Question 1

What is a Kubernetes Service, and what are the different service types? When would you use each type?

Accepted Answer

A Kubernetes Service is an abstraction that defines a logical set of pods and a policy for accessing them. Services provide stable networking for pods, which have ephemeral IP addresses that change when pods are recreated.

Services use label selectors to identify which pods belong to them. When you send traffic to a service, it load-balances requests across all matching pods.

There are four main service types:

ClusterIP is the default type. It exposes the service on an internal IP address reachable only within the cluster. Use ClusterIP for internal communication between services. For

Question 2

Explain the relationship between PersistentVolumes, PersistentVolumeClaims, and StorageClasses. How does dynamic provisioning work?

Accepted Answer

Kubernetes storage involves three main abstractions that work together: PersistentVolumes, PersistentVolumeClaims, and StorageClasses. Understanding their relationship is crucial for managing stateful workloads.

A PersistentVolume, or PV, is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using a StorageClass. It represents physical storage, such as a disk on a cloud provider, an NFS share, or a local disk on a node. PVs have a lifecycle independent of any individual pod.

A PersistentVolumeClaim, or PVC, is a request for storage

Question 3

Explain the difference between declarative and imperative approaches in Infrastructure as Code. Which approach does Terraform use, and why?

Accepted Answer

Declarative and imperative are two fundamentally different approaches to defining infrastructure. Understanding the distinction is crucial for choosing the right tools and writing effective infrastructure code.

The imperative approach focuses on how to achieve the desired result. You write step-by-step instructions that tell the system exactly what actions to perform. Think of it like giving someone directions by saying turn left, then go straight for two blocks, then turn right. Shell scripts and some configuration management tools like Ansible in its default mode use this approach.

The

Question 4

What is Terraform state, and why is it critical? How do you manage state in a team environment, and what problems can arise?

Accepted Answer

Terraform state is a JSON file that stores the mapping between your configuration and the real-world resources it manages. It is the source of truth that Terraform uses to determine what exists and what needs to change.

The state file contains resource IDs, attributes, metadata, and dependencies. When you run terraform plan, Terraform reads the state to understand what currently exists, then compares it with your configuration to determine what changes are needed.

State is critical for several reasons.

First, performance. Without state, Terraform would need to query every resource fro

Question 5

You are tasked with designing a monitoring and observability strategy for a new microservices platform. Walk me through your approach, including tool selection and implementation priorities.

Accepted Answer

Designing a monitoring and observability strategy for microservices requires a systematic approach that covers all three pillars while considering organizational needs and constraints.

I would start by understanding the requirements. What are the SLOs for the platform? What compliance requirements exist? What is the team's familiarity with monitoring tools? What is the budget? These factors influence tool selection and implementation scope.

For metrics collection, I would implement Prometheus. It is the industry standard for cloud-native environments, has excellent Kubernetes integration

Question 6

What is Prometheus, and how does it collect metrics? Explain the pull-based model and its advantages.

Accepted Answer

Prometheus is an open-source monitoring and alerting system originally developed at SoundCloud. It has become the standard for metrics collection in cloud-native environments, particularly Kubernetes.

Prometheus stores all data as time series, which are streams of timestamped values identified by a metric name and a set of key-value pairs called labels. For example, a metric might be http_requests_total with labels for method, endpoint, and status code.

Prometheus uses a pull-based model to collect metrics. Instead of applications pushing data to a central server, Prometheus periodically

Question 7

What are the OWASP Top 10, and why should DevOps engineers be familiar with them? Give examples of how infrastructure and pipeline security relates to application vulnerabilities.

Accepted Answer

The OWASP Top 10 is a standard awareness document representing the most critical security risks to web applications. Published by the Open Web Application Security Project, it is updated periodically based on data about real-world vulnerabilities. Understanding these risks helps teams build more secure systems.

DevOps engineers should be familiar with the OWASP Top 10 because infrastructure and pipeline decisions directly impact application security. While developers write the code, DevOps configures the environment where that code runs.

The current OWASP Top 10 includes categories like

Question 8

What security scanning tools should be integrated into a CI/CD pipeline? Explain the differences between SAST, DAST, and SCA, and when each is used.

Accepted Answer

A secure CI/CD pipeline integrates multiple types of security scanning to catch different categories of vulnerabilities at the appropriate stages. The three main types of application security testing are SAST, DAST, and SCA.

SAST, or Static Application Security Testing, analyzes source code without executing it. SAST tools scan your codebase looking for patterns that indicate security vulnerabilities like SQL injection, cross-site scripting, or buffer overflows.

SAST runs early in the pipeline, typically during the build stage or even as part of IDE integration. This provides fast feedba

Question 9

How would you implement a zero-trust security model in a cloud environment? What are the key principles and components?

Accepted Answer

Zero-trust security operates on the principle of never trust, always verify. It assumes breaches will occur and designs systems to limit blast radius and require continuous verification.

The core principles are verify explicitly, which means always authenticate and authorize based on all available data. Use least privilege access, which grants minimum permissions needed for the task. Assume breach, which minimizes blast radius and segments access.

Identity as the new perimeter is fundamental. For human identities, implement strong authentication with multi-factor authentication required

Question 10

Design a highly available architecture for a financial application requiring 99.99 percent uptime, RPO under 5 minutes, and RTO under 15 minutes. Walk through your design decisions.

Accepted Answer

Designing for 99.99 percent availability allows only 52.6 minutes of downtime per year. Combined with stringent RPO and RTO requirements, this demands a multi-region active-passive architecture with automated failover.

Architecture overview implements a primary region running full production workloads with a secondary region in warm standby, ready to take over within minutes.

The compute layer deploys across three Availability Zones in each region. Use EKS or ECS for container orchestration with pod anti-affinity rules to spread workloads. Implement auto-scaling with target tracking at 6

DevOps Engineer

Topics

Kubernetes

Infrastructure as Code

Monitoring & Logging

Security & Compliance

Cloud Advanced

Mock Interview

Quick Stats