Last modified: April 27, 2026
This article is written in: πΊπΈ
The Red Hat Certified System Administrator (RHCSA) certification is one of the most respected credentials in the Linux world. Unlike exams where you pick answers from a list, RHCSA is entirely performance-based β you sit in front of a live Red Hat Enterprise Linux system and complete real tasks within a time limit. If you can pass it, employers know you can actually do the work.
This guide walks through the exam objectives, key concepts you need to master, and practical exercises to build the skills that get tested.
| Detail | Information |
| Exam Code | EX200 |
| Format | Performance-based (hands-on tasks on a live system) |
| Duration | 2.5 hours |
| Number of Tasks | Typically 10β15 tasks |
| Passing Score | 210 out of 300 (70%) |
| Cost | Approximately $500 USD |
| Prerequisites | None required, but RHCSA-level experience recommended |
| Validity | 3 years |
| Based On | Red Hat Enterprise Linux 9 (current version) |
Red Hat publishes official exam objectives that change with each RHEL version. The following covers the major domains:
RHCSA Exam Domains
βββ Understand and Use Essential Tools
β βββ Access shell prompts and issue commands
β βββ Use input/output redirection
β βββ Use grep and regular expressions
β βββ Access remote systems using SSH
β βββ Log in and switch users
β βββ Archive, compress, unpack, and decompress files
β βββ Create and edit text files
β βββ Create, delete, copy, and move files and directories
β βββ Create hard and soft links
βββ Create Simple Shell Scripts
β βββ Conditionals (if/then, case)
β βββ Loops (for, while)
β βββ Process script inputs ($1, $2, etc.)
β βββ Process output of shell commands within a script
βββ Operate Running Systems
β βββ Boot, reboot, and shut down normally
β βββ Boot into different targets manually
β βββ Interrupt boot process to gain access (reset root password)
β βββ Identify CPU/memory-intensive processes and kill them
β βββ Adjust process scheduling
β βββ Manage tuning profiles
β βββ Locate and interpret system log files
β βββ Preserve system journals
βββ Configure Local Storage
β βββ List, create, delete partitions (MBR and GPT)
β βββ Create and remove physical volumes
β βββ Assign physical volumes to volume groups
β βββ Create and delete logical volumes
β βββ Configure systems to mount file systems at boot
β βββ Configure and manage swap space
β βββ Create and configure file systems (ext4, xfs)
β βββ Mount and unmount network file systems (NFS)
βββ Create and Configure File Systems
β βββ Create, mount, unmount, and use ext4 and xfs
β βββ Mount and unmount network file systems (NFS, CIFS)
β βββ Configure autofs
β βββ Extend existing logical volumes
β βββ Create and configure set-GID directories
βββ Deploy, Configure, and Maintain Systems
β βββ Schedule tasks using cron and at
β βββ Start and stop services, configure services to start at boot
β βββ Configure systems to boot into a specific target
β βββ Install and update software packages
β βββ Modify the system bootloader
β βββ Configure time service clients
βββ Manage Basic Networking
β βββ Configure IPv4 and IPv6 addresses
β βββ Configure hostname resolution
β βββ Configure network services to start at boot
β βββ Restrict network access using firewalld
βββ Manage Users and Groups
β βββ Create, delete, and modify local user accounts
β βββ Change passwords and adjust password aging
β βββ Create, delete, and modify local groups
β βββ Configure superuser access
β βββ Configure key-based authentication for SSH
βββ Manage Security
β βββ Configure firewall settings using firewalld
β βββ Manage default file permissions
β βββ Configure SELinux modes (enforcing, permissive, disabled)
β βββ List and identify SELinux file and process contexts
β βββ Restore default file contexts
β βββ Manage SELinux port labels
β βββ Use boolean settings to modify SELinux policy
β βββ Diagnose and address routine SELinux policy violations
βββ Manage Containers
βββ Find and retrieve container images
βββ Inspect container images
βββ Perform container management (run, start, stop, list, inspect, remove)
βββ Run a service inside a container
βββ Configure a container to start automatically as a systemd service
βββ Attach persistent storage to a containerThis section covers the foundational commands and techniques you need. Everything else builds on these skills.
You should be able to perform these operations without hesitation:
# Create a directory structure
mkdir -p /home/user/project/{docs,src,bin}
# Copy files preserving permissions and ownership
cp -a /source/dir /destination/
# Create hard and soft links
ln /path/to/original /path/to/hardlink
ln -s /path/to/original /path/to/symlink
# Find files by various criteria
find / -name "*.conf" -type f 2>/dev/null
find /home -user student -size +1M
find /var -mtime -7 -name "*.log"Redirection shows up in nearly every exam task, even when it's not the main objective:
# Redirect stdout and stderr separately
command > output.txt 2> errors.txt
# Redirect both to the same file
command &> all_output.txt
# Append instead of overwrite
command >> output.txt 2>&1
# Use pipes to chain commands
ps aux | grep httpd | grep -v grep
cat /etc/passwd | cut -d: -f1 | sort# Search for a pattern in files
grep "failed" /var/log/secure
# Case-insensitive search
grep -i "error" /var/log/messages
# Show line numbers
grep -n "root" /etc/passwd
# Use extended regular expressions
grep -E "^(root|admin)" /etc/passwd
# Recursive search through directories
grep -r "ServerName" /etc/httpd/# Create a compressed tar archive
tar czf archive.tar.gz /path/to/directory
# Extract a tar archive
tar xzf archive.tar.gz
# List contents without extracting
tar tzf archive.tar.gz
# Create with bzip2 compression
tar cjf archive.tar.bz2 /path/to/directory
# Extract to a specific directory
tar xzf archive.tar.gz -C /target/directoryThe exam often asks you to configure the system to boot into a specific target:
# Check current default target
systemctl get-default
# Set default target to multi-user (no GUI)
systemctl set-default multi-user.target
# Set default target to graphical
systemctl set-default graphical.target
# Switch to a different target immediately
systemctl isolate rescue.targetThis is a classic RHCSA task. You need to know the exact steps because you won't have internet access during the exam:
Step-by-step root password reset:
1. Reboot the system
2. At the GRUB menu, press 'e' to edit the boot entry
3. Find the line starting with 'linux'
4. Append: rd.break
5. Press Ctrl+X to boot
6. At the switch_root prompt:
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
exit
7. System reboots with new root passwordThe touch /.autorelabel step is critical when SELinux is enforcing β without it, the password change won't stick because the SELinux context on /etc/shadow will be wrong.
# Find processes consuming the most CPU
top -bn1 | head -20
# Kill a process by PID
kill -9 <PID>
# Find and kill a process by name (find PID first)
ps aux | grep "process_name"
kill <PID>
# Change process priority
nice -n 10 command
renice -n 5 -p <PID># List existing partitions
lsblk
fdisk -l
# Create a new partition (interactive)
fdisk /dev/sdb
# n (new), p (primary), accept defaults or set size, w (write)
# For GPT partitions
gdisk /dev/sdbLVM tasks appear on almost every RHCSA exam. Know these commands cold:
# Create a physical volume
pvcreate /dev/sdb1
# Create a volume group
vgcreate myvg /dev/sdb1
# Create a logical volume (500MB)
lvcreate -L 500M -n mylv myvg
# Format the logical volume
mkfs.xfs /dev/myvg/mylv
# Mount it
mkdir /mnt/mydata
mount /dev/myvg/mylv /mnt/mydata
# Make it persistent in /etc/fstab
echo "/dev/myvg/mylv /mnt/mydata xfs defaults 0 0" >> /etc/fstab
# Extend a logical volume and resize the filesystem
lvextend -L +200M /dev/myvg/mylv
xfs_growfs /mnt/mydata # for xfs
# or
resize2fs /dev/myvg/mylv # for ext4# Create a swap partition or file
dd if=/dev/zero of=/swapfile bs=1M count=512
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
# Make persistent
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
# Verify
swapon --show
free -h# Create a user with specific UID and home directory
useradd -u 1500 -d /home/jsmith -s /bin/bash jsmith
# Set password
passwd jsmith
# Create a group
groupadd developers
# Add user to supplementary group
usermod -aG developers jsmith
# Configure password aging
chage -M 90 -W 7 -I 14 jsmith
# View password aging info
chage -l jsmith
# Configure sudo access
visudo
# Add: jsmith ALL=(ALL) NOPASSWD: ALLSELinux questions are guaranteed on the RHCSA. Many candidates fail because they don't practice this enough:
# Check current SELinux mode
getenforce
sestatus
# Set SELinux to enforcing
setenforce 1
# Make permanent (survives reboot)
# Edit /etc/selinux/config and set SELINUX=enforcing
# View file contexts
ls -Z /var/www/html/
# Restore default context
restorecon -Rv /var/www/html/
# Change file context
semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"
restorecon -Rv /custom/path
# Manage SELinux ports
semanage port -a -t http_port_t -p tcp 8888
semanage port -l | grep http
# Toggle SELinux booleans
getsebool -a | grep httpd
setsebool -P httpd_enable_homedirs on
# Troubleshoot SELinux denials
ausearch -m AVC -ts recent
sealert -a /var/log/audit/audit.log# Check firewall status
firewall-cmd --state
# List current rules
firewall-cmd --list-all
# Add a service permanently
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
# Add a specific port
firewall-cmd --permanent --add-port=8080/tcp
# Reload to apply changes
firewall-cmd --reload
# Verify changes
firewall-cmd --list-all# View current network configuration
ip addr show
ip route show
# Configure a static IP using nmcli
nmcli con mod "System eth0" ipv4.addresses 192.168.1.100/24
nmcli con mod "System eth0" ipv4.gateway 192.168.1.1
nmcli con mod "System eth0" ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con mod "System eth0" ipv4.method manual
nmcli con up "System eth0"
# Configure hostname
hostnamectl set-hostname server1.example.com
# Configure hostname resolution
# Edit /etc/hosts for local resolution
echo "192.168.1.50 server2.example.com server2" >> /etc/hosts# Create a cron job for user
crontab -e
# Add: 0 2 * * * /usr/local/bin/backup.sh
# Create a cron job that runs every 15 minutes
# */15 * * * * /path/to/script.sh
# Schedule a one-time task with at
at 3:00 PM
# at> /usr/local/bin/maintenance.sh
# at> Ctrl+D
# Manage systemd timers (modern alternative)
systemctl list-timersContainer management is a newer addition to the RHCSA objectives (RHEL 9):
# Log in to a container registry
podman login registry.redhat.io
# Search for images
podman search httpd
# Pull an image
podman pull registry.redhat.io/rhel9/httpd-24
# Run a container
podman run -d --name myweb -p 8080:8080 registry.redhat.io/rhel9/httpd-24
# List running containers
podman ps
# Inspect a container
podman inspect myweb
# Create a systemd service for a container (rootless)
mkdir -p ~/.config/systemd/user/
cd ~/.config/systemd/user/
podman generate systemd --name myweb --files --new
systemctl --user daemon-reload
systemctl --user enable container-myweb.service
systemctl --user start container-myweb.service
# Attach persistent storage
podman run -d --name myweb -v /host/data:/var/www/html:Z registry.redhat.io/rhel9/httpd-24The :Z flag at the end of the volume mount tells podman to apply the correct SELinux context to the mounted directory. Forgetting this is a common mistake when SELinux is in enforcing mode.
Allocate at least 2GB RAM
Master the basics:
/etc/fstab entries and verify with mount -aSet up swap space using both partitions and files
Service management:
httpd)systemctl enablerd.break methodConfigure network interfaces using nmcli
Timed practice exam:
man pages and --help for reference/etc/fstab entries (use mount -a to test before rebooting)
- Firewall rules (always use --permanent flag then --reload)
- SELinux settings (use -P flag with setsebool)
- Systemd service enablement (systemctl enable)
- Network configuration changes made persistent via nmcli
**Time management during the exam:**
- Quickly read through all tasks first
- Do easy tasks first to bank points
- Don't spend more than 15 minutes on any single task
- If stuck, move on and come back later
- Save 10 minutes at the end to verify persistence
**Common pitfalls:**
- Forgetting restorecon after changing SELinux file contexts
- Using firewall-cmd without --permanent
- Not testing /etc/fstab with mount -a before rebooting
- Missing the :Z flag on container volume mounts with SELinux
- Not running systemctl daemon-reload after modifying unit files
After passing the RHCSA, consider these paths:
Ready to start studying? Set up your practice lab first, then work through each exam objective systematically. The Linux Certification Overview can help you confirm that RHCSA is the right choice for your career goals.
chmod, chown, and chgrp, and configure the setgid bit so that new files inherit the group ownership. Verify the configuration by creating files as different users.ausearch and setsebool, and explain why SELinux is a critical component of the RHCSA exam.nmcli or nmtui by setting a static IP address, gateway, and DNS server. Verify connectivity and test hostname resolution. Troubleshoot a simulated network misconfiguration and document the commands you used to resolve the issue.enable, start, mask, and disable in the context of systemd.cron and at. Create a cron job that performs a daily backup of a directory and an at job that runs a one-time maintenance script at a specified time. Verify that both tasks execute as expected and explain when each scheduling method is most appropriate.firewalld by creating a custom zone, adding services and ports, and setting up rich rules to restrict access from specific IP ranges. Make the rules persistent, reload the firewall, and verify the configuration. Discuss how firewalld zones provide flexible network security management./etc/fstab.