LPIC-1 Practice Exam: Sample Questions for 101-500 and 102-500 (Mock Exam)
What You Will Achieve
- Test your understanding of key LPIC-1 v5.0 objectives with 10 fully original sample questions
- Read concept-first explanations that go beyond the correct answer to explain why it is correct
- Identify which exam objectives (101-500 and 102-500) need more study time
- Understand the distinction between multiple-choice pattern recognition and genuine command knowledge
- Access hands-on practice via the browser-based terminal and quiz, requiring no local Linux setup
- Know clearly why PDF dumps and unauthorized exam question redistribution are forbidden
These questions are 100% original — created by Penguin Gym Linux based on the public LPI LPIC-1 v5.0 exam objectives. They are not reproduced from LPI exam question pools, and they are not intended to replicate actual exam content verbatim. The goal is conceptual preparation.
About This Practice Exam
Design Principles
This practice exam is built around three principles derived from how the LPIC-1 exam actually tests candidates.
Concept over recall. The LPIC-1 exam uses both multiple-choice and fill-in-the-blank question types. Fill-in-the-blank questions require exact command syntax — not recognition from a list. This means rote memorization of multiple-choice answers without understanding the underlying concept fails on a significant portion of the exam. Every explanation in this article targets the underlying concept first.
Objective alignment. Each question maps to a specific LPI v5.0 objective with its associated weight. High-weight objectives (Weight 4 or 5) appear more frequently on the actual exam. This article samples both high-weight and representative mid-weight objectives across both exams.
Browser-only. All practice on this site — these sample questions, the interactive quiz, and the practice terminal — runs in your browser. No local Linux environment is required. For hands-on command execution, use LPIC-1 Practice Terminal.
No PDFs, No Dumps
This article does not provide downloadable PDFs of exam questions, and it does not link to dump sites. The reasoning is explained in the Why We Do Not Provide PDFs or Dumps section. The short version: it violates the LPI Candidate Agreement, and it is counterproductive for learning.
Sample Questions for 101-500
Q1. History Expansion in Bash
Objective: LPI 103.1 — Work on the command line (Weight 4)
You are working in a bash session and you ran a long tar command that succeeded. Immediately after, you want to re-run the exact same command without retyping it. Which bash history expansion correctly repeats the immediately preceding command?
A. !0
B. !-1
C. !!
D. !#
Answer: C
Explanation: In bash history expansion, !! is the designator that refers to the entire previous command. It substitutes the full text of the last executed command and immediately runs it. !-1 is a valid alternative that also refers to one command back in history, but !! is the canonical and most widely documented form for "repeat last command." !0 is not valid history syntax in standard bash — event 0 does not correspond to the previous command. !# expands to the entire command line typed so far in the current command (self-referential), not to history. Related expansions worth knowing: !$ substitutes only the last argument of the previous command (useful for reusing a filename), and !n refers to event number n in the history list. The ^old^new syntax performs quick substitution on the previous command, replacing the first occurrence of old with new — a distinct operation from repeating the full command unchanged.
Q2. Finding Files by Modification Time
Objective: LPI 103.3 — Perform basic file management (Weight 4)
A system administrator needs to find all regular files in /var/log that have been modified more recently than /var/log/syslog. Which find command accomplishes this?
A. find /var/log -type f -mtime -1
B. find /var/log -type f -newer /var/log/syslog
C. find /var/log -type f -modified /var/log/syslog
D. find /var/log -type f -mtime 0
Answer: B
Explanation: The -newer file predicate in find matches any file whose modification timestamp is more recent than the reference file specified. This is the direct and correct way to compare modification times between files — no manual timestamp calculation is needed. -mtime -1 would find files modified within the last 24 hours relative to the current time, which is a different and less precise constraint — it does not use /var/log/syslog as a reference at all. -modified is not a valid find predicate in standard POSIX or GNU find. -mtime 0 matches files modified within the current 24-hour period from the current moment, also unrelated to the reference file. Two related predicates: -anewer ref tests access time against a reference file, and -cnewer ref tests the inode change time. For the LPIC-1 exam, knowing -newer, -mtime, -atime, and -ctime as distinct predicates and their time unit differences (days for -mtime, minutes for -mmin) is important.
Q3. Redirecting Output with tee
Objective: LPI 103.4 — Use streams, pipes, and redirects (Weight 4)
A script runs a long build process and you want to capture the output to a log file while still displaying it on the terminal in real time. Which command pipeline achieves this?
A. ./build.sh > build.log
B. ./build.sh | cat > build.log
C. ./build.sh | tee build.log
D. ./build.sh 2>&1 build.log
Answer: C
Explanation: tee reads from standard input and writes to both standard output and one or more files simultaneously. When used in a pipeline as ./build.sh | tee build.log, the output of build.sh flows through tee, which writes it to build.log and also passes it through to the terminal. This is the standard idiom for "log and display simultaneously." Option A (> build.log) redirects stdout to the file only — nothing appears on the terminal. Option B (| cat > build.log) pipes through cat into a file redirect, which also sends output only to the file. Option D uses incorrect syntax: 2>&1 merges stderr into stdout, but it must precede a redirect operator; 2>&1 build.log alone is not valid redirection and does not write to a file. A useful variation: tee -a build.log appends to the existing file rather than overwriting. To also capture stderr to the same log, use ./build.sh 2>&1 | tee build.log.
Q4. File Permissions and umask
Objective: LPI 104.5 — Manage file permissions and ownership (Weight 3)
A new file is created in a directory. The system's current umask value is 022. What are the default permissions for the newly created regular file?
A. rwxr-xr-x (755)
B. rw-rw-rw- (666)
C. rw-r--r-- (644)
D. rwx--x--x (711)
Answer: C
Explanation: In Linux, the base permission for newly created regular files is 0666 (rw-rw-rw-). The umask value is subtracted (bitwise AND with the complement of umask) from this base. With umask 022, the permissions that are masked out are write for group and write for others. Applying the mask: 0666 AND ~0022 = 0666 AND 0755 = 0644, which is rw-r--r--. This is why the default file permission with umask 022 is 644. Note that executable files and directories use a different base: 0777 for directories, producing 755 with umask 022. The symbolic form of umask can be set with umask u=rwx,g=rx,o=rx — equivalent to umask 022. When writing shell scripts that create files requiring specific permissions, setting umask at the start of the script ensures consistent results regardless of the user's login umask. The chmod command can then be used to explicitly set permissions that differ from the umask-derived default.
Q5. BRE vs ERE in grep
Objective: LPI 103.7 — Search text files using regular expressions (Weight 3)
Which grep invocation correctly matches lines containing exactly three consecutive digits?
A. grep '{3}' file.txt
B. grep '[0-9]{3}' file.txt
C. grep '[0-9]\{3\}' file.txt
D. grep -F '[0-9]{3}' file.txt
Answer: C
Explanation: GNU grep uses Basic Regular Expressions (BRE) by default. In BRE, the interval quantifier syntax requires escaped braces: \{n\}, \{n,\}, or \{n,m\}. Without the backslashes, {3} is treated as a literal string — not a quantifier — so option A matches the literal characters {3}. Option B uses the ERE syntax {n} without backslashes, which is correct for grep -E (extended regex) or egrep, but not for plain grep. Option D uses -F (fixed string) mode, which disables all regex interpretation and matches the literal string [0-9]{3}. To achieve the same result with ERE, the correct form is grep -E '[0-9]{3}' file.txt. This BRE vs ERE distinction — where ERE uses {n,m} and + and ? unescaped, while BRE requires \{n,m\}, \+, and \? — is a consistent source of exam questions in the LPIC-1 103.7 objective.
Sample Questions for 102-500
Q1. Shell Environment and PATH
Objective: LPI 105.1 — Customize and use the shell environment (Weight 4)
A user defines a variable in a bash login shell: MYVAR=hello. They then open a new subshell with bash. Which of the following is true about MYVAR in the subshell?
A. MYVAR is available in the subshell because variables are inherited automatically.
B. MYVAR is not available in the subshell because it was not exported.
C. MYVAR is available only if the user sources ~/.bashrc in the subshell.
D. MYVAR is available because the subshell reads ~/.bash_profile.
Answer: B
Explanation: In bash, a variable defined with a simple assignment (MYVAR=hello) exists only in the current shell's environment. When a child process (subshell) is spawned, it inherits only variables that have been marked for export using export MYVAR or the combined form export MYVAR=hello. Without export, the variable is local to the defining shell and does not appear in the environment of any child process. Option A is incorrect because automatic inheritance applies only to exported variables. Option C is incorrect because sourcing ~/.bashrc in the subshell would not bring in the parent's unexported variables — it only runs initialization commands. Option D is incorrect because ~/.bash_profile is read by login shells, not by every subshell invocation. The env and printenv commands show only exported variables. Understanding the login shell vs non-login shell distinction — which files are read (~/.bash_profile vs ~/.bashrc) — is equally important for the 105.1 objective.
Q2. Creating a User with Home Directory
Objective: LPI 107.1 — Manage user and group accounts and related system files (Weight 5)
A system administrator runs the following command on a Linux system:
useradd -m -s /bin/bash newdev
Which of the following statements correctly describes what happens?
A. A new user newdev is created, but no home directory is created because -m requires root privileges to function.
B. A new user newdev is created with a home directory at /home/newdev, populated with files from /etc/skel.
C. A new user newdev is created with a home directory, but the -s /bin/bash option is ignored unless /bin/bash is listed in /etc/shells.
D. A new user newdev is created, and the home directory is created at /etc/newdev based on system defaults.
Answer: B
Explanation: The useradd -m option (or --create-home) instructs the command to create the user's home directory if it does not already exist. The default location is determined by the HOME setting in /etc/default/useradd and the useradd defaults — typically /home/username. When the home directory is created, its initial contents are copied from /etc/skel, which contains skeleton files such as .bashrc, .profile, and .bash_logout. The -s /bin/bash flag sets the user's login shell. Option A is incorrect: useradd -m works for any user with appropriate privileges; the -m flag does not impose additional privilege requirements beyond running useradd itself. Option C is incorrect: the shell path is stored in /etc/passwd regardless of /etc/shells validation at account creation time (though login tools may enforce this at login). Option D is incorrect: the home directory is placed under /home by default, not /etc. To also set a password after account creation, use passwd newdev. The system files affected by useradd include /etc/passwd, /etc/shadow, and /etc/group.
Q3. System Logging with journalctl
Objective: LPI 108.2 — System logging (Weight 4)
A system administrator wants to view only error-level and higher priority messages from the systemd journal. Which command achieves this?
A. journalctl --level error
B. journalctl -p err
C. journalctl -f error
D. journalctl --facility=error
Answer: B
Explanation: The journalctl -p (or --priority) option filters journal entries by syslog priority level. Priority levels follow the standard syslog convention: 0=emerg, 1=alert, 2=crit, 3=err, 4=warning, 5=notice, 6=info, 7=debug. Using -p err (or equivalently -p 3) shows messages at priority err and all higher-severity levels (crit, alert, emerg). Option A (--level) is not a valid journalctl flag — the correct flag is -p or --priority. Option C (-f) enables follow mode (like tail -f), showing new entries in real time — the word error in that position would be interpreted incorrectly. Option D (--facility) is a valid journalctl option, but error is not a valid syslog facility — facilities include kern, user, mail, daemon, auth, and so on. For the LPIC-1 exam, knowing both journalctl (systemd journal) and rsyslog configuration — including facility.priority pairs like kern.err in /etc/rsyslog.conf — is required for the 108.2 objective.
Q4. Network Configuration with ip and ss
Objective: LPI 109.2 — Persistent network configuration (Weight 4)
Which command displays all listening TCP sockets and their associated process IDs on a modern Linux system, replacing the deprecated netstat -tlnp?
A. ip route show
B. ip addr show
C. ss -tlnp
D. ifconfig -a
Answer: C
Explanation: ss (socket statistics) is the modern replacement for netstat in Linux. The flags used here: -t limits output to TCP sockets, -l shows only listening sockets, -n displays addresses and ports in numeric form (no DNS lookup), and -p shows the process name and PID associated with each socket. This combination is the direct equivalent of the classic netstat -tlnp. Option A (ip route show) displays the routing table — it shows network routes, not socket state. Option B (ip addr show) displays network interface addresses and link status — useful for checking IP configuration but unrelated to socket monitoring. Option D (ifconfig -a) is a deprecated tool (from the net-tools package) that shows interface configuration — it cannot display socket state. The ip command suite (ip addr, ip link, ip route, ip neigh) has replaced ifconfig, route, and arp in modern Linux distributions. For LPIC-1 109.2, understanding both the modern ip/ss tools and their legacy equivalents (ifconfig, netstat) is expected, as exam questions may reference either.
Q5. SSH Key-Based Authentication
Objective: LPI 110.3 — Securing data with encryption (Weight 4)
A developer wants to set up SSH key-based authentication to connect to a remote server without entering a password. They have already generated an SSH key pair with ssh-keygen. What is the correct next step to authorize the key on the remote server?
A. Copy the private key (~/.ssh/id_rsa) to ~/.ssh/authorized_keys on the remote server.
B. Run ssh-copy-id user@remote to append the public key to ~/.ssh/authorized_keys on the remote server.
C. Copy the public key (~/.ssh/id_rsa.pub) to /etc/ssh/authorized_keys on the remote server.
D. Run ssh-keygen -i user@remote to install the key on the remote server.
Answer: B
Explanation: ssh-copy-id is the standard utility for installing a public key on a remote server. It connects to the remote host via password authentication, creates ~/.ssh/authorized_keys if it does not exist (with the correct permissions 600), and appends the local public key to that file. Option A is incorrect and dangerous: copying the private key to the remote server would expose the private key material, defeating the purpose of asymmetric key authentication. The private key must never leave the local machine. Option C places the key in the wrong location: /etc/ssh/authorized_keys is not the standard path — the correct path is ~/.ssh/authorized_keys within the target user's home directory. The AuthorizedKeysFile directive in /etc/ssh/sshd_config controls this path, but the default is ~/.ssh/authorized_keys. Option D is incorrect: ssh-keygen -i is used to import or convert key formats, not to install keys on remote hosts. For the 110.3 objective, also know the permission requirements: ~/.ssh/ must be mode 700 and authorized_keys must be mode 600 — incorrect permissions cause SSH to silently refuse key-based authentication.
How to Use These Sample Questions
Focus on the Explanation, Not Just the Answer
Checking the correct answer tells you whether you knew it. Reading the explanation tells you whether you understand it. After answering each question, read the full explanation — even if you answered correctly. The explanation targets the concept behind the question, which is what generates fill-in-the-blank recall on the actual exam.
Identify Weak Objectives
Map each question you answered incorrectly to its stated objective (e.g., "103.7 Regular Expressions"). That objective needs more study time. Use the LPIC-1 Exam Objectives v5.0 article to find the weight for that objective and prioritize accordingly.
Hands-On Reinforcement
For every command mentioned in an explanation, run it. The LPIC-1 Practice Terminal provides a browser-based virtual terminal — no local Linux installation is needed. Type the commands, vary the flags, and observe the actual output. This is particularly important for:
findpredicates (-newer,-mtime,-name)tee, pipe chains, and redirect combinationsgrepwith BRE vs ERE patternsuseraddwith various flags and/etc/skelinspectionjournalctlpriority filters
Scored Quiz Practice
For additional LPIC-1 practice questions beyond what is in this article, use the LPIC-1 Quiz. The quiz covers a broader range of objectives and provides immediate scoring feedback.
Exam Simulator: Coming Soon
Exam simulator: under development (tracked in issue #21). Once shipped, this article will link directly to it. In the meantime, use the LPIC-1 Quiz for scored practice and the LPIC-1 Practice Terminal for hands-on command execution.
Why We Do Not Provide PDFs or Dumps
LPI Candidate Agreement
Every candidate who registers for an LPI exam agrees to the LPI Candidate Agreement before the exam begins. This agreement prohibits reproducing, distributing, or using unauthorized copies of exam question content. Sites that host or sell "exam dumps" — collections of real or reconstructed LPI exam questions — are facilitating a direct violation of this agreement.
The consequences for a candidate caught using dumps include immediate exam invalidation and a permanent ban from all LPI certification programs. The consequences for sites hosting unauthorized exam content include legal action under applicable copyright law.
Source: LPI Policies — Last verified 2026-05.
Google Search Essentials Spam Policy
Sites that redistribute copyrighted exam question content without substantial transformation or added value typically violate Google Search Essentials spam policies — specifically the provisions against scaled content abuse and scraping. This affects both the availability and trustworthiness of those sites. Questions from dump sites may be outdated, incorrect, or deliberately seeded with wrong answers by parties attempting to sabotage other candidates.
Source: Google Search Essentials — Spam policies — Last verified 2026-05.
Legitimate Alternatives
These resources provide substantive practice without violating any policies:
- LPIC-1 Quiz on this site — Topic-aligned practice questions
- LPIC-1 Practice Terminal — Hands-on command execution in the browser
- LPI Marketplace official practice exams: https://global1.lpimarketplace.com
- LPI official learning materials: https://learning.lpi.org
- Ping-t question bank (covers LPIC-1 v5.0 content)