note: If you see untrusted connection where you have to confirm the security exceptions meansyou config is OK. This is because we are using self signed certificate.

====================================================================================

Qs-11. Create a directory named as secret in default DocumentRoot of your default web server.

  • Download a file – http://classroom.example.com/pub/private.html to the secret directory.
  • Rename this file as index.html
  • The secret directory should be only available to localhost.

Solution:

# mkdir /var/www/html/secret
 # wget -O /var/www/html/secret/index.html http://classroom.example.com/pub/private.html
 # ls -l /var/www/html/secret/
 # vim devopsage.conf

<virtualhost *:80>
 servername serverX.example.com/secret
 documentroot /var/www/html/secret
 directoryindex index.html
 <directory /var/www/html/secret>
 order deny,allow
 deny from all
 allow from localhost or IP
 </directory>
 </virtualhost>

:wq!

# httpd -t
 # systemctl restart httpd.service
 # firefox  //  http://serverX.example.com/secret

====================================================================================

Qs-12. Configure your web server to display the dynamic web contents.

    • Dynamic content is provided by a virtual host named as http://webappX.example.com
    • This host should listen on port no 8877
    • Download a copy of the script from http://classroom.example.com/pub/webapp.wsgi and place it on appropriate location for the virtual host so that it generates dynamic web contents.
    • Do not make any changes in webapp.wsgi file
    • Clients connecting to http://webappX.example.com:8877 should get the output of dynamic web contents.
  • This virtual host must be accessible to all the systems in example.com.

Solution:

# mkdir /var/www/dynamic
# cd /var/www/dynamic/
# wget http://classroom.example.com/pub/webapp.wsgi
# firewall-cmd --add-port=8877/tcp --permanent
# firewall-cmd --reload
# semanage port -a -t http_port_t -p tcp 8877
# yum install mod_wsgi.x86_64
# vim /etc/httpd/conf.d/devopsage.conf

listen 8877
<virtualhost *:8877>
servername webappX.example.com
documentroot /var/www/dynamic
wsgiscriptalias / /var/www/dynamic/webapp.wsgi
</virtualhost>

:wq!

# httpd -t
# systemctl restart httpd.service
# firefox   //  http://webappX.example.com:8877

====================================================================================

Qs-13. Write a script naming as bar.sh in the root directory

    • If we give redhat as input it should print fedora.
    • If we give fedora as input it should print redhat.
  • If we give other than redhat or fedora it should print “./root/bar.sh redhat|fedora” as an standerd error.

Solution:

# vim bar.sh

#!/bin/bash

if [ "$1" = 'redhat' ];then
echo "fedora"
elif [ "$1" = 'fedora' ];then
echo "redhat"
else
echo "./root/bar.sh redhat|fedora" > /dev/stderr
fi

:wq!

# bash bar.sh
# bash bar.sh redhat
# bash bar.sh fedora

====================================================================================

Qs-14. Configure NFS on serverX as follow

  • export /public directory with read only acess to desktopX machine.
  • export /protected directory with read write acess to desktopX
  • Acess to /protected is authenticate by using Kerborse.You can use keytab file from http://classroom.example.com/pub/keytabs/ serverX.keytab
  •  Create a secure directory inside the /protected directory
  • User ldapuserX have read and write acess on secure directory

Solution:

On Server Side:

# yum install nfs* krb5* -y
# mkdir /public /protected
# wget -O /etc/krb5.keytab http://link_provided/pub/keytabs/serverX.keytab
# vim /etc/exports

/public 172.25.5.10(ro,sec=sys,sync)
/protected 172.25.5.10(rw,sec=krb5p,sync)
:wq!

# exportfs -avr
# firewall-cmd --add-service=nfs --permanent
# firewall-cmd --reload
# mkdir /protected/secure
# getent passwd ldapuser5
# chown ldapuserX:ldapuserX /protected/secure
# systemctl enable nfs-secure-server.service
# systemctl enable nfs-server.service
# systemctl restart nfs-secure-server.service
# systemctl restart nfs-server.service

====================================================================================

Qs-15. Mount nfs on following Directory

  • public Directory exported by ServerX should be mounted across reboot on /mnt/data
  • protected Directory exported by ServerX should be mounted across reboot on /protected

Solution:

On Client Side:

# yum install nfs* krb5* -y
# mkdir /mnt/data /protected
# wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/ServerX.keytab
# vim /etc/fstab
172.10.1.11:/public /mnt/data nfs defaults,sec=sys,sync 0 0
172.10.1.11:/protected /protected nfs defaults,sec=krb5p,sync 0 0
:wq!

# systemctl enable nfs-secure.service
# systemctl restart nfs-secure.service
# mount -a
# df -h
# getent passwd ldapuser5
# cd /protected/secure/      // Check whether configuration is done correctly or not
# touch sample.txt      // Permission Denied
# ssh ldapuserX@localhost   // passwod - kerberos
$ ldapuserhomedir]$ cd /protected/secure/
$ touch sample.txt  //If you can create a file, means configuration is OK.
$ logout
# df -h

====================================================================================

Qs-16. Share /common directory via smb from your serverX

  • Share name must be samba.
  • Samba share must browseable.
  • User natasha should have read access to it and authenticate with the password “postroll”.
  • sarah should have read and write access to share and authenticate with the “postroll”.

Solution:

On Server Side:

# yum install samba samba-client.x86_64 -y
# mkdir /common
# semanage fcontext -a -t samba_share_t '/common(/.*)?'
# restorecon -Rv /common
# useradd natasha
# useradd sarah
# setfacl -m u:natasha:r-x /common
# setfacl -m u:sarah:rwx /common
# getfacl /common
# vim /etc/samba/smb.conf    // Make changes at the end of the file
[samba]
path = /common
writable = no
write list = sarah
valid users = natasha , sarah
browseable = yes
:wq!

# testparm   // Check Configuration Syntax
# smbpasswd -a natasha    //password: postroll
# smbpasswd -a sarah     //password: postroll
# firewall-cmd --add-service=samba --permanent
# firewall-cmd --reload
# systemctl enable smb nmb
# systemctl restart smb nmb

===================================================================================

Qs-17. The samba share must be permanently mounted on DesktopX machine on /mnt/samba directory and this share must allow anyone who can authenticate as sarah.

Solution:

On Client Side

# mkdir /mnt/samba
# yum install cifs-utils.x86_64 -y
# vim /tmp/pass
username=sarah
password=postroll
# vim /etc/fstab
//172.10.1.111/samba /mnt/samba cifs defaults,sec=ntlmssp,multiuser,creds=/tmp/pass 0 0
:wq!
# mount -a
# df -h
// For temporary Mounting, don not use below command, just for your understanding.
# mount -o username=sarah //172.25.5.11/samba /mnt/samba      // password: postroll

====================================================================================

Qs-18. Configure iscsi target on ServerX machine.

  • iscsi disk name is iqn.2014-06.com.example:serverX
  • iscsi should use default port as 3260.
  •  target should use 3G backing volume nameing as datavol.
  •  target should available to only desktopX machine.

Solution:

On Server Side

# fdisk /dev/vdb
:n     // new partition
:+5G
:t    // toggle, displays all hex codes
:8e  // (lvm)
:w    // To save
# partprobe
# pvcreate /dev/vdb1
# vgcreate devopsage_vg /dev/vdb1
# lvcreate -n redhat -L 3G devopsage_vg 
# yum install targetcli.noarch -y
# targetcli
/> cd
o- / .........................................................................................................................[...]
o- backstores ..............................................................................................................[...]
| o- block ..................................................................................................[Storage Objects: 0]
| o- fileio .................................................................................................[Storage Objects: 0]
| o- pscsi ..................................................................................................[Storage Objects: 0]
| o- ramdisk ................................................................................................[Storage Objects: 0]
o- iscsi ............................................................................................................[Targets: 0]
o- loopback .........................................................................................................[Targets: 0]
/backstores/block> create datavol /dev/devopsage/redhat
/backstores/block> cd
/iscsi> create iqn.2014-06.com.example:serverX
/iscsi> cd
/iscsi/iqn.20...er5/tpg1/acls> create iqn.2014-06.com.example:desktopX
/iscsi/iqn.20...er5/tpg1/acls> cd
/iscsi/iqn.20...er5/tpg1/luns> create /backstores/block/datavol
/iscsi/iqn.20...er5/tpg1/luns> cd
/iscsi/iqn.20.../tpg1/portals> create 172.10.1.11 ip_port=3260
/iscsi/iqn.20.../tpg1/portals> cd
o- / .........................................................................................................................[...]
/> saveconfig
/> exit

# firewall-cmd --add-port=3260/tcp --permanent
# firewall-cmd --reload
# systemctl enable target.service
# systemctl restart target.service

====================================================================================

Qs-19. Configure DesktopX machine for iscsi intiator.

  • Iscsi device should be automatically mounted at booting time.
  • Iscsi should contain a block of 2000MB and should have xfs file system on it.
  • The partion must be mounted on /mnt/iscsi and it should be automatically mounted.

Solution:

On Client Side.

# yum install iscsi-initiator-utils.i686 -y
# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-06.com.example:desktopX
:wq!
# systemctl enable iscsid.service
# systemctl restart iscsid.service
# iscsiadm --mode discoverydb --type sendtargets --portal 172.25.5.11 --discover

Note: You will get this cmd from example section of man page of iscscadm

# iscsiadm --mode node --targetname iqn.2014-06.com.example:server5 --portal 172.25.5.11:3260 --login
# lsblk

sda 8:0 0 3G 0 disk

# fdisk /dev/sda

:p
:n
:+2000M
:w
# partprobe
# mkfs.xfs /dev/sda1
# blkid
# vim /etc/fstab
UUID=668CF9BD8CF987B7 /mnt/iscsi xfs defaults,_netdev 0 0
]# mkdir /mnt/iscsi
]# mount -a
]# df -h

Note/Caution: Do not forget to logout from ISCSI Server, if you failed to do so, your system will be hung.

# iscsiadm --mode node --targetname iqn.2014-06.com.example:serverX --portal 172.10.1.11:3260 --logout

====================================================================================

Qs-20. create A MariaDB database by using the dump file.

  • create database named as legacy and import dump file into database.
  • dump file is provided by http://classroom.example.com/pub/mariadb.dump
  • create user smith and grant select access on legacy database.

Solution:

# yum groupinstall mariadb mariadb-client -y
# systemctl enable mariadb.service
# systemctl restart mariadb.service
# mysql_secure_installation   // Set password (say, password), and for every prompt press "y"
# mysql -u root -ppassword
# show databases;
# create database legacy;
# exit (ctrl+d)
# wget http://classroom.example.com/pub/mariadb.dump
# mysql -u root -ppassword legacy < mariadb.dump
# mysql -u root -ppassword
# use legacy;
# show tables;
# create user smith@"localhost" identified by "password";
# grant select on legacy.* to smith@'localhost'; > exit (ctrl+d)

=======================================================================================

Qs-21. Ans the following question in the file /root/mariadb.txt

  • count the number of product which are having id_catagory=10

Solution:

# mysql -u root -ppassword
# use legacy;
# select count(*) from product where id_category=10;
#  exit(ctrl+d)
# vim /root/mariadb.txt
ans=10
:wq!

====================================================================================

Qs-22. Write a script naming as foo.sh in root directory

  • create users provided by the file http://classroom.example.com/pub/users
  • if the appropriate file is not provided then it should return error /root/foo.sh [Valid File]
    and return with an appropirate error status

Solution

# vim /root/foo.sh
#!/bin/bash

b=`basename $1`
a=`cat $1`
if [ -s $1 -a "$b" = "user.txt" ];then
for i in $a
do
useradd $i -s /sbin/nologin
echo "$i"|passwd $i --stdin
echo "$i is added"
done
else
echo "/root/foo.sh [Valid File]" > /dev/stderr
exit 2
fi
:wq!

# vim user.txt   // list of users
daniel
owen
sara

# bash foo.sh user.txt

=====================================================================================

Qs-23. Configure mail access on both the systems as follows

  • system should not accept mail from external sources.
  • mail sent locally from both systems get routed through example.com
  • mail send from systems shows up as coming from serverX.example.com.

Solution:

# yum install postfix
# vim /etc/postfix/main.cf

LINE NUMBER TO CHANGE

75 myhostname = serverX.example.com
83 mydomain = example.com
98 myorigin = $mydomain
116 inet_interfaces = all
119 inet_protocols = all
164 mydestination =
264 mynetworks = 172.10.0.0/16, 127.0.0.0/8
314 relayhost = [smtpX.example.com]

@END local_transport = error: local delivery disabled

# systemctl enable postfix
# systemctl restart postfix
# mail -s 'test' user@desktopX.example.com

Note: Take care of the my_networks carefully in your exam.

# hostname
# hostname -d
# hostnamectl set-hostname serverX.example.com
# systemctl enable postfix
# systemctl restart postfix
# mail -s 'test22' user@desktopX.example.com

If you Like Our Content here at Devopsage, then please support us by sharing this post.

Please Like and follow us at, LinkedIn, Facebook, Twitter, and GitHub

Also, Please comment on the post with your views and let us know if any changes need to be done.

Thanks!!

66 thoughts on “RedHat Certified Engineer-7 (RHCE) – Questions with Solution

  1. Audirus

    Hi,

    I think in Q3 restrict ssh connection via rich rule is a mistake.
    IP address used for rich rule differs from provided host who should be rejected.
    Also CIDR 24 will reject all network.
    192.168.1.3/24 defines all network scope
    192.168.1.3/32 defines only one IP

    Sorry if I am not correct. Still learning.

    Reply
    1. rhce_learner

      I think it is easier to block the ssh connections via /etc/hosts.deny

      # vim /etc/hosts.deny
      sshd :
      😡
      # systemctl restart sshd

      Reply
  2. Prakash

    Hi Admin

    In iscsi, in server side you have given below 172.10.1.11, can you please confirm whether this is ip of server or desktop in portal

    scsi/iqn.20…/tpg1/portals> create 172.10.1.11 ip_port=3260
    /iscsi/iqn.20…/tpg1/portals> c

    Also in client side you have used ip 172.25.5.11

    client side:
    # iscsiadm –mode discoverydb –type sendtargets –portal 172.25.5.11 –discover

    Note: You will get this cmd from example section of man page of iscscadm

    # iscsiadm –mode node –targetname iqn.2014-06.com.example:server5 –portal 172.25.5.11:3260 –login
    # lsblk

    can you please confirm which ip or server to be used in portal creation and in client side when running iscsiadm

    Thanks

    Reply
  3. arsalan

    Qs-23. Configure mail access on both the systems as follows

    system should not accept mail from external sources.
    mail sent locally from both systems get routed through example.com
    mail send from systems shows up as coming from serverX.example.com.

    correct me if i am wrong for point # 3 myorigin should be $hostname because emails coming from should be from serverX.example.com.

    Reply
  4. InSearchOfRHCE

    Yesterday i sat in exam and failed in most awesome way. Can’t believe i made those mistakes. In such exam time is really enemy. On just link aggregation i spent 45 mins on both machines combined. And normally i do this rask in 5 mins max. Kept making stupid mistakes. But there is always lesson to learnt. And for kerberised nfs there is a big twist keep your eyes open.

    On question related to SMTP , they asked to route and email through host “rhost.district10.example.com” and all outgoing email should have domain “district10.example.com”

    I wrote
    hostrelay = rhost.district10.example.com
    @mydomain = district10.example.com”
    mynetwork = loopback-only, [::1]/128

    But still it was not working.

    Reply
    1. DevopsAdmin Post author

      Hi, Its very Sad that you did not pass your exam. Some times it happens that we feel very confident and because of that we did not practice for an exam well. What actually happens is in real time office work get get plenty of time to troubleshoot the things, but in exam we are bound to time. We have to prepare for an exam in such a way that we did not invest much of our times in troubleshooting or else we would not be able to attempt rest of the questions, or may be due to the lack of time we would stuck to other questions as well.
      I recommend to practice as much as possible and try to attempt the questions which you feel you can do it quickly which indeed will put you to the safer side. RHCE is a bit tricky and tough as compared to the RHCSA.

      Reply
      1. InSearchOfRHCE

        Actually i did lot of practice and kept finding ways to reduce time consumption during practice but as soon i sat in exam my mind stopped working, i think i took a lot of pressure because it was easy exam. . But about above question did i set correct settings for smtp ?

        Reply
        1. DevopsAdmin Post author

          Hard Luck!

          I think instead of hostrelay you should pass relayhost in the configuration. I believe this might be the reason.

          Reply
  5. HyunChul

    Hello,
    In QS-11,
    When i type contents, servername serverX.example.com/secret is not forbbiden to desktop machine.
    but when i type below contents, servername.serverX.example.com/secret is forbbiden to desktop machine.
    Could you tell me which one is right?
    Warm Regards,

    servername serverX.example.com/secret
    documentroot /var/www/html/secret
    directoryindex index.html

    order deny,allow
    deny from all
    allow from localhost or IP

    Reply
    1. HyunChul

      i type servername serverX.example.com/secret
      documentroot /var/www/html/secret
      directoryindex index.html

      order deny,allow
      deny from all
      allow from localhost or IP

      Reply
  6. Sheraaz Buksh

    Thank you devops admins. This article greatly helped me with the exam. I passed. This is a really good guide for the exam.

    Reply
    1. DevopsAdmin Post author

      Thank You so much and congratulations on being certified

      Reply
  7. Mohd Tauheed

    Hi,

    Permission denied in samba share, when I use mount command on desktop side,

    What is the issue ..??

    Reply
    1. DevopsAdmin Post author

      Hi Mohd,

      make sure you run this command as an root. also check the path of your creds file you defined in the fstab.

      Reply
  8. Sheraaz Buksh

    Thanks for the great article. This is surely a great guideline for the exam prep.

    Just a question though. Does the EX300 exam not require you to reset the password for the VM before continuing further. I was faced with this scenario with my RHCSA exam.

    Thanks

    Reply
    1. DevopsAdmin Post author

      Hi Sheraaz,

      You have to reset password in both the exam as of what i remember. Withour resetting the password you wont be able to move ahead.

      Reply
  9. AKSHAY PRADEEP

    can I use the ssh reject IP as 192.168.114.0/24
    and about port forwarding, I was thinking it would be like
    firewall-cmd –permanent –add-rich-rule=’rule family=ipv4 source adress=xxx.xxx.xx.x forward-port port=415 protocol=tcp to-port=22′
    please correct if i am wrong.

    Reply
  10. JS

    Question 23 on postfix should the network should the mynetworks = “mynetworks = 127.0.0.0/8, [::1]/128”

    Qs-5. Configure port forwarding on your server.
    Can firewall GUI can be used in (graphical mode) ? or graphical mode is not allowed?

    Reply
    1. DevopsAdmin Post author

      Hi JS,

      You have the graphical access as well, but it is good to go with the terminal itself.

      Reply
  11. JS

    In all the practice a extra disk is provided. If the disk is not provided how do you attempt this questions then?

    Reply
    1. DevopsAdmin Post author

      You will be provided with the sufficient disk. make sure to create the primary partiton so that later you can use extended partitions as per the requirement

      Reply
  12. Eg.ibrahim

    Dear Devops

    please check NFS questions, as we should add the below services to firewall
    #firewall-cmd –per –add–service=nfs
    #firewall-cmd –per –add–service=mountd
    #firewall-cmd –per –add–service=rpc-bind
    #firewall-cmd –reload

    Reply
  13. EG.Ahmed

    Dear Devops,

    are these questions still valid for passing RHCE Exam ?

    Reply
    1. DevopsAdmin Post author

      Hi Ahmed,

      I can not say its valid, but yes the pattern will be same probably with slight modification. the new pattern may come when redhat comes up with the major version changes i.e, RHEL 8

      Reply
  14. Kabir

    Hello
    Thanks for the post.
    I do have a question regarding the SSH. Can I use tcp wrappers instead of the firewall command, you know on /etc/hosts.deny file for sshd daemon.
    Thanks

    Reply
  15. Arafat

    Hi DevopsPage Team, Thanks for your excellent job. Just a quick update on Qs-19. I think, that there is a typo on heading. It should be done on the “Client Side” instead of “Server Side”. Thanks.

    Reply
    1. DevopsAdmin Post author

      Hi Arafat, Thank you so much for highlighting. I have corrected that.

      Reply
  16. Mahendran.p

    Hi,
    This is Mahendran from Tamil Nadu- India. could you please clarify why we need to logout from ISCSI initiator from machine-2.
    That may mounted on machine-2 ,while rebooting it will goes to hung but instead of reboot we may force power-off the machine-2 then it won’t went to hung state. Could you please clarify my doubt.

    Thanks in advance.

    Reply
  17. Jules

    Hello DevopsAdmin!

    Thanks very much for this valuable site. I really appreciate your efforts,

    Please I am due to take RCHE next month, March. Any heads-up?

    Best Regards,
    – Jules

    Reply
    1. DevopsAdmin Post author

      Thanks, Jules,

      All the best for your exam. Just practise well and go ahead.

      Reply
  18. Szymon

    Qs-23. Configure mail access on both the systems as follows
    mynetworks = 172.10.0.0/16, 127.0.0.0/8

    Why did you specify mynetworks ? Do we need that ?

    BTW I see everywhere inet_protocols sets to ipv4 😉

    Reply
  19. Amedix

    Thanks for this article.

    Regarding questions 14 and 15, do I need in the exam to install and configure (/etc/krb5.conf) kerberos on both systems ?

    Reply
    1. DevopsAdmin Post author

      Hi Amedix, Yes you need to install krb5 packages and do required configurations on both the systems

      Reply
  20. DirectedSoul1

    DOUBT for questions: Q.8 and Q.10; I have one quick question about extending the TLS security for the web server, can I put the and both in the same file ?(for ex: here its devops.conf), will that cause any conflict?. Please reply.

    Reply
  21. wes

    I spent a lot of time learning how to set up a KDC. I noticed that there is no attention to that on your questions. Why is that?

    Reply
  22. ShoSho

    Hi,

    Thank you for the great tips for the exam.

    I have one question about vhost config.

    Qs-11 only works when I comment out the lines from Qs-8.

    When I kept Qs-8 lines in devopsage.conf with Qs-11 answer, I still could access to /var/www/html/secret/ from other host.

    Please kindly advise if this is expected.

    My apache version is 2.4.6, hence I input part as below.

    Require host localhost

    # httpd -t
    Syntax OK
    # httpd -D DUMP_VHOSTS
    VirtualHost configuration:
    *:80 is a NameVirtualHost
    default server *****.*****.com (/etc/httpd/conf.d/mylabserver.com.conf:1)
    port 80 namevhost *****.*****.com (/etc/httpd/conf.d/mylabserver.com.conf:1)
    port 80 namevhost *****.*****.com/secret (/etc/httpd/conf.d/mylabserver.com.conf:16)
    …..

    # cat /etc/httpd/conf.d/mylabserver.com.conf

    servername *****.*****.com
    DocumentRoot /var/www/html
    Directoryindex index.html

    ….

    servername *****.*****.com/secret
    Documentroot /var/www/html/secret
    Directoryindex index.html

    Require host localhost

    #

    Thanks,

    Thanks,

    Reply
    1. DevopsAdmin Post author

      Hi, Configuration seems to be okay, is page not loading? or what error code it throws?

      Reply
  23. Jano

    Hello,

    I have question about multiuser samba configuration. It was working for you withou “inherit acls = yes” in samba conf? If you are using “multiuser” in fstab and “sec=ntlmssp” it was needed run “cifscreds add” to make content accesible for specific user? If I dont run cifscred I get all time Permission denied.

    Reply
  24. sameer

    Hello,

    Thank you for this resourceful examples.
    There is a small error in question 18 – iscsi line 10.

    You have written devopsage_lv as vg name. It should be devopsage_vg, as you had specified while creating the vg.
    Can you correct it please?

    Regards,
    Sameer

    Reply
      1. Asha

        Thanks for sharing this. From what I have experienced, the only disk provided on the exam hosts is all taken up by / and /boot. Do you have to shrink root to carve out a new disk for Iscsi target ?

        Reply
        1. DevopsAdmin Post author

          Hi Asha, What I believe, you will be given an additional disk space where you will be creating partitions. Same disk you will be using to create multiple partitions and using it on different scenarios. creating partition directly on the root volume is not recommended, if anything goes wrong there, you system may go into kernel panic mode.

          Reply
  25. Yama

    Hello!

    First and foremost thank you for this valuable page! it does help a lot.
    It may be obvious but I still was wondering about the following:
    regarding the network teaming, we are supposed to perform the exact same steps on both systems right ? with the only difference where we have to assign the 192.168.X.111 on system1 and 192.168.X.222 on system2 right ?

    Thank you!

    Reply
  26. Musi Ndah

    Very excellent post. Can be very helpful in the RHCE exam.
    Question1: Could you please explain the steps how to login as root user in the RHCE exam to access the terminal?
    Question2: On your post you did not use the Name Server and gateway addresses when setting teaming network. It is okay to set teaming network without using the Name Server and gateway addresses?
    Question3: Could you please explain how to set up hostname in RHCE exam if it is allow to do so?
    Thanks,

    Reply
    1. DevopsAdmin Post author

      Thanks,

      QS1: For this, you can refer the RHCSA Questions with Solutions, please refer Pre-requisite Section of RHCSA
      Link: http://www.devopsage.com/redhat-certified-system-administrator-7-rhcsa-questions-with-solution/
      Qs2: Please refer to “Step: 2. Create network Connection” of RHCSA Section
      Qs3: For host name, you can change it by, # hostnamectl set-hostname client.example.com, but as of what i remember I don’t think we need to change the hostname in the exam.

      Reply
  27. john

    Hello,
    thanks for the great post! you state that for question 14, it requires an ldap server,..,I understand for home lab I would need to set it up, but for the actual exam, is ldap configured on all systems?…or are we expected to setup ldap all over again much like the rhcsa?

    Reply
    1. DevopsAdmin Post author

      Thanks, As of what i remember, We do not need to configure ldap in the exam, its pre-configured.

      Reply
  28. Rahul Pal

    Hlo admin ,

    In ssh que, the que is to reject the clinets of that domain which is u given above

    So why u use that ip which is used in rich rule

    Reply
  29. Isuru

    I believe this stuff will really helpful to my RHCE exam. thank you for uploading. Isuru-from SRI LANKA

    Reply
  30. nash

    On this:
    Domain Name:
    System1: system1.district10.example.com use as Server
    System2: system2.district10.example.com use as Client
    IP Address:
    System1:172.24.10.110/24
    System1:172.24.10.120/24
    Name Server: 172.24.10.250
    Gateway:172.24.10.254
    Root password : zaldebro
    Your Domain: district10.example.com
    Your Subnet : 172.24.10.0/255.255.255.0
    Yum path http://station.district0.example.com/content/rhel7.0/x86_64/dvd

    Note:(for this subnetmask CIDR value is /24

    Question: I was able to configure system1 and system2 to communicate to each other by making their ip’s static in ifcfg-eth0 files and by mapping their /etc/hosts files.
    But I failed to configure server and client to get their resolution via the given domain name server. That’s how I couldn’t continue the exam. I was stuck. Please what should I have done?
    Thanks…

    Reply
    1. DevopsAdmin Post author

      Hi Nash,

      I believe you have set the hostname as well (FQDN)
      # hostnamectl set-hostname system1.district10.example.com
      # systemctl set-default graphical.target
      # systemctl isolate graphical.target
      # systemctl restart network
      # reboot

      Same step need to be executed on client as well. You also need to set the given DNS, Once all these are configured server should ping client from domain and vice versa. As of what I think, making entry in /etc/hosts is not required.

      You can refer the prerequisite section from the RHCSA post,
      http://www.devopsage.com/redhat-certified-system-administrator-7-rhcsa-questions-with-solution/

      Reply
  31. rizwan

    Hi admin,
    My question is in this exam you have used serverX and DesktopX but in real exam will X be be change as per my system number if it is 1 or 2 or 3 like Server1 and Desktop1
    specially in question 14 mostly in dumps they are using ServerX rather then their number like Server1.keytab from exam pov same thing you have mentioned as ServerX
    wget -O /etc/krb5.keytab http://classroom.example.com/pub/keytabs/ServerX.keytab
    just need a clear point do i need to put here my system number here in the exam on the place of X ?

    Reply
    1. DevopsAdmin Post author

      Hi Rizwan,

      There will be multiple workstations you will find in the exam. The one which will be allocated to you will have some number. Your system will have 2 virtual machines, one will be Server and another Desktop. here in this blog X represents the system number which can be any.
      Also, you will be provided with the link of downloadable items, like keytab, self-signed SSL certificate, a Dynamic script for dynamic web server question etc..

      Reply
    1. Yama

      Hello!

      First and foremost, thank you for this valuable page!
      It may sounds obvious but I still wanted to make sure, regarding the network teaming we will have to perform the exact same thing on both systems right? with the difference that the IP we will add on each system should be different.
      So on system1 it will be 192.168.X.111 and on system2 192.168.X.222 ??

      Thanks!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *