LFCA Question #10: Real Exam Question with Answer & Explanation

The correct answer is D: firewall-cmd --add-service=https --permanent --reload. To immediately and permanently allow HTTPS access through firewalld, the firewall-cmd --add-service=https --permanent --reload command is used.

Submitted by minji_kr· May 4, 2026System Administration

Question

When working on a Linux system with firewalld enabled, how can other systems be allowed to access the HTTPS port on the system in the default firewall zone so that the access is granted immediately and persists across reboots?

Options

Afirewallctl --add-port=https --reload
Biptables --add-service=https --permanent
Cfirewalld --add-service=https
Dfirewall-cmd --add-service=https --permanent --reload

Explanation

To immediately and permanently allow HTTPS access through firewalld, the firewall-cmd --add-service=https --permanent --reload command is used.

Common mistakes.

A. firewallctl is not the correct command; it should be firewall-cmd. Also, --add-port would require specifying port number and protocol, whereas --add-service=https uses the predefined service.
B. iptables is the older firewall utility; firewalld is a frontend for netfilter but uses its own firewall-cmd utility, so mixing commands is incorrect.
C. firewalld --add-service=https is incorrect syntax for the command, it should be firewall-cmd. Additionally, without --permanent and --reload, the rule would only be temporary and not applied immediately.

Concept tested. firewalld service management (persistent rules)

Reference. https://firewalld.org/documentation/man-pages/firewall-cmd.html

Topics

#firewalld#Firewall Configuration#Service Access Control#Persistent Configuration

Community Discussion

No community discussion yet for this question.

Full LFCA Practice Browse All LFCA Questions