Scenario-Based RHCE Interview Questions [2025]

RHCSA Foundational Scenarios

1. Your team needs to verify the RHEL version across multiple servers to ensure compatibility with a new application. How do you check the version?

Scenario: You manage 10 RHEL servers, and a new application requires RHEL 9.3 or higher.
Solution: Use cat /etc/redhat-release to check the OS version on each server.

• Commands:

  cat /etc/redhat-release
  # Output: Red Hat Enterprise Linux release 9.3 (Plow)

• Importance: Confirms compatibility for software deployment.

• Verification: Cross-check with uname -r for kernel version.

2. A new employee needs administrative access on a RHEL server. How do you set this up?

Scenario: A new developer, Alice, requires sudo access on a production server.
Solution: Create a user and add them to the wheel group.

• Commands:

  sudo useradd -m alice
  sudo usermod -aG wheel alice
  sudo passwd alice

• Importance: Ensures secure administrative access.

• Verification: Run sudo -l -U alice to confirm privileges.

3. Your team requires a shared directory for collaboration. How do you configure it?

Scenario: Developers need a shared directory /projects with read/write access for the devgroup.
Solution: Set group ownership and permissions.

• Commands:

  sudo groupadd devgroup
  sudo chown :devgroup /projects
  sudo chmod g+rw /projects

• Importance: Facilitates secure collaboration.

• Verification: Check ls -l /projects.

4. A manager asks for a report on server uptime. How do you retrieve this?

Scenario: You need to report the uptime of a critical database server.
Solution: Use the uptime command to display system runtime.

• Commands:

  uptime
  # Output: 09:00:01 up 5 days

• Importance: Tracks server availability for maintenance planning.

• Verification: Cross-check with who -b.

5. You need to schedule a daily backup script. How do you automate it?

Scenario: A nightly backup script /backup.sh must run at 2 AM daily.
Solution: Use crontab to schedule the task.

• Commands:

  crontab -e
  # Add: 0 2 * * * /backup.sh

• Importance: Reduces manual effort for backups.

• Verification: Check crontab -l.

6. A new application requires a dedicated storage volume. How do you create it?

Scenario: An application needs a 20GB logical volume named app_lv.
Solution: Create an LVM logical volume.

• Commands:

  sudo pvcreate /dev/sdb1
  sudo vgcreate app_vg /dev/sdb1
  sudo lvcreate -L 20G -n app_lv app_vg
  sudo mkfs.ext4 /dev/app_vg/app_lv

• Importance: Provides flexible storage management.

• Verification: Check lvs and df -h.

7. A server requires a static IP for reliable networking. How do you configure it?

Scenario: A web server needs a static IP 192.168.1.100/24 with gateway 192.168.1.1.
Solution: Use nmcli to set the IP configuration.

• Commands:

  sudo nmcli con mod "eth0" ipv4.addresses "192.168.1.100/24" ipv4.gateway "192.168.1.1"
  sudo nmcli con up "eth0"

• Importance: Ensures consistent network connectivity.

• Verification: Check ip addr show eth0.

8. A web application needs HTTP traffic allowed. How do you configure the firewall?

Scenario: A new web server requires HTTP access in the public zone.
Solution: Use firewalld to allow HTTP traffic.

• Commands:

  sudo firewall-cmd --zone=public --add-service=http --permanent
  sudo firewall-cmd --reload

• Importance: Secures network access.

• Verification: Check firewall-cmd --list-services.

9. An application fails due to SELinux denials. How do you troubleshoot?

Scenario: A web application cannot access /var/www/data due to SELinux restrictions.
Solution: Analyze logs and apply correct SELinux contexts.

• Commands:

  sudo sealert -a /var/log/audit/audit.log
  sudo chcon -R -t httpd_sys_content_t /var/www/data

• Importance: Ensures secure application functionality.

• Verification: Retest application access.

10. A server’s disk is full. How do you identify large files?

Scenario: A server’s /var partition is at 100% capacity.
Solution: Use du and find to locate large files.

• Commands:

  sudo du -sh /var/* | sort -hr
  sudo find /var -type f -size +100M

• Importance: Frees up disk space.

• Verification: Check df -h /var.

Ansible Automation Scenarios

11. Your company wants to automate server configurations. Why use Ansible?

Scenario: Your team manages 50 servers and needs to standardize configurations.
Solution: Ansible automates repetitive tasks across multiple nodes using SSH and YAML playbooks.

• Benefits:

  • Agentless: No software installation on managed nodes.

  • Idempotent: Ensures consistent results.

  • Scalable: Handles thousands of nodes.

• Example: Automating Apache installation across web servers.

• Importance: Reduces manual effort and errors.

• Verification: Check ansible --version.

12. You need to install Ansible on a control node. How do you proceed?

Scenario: A new RHEL 9 control node requires Ansible for automation.
Solution: Install Ansible via dnf with the EPEL repository.

• Commands:

  sudo dnf install -y epel-release
  sudo dnf install -y ansible

• Importance: Enables automation workflows.

• Verification: Run ansible --version.

13. You need to define a group of web servers for automation. How do you set up the inventory?

Scenario: You manage three web servers (192.168.1.10–12) and two database servers (192.168.1.20–21).
Solution: Create an inventory file grouping the servers.

• Example:

  # inventory.ini
  [webservers]
  192.168.1.10
  192.168.1.11
  192.168.1.12
  [dbservers]
  192.168.1.20
  192.168.1.21

• Importance: Organizes automation targets.

• Verification: Run ansible-inventory --list -i inventory.ini.

14. How do you verify Ansible can connect to managed nodes?

Scenario: You need to confirm SSH connectivity to five servers before automation.
Solution: Use the ping module to test connectivity.

• Command:

  ansible all -i inventory.ini -m ping

• Importance: Ensures reliable communication.

• Verification: Look for pong responses.

15. You need to check disk usage across multiple servers. How do you do it?

Scenario: Your manager requests disk usage reports from all web servers.
Solution: Run an ad-hoc command with the command module.

• Command:

  ansible webservers -i inventory.ini -m command -a "df -h"

• Importance: Provides quick system insights.

• Verification: Review command output.

16. You need to install Apache on multiple web servers. How do you automate this?

Scenario: Five web servers require Apache installation and startup.
Solution: Create a playbook to install and start httpd.

• Example:

  # web.yml
  ---
  - name: Install and start httpd
    hosts: webservers
    tasks:
      - name: Install httpd
        dnf:
          name: httpd
          state: present
        become: yes
      - name: Start httpd
        service:
          name: httpd
          state: started
          enabled: yes
        become: yes

• Importance: Ensures consistent deployment.

• Verification: Run ansible-playbook web.yml and test curl http://webserver.

17. A playbook fails due to a syntax error. How do you validate it?

Scenario: A playbook fails to execute, and you suspect a YAML syntax issue.
Solution: Use ansible-playbook --syntax-check to validate.

• Command:

  ansible-playbook --syntax-check playbook.yml

• Importance: Prevents runtime errors.

• Verification: Fix errors and rerun.

18. You need to install different packages based on server roles. How do you use variables?

Scenario: Web servers need httpd, and database servers need mariadb-server.
Solution: Use variables in a playbook for role-based package installation.

• Example:

  # install.yml
  ---
  - name: Install role-specific packages
    hosts: all
    vars:
      web_package: httpd
      db_package: mariadb-server
    tasks:
      - name: Install web package
        dnf:
          name: "{{ web_package }}"
          state: present
        when: "'webservers' in group_names"
        become: yes
      - name: Install db package
        dnf:
          name: "{{ db_package }}"
          state: present
        when: "'dbservers' in group_names"
        become: yes

• Importance: Enhances playbook flexibility.

• Verification: Run ansible-playbook install.yml and check dnf list installed.

19. You need to secure Ansible credentials. How do you manage secrets?

Scenario: A playbook requires a database password.
Solution: Use Ansible Vault to encrypt sensitive data.

• Commands:

  ansible-vault create secret.yml
  # Add: db_password: mysecret
  ansible-playbook --vault-id @prompt playbook.yml

• Importance: Protects sensitive information.

• Verification: Decrypt with ansible-vault view secret.yml.

20. A playbook task fails but should continue. How do you handle errors?

Scenario: A playbook tries to install a non-existent package but should proceed.
Solution: Use ignore_errors to skip failures.

• Example:

  - name: Try installing package
    dnf:
      name: nonexistent
      state: present
    ignore_errors: yes
    become: yes

• Importance: Ensures robust automation.

• Verification: Check playbook output for continuation.

Advanced Ansible Scenarios

21. You need to organize automation tasks for reuse. How do you create an Ansible role?

Scenario: Your team needs a reusable role to deploy Nginx.
Solution: Use ansible-galaxy to create a role and add tasks.

• Commands:

  ansible-galaxy init nginx_role
  # Edit nginx_role/tasks/main.yml
  - name: Install nginx
    dnf:
      name: nginx
      state: present
    become: yes
  - name: Start nginx
    service:
      name: nginx
      state: started
      enabled: yes
    become: yes

• Importance: Promotes modular automation.

• Verification: Run ansible-playbook -i inventory.ini nginx.yml.

22. You need to apply a role across multiple servers. How do you do it?

Scenario: Deploy the Nginx role to all web servers.
Solution: Reference the role in a playbook.

• Example:

  # nginx.yml
  ---
  - name: Deploy nginx
    hosts: webservers
    roles:
      - nginx_role

• Importance: Simplifies complex deployments.

• Verification: Run ansible-playbook nginx.yml and test curl http://webserver.

23. You want to use a community role for Apache. How do you obtain it?

Scenario: You need a pre-built Apache role for quick deployment.
Solution: Download from Ansible Galaxy.

• Command:

  ansible-galaxy install geerlingguy.apache

• Importance: Saves development time.

• Verification: Check ~/.ansible/roles.

24. A custom task isn’t supported by existing modules. How do you create a custom module?

Scenario: You need a module to greet a user by name.
Solution: Write a Python module for Ansible.

• Example:

  # library/greet.py
  #!/usr/bin/python
  from ansible.module_utils.basic import AnsibleModule
  def main():
      module = AnsibleModule(argument_spec=dict(name=dict(type='str', required=True)))
      module.exit_json(changed=False, msg=f"Hello {module.params['name']}")
  if __name__ == '__main__':
      main()

• Importance: Extends Ansible functionality.

• Verification: Use in a playbook and run.

25. You need to install packages only on RHEL servers. How do you handle this?

Scenario: A playbook runs on mixed OS servers, but httpd should only install on RHEL.
Solution: Use conditionals with when.

• Example:

  - name: Install httpd on RHEL
    dnf:
      name: httpd
      state: present
    when: ansible_distribution == "RedHat"
    become: yes

• Importance: Ensures OS-specific automation.

• Verification: Run on mixed OS hosts and check.

26. You need to install multiple packages efficiently. How do you use loops?

Scenario: Web servers require httpd, mod_ssl, and php.
Solution: Use a loop to install multiple packages.

• Example:

  - name: Install web packages
    dnf:
      name: "{{ item }}"
      state: present
    loop:
      - httpd
      - mod_ssl
      - php
    become: yes

• Importance: Reduces playbook redundancy.

• Verification: Check dnf list installed.

27. You need to use server-specific data in a playbook. How do you access facts?

Scenario: A playbook must log each server’s hostname.
Solution: Use Ansible facts with the setup module.

• Example:

  - name: Gather facts
    setup:
  - name: Log hostname
    debug:
      msg: "Server hostname: {{ ansible_facts['hostname'] }}"

• Importance: Enables dynamic automation.

• Verification: Check playbook output.

28. A task needs to run on the control node, not the managed node. How do you delegate it?

Scenario: A playbook must execute a local backup command.
Solution: Use delegate_to for localhost execution.

• Example:

  - name: Run local backup
    command: tar -czf /backup/control.tar.gz /etc
    delegate_to: localhost

• Importance: Enables flexible task execution.

• Verification: Check /backup/control.tar.gz.

29. You need to improve playbook execution speed. How do you optimize Ansible?

Scenario: A playbook takes too long across 100 servers.
Solution: Enable pipelining in ansible.cfg.

• Configuration:

  # ansible.cfg
  [ssh_connection]
  pipelining = True

• Importance: Reduces SSH overhead.

• Verification: Measure playbook runtime.

30. A playbook needs to configure a firewall dynamically. How do you manage this?

Scenario: Web servers need HTTP and HTTPS ports opened.
Solution: Use the firewalld module.

• Example:

  - name: Allow web traffic
    firewalld:
      service: "{{ item }}"
      permanent: yes
      state: enabled
    loop:
      - http
      - https
    become: yes

• Importance: Secures network services.

• Verification: Check firewall-cmd --list-services.

System Configuration Scenarios

31. You need to install Nginx on 10 servers. How do you automate this?

Scenario: A new application requires Nginx on all web servers.
Solution: Use the dnf module in a playbook.

• Example:

  - name: Install nginx
    dnf:
      name: nginx
      state: present
    become: yes

• Importance: Ensures consistent software deployment.

• Verification: Check nginx -v.

32. A service must start automatically on boot. How do you configure it?

Scenario: The httpd service must run at startup on web servers.
Solution: Use the service module.

• Example:

  - name: Enable httpd
    service:
      name: httpd
      state: started
      enabled: yes
    become: yes

• Importance: Ensures service availability.

• Verification: Check systemctl status httpd.

33. You need to deploy a custom configuration file. How do you do it?

Scenario: Web servers need a custom nginx.conf.
Solution: Use the template module for dynamic configuration.

• Example:

  - name: Deploy nginx config
    template:
      src: nginx.conf.j2
      dest: /etc/nginx/nginx.conf
    become: yes
    notify: Restart nginx

• Importance: Ensures consistent configurations.

• Verification: Check /etc/nginx/nginx.conf.

34. You need to schedule a log cleanup task. How do you automate it?

Scenario: Clear /var/log/app.log daily at midnight.
Solution: Use the cron module.

• Example:

  - name: Schedule log cleanup
    cron:
      name: "Clear app log"
      minute: "0"
      hour: "0"
      job: "> /var/log/app.log"

• Importance: Manages log file sizes.

• Verification: Check crontab -l.

35. A new user must be added to multiple servers. How do you automate this?

Scenario: Add user bob with sudo access across all servers.
Solution: Use the user module.

• Example:

  - name: Create user bob
    user:
      name: bob
      state: present
      groups: wheel
      password: "{{ 'mypassword' | password_hash('sha512') }}"
    become: yes

• Importance: Streamlines user management.

• Verification: Check /etc/passwd.

36. An application requires SELinux to be in permissive mode. How do you configure it?

Scenario: A legacy app fails in enforcing mode.
Solution: Set SELinux to permissive using the selinux module.

• Example:

  - name: Set SELinux to permissive
    selinux:
      policy: targeted
      state: permissive
    become: yes

• Importance: Balances security and functionality.

• Verification: Check getenforce.

37. You need to allow SSH traffic through the firewall. How do you do it?

Scenario: A server’s firewall blocks SSH access.
Solution: Use the firewalld module to allow SSH.

• Example:

  - name: Allow SSH
    firewalld:
      service: ssh
      permanent: yes
      state: enabled
    become: yes

• Importance: Ensures secure remote access.

• Verification: Test SSH login.

38. A new storage volume is needed for data. How do you set up LVM?

Scenario: Create a 15GB volume for /data.
Solution: Use lvg and lvol modules.

• Example:

  - name: Create volume group
    lvg:
      vg: data_vg
      pvs: /dev/sdc1
  - name: Create logical volume
    lvol:
      vg: data_vg
      lv: data_lv
      size: 15g
  - name: Format volume
    filesystem:
      fstype: ext4
      dev: /dev/data_vg/data_lv

• Importance: Provides scalable storage.

• Verification: Check lvs and df -h.

39. You need to distribute SSH keys for automation. How do you do it?

Scenario: Ansible needs passwordless SSH access to managed nodes.
Solution: Use the authorized_key module.

• Example:

  - name: Add SSH key
    authorized_key:
      user: ansibleadm
      key: "{{ lookup('file', '/home/ansibleadm/.ssh/id_rsa.pub') }}"

• Importance: Secures automation connectivity.

• Verification: Test ansible all -m ping.

40. A server requires a reboot after updates. How do you automate it?

Scenario: Apply updates and reboot servers.
Solution: Use the reboot module.

• Example:

  - name: Update packages
    dnf:
      name: '*'
      state: latest
    become: yes
  - name: Reboot server
    reboot:
      reboot_timeout: 300
    become: yes

• Importance: Ensures updates are applied.

• Verification: Check uptime post-reboot.

Networking Scenarios

41. A server needs a static IP for a new application. How do you configure it?

Scenario: Assign 192.168.1.200/24 to a server’s eth1.
Solution: Use the nmcli module.

• Example:

  - name: Set static IP
    nmcli:
      conn_name: eth1
      type: ethernet
      ip4: 192.168.1.200/24
      gw4: 192.168.1.1
      state: present
    become: yes

• Importance: Ensures reliable networking.

• Verification: Check ip addr show eth1.

42. DNS resolution fails on a server. How do you fix it?

Scenario: A server cannot resolve example.com.
Solution: Set DNS servers using nmcli.

• Example:

  - name: Set DNS
    nmcli:
      conn_name: eth0
      dns4: 8.8.8.8
      state: present
    become: yes

• Importance: Enables name resolution.

• Verification: Test nslookup example.com.

43. A virtual machine requires a network bridge. How do you set it up?

Scenario: Create a bridge br0 for VM networking.
Solution: Use nmcli to configure a bridge.

• Example:

  - name: Create bridge
    nmcli:
      conn_name: br0
      type: bridge
      state: present
    become: yes
  - name: Add slave
    nmcli:
      conn_name: eth0
      type: bridge-slave
      master: br0
    become: yes

• Importance: Supports virtualized networking.

• Verification: Check nmcli con show.

44. A legacy system uses iptables. How do you allow HTTP traffic?

Scenario: A server with iptables needs HTTP access.
Solution: Use the iptables module.

• Example:

  - name: Allow HTTP
    iptables:
      chain: INPUT
      protocol: tcp
      destination_port: 80
      jump: ACCEPT
    become: yes

• Importance: Ensures firewall compatibility.

• Verification: Check iptables -L.

45. Your team needs a shared NFS directory. How do you configure it?

Scenario: Set up /data as an NFS share for all clients.
Solution: Configure NFS with Ansible.

• Example:

  - name: Install NFS
    dnf:
      name: nfs-utils
      state: present
    become: yes
  - name: Configure exports
    lineinfile:
      path: /etc/exports
      line: "/data *(rw,sync)"
    become: yes
  - name: Start NFS
    service:
      name: nfs-server
      state: started
      enabled: yes
    become: yes

• Importance: Enables shared storage.

• Verification: Mount on a client and test.

46. Servers have time sync issues. How do you fix them?

Scenario: Application errors occur due to time drift.
Solution: Configure NTP with chrony.

• Example:

  - name: Enable chronyd
    service:
      name: chronyd
      state: started
      enabled: yes
    become: yes

• Importance: Ensures accurate system time.

• Verification: Check chronyc sources.

47. You need to monitor network interfaces. How do you automate this?

Scenario: Report network interface status across servers.
Solution: Use the command module to collect data.

• Example:

  - name: Check interfaces
    command: ip addr show
    register: output
  - debug:
      msg: "{{ output.stdout }}"

• Importance: Tracks network health.

• Verification: Review output.

48. A server needs VPN access. How do you configure it?

Scenario: Connect a server to a VPN using an OpenVPN config.
Solution: Use nmcli to import the VPN configuration.

• Example:

  - name: Import VPN
    nmcli:
      conn_name: myvpn
      type: vpn
      vpn: "{{ lookup('file', 'client.ovpn') }}"
      state: present
    become: yes

• Importance: Secures remote connections.

• Verification: Check nmcli con show.

49. You need to route traffic to a new subnet. How do you configure it?

Scenario: Add a route for 10.0.0.0/24 via 192.168.1.1.
Solution: Use the command module for routing.

• Example:

  - name: Add route
    command: ip route add 10.0.0.0/24 via 192.168.1.1
    become: yes

• Importance: Enables custom network routing.

• Verification: Check ip route.

50. A server cannot reach the internet. How do you troubleshoot?

Scenario: A server fails to ping 8.8.8.8.
Solution: Use ad-hoc commands to diagnose connectivity.

• Example:

  - name: Test connectivity
    command: ping -c 4 8.8.8.8
    register: result
    ignore_errors: yes
  - debug:
      msg: "{{ result.stdout }}"

• Importance: Restores network functionality.

• Verification: Check ping results and firewall.

Security Scenarios

51. An application needs a custom SELinux context. How do you apply it?

Scenario: A web app requires /app/data to have httpd_sys_content_t.
Solution: Use the sefcontext module.

• Example:

  - name: Set SELinux context
    sefcontext:
      target: '/app/data(/.*)?'
      setype: httpd_sys_content_t
      state: present
    become: yes

• Importance: Ensures secure application access.

• Verification: Check ls -Z /app/data.

52. You need to change the SSH port to 2222. How do you do it?

Scenario: Enhance security by changing the SSH port.
Solution: Edit sshd_config with lineinfile.

• Example:

  - name: Change SSH port
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^#Port 22'
      line: 'Port 2222'
    become: yes
    notify: Restart sshd

• Importance: Reduces SSH attack surface.

• Verification: Test ssh -p 2222 user@localhost.

53. A file needs specific user access. How do you set ACLs?

Scenario: User alice needs read/write access to /data/file.txt.
Solution: Use the acl module.

• Example:

  - name: Set ACL
    acl:
      path: /data/file.txt
      entity: alice
      etype: user
      permissions: rw
      state: present
    become: yes

• Importance: Provides granular access control.

• Verification: Check getfacl /data/file.txt.

54. Passwords must be at least 12 characters. How do you enforce this?

Scenario: Enforce stronger password policies for security compliance.
Solution: Configure pwquality.conf.

• Example:

  - name: Set password length
    lineinfile:
      path: /etc/security/pwquality.conf
      regexp: '^# minlen'
      line: 'minlen = 12'
    become: yes

• Importance: Strengthens authentication.

• Verification: Test with passwd alice.

55. A user needs to be restricted to a chroot jail. How do you configure it?

Scenario: User bob should only access /jail/bob.
Solution: Set up a chroot environment.

• Example:

  - name: Create chroot directory
    file:
      path: /jail/bob/bin
      state: directory
    become: yes
  - name: Configure chroot
    lineinfile:
      path: /etc/ssh/sshd_config
      line: 'ChrootDirectory /jail/bob'
    become: yes
    notify: Restart sshd

• Importance: Isolates users for security.

• Verification: Test SSH login as bob.

56. You need to monitor file access. How do you set up auditing?

Scenario: Track access to /data/secret.txt.
Solution: Use auditd to monitor file activity.

• Example:

  - name: Audit file
    command: auditctl -w /data/secret.txt -p rwxa
    become: yes

• Importance: Detects unauthorized access.

• Verification: Check /var/log/audit/audit.log.

57. Only specific users should access SSH. How do you restrict it?

Scenario: Only alice should access SSH on a server.
Solution: Use AllowUsers in sshd_config.

• Example:

  - name: Restrict SSH
    lineinfile:
      path: /etc/ssh/sshd_config
      line: 'AllowUsers alice'
    become: yes
    notify: Restart sshd

• Importance: Enhances server security.

• Verification: Test SSH login as another user.

58. You need to limit login attempts. How do you configure PAM?

Scenario: Prevent brute-force attacks by limiting SSH logins to 3 attempts.
Solution: Configure PAM with pam_tally2.

• Example:

  - name: Limit login attempts
    lineinfile:
      path: /etc/pam.d/sshd
      line: 'auth required pam_tally2.so deny=3'
    become: yes

• Importance: Protects against unauthorized access.

• Verification: Test multiple login failures.

59. A script needs elevated privileges. How do you set suid?

Scenario: /script.sh must run as root for all users.
Solution: Use the file module to set suid.

• Example:

  - name: Set suid
    file:
      path: /script.sh
      mode: u+s
    become: yes

• Importance: Enables privilege escalation.

• Verification: Check ls -l /script.sh.

60. A user is consuming too many resources. How do you limit them?

Scenario: User alice should be limited to 100 processes.
Solution: Configure limits.conf.

• Example:

  - name: Limit processes
    lineinfile:
      path: /etc/security/limits.conf
      line: 'alice hard nproc 100'
    become: yes

• Importance: Prevents resource abuse.

• Verification: Check ulimit -u as alice.

Container Scenarios

61. You need to run a web server in a container. How do you automate it?

Scenario: Deploy an HTTP container on all web servers.
Solution: Use the podman_container module.

• Example:

  - name: Run httpd container
    podman_container:
      name: web
      image: registry.access.redhat.com/ubi9/httpd-24
      state: started
      ports: "8080:8080"

• Importance: Automates containerized workloads.

• Verification: Check podman ps.

62. A container needs persistent storage. How do you configure it?

Scenario: A web container needs /data mounted to /var/www/html.
Solution: Use a volume with podman_container.

• Example:

  - name: Create volume directory
    file:
      path: /data
      state: directory
    become: yes
  - name: Run container with volume
    podman_container:
      name: web
      image: httpd
      volumes: /data:/var/www/html
      state: started

• Importance: Ensures data persistence.

• Verification: Check /data contents.

63. You need a custom container image. How do you build it?

Scenario: Create a custom web image with a specific configuration.
Solution: Use buildah to build the image.

• Example:

  - name: Build image
    command: buildah bud -t myweb .
    become: yes

• Importance: Supports tailored containerization.

• Verification: Check podman images.

64. Containers need isolated networking. How do you set it up?

Scenario: Create a network for a group of containers.
Solution: Use the podman_network module.

• Example:

  - name: Create network
    podman_network:
      name: mynet
      state: present

• Importance: Isolates container communication.

• Verification: Check podman network ls.

65. You need to run a multi-container application. How do you automate it?

Scenario: Deploy a web and database container with podman-compose.
Solution: Use the command module to run podman-compose.

• Example:

  - name: Run podman-compose
    command: podman-compose -f compose.yml up

• Importance: Simplifies multi-container management.

• Verification: Check podman ps.

Advanced System Administration Scenarios

66. You need to deploy a secure web server. How do you automate it?

Scenario: Set up Apache with SSL on web servers.
Solution: Install httpd, mod_ssl, and configure SSL.

• Example:

  - name: Install web packages
    dnf:
      name: "{{ item }}"
      state: present
    loop:
      - httpd
      - mod_ssl
    become: yes
  - name: Configure SSL
    template:
      src: ssl.conf.j2
      dest: /etc/httpd/conf.d/ssl.conf
    become: yes
    notify: Restart httpd

• Importance: Secures web traffic.

• Verification: Test curl https://webserver.

67. A database server needs to be deployed. How do you automate it?

Scenario: Install and start MariaDB on database servers.
Solution: Use dnf and service modules.

• Example:

  - name: Install MariaDB
    dnf:
      name: mariadb-server
      state: present
    become: yes
  - name: Start MariaDB
    service:
      name: mariadb
      state: started
      enabled: yes
    become: yes

• Importance: Automates database deployment.

• Verification: Check mysql -u root -p.

68. You need to set up a load balancer. How do you configure it?

Scenario: Deploy HAProxy to balance traffic across web servers.
Solution: Install and configure HAProxy.

• Example:

  - name: Install HAProxy
    dnf:
      name: haproxy
      state: present
    become: yes
  - name: Configure HAProxy
    template:
      src: haproxy.cfg.j2
      dest: /etc/haproxy/haproxy.cfg
    become: yes
    notify: Restart haproxy

• Importance: Ensures high availability.

• Verification: Test load balancer access.

69. You need to set up a high-availability cluster. How do you do it?

Scenario: Configure a two-node cluster with Pacemaker.
Solution: Install and start Pacemaker.

• Example:

  - name: Install Pacemaker
    dnf:
      name: pacemaker
      state: present
    become: yes
  - name: Start Pacemaker
    service:
      name: pacemaker
      state: started
      enabled: yes
    become: yes

• Importance: Supports fault tolerance.

• Verification: Check pcs status.

70. A web server needs a virtual host. How do you configure it?

Scenario: Set up a virtual host for example.com on Apache.
Solution: Use the template module for configuration.

• Example:

  - name: Configure virtual host
    template:
      src: vhost.conf.j2
      dest: /etc/httpd/conf.d/example.conf
    become: yes
    notify: Restart httpd

• Importance: Supports multiple websites.

• Verification: Test curl http://example.com.

Troubleshooting Scenarios

71. A playbook fails unexpectedly. How do you debug it?

Scenario: A playbook fails with unclear errors.
Solution: Use verbose mode and debug module.

• Example:

  - name: Debug variable
    debug:
      msg: "{{ ansible_facts['hostname'] }}"

• Importance: Identifies playbook issues.

• Verification: Run ansible-playbook -v playbook.yml.

72. A task fails due to a missing directory. How do you troubleshoot?

Scenario: A playbook fails because /data doesn’t exist.
Solution: Check task output and create the directory.

• Example:

  - name: Create directory
    file:
      path: /data
      state: directory
    become: yes
  - name: Check failure
    command: ls /data
    register: result
  - debug:
      msg: "{{ result.stdout }}"

• Importance: Resolves task failures.

• Verification: Check error messages.

73. You need to check system logs for errors. How do you automate it?

Scenario: Investigate application errors in /var/log/messages.
Solution: Use the command module to tail logs.

• Example:

  - name: Check logs
    command: tail -n 10 /var/log/messages
    register: logs
  - debug:
      msg: "{{ logs.stdout }}"

• Importance: Aids error diagnosis.

• Verification: Review log output.

74. Ansible cannot connect to a host. How do you troubleshoot?

Scenario: A server in the inventory fails to respond.
Solution: Verify SSH connectivity and inventory settings.

• Steps:

  • Check SSH: ssh-copy-id user@host.

  • Test: ansible host -m ping -v.

• Importance: Ensures automation reliability.

• Verification: Check ping output.

75. A server cannot reach the gateway. How do you diagnose it?

Scenario: A server fails to ping 192.168.1.1.
Solution: Use ad-hoc commands to test connectivity.

• Example:

  - name: Ping gateway
    command: ping -c 4 192.168.1.1
    register: ping_result
    ignore_errors: yes
  - debug:
      msg: "{{ ping_result.stdout }}"

• Importance: Restores network functionality.

• Verification: Check ping results.

Performance Tuning Scenarios

76. A server is slow under heavy load. How do you optimize it?

Scenario: A web server struggles with high traffic.
Solution: Apply a performance profile with tuned.

• Example:

  - name: Set performance profile
    tuned:
      profile: throughput-performance
      state: enabled
    become: yes

• Importance: Enhances system performance.

• Verification: Check tuned-adm active.

77. An application is consuming too much CPU. How do you limit it?

Scenario: Process ID 1234 uses excessive CPU.
Solution: Use cpulimit to restrict usage.

• Example:

  - name: Limit CPU
    command: cpulimit -p 1234 -l 50
    become: yes

• Importance: Prevents resource hogging.

• Verification: Check top.

78. You need to monitor disk performance. How do you do it?

Scenario: A server experiences slow disk I/O.
Solution: Use iostat to analyze performance.

• Example:

  - name: Check disk I/O
    command: iostat -x 1 3
    register: iostat
  - debug:
      msg: "{{ iostat.stdout }}"

• Importance: Identifies disk bottlenecks.

• Verification: Review %util.

79. A server swaps memory excessively. How do you optimize it?

Scenario: A server uses too much swap, slowing performance.
Solution: Adjust vm.swappiness.

• Example:

  - name: Set swappiness
    sysctl:
      name: vm.swappiness
      value: '10'
      state: present
    become: yes

• Importance: Optimizes memory usage.

• Verification: Check cat /proc/sys/vm/swappiness.

80. You need to analyze system performance. How do you collect metrics?

Scenario: Monitor CPU and memory usage trends.
Solution: Use sar for performance data.

• Example:

  - name: Run sar
    command: sar -u 1 3
    register: sar
  - debug:
      msg: "{{ sar.stdout }}"

• Importance: Tracks performance issues.

• Verification: Review CPU/memory stats.

Backup and Recovery Scenarios

81. You need to back up a critical directory. How do you automate it?

Scenario: Back up /etc nightly to /backup.
Solution: Use the command module to create a tar archive.

• Example:

  - name: Backup /etc
    command: tar -czf /backup/etc-$(date +%F).tar.gz /etc
    become: yes

• Importance: Ensures data recovery.

• Verification: Check ls /backup.

82. You need to schedule database backups. How do you do it?

Scenario: Back up a MariaDB database daily at 1 AM.
Solution: Use the cron module for scheduling.

• Example:

  - name: Schedule DB backup
    cron:
      name: "DB backup"
      minute: "0"
      hour: "1"
      job: "mysqldump -u root mydb > /backup/db-$(date +\%F).sql"

• Importance: Protects critical data.

• Verification: Check ls /backup.

83. A backup needs to be restored. How do you automate it?

Scenario: Restore /etc from a backup file.
Solution: Extract the archive with command.

• Example:

  - name: Restore backup
    command: tar -xzf /backup/etc-2025-09-09.tar.gz -C /restore
    become: yes

• Importance: Recovers lost data.

• Verification: Check ls /restore.

84. You need a full disk backup. How do you create it?

Scenario: Back up /dev/sda to an image file.
Solution: Use dd for a low-level backup.

• Example:

  - name: Create disk image
    command: dd if=/dev/sda of=/backup/disk.img bs=64K
    become: yes

• Importance: Preserves entire disk.

• Verification: Check ls -lh /backup/disk.img.

85. You need to prepare for disaster recovery. How do you use rear?

Scenario: Create a recovery image for a server.
Solution: Install and use rear.

• Example:

  - name: Install rear
    dnf:
      name: rear
      state: present
    become: yes
  - name: Create recovery image
    command: rear mkbackup
    become: yes

• Importance: Minimizes downtime.

• Verification: Check /var/lib/rear.

System Boot and Recovery Scenarios

86. You need to change the GRUB timeout. How do you do it?

Scenario: Set GRUB timeout to 10 seconds for faster booting.
Solution: Edit /etc/default/grub and regenerate GRUB config.

• Example:

  - name: Set GRUB timeout
    lineinfile:
      path: /etc/default/grub
      regexp: '^GRUB_TIMEOUT='
      line: 'GRUB_TIMEOUT=10'
    become: yes
  - name: Update GRUB
    command: grub2-mkconfig -o /boot/grub2/grub.cfg
    become: yes

• Importance: Customizes boot behavior.

• Verification: Reboot and check.

87. A server needs to boot into single-user mode. How do you configure it?

Scenario: Troubleshoot a server in single-user mode.
Solution: Set temporary boot parameters.

• Example:

  - name: Boot to single-user mode
    command: systemctl reboot --firmware-setup
    become: yes

• Importance: Facilitates system recovery.

• Verification: Check boot logs.

88. A server needs the latest kernel. How do you update it?

Scenario: Apply the latest kernel for security patches.
Solution: Use dnf to install the kernel.

• Example:

  - name: Install kernel
    dnf:
      name: kernel
      state: latest
    become: yes

• Importance: Ensures system security.

• Verification: Check uname -r post-reboot.

89. The initramfs is corrupted. How do you rebuild it?

Scenario: A server fails to boot due to a missing initramfs.
Solution: Use dracut to regenerate initramfs.

• Example:

  - name: Rebuild initramfs
    command: dracut -f /boot/initramfs-$(uname -r).img
    become: yes

• Importance: Restores boot functionality.

• Verification: Check ls /boot.

90. A server fails to boot. How do you troubleshoot?

Scenario: Investigate boot errors on a server.
Solution: Check boot logs with journalctl.

• Example:

  - name: Check boot logs
    command: journalctl -b
    register: logs
  - debug:
      msg: "{{ logs.stdout }}"

• Importance: Diagnoses boot failures.

• Verification: Review logs for errors.

Advanced RHCE Scenarios

91. You need to set up Ansible Tower for enterprise automation. How do you do it?

Scenario: Deploy Ansible Tower for centralized playbook management.
Solution: Install and configure Tower.

• Steps:

  • Install: sudo dnf install ansible-tower.

  • Run setup: sudo tower-setup.

• Importance: Streamlines enterprise automation.

• Verification: Access Tower web interface.

92. You need to automate OpenShift project creation. How do you do it?

Scenario: Create a new project in OpenShift for a team.
Solution: Use the oc_project module.

• Example:

  - name: Create OpenShift project
    oc_project:
      name: team-project
      state: present

• Importance: Automates container orchestration.

• Verification: Check oc get projects.

93. Servers need access to Red Hat repositories. How do you manage subscriptions?

Scenario: Register servers with Red Hat subscriptions.
Solution: Use the rhsm_subscription module.

• Example:

  - name: Attach subscription
    rhsm_subscription:
      state: present
      username: user
      password: pass
    become: yes

• Importance: Enables package access.

• Verification: Check subscription-manager status.

94. A server operates behind a proxy. How do you configure it?

Scenario: Set up a proxy for internet access.
Solution: Configure /etc/environment.

• Example:

  - name: Set proxy
    lineinfile:
      path: /etc/environment
      line: 'http_proxy=http://proxy.example.com:8080'
    become: yes

• Importance: Supports restricted networks.

• Verification: Test with curl.

95. You need to enable IP forwarding for a router. How do you do it?

Scenario: A server must act as a router for a subnet.
Solution: Use the sysctl module.

• Example:

  - name: Enable IP forwarding
    sysctl:
      name: net.ipv4.ip_forward
      value: '1'
      state: present
    become: yes

• Importance: Enables network routing.

• Verification: Check sysctl net.ipv4.ip_forward.

Real-World Deployment Scenarios

96. You need to deploy a web application. How do you automate it?

Scenario: Deploy Apache and a web app on 10 servers.
Solution: Use a playbook with roles.

• Example:

  - name: Deploy web app
    hosts: webservers
    roles:
      - webserver
  # webserver/tasks/main.yml
  - name: Install httpd
    dnf:
      name: httpd
      state: present
    become: yes
  - name: Deploy app
    copy:
      src: app.html
      dest: /var/www/html/index.html
    become: yes

• Importance: Streamlines production deployments.

• Verification: Test curl http://webserver.

97. A database requires daily backups. How do you automate it?

Scenario: Back up a PostgreSQL database nightly.
Solution: Schedule pg_dump with cron.

• Example:

  - name: Schedule DB backup
    cron:
      name: "Postgres backup"
      minute: "0"
      hour: "2"
      job: "pg_dump -U postgres mydb > /backup/pgdb-$(date +\%F).sql"

• Importance: Protects critical data.

• Verification: Check ls /backup.

98. You need to keep servers updated. How do you automate updates?

Scenario: Apply security updates across all servers monthly.
Solution: Use the dnf module.

• Example:

  - name: Update packages
    dnf:
      name: '*'
      state: latest
    become: yes

• Importance: Maintains system security.

• Verification: Check dnf history.

99. You need to deploy a multi-tier application. How do you automate it?

Scenario: Deploy a web, app, and database tier.
Solution: Use roles for each tier.

• Example:

  - name: Deploy multi-tier app
    hosts: all
    roles:
      - webserver
      - appserver
      - database

• Importance: Manages complex architectures.

• Verification: Test application functionality.

100. Log files are growing too large. How do you automate rotation?

Scenario: Rotate /var/log/app.log weekly.
Solution: Configure logrotate.

• Example:

  - name: Configure logrotate
    template:
      src: logrotate.conf.j2
      dest: /etc/logrotate.d/app
    become: yes

• Importance: Manages disk space.

• Verification: Test logrotate -d /etc/logrotate.d/app.

Career and Interview Scenarios

101. Your interviewer asks how you’d prepare for the RHCE EX294 exam. What’s your approach?

Scenario: You’re asked to outline your RHCE exam preparation strategy.
Solution: Focus on hands-on practice and structured study.

• Steps:

  • Set up RHEL 9 VMs for Ansible practice.

  • Review EX294 objectives on redhat.com.

  • Complete mock exams from CertDepot or Red Hat sandbox.

• Importance: Ensures exam success.

• Verification: Successfully run sample playbooks.

102. You’re asked to demonstrate automation ROI in an interview. How do you respond?

Scenario: An interviewer wants proof of automation’s business value.
Solution: Highlight measurable benefits with examples.

• Importance: Shows business impact.

• Verification: Share a GitHub repo or case study with automation scripts.