XK0-005 Question #10010: Real Exam Question with Answer & Explanation

Question

A Linux administrator is testing a new web application on a local laptop and consistently shows the following 403 errors in the laptop's logs" The web server starts properly, but an error is generated in the audit log. Which of the following settings should be enabled to prevent this audit message?

Options

• Ahttpd_can_network_connect = 1
• Bhttpd_enable_scripting = 1
• Chttpd_enable_homedirs = 1
• Dhttpd_enable_cgi = 1

Explanation

{"question_number": 10, "question": "A Linux administrator is testing a web application locally and sees 403 errors in logs along with SELinux audit log entries. Which SELinux boolean should be enabled?", "correct_answer": "C", "explanation": "The SELinux boolean 'httpd_enable_homedirs' controls whether the Apache web server (httpd) is allowed to access and serve content from user home directories (e.g., /home/username/public_html). When this boolean is off (0), SELinux blocks httpd from reading home directory content, generating AVC denial entries in the audit log and causing 403 Forbidden errors for users. Enabling it with 'setsebool -P httpd_enable_homedirs 1' resolves this. The other booleans address different scenarios: 'httpd_can_network_connect' allows httpd to initiate outbound network connections, 'httpd_enable_scripting' is not a standard SELinux boolean, and 'httpd_enable_cgi' allows CGI script execution - none of which match the home directory access scenario described.", "generated_by": "claude-sonnet", "llm_judge_score": 3}

No community discussion yet for this question.