100+ Free EX362 Practice Questions

Pass your Red Hat Certified Specialist in Identity Management (EX362) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

Not published Pass Rate

100+ Questions

100% Free

1 / 100

Question 1

Score: 0/0

Which command-line tool installs and configures the first IdM server with an integrated DNS and CA on RHEL 9?

ipa-server-install

ipa-client-install

ipa-replica-install

ipa-ca-install

to track

2026 Statistics

Key Facts: EX362 Exam

210/300

Passing Score

Red Hat

4 hours

Exam Length

Red Hat

Hands-on

Format

Performance-based

RHEL 9 + IdM 4.8

Tested Versions

Red Hat

RHCA-eligible

Counts toward

Red Hat Certified Architect

$400-500

Exam Cost

Red Hat

EX362 is a performance-based hands-on exam (no multiple choice) on live RHEL 9 + IdM 4.8 systems. The passing score is 210/300 (70%). Candidates must install IdM with integrated DNS+CA, configure replicas, manage users/hosts/HBAC/sudo, integrate AD trusts, deploy 2FA and smart cards, and automate IdM with the freeipa.ansible_freeipa collection. EX362 counts toward Red Hat Certified Architect (RHCA).

Sample EX362 Practice Questions

Try these sample questions to test your EX362 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which command-line tool installs and configures the first IdM server with an integrated DNS and CA on RHEL 9?

A.ipa-server-install

B.ipa-client-install

C.ipa-replica-install

D.ipa-ca-install

Explanation: ipa-server-install is the bootstrap utility that deploys the first IdM server. Passing --setup-dns and --setup-ca (the default) provisions integrated BIND DNS and a Dogtag CA in one step.

2On a fresh RHEL 9 system, which dnf module command installs the IdM server packages?

A.dnf module enable idm:DL1 && dnf install ipa-server ipa-server-dns

B.dnf install freeipa-server

C.dnf groupinstall ipa-server

D.dnf module install idm:client

Explanation: On RHEL 9 the IdM server is delivered through the idm:DL1 module stream. Enable the stream, then install ipa-server (and ipa-server-dns for integrated DNS).

3Which port must be reachable on an IdM server for Kerberos TCP and UDP traffic?

A.88

B.389

C.464

D.749

Explanation: Kerberos KDC listens on TCP and UDP port 88. firewalld must allow this port (the freeipa-ldap and freeipa-ldaps services include it) for client authentication to work.

4Which firewalld service shortcut opens all required ports for an IdM server with integrated DNS?

A.freeipa-ldap, freeipa-ldaps, dns

B.ipa-server

C.krb5

D.ldap-only

Explanation: Red Hat ships predefined firewalld services freeipa-ldap and freeipa-ldaps (covering 80/443/389/636/88/464/749/123 as needed). With integrated DNS you also add the dns service for port 53.

5Which option to ipa-server-install configures the server in unattended mode using a response file of values?

A.--unattended

B.--quiet

C.--silent

D.--no-prompt

Explanation: --unattended (alias -U) runs ipa-server-install non-interactively. All values must be supplied on the command line because no prompts are shown.

6An IdM server requires a properly configured FQDN. Which file ultimately contains the system's hostname after using hostnamectl?

A./etc/hostname

B./etc/sysconfig/network

C./etc/hosts

D./etc/resolv.conf

Explanation: hostnamectl set-hostname writes the static hostname to /etc/hostname. /etc/hosts maps names to IPs but is not the source of truth for the system hostname on RHEL 9.

7Which command provisions a new replica of an existing IdM server on a freshly installed RHEL 9 host?

A.ipa-replica-install

B.ipa-server-install --replica

C.ipa-ca-install --replica

D.ipa server-add

Explanation: ipa-replica-install enrolls and promotes a host as a replica. Since RHEL 8 it no longer requires a pre-generated GPG file; you can run it interactively after the host is enrolled or pass --principal/--admin-password.

8Which IdM CLI command lists all replication agreements (segments) in the LDAP topology suffix?

A.ipa topologysegment-find domain

B.ipa-replica-manage list

C.ipa server-show

D.ipa replica-find

Explanation: Replication topology is managed via the topology plugin. ipa topologysegment-find <suffix> lists segments for the domain or ca suffix. ipa-replica-manage is deprecated in current RHEL IdM.

9After installing IdM with the default integrated CA, where is the IdM CA certificate exposed for clients to download via HTTP?

A.http://<server>/ipa/config/ca.crt

B.http://<server>/ca.crt

C.https://<server>/ipa/cert/ca.pem

D.http://<server>/pki/ca/ca.crt

Explanation: The IdM web server publishes the CA certificate at http://<server>/ipa/config/ca.crt. Clients use this URL during ipa-client-install to bootstrap trust.

10Which option to ipa-server-install enables FreeIPA's integrated BIND-based DNS service?

A.--setup-dns

B.--enable-dns

C.--with-dns

D.--dns-integration

Explanation: --setup-dns (with --auto-forwarders or explicit --forwarder) installs and configures the integrated DNS server using BIND with the bind-dyndb-ldap backend.

About the EX362 Exam

EX362 is the Red Hat Certified Specialist in Identity Management exam. It validates hands-on skills with Red Hat IdM (FreeIPA-based) on RHEL 9: server and replica install with integrated DNS and CA, user/host/service management, Kerberos, SSSD, AD trust, two-factor and smart card authentication, single sign-on, certificate management, IdM-via-Ansible automation, backup, and disaster recovery.

Questions

100 scored questions

Time Limit

4 hours

Passing Score

210/300 (70%)

Exam Fee

$400-500 USD (Red Hat)

EX362 Exam Content Outline

12%

Install IdM Servers and Replicas

ipa-server-install, integrated DNS+CA, ipa-replica-install, topology segments, firewall services

20%

Users, Groups, Hosts, HBAC, Sudo

ipa user-add, group-add, host-add, hostgroup, hbacrule, sudorule, automember, RBAC roles

12%

Kerberos Authentication

kinit, klist, kdestroy, ipa-getkeytab, krbtpolicy-mod, principals, keytabs, ticket lifetimes

10%

IdM Clients and SSSD

ipa-client-install, sssd.conf, sss_cache, sssctl, authselect, sss_ssh_authorizedkeys

10%

Active Directory Trust

ipa-adtrust-install, ipa trust-add, external groups, ID views, idrange, range types

Two-Factor and Smart Card

OTP tokens, --user-auth-type, PKINIT, certmap rules, authselect with-smartcard

SSO and Certificates

mod_auth_gssapi, ipa cert-find, ipa cert-revoke, certmonger, getcert, IdM CA

14%

Manage IdM with Ansible

freeipa.ansible_freeipa: ipauser, ipagroup, ipahbacrule, ipasudorule, ipapwpolicy, roles

Backup and Recovery

ipa-backup, ipa-restore, replica removal, ipa server-del, CA renewal master

Troubleshooting

ipactl status, /var/log/sssd, /var/log/pki, getcert list, replication agreements

How to Pass the EX362 Exam

What You Need to Know

Passing score: 210/300 (70%)
Exam length: 100 questions
Time limit: 4 hours
Exam fee: $400-500 USD

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

EX362 Study Tips from Top Performers

1Build a real lab: at least one IdM server, one replica, one client, and one Windows AD domain controller — emulating a forest trust is essential

2Memorize ipa-server-install, ipa-replica-install, and ipa-client-install option flags by heart

3Practice ipa CLI subcommands until verbs (user-add, group-add-member, hbacrule-add-host, sudorule-add-user) are second nature

4Master the freeipa.ansible_freeipa collection module names: ipauser, ipagroup, ipahbacrule, ipasudorule, ipapwpolicy, ipaserver role

5Drill Kerberos: kinit -kt, ipa-getkeytab, klist -kt, krbtpolicy-mod, and the structure of service principals (HTTP/host@REALM)

6Configure SSSD by hand once — even though ipa-client-install does it, knowing /etc/sssd/sssd.conf saves you in the troubleshooting tasks

7Practice AD trust setup: ipa-adtrust-install, ipa trust-add, ID range types (ipa-ad-trust vs ipa-ad-trust-posix), and external groups

8Get fluent with authselect select sssd with-smartcard and the certmap rule syntax for PKINIT

9Run ipa-backup and ipa-restore until you can do a full disaster recovery without notes

10Time yourself: a 4-hour exam goes fast — practice working under pressure with no internet access

Frequently Asked Questions

What does EX362 cover?

EX362 is the Red Hat Certified Specialist in Identity Management exam. It tests installing and configuring IdM servers, replicas, and clients on RHEL 9; managing users, groups, hosts, HBAC, and sudo; configuring Kerberos, SSSD, AD trusts, two-factor and smart card authentication; managing certificates and SSO; and automating IdM with the freeipa.ansible_freeipa collection.

What is the EX362 exam format?

EX362 is performance-based: there are no multiple-choice questions. You receive a list of tasks to complete on live RHEL 9 + IdM systems within the time limit. Passing requires 210 out of 300 points (70%). Each task is graded based on whether the resulting system state meets the specification.

How long is the EX362 exam?

EX362 is approximately a 4-hour single-session performance-based exam. Red Hat administers it at training centers, partner sites, and via individual remote exam (proctored). Time management is critical since each lab task can be verified independently.

What is the EX362 cost?

Red Hat lists the standard exam fee around $400-500 USD depending on region, with discounts often included in the Red Hat Learning Subscription. Individual exam vouchers are also available. Always confirm the current fee on the official EX362 page before scheduling.

Does EX362 require RHCE?

Red Hat strongly recommends current RHCE certification before attempting EX362, since the exam includes Ansible-based IdM automation. RHCE is also required to retain the Specialist credential, and EX362 plus four additional Specialist exams (with current RHCE) qualifies for Red Hat Certified Architect (RHCA).

How long should I study for EX362?

Plan for 80-120 hours of focused, hands-on study over 8-12 weeks. Set up a lab with at least one IdM server, one replica, one Linux client, and one Active Directory domain controller. Practice every objective in the official content guide repeatedly until you can complete each task in under five minutes from memory.

Is EX362 valid for life?

No. Specialist credentials follow Red Hat's general 3-year recertification cycle and require a current RHCE to remain valid. You can re-pass EX362 or earn a higher Red Hat credential to keep it active.