0% found this document useful (0 votes)
5 views6 pagesDevops Interviw Questions
The document outlines the design of a 3-tier cloud application architecture, detailing components for the frontend, application layer, and database layer, along with considerations for high availability, security, observability, and tooling. It also explains key networking concepts, differences between public and private subnets, NAT, load balancers, Kubernetes components, Docker vs. virtual machines, and Linux boot processes. Additionally, it covers system monitoring, process states, and Linux permissions.
Uploaded by
poojanandish1993Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
5 views6 pagesDevops Interviw Questions
The document outlines the design of a 3-tier cloud application architecture, detailing components for the frontend, application layer, and database layer, along with considerations for high availability, security, observability, and tooling. It also explains key networking concepts, differences between public and private subnets, NAT, load balancers, Kubernetes components, Docker vs. virtual machines, and Linux boot processes. Additionally, it covers system monitoring, process states, and Linux permissions.
Uploaded by
poojanandish1993Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
/ 6
Here’s a comprehensive response to your list of questions:
1) Design a 3-tier application in the cloud (with HA,
security, observability, and tooling)
Architecture:
o Frontend: CloudFront + Route 53 for DNS management (global
access with geo-routing).
o Application Layer: EC2 (auto-scaling) or EKS (for containerized
workloads), behind an Application Load Balancer (ALB).
o Database Layer: Amazon RDS (multi-AZ for HA), Amazon
DynamoDB, or Amazon Aurora.
o High Availability (HA): Auto-scaling groups for EC2, Multi-AZ
for RDS/Aurora, and Route 53 health checks.
o Security:
VPC with public and private subnets.
Security Groups for instance-level access control.
Network ACLs (NACLs) for subnet-level security.
IAM roles for service-to-service access.
AWS Shield and WAF for DDoS protection.
o Observability:
CloudWatch for logs and metrics.
CloudTrail for audit logging.
AWS X-Ray for tracing and monitoring.
ELB (Elastic Load Balancer) for traffic distribution.
Implement custom monitoring with Prometheus/Grafana or
AWS CloudWatch.
o Tooling:
Use AWS CodePipeline for CI/CD.
Terraform or CloudFormation for IaC (Infrastructure as
Code).
Amazon S3 for static asset hosting.
2) Difference between Public Subnet and Private Subnet:
Public Subnet: Accessible from the internet, typically used for
resources that need to be publicly reachable (e.g., load balancers, web
servers).
Private Subnet: Not directly accessible from the internet. Used for
internal resources like databases and application servers.
3) Internet Connectivity from Public to Private Subnet:
Use a NAT Gateway in the public subnet to allow resources in the
private subnet to access the internet. The NAT Gateway routes
outbound traffic from private subnet instances.
4) What is NAT? Full Form of NAT:
NAT (Network Address Translation) is a method used for
remapping IP addresses by modifying packet headers.
Full Form: Network Address Translation.
5) Types of NATting:
Source NAT (SNAT): Changes the source address of outgoing
packets.
Destination NAT (DNAT): Changes the destination address of
incoming packets.
Masquerading: A form of SNAT used when the source address is not
specified.
6) Difference between Security Group and NACL:
Security Groups: Instance-level firewall, stateful (tracks connection
states).
NACLs (Network Access Control Lists): Subnet-level firewall,
stateless (doesn’t track connection state).
7) Load Balancers in AWS:
ELB (Elastic Load Balancer): Includes 3 types:
o Application Load Balancer (ALB): Works at Layer 7
(HTTP/HTTPS) for routing based on content.
o Network Load Balancer (NLB): Works at Layer 4 (TCP/UDP) for
ultra-low latency.
o Classic Load Balancer (CLB): Works at both Layer 4 and Layer
7, older generation.
8) Layer 7 for Application Load Balancer:
Layer 7 refers to the Application Layer of the OSI model, which
handles HTTP/HTTPS traffic. It enables routing based on URL path, host
headers, etc.
9) Major Components in Kubernetes:
Master Node: Manages the cluster (API server, scheduler, controller
manager).
Node: Worker machine that runs application workloads.
Pod: The smallest deployable unit in Kubernetes.
ReplicaSet: Ensures the desired number of pod replicas.
Service: Exposes applications running in pods.
10) Types of Controllers in Kubernetes:
Deployment Controller, StatefulSet Controller, DaemonSet
Controller, ReplicaSet Controller, CronJob Controller, etc.
11) CNI Plugins in Kubernetes:
CNI (Container Network Interface) plugins are used to manage
networking within Kubernetes clusters. Popular plugins include Calico,
Flannel, Weave, etc.
12) Kube-system Namespace:
Kube-system contains system-related components such as kube-dns,
kube-proxy, etcd, and network plugins.
13) AWS Node Container in Kube-system:
Kube-proxy is a critical component that runs on every node in the
Kubernetes cluster to manage networking and service discovery.
14) Purpose of Kube Proxy:
It manages network communication within the Kubernetes cluster and
implements load balancing.
15) Types of Services in Kubernetes:
ClusterIP: Default service type, exposed internally.
NodePort: Exposes the service on a static port on each node.
LoadBalancer: Uses a cloud provider’s load balancer to expose the
service externally.
ExternalName: Maps the service to an external DNS name.
16) Latest Kubernetes Version:
As of May 2025, the latest stable Kubernetes version is 1.26.
17) Difference between Docker and Virtual Machine:
Docker: Runs applications in containers, sharing the OS kernel,
lightweight.
Virtual Machine (VM): Runs a full OS with its own kernel, heavier in
terms of resource consumption.
18) Does Docker Image Have a Kernel?
No. Docker images do not contain a kernel. They use the host
system’s kernel.
19) What is Cgroup and Namespaces?
Cgroup: Control groups are used to limit, account for, and isolate
resource usage.
Namespaces: Provide isolation for resources (PID, user ID, network,
etc.).
20) Process Namespace, User ID Namespace:
Process Namespace: Isolates process IDs.
User ID Namespace: Allows processes to have different user IDs
within the container.
21) Storage Drivers Available in Docker:
aufs, overlay2, devicemapper, btrfs, zfs.
22) Device Mapper, Overlay Storage Drivers:
Device Mapper: A block-level storage driver.
Overlay: Uses a copy-on-write mechanism for efficient storage.
23) Network Drivers in Docker:
bridge, host, overlay, none.
24) Storage and Network Drivers Kubernetes Uses:
Kubernetes typically uses overlay network drivers and hostPath for
persistent volumes.
25) Overlay Network Architecture Layers:
Overlay networks use virtualized network layers to abstract the
communication between containers across multiple hosts.
26) Typing abc.com in Browser (SSL and DNS):
DNS: Resolves abc.com to an IP address.
SSL/TLS: Establishes a secure encrypted connection between the
client and the server.
27) What is Global DNS?
Global DNS refers to DNS services that are globally distributed,
ensuring reliable and fast resolution.
28) Who Owns Global DNS?
ICANN (Internet Corporation for Assigned Names and Numbers)
oversees global DNS, but individual organizations (e.g., AWS, Google)
manage specific DNS servers.
29) Booting Process of Linux:
The boot process involves BIOS, MBR (Master Boot Record), loading the
kernel, and initializing the system.
30) Explain BIOS, MBR, and Booting:
BIOS: Basic Input/Output System; initializes hardware.
MBR: Master Boot Record; contains the bootloader.
Booting: The OS kernel is loaded after BIOS checks and the MBR
execution.
31) Where are Kernel Logs Stored in Linux?
/var/log/kern.log or using the dmesg command.
32) How to Check the Network in Linux?
Use ifconfig or ip addr to check network interfaces.
33) How to Know the IP of the System?
Use hostname -I or ifconfig to find the IP address.
34) How to Check the Load of the System?
Use top, uptime, or cat /proc/loadavg to check system load.
35) What All Things Come Under top?
top displays CPU usage, memory usage, processes, and load averages.
36) Types of States Available for a Process:
Running, Sleeping, Zombie, Stopped, etc.
37) What Are Zombie Processes?
Zombie processes are processes that have completed execution but
still have an entry in the process table.
38) How to Remove Zombie Processes?
Use kill command to send SIGKILL to the parent process or reboot the
system.
39) How Many Signals are Available in Kill?
There are 64 signals in Linux, such as SIGTERM, SIGKILL, SIGSTOP, etc.
40) Types of Permissions in Linux:
Read, Write, Execute.
Special Permissions: SUID (Set User ID), SGID (Set Group ID),
Sticky Bit.