CompTIA XK0-005 Exam With Confidence Using Practice Dumps

umask subtracts permissions from default (666 for files, 777 for dirs).

To achieve 640 for files → umask = 137

To achieve 750 for dirs → umask = 027

The closest match to both for stricter permissions is umask 0037.

To allow the same Kubernetes container configurations to be deployed in different environments without statically configuring custom locations, the engineer can use an ambassador container (D). An ambassador container is a proxy container that handles communication between containers and external services. It can dynamically configure locations based on environment variables or other methods. The other options are not related to this requirement. References:

[CompTIA Linux+ Study Guide], Chapter 11: Working with Containers, Section: Using Ambassador Containers

[How to Use Ambassador Containers]

Comprehensive and Detailed Explanation From Exact Extract:

The correct way to temporarily allow specific services in a particular zone with firewalld is to use firewall-cmd --add-service=service --zone=zone. Multiple services can be specified in curly braces and separated by commas. The correct syntax is:

bash

CopyEdit

firewall-cmd --add-service={dns,http,https} --zone=internal

This command will allow DNS (port 53), HTTP (port 80), and HTTPS (port 443) through the firewall for the "internal" zone temporarily (for the current runtime session).

Other options:

A. The command syntax is incorrect; firewalld is a service, not a command-line tool.

B. iptables does not use the --enable-service flag, nor does it have zones in this way.

D. systemctl mask disables services, and the rest of the command is invalid.