What you’ll be doing

 Responsible for building and deploying new project infrastructure using Infrastructure as Code
methodology

 Troubleshooting complex problems, finding root causes and putting long term fixes in place

 Adhering to tight operations, security, and procedural models

 Implementation of system changes

 Increase efficiency within the team through automation and process improvement

 Working with architecture and project management teams to help design and deliver change to
the business in relation to your area
 Taking ownership for delivering projects on time

About you

 Solid experience of Cloud computing, specifically AWS.

 Extensive experience writing Puppet modules

 Experience with Kubernetes

 Experience with orchestration tools (Chef or Ansible)

 Extensive experience with Linux administration (Redhat)

 Solid understanding of virtualization technologies e.g. VMware

 System monitoring (e.g. Opsview / Nagios)

 Solid understanding of networking e.g. DHCP/DNS/NTP/TCP

 Apache HTTPD

 Strong programming and scripting skills (Bash, Python, Puppet)

 Ability to read and understand Java exceptions

 Ability to analyse and problem solve

 Ability to prioritise tickets and projects

 Demonstrate a high level of technical expertise to support complex Unix systems

across all tiers & under minimal supervision

General Administration

1. Q: How do you check the current version of Red Hat Linux installed on a server? A: Use the
command cat /etc/redhat-release.

2. Q: How do you create a new user in Red Hat Linux? A: Use the command useradd
<username> and set the password with passwd <username>.
Patching and Updates

3. Q: How do you update all installed packages on a Red Hat system? A: Use the command yum
update or dnf update (for RHEL 8 and later).

4. Q: How do you check for available updates without installing them? A: Use the command yum
check-update or dnf check-update.

Vulnerability Management

5. Q: How do you scan for vulnerabilities on a Red Hat server? A: Use tools like OpenSCAP or
Lynis to scan for vulnerabilities.

6. Q: How do you apply security patches only? A: Use the command yum update --security or dnf
update --security.

Migrations

7. Q: How do you migrate a Red Hat server to new hardware? A: Use tools like rsync for data
transfer and ensure all configurations are replicated on the new hardware.

8. Q: What steps would you take to migrate from RHEL 7 to RHEL 8? A: Use the Leapp utility for
in-place upgrades, ensuring all pre-upgrade checks are passed.

Backups

9. Q: How do you perform a full system backup in Red Hat Linux? A: Use tools like tar, rsync, or
dump to create backups of the entire filesystem.

10. Q: How do you restore a backup using tar? A: Use the command tar -xvf <backupfile.tar> -C
/restore/path.

High Availability

11. Q: How do you set up a high availability cluster in Red Hat? A: Use Pacemaker and Corosync
to configure and manage high availability clusters.

12. Q: What is the role of fence devices in a Red Hat cluster? A: Fence devices isolate failed
nodes to protect shared resources and ensure data integrity.

Storage Management

13. Q: How do you create a new LVM logical volume? A: Use the commands pvcreate, vgcreate,
and lvcreate.

14. Q: How do you extend an existing logical volume? A: Use the command lvextend followed by
resize2fs or xfs_growfs depending on the filesystem.

Networking

15. Q: How do you configure a static IP address in Red Hat Linux? A: Edit the network
configuration file in /etc/sysconfig/network-scripts/ and restart the network service.

16. Q: How do you check the current network configuration? A: Use the command ip addr show or
ifconfig.
Security

17. Q: How do you configure a firewall in Red Hat Linux? A: Use firewalld with commands like
firewall-cmd --add-service=http --permanent and firewall-cmd --reload.

18. Q: How do you set SELinux to enforcing mode? A: Edit /etc/selinux/config and set
SELINUX=enforcing, then reboot the system.

Performance Tuning

19. Q: How do you check the system load in Red Hat Linux? A: Use the command uptime or top.

20. Q: How do you identify the top memory-consuming processes? A: Use the command ps aux --
sort=-%mem | head.

Troubleshooting

21. Q: How do you check system logs for errors? A: Use the command journalctl -xe or check log
files in /var/log/.

22. Q: How do you troubleshoot a service that is not starting? A: Use systemctl status <service> to
check the status and logs.

Scenario-Based Questions

23. Q: A server is running out of disk space. How do you identify large files and directories? A:
Use the command du -sh /* to find large directories and find / -type f -size +100M to find large
files.

24. Q: How do you recover a forgotten root password? A: Boot into single-user mode or use a
rescue disk to reset the root password.

25. Q: How do you configure a Red Hat server to use LDAP for authentication? A: Install sssd and
configure /etc/sssd/sssd.conf and /etc/nsswitch.conf for LDAP integration.

26. Q: How do you set up automatic updates on a Red Hat server? A: Use yum-cron or dnf-
automatic to configure automatic updates.

27. Q: How do you monitor disk usage over time? A: Use tools like iostat, df, and du along with
scripts to log and analyze disk usage.

28. Q: How do you configure NFS server and client on Red Hat? A: Install nfs-utils, configure
/etc/exports on the server, and mount the NFS share on the client.

29. Q: How do you secure SSH access on a Red Hat server? A: Disable root login, use key-based
authentication, and configure sshd_config for additional security.

30. Q: How do you set up a cron job to run a script daily at midnight? A: Add an entry to the
crontab file: 0 0 * * * /path/to/script.sh.

31. Q: How do you configure a Red Hat server to use a proxy for internet access? A: Set the proxy
variables in /etc/environment and configure yum.conf or dnf.conf.
 32. Q: How do you create and manage Docker containers on Red Hat? A: Install Docker, use
docker pull to get images, and docker run to create containers.

33. Q: How do you configure a Red Hat server to use a specific DNS server? A: Edit
/etc/resolv.conf and add the DNS server IP address.

34. Q: How do you set up a Samba server on Red Hat? A: Install samba, configure
/etc/samba/smb.conf, and start the smb and nmb services.

35. Q: How do you configure a Red Hat server to use a time synchronization service? A: Install
and configure chrony or ntp.

36. Q: How do you set up a basic Apache web server on Red Hat? A: Install httpd, configure
/etc/httpd/conf/httpd.conf, and start the httpd service.

37. Q: How do you configure a Red Hat server to use a specific timezone? A: Use the command
timedatectl set-timezone <timezone>.

38. Q: How do you configure a Red Hat server to use a specific locale? A: Edit /etc/locale.conf
and set the desired locale.

39. Q: How do you configure a Red Hat server to use a specific kernel version? A: Install the
desired kernel version and update the GRUB configuration.

40. Q: How do you configure a Red Hat server to use a specific hostname? A: Use the command
hostnamectl set-hostname <hostname>.

Network Connectivity Issues

1. Q: What steps would you take if a Linux server cannot connect to the network? A:

o Check Physical Connectivity: Ensure network cables are properly connected and
network devices (switches, routers) are functioning.

o Verify Network Interface Status: Use ip link show or ifconfig to check if the network
interface is up.

o Check IP Configuration: Use ip addr show to verify the IP address configuration.

o Test DNS Resolution: Use nslookup or dig to check DNS resolution.

o Ping Test: Use ping -c 4 <destination> to test connectivity to other devices.

o Check Firewall Rules: Ensure firewall rules are not blocking traffic using iptables -L or
firewall-cmd --list-all.

Disk Space Problems

2. Q: How do you resolve a "disk full" error on a Linux server? A:

o Identify Large Files/Directories: Use du -sh /* to find large directories and find / -type f
-size +100M to find large files.

o Clean Up Unnecessary Files: Remove unnecessary files, logs, and temporary files.
 o Archive Old Data: Move old data to external storage or compress it using tar or gzip.

o Extend Disk Space: If using LVM, extend the logical volume using lvextend and resize
the filesystem with resize2fs or xfs_growfs.

Security Vulnerabilities

3. Q: How do you handle a security vulnerability discovered on a Linux server? A:

o Update Packages: Use yum update or dnf update to apply the latest security patches.

o Scan for Vulnerabilities: Use tools like OpenSCAP or Lynis to scan for vulnerabilities.

o Review Security Configurations: Ensure SELinux is in enforcing mode and firewall

rules are properly configured.

o Monitor Logs: Regularly check system logs for suspicious activity using journalctl or by
reviewing logs in /var/log/.

Performance Issues
4. Q: What steps would you take to troubleshoot high CPU usage on a Linux server? A:

o Identify High CPU Processes: Use top or htop to identify processes consuming high
CPU.

o Check System Load: Use uptime to check the system load average.

o Analyze Logs: Review system logs for any errors or warnings that might indicate the
cause of high CPU usage.

o Optimize Applications: Tune application configurations to reduce CPU usage.

o Consider Hardware Upgrade: If the server consistently experiences high CPU usage,
consider upgrading the hardware.

Backup and Recovery

5. Q: How do you recover a Linux server from a failed update? A:

o Boot into Rescue Mode: Use a rescue disk or boot into single-user mode.

o Restore from Backup: If available, restore the system from a recent backup.

o Rollback Updates: Use package manager commands to roll back the updates (e.g.,
yum history undo or dnf history undo).

o Check Logs: Review update logs to identify the cause of the failure and prevent future
issues.

Common Errors and Remediation

6. Q: How do you resolve the "Permission denied" error when accessing a file? A:

o Check File Permissions: Use ls -l to check the file permissions and chmod to modify
them if necessary.
 o Check File Ownership: Use ls -l to check the file owner and chown to change the
ownership if needed.

o Check SELinux Context: Use ls -Z to check the SELinux context and chcon to change
it if required.

7. Q: How do you fix the "Cannot open display" error when using GUI applications over SSH? A:

o Enable X11 Forwarding: Ensure X11 forwarding is enabled in the SSH configuration
(/etc/ssh/sshd_config).

o Set DISPLAY Variable: Set the DISPLAY environment variable using export
DISPLAY=:0.

o Install X11 Packages: Ensure X11 packages are installed on the server.

Real-World Scenarios

8. Q: A critical service has crashed on a production server. How do you handle this situation? A:

o Check Service Status: Use systemctl status <service> to check the status and logs of
the service.

o Restart the Service: Attempt to restart the service using systemctl restart <service>.

o Analyze Logs: Review service logs in /var/log/ to identify the cause of the crash.
o Apply Fixes: Apply necessary fixes or patches to prevent future crashes.

o Notify Stakeholders: Inform relevant stakeholders about the issue and the steps taken
to resolve it.
9. Q: How do you handle a situation where a server is experiencing frequent reboots? A:

o Check System Logs: Review logs in /var/log/messages or /var/log/syslog for any

errors or warnings.

o Check Hardware: Use tools like dmesg to check for hardware-related issues.

o Monitor Resource Usage: Use top or htop to monitor CPU, memory, and disk usage.

o Update Firmware: Ensure the server firmware is up to date.

o Isolate the Issue: If possible, isolate the issue by disabling non-essential services and
gradually re-enabling them.

Technical Questions

1. Q: What AWS services are commonly used for CI/CD pipelines? A: AWS CodeCommit, AWS
CodeBuild, AWS CodeDeploy, and AWS CodePipeline are commonly used for CI/CD
pipelines[1].

2. Q: How do you set up a source repository in AWS CodeCommit? A: Use the AWS
Management Console or AWS CLI to create a new repository in CodeCommit. Then, clone the
repository to your local machine using Git.
 3. Q: How do you configure AWS CodeBuild to compile and test your code? A: Create a build
project in CodeBuild, specify the source repository, and define the build commands in a
buildspec.yml file.

4. Q: How do you deploy an application to Amazon EC2 instances using AWS CodeDeploy? A:
Create a deployment group in CodeDeploy, specify the EC2 instances, and define the
deployment configuration in an appspec.yml file.

5. Q: How do you automate the entire CI/CD process using AWS CodePipeline? A: Create a
pipeline in CodePipeline, add stages for source, build, and deploy, and configure each stage to
use the appropriate AWS services (CodeCommit, CodeBuild, CodeDeploy).

Scenario-Based Questions

6. Q: You need to deploy a web application to both Linux and Windows EC2 instances. How do
you handle this in your CI/CD pipeline? A:

o Create Separate Deployment Groups: Create separate deployment groups in

CodeDeploy for Linux and Windows instances.

o Define Platform-Specific Build Commands: Use conditional statements in the

buildspec.yml file to define platform-specific build commands.

o Configure CodePipeline: Add separate deploy stages in CodePipeline for Linux and
Windows, each pointing to the respective deployment group.

7. Q: How do you handle environment-specific configurations in your CI/CD pipeline? A:

o Use Parameter Store or Secrets Manager: Store environment-specific configurations

in AWS Systems Manager Parameter Store or AWS Secrets Manager.

o Fetch Parameters During Build/Deploy: Use the AWS CLI or SDK to fetch the
parameters during the build or deploy stage.

o Environment Variables: Define environment variables in the buildspec.yml or

appspec.yml files to pass configurations to the application.

8. Q: A deployment to a production environment failed. How do you troubleshoot and resolve the
issue? A:

o Check Deployment Logs: Review the deployment logs in CodeDeploy to identify the
error.

o Rollback Deployment: Use CodeDeploy to roll back to the previous successful

deployment.

o Fix the Issue: Identify and fix the issue in the code or configuration, then redeploy.

9. Q: How do you ensure zero-downtime deployments for a web application? A:

o Use Blue/Green Deployments: Configure CodeDeploy to use blue/green deployments,

where traffic is shifted from the old environment to the new environment gradually.
 o Load Balancer Integration: Integrate CodeDeploy with an Elastic Load Balancer to
manage traffic during the deployment.

o Health Checks: Define health checks to ensure the new environment is healthy before
fully shifting traffic.

10. Q: How do you integrate third-party tools like Jenkins with AWS CodePipeline? A:

o Use Webhooks: Configure webhooks in Jenkins to trigger AWS CodePipeline stages.

o AWS CLI Integration: Use the AWS CLI in Jenkins pipelines to interact with AWS
services.

o Custom Actions: Create custom actions in CodePipeline to integrate with Jenkins or

other third-party tools.

Real-World Scenarios

11. Q: You need to deploy a microservices application to AWS Fargate. How do you set up the
CI/CD pipeline? A:

o Source Stage: Use CodeCommit or GitHub as the source repository.

o Build Stage: Use CodeBuild to build Docker images and push them to Amazon ECR.

o Deploy Stage: Use CodeDeploy with ECS to deploy the Docker images to AWS
Fargate.

12. Q: How do you handle database migrations in your CI/CD pipeline? A:

o Pre-Deployment Scripts: Include database migration scripts in the appspec.yml file to

run before the application deployment.

o Automate Migrations: Use tools like Flyway or Liquibase to automate database

migrations during the build or deploy stage.

o Rollback Strategy: Implement a rollback strategy to revert database changes if the

deployment fails.

13. Q: How do you implement security best practices in your CI/CD pipeline? A:

o IAM Roles and Policies: Use IAM roles and policies to grant least privilege access to
CI/CD services.

o Encrypt Sensitive Data: Use AWS KMS to encrypt sensitive data and environment
variables.

o Code Scanning: Integrate code scanning tools like SonarQube or AWS CodeGuru to
identify security vulnerabilities.

14. Q: How do you monitor and log CI/CD pipeline activities? A:

o CloudWatch Logs: Configure CloudWatch Logs to capture logs from CodeBuild and
CodeDeploy.
 o CloudWatch Alarms: Set up CloudWatch Alarms to notify you of any failures or issues
in the pipeline.

o AWS X-Ray: Use AWS X-Ray to trace and analyze requests through your application.

15. Q: How do you handle blue/green deployments for a Windows-based application on AWS? A:

o Create Blue/Green Environments: Set up separate environments for blue and green
deployments.

o Use CodeDeploy: Configure CodeDeploy to manage blue/green deployments,

ensuring traffic is shifted gradually.

o Load Balancer Integration: Use an Elastic Load Balancer to manage traffic between
blue and green environments.

References

[1] Complete CI/CD with AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and ...

Networking in Red Hat Linux

Technical Questions

1. Q: How do you configure a static IP address in Red Hat Linux? A: Edit the network
configuration file in /etc/sysconfig/network-scripts/ifcfg-<interface> and set the following
parameters:

DEVICE=<interface>

BOOTPROTO=none

ONBOOT=yes
IPADDR=<your_ip_address>

NETMASK=<your_netmask>

GATEWAY=<your_gateway>

DNS1=<your_dns_server>

Then restart the network service using systemctl restart network.

2. Q: How do you check the current network configuration? A: Use the command ip addr show or
ifconfig to display the current network configuration.

3. Q: How do you add a default gateway in Red Hat Linux? A: Use the command ip route add
default via <gateway_ip> or add the gateway to the network configuration file.

4. Q: How do you configure a DNS server in Red Hat Linux? A: Edit the /etc/resolv.conf file and
add the DNS server IP addresses:

nameserver <dns_server_ip>
Scenario-Based Questions

5. Q: A server is unable to reach the internet. How do you troubleshoot this issue? A:

o Check Network Interface: Ensure the network interface is up using ip link show.

o Verify IP Configuration: Check the IP address, netmask, and gateway using ip addr
show.

o Check DNS Configuration: Verify the DNS settings in /etc/resolv.conf.

o Ping Test: Use ping <external_ip> to test connectivity.

o Check Firewall Rules: Ensure firewall rules are not blocking traffic using iptables -L or
firewall-cmd --list-all.
6. Q: How do you set up a network bridge in Red Hat Linux? A:

o Install Bridge Utilities: Install the bridge-utils package using yum install bridge-utils.

o Create Bridge Interface: Edit the network configuration files to create a bridge
interface and add physical interfaces to the bridge.

o Restart Network Service: Restart the network service using systemctl restart network.

Networking in AWS Platform

Technical Questions

7. Q: What is a VPC in AWS? A: A Virtual Private Cloud (VPC) is a virtual network dedicated to
your AWS account where you can launch AWS resources in a logically isolated section of the
AWS cloud.

8. Q: How do you create a VPC in AWS? A: Use the AWS Management Console, AWS CLI, or
AWS SDK to create a VPC. Specify the CIDR block, subnets, route tables, and internet
gateways as needed.

9. Q: What is an Elastic IP address in AWS? A: An Elastic IP address is a static, public IP

address that you can allocate to your AWS account and associate with an EC2 instance or
other AWS resources.

10. Q: How do you configure security groups in AWS? A: Use the AWS Management Console,
AWS CLI, or AWS SDK to create and configure security groups. Define inbound and outbound
rules to control traffic to and from your resources.

Scenario-Based Questions

11. Q: How do you set up a site-to-site VPN connection between your on-premises network and
AWS? A:

o Create a Virtual Private Gateway: Attach it to your VPC.

o Create a Customer Gateway: Provide the public IP address of your on-premises VPN
device.
 o Create a VPN Connection: Associate the virtual private gateway with the customer
gateway.

o Configure On-Premises Device: Set up your on-premises VPN device with the
configuration provided by AWS.

12. Q: How do you troubleshoot connectivity issues between EC2 instances in different subnets
within the same VPC? A:

o Check Route Tables: Ensure the route tables are correctly configured to allow traffic
between subnets.

o Verify Security Groups: Ensure security group rules allow traffic between the
instances.

o Check Network ACLs: Ensure network ACLs are not blocking traffic between subnets.

o Ping Test: Use ping to test connectivity between instances.

13. Q: How do you set up a load balancer in AWS to distribute traffic across multiple EC2
instances? A:

o Create a Load Balancer: Use the AWS Management Console, AWS CLI, or AWS SDK
to create an Application Load Balancer or Network Load Balancer.

o Configure Target Groups: Define target groups and register your EC2 instances.

o Set Up Listeners: Configure listeners to forward traffic to the target groups.

o Test Load Balancer: Ensure the load balancer is distributing traffic as expected.

14. Q: How do you secure your VPC using network ACLs and security groups? A:

o Configure Security Groups: Define inbound and outbound rules to control traffic to
and from your resources.

o Set Up Network ACLs: Define stateless rules to control traffic at the subnet level.

o Monitor Traffic: Use VPC Flow Logs to monitor traffic and identify any security issues.
Technical Questions

1. Q: How do you scope an IAM policy to limit access to a specific EC2 instance? A: Use the
Resource element in the IAM policy to specify the ARN of the EC2 instance. For example:

"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Action": "ec2:DescribeInstances",
 "Resource": "arn:aws:ec2:region:account-id:instance/instance-id"

2. Q: How do you add a condition to an IAM policy to limit access to a specific subnet? A: Use
the Condition element with the ec2:Subnet condition key. For example:

{
"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Action": "ec2:RunInstances",

"Resource": "*",

"Condition": {
"StringEquals": {

"ec2:Subnet": "subnet-12345678"

3. Q: How do you limit an IAM policy to a specific AWS account? A: Use the Condition element
with the aws:PrincipalAccount condition key. For example:

{
"Version": "2012-10-17",

"Statement": [

"Effect": "Allow",

"Action": "s3:ListBucket",

"Resource": "arn:aws:s3:::example-bucket",

"Condition": {
 "StringEquals": {

"aws:PrincipalAccount": "123456789012"

}
}

4. Q: What is the AWS STS AssumeRole mechanism? A: The AWS Security Token Service
(STS) AssumeRole API operation returns a set of temporary security credentials that you can
use to access AWS resources. These credentials consist of an access key ID, a secret access
key, and a security token. The AssumeRole operation is typically used for cross-account
access or within an account to delegate permissions[1].

Scenario-Based Questions

5. Q: You need to create an IAM policy that allows users to start and stop only a specific EC2
instance. How do you achieve this? A:

o Define the Policy: Create an IAM policy with the Resource element scoped to the
specific EC2 instance ARN.

o Example Policy:

6. {
7. "Version": "2012-10-17",

8. "Statement": [

9. {

10. "Effect": "Allow",

11. "Action": [

12. "ec2:StartInstances",

13. "ec2:StopInstances"
14. ],

15. "Resource": "arn:aws:ec2:region:account-id:instance/instance-id"

16. }

17. ]

18. }

o Attach the Policy: Attach the policy to the IAM users or roles that need this access.
19. Q: How do you explain the process of assuming a role using AWS STS to a team member? A:

o Create a Role: Define a role with a trust policy that specifies who can assume the role.

o Trust Policy Example:

20. {
21. "Version": "2012-10-17",

22. "Statement": [

23. {

24. "Effect": "Allow",

25. "Principal": {

26. "AWS": "arn:aws:iam::account-id:root"

27. },

28. "Action": "sts:AssumeRole"

29. }

30. ]

31. }

o Assume the Role: Use the AssumeRole API operation to obtain temporary security
credentials.

o Example CLI Command:

32. aws sts assume-role --role-arn "arn:aws:iam::account-id:role/role-name" --role-session-name

"session-name"

o Use Temporary Credentials: Use the temporary credentials to access AWS resources
as specified by the role's permissions policy[2].

33. Q: You need to restrict an IAM policy to allow actions only within a specific VPC. How do you
achieve this? A:

o Use VPC Condition Keys: Add conditions to the IAM policy using VPC-related
condition keys such as ec2:Vpc.

o Example Policy:

34. {

35. "Version": "2012-10-17",

36. "Statement": [

37. {
38. "Effect": "Allow",
 39. "Action": "ec2:RunInstances",

40. "Resource": "*",

41. "Condition": {

42. "StringEquals": {
43. "ec2:Vpc": "vpc-12345678"

44. }

45. }

46. }

47. ]

48. }

49. Q: How do you handle a situation where a user needs temporary access to resources in
another AWS account? A:

o Create a Role in the Target Account: Define a role with a trust policy that allows the
user's account to assume the role.

o Grant AssumeRole Permissions: Attach a policy to the user in the source account that
allows them to call sts:AssumeRole for the role in the target account.

o Assume the Role: The user can use the AssumeRole API to obtain temporary
credentials and access resources in the target account.

[3]: AWS IAM Condition Policy Examples [4]: AWS IAM Policies and Permissions [5]: AWS IAM
Condition Logic [1]: AWS STS AssumeRole API [2]: AWS STS AssumeRole Example

References

[1] AssumeRole - AWS Security Token Service

[2] Use AssumeRole with an AWS SDK or CLI

[3] Condition policy examples - AWS Identity and Access Management

[4] Policies and permissions in AWS Identity and Access Management

[5] Conditions with multiple context keys or values - AWS Identity and ...