Linux_Practical_Interview_1751 2000

Linux Practical Interview Questions (1751-2000)

Linux System Administration Advanced

Q1751: How do you configure system auditing?

Answer:

# Install auditd
apt install auditd

# Configure rules
# /etc/audit/audit.rules
# Monitor file changes
-w /etc/passwd -p wa -k passwd_changes
-w /etc/shadow -p wa -k shadow_changes
-w /etc/ssh/sshd_config -p wa -k sshd_config

# Monitor commands
-w /usr/bin/sudo -p x -k sudo_commands
-w /usr/bin/su -p x -k su_commands

# Monitor network
-a always,exit -F arch=b64 -S socket -k network_connections

# View logs
ausearch -k passwd_changes
aureport -f
aureport -u

# Real-time monitoring
auditctl -w /etc/passwd -p wa -k passwd_changes

Q1752: How do you implement system hardening?

Answer:

# Disable unnecessary services
systemctl mask avahi-daemon
systemctl mask cups
systemctl mask bluetooth

# Secure kernel parameters
# /etc/sysctl.conf
kernel.dmesg_restrict=1
kernel.kptr_restrict=2
kernel.yama.ptrace_scope=2
kernel.sysrq=0

# Disable IPv6 if not needed
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

# Disable USB storage
# /etc/modprobe.d/blacklist.conf
install usb-storage /bin/true

# Set secure umask
# /etc/profile
umask 027

# Password policies
# /etc/login.defs
PASS_MIN_LEN 12
PASS_MAX_DAYS 90

Q1753: How do you configure system logging?

Answer:

/etc/rsyslog.conf

# Configure rsyslog
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad imudp
$UDPServerRun 514

# Log templates
$template RemoteLogs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* @@remote-server:514

# Configure journald
# /etc/systemd/journald.conf
[Journal]
Storage=persistent
Compress=yes
SystemMaxUse=500M
MaxRetentionSec=30day

# Forward to syslog
ForwardToSyslog=yes

# View logs
journalctl -u service
journalctl --since "1 hour ago"
journalctl -p err

# Log rotation
# /etc/logrotate.conf
daily
rotate 14
compress

Q1754: How do you manage system updates?

Answer:

# Debian/Ubuntu
apt update
apt list --upgradable
apt upgrade
apt full-upgrade

# Unattended upgrades
apt install unattended-upgrades
# /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
};

# RHEL/CentOS
yum update
yum check-update

# Kernel live patching
# Ubuntu
snap install canonical-livepatch
canonical-livepatch enable <token>

# RHEL
yum install kpatch

Q1755: How do you configure system backup?

Answer:

# Full system backup with tar
tar -czpvf /backup/full-backup-$(date +%Y%m%d).tar.gz \
  --exclude=/proc \
  --exclude=/sys \
  --exclude=/dev \
  --exclude=/run \
  --exclude=/tmp \
  --exclude=/backup \
  --exclude=/mnt \
  /

# Incremental backup
tar -czpvf /backup/inc-backup-$(date +%Y%m%d).tar.gz -g /var/log/backup.snar /

# Database backup
mysqldump -u root -p --all-databases > /backup/mysql-$(date +%Y%m%d).sql
pg_dumpall -U postgres > /backup/postgres-$(date +%Y%m%d).sql

# Configuration backup
tar -czf /backup/configs-$(date +%Y%m%d).tar.gz /etc/

# Restoration
tar -xzpvf /backup/full-backup-20240101.tar.gz -C /

Linux Network Services

Q1756: How do you configure DHCP server?

Answer:

# Install DHCP server
apt install isc-dhcp-server

# Configure
# /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;

subnet 192.168.1.0 netmask 255.255.255.0 {
    range 192.168.1.100 192.168.1.200;
    option routers 192.168.1.1;
    option subnet-mask 255.255.255.0;
    option domain-name-servers 8.8.8.8, 8.8.4.4;
    option domain-name "example.com";
}

# Static IP reservation
host printer {
    hardware ethernet 00:11:22:33:44:55;
    fixed-address 192.168.1.50;
}

# Start service
systemctl start isc-dhcp-server
systemctl enable isc-dhcp-server

Q1757: How do you configure DNS server?

Answer:

# Install BIND9
apt install bind9 bind9utils

# Configure named.conf.options
# /etc/bind/named.conf.options
options {
    directory "/var/cache/bind";
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };
    dnssec-validation auto;
    listen-on { any; };
};

# Create zone
# /etc/bind/named.conf.local
zone "example.com" {
    type master;
    file "/etc/bind/db.example.com";
};

# Create zone file
# /etc/bind/db.example.com
$TTL    604800
@       IN      SOA     ns1.example.com. admin.example.com. (
                     2024010101         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.example.com.
ns1     IN      A       192.168.1.10
www     IN      A       192.168.1.10

Q1758: How do you configure mail server?

Answer:

# Install Postfix
apt install postfix

# Configure main.cf
# /etc/postfix/main.cf
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost, localhost.localdomain
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, reject

# Install Dovecot
apt install dovecot-imapd

# Configure /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login

# Configure /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

# Create mail user
useradd -m -s /bin/bash mailuser
passwd mailuser

Q1759: How do you configure proxy server?

Answer:

# Install Squid
apt install squid

# Configure
# /etc/squid/squid.conf
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256

# Access control
acl localnet src 192.168.0.0/16
http_access allow localnet
http_access deny all

# Authentication
# /etc/squid/squid.conf
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# Create user
htpasswd -c /etc/squid/passwords username

# Cache rules
refresh_pattern -i \.jpg$ 10080 90% 43200
refresh_pattern -i \.html$ 1440 90% 3600

# Transparent proxy
http_port 3128 transparent

Q1760: How do you configure FTP server?

Answer:

# Install vsftpd
apt install vsftpd

# Configure
# /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES

# Enable SSL
ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

# Chroot users
chroot_local_user=YES
allow_writeable_chroot=YES

# User list
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

# Start service
systemctl start vsftpd
systemctl enable vsftpd

Linux Security Advanced

Q1761: How do you implement intrusion detection?

Answer:

# Install AIDE
apt install aide

# Configure
# /etc/aide/aide.conf
database=file:/var/lib/aide/aide.db
database_out=file:/var/lib/aide/aide.db.new

# Rules
Fip = p+i+n+u+g+s+m+c+md5+sha256
Lnx = p+u+g+i+n+S

# Files to monitor
/etc Fip
/bin Lnx
/sbin Lnx

# Initialize database
aideinit

# Check integrity
aide --check

# Schedule checks
# /etc/cron.d/aide
0 5 * * * root /usr/bin/aide --check | mail -s "AIDE Report" admin@example.com

Q1762: How do you configure fail2ban?

Answer:

# Install fail2ban
apt install fail2ban

# Configure
# /etc/fail2ban/jail.local
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log

[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https

[apache2]
enabled = true
port = http,https

# Custom filter
# /etc/fail2ban/filter.d/custom.conf
[Definition]
failregex = <HOST> - .* "GET /admin

# Start service
systemctl start fail2ban

# Check status
fail2ban-client status
fail2ban-client status sshd

Q1763: How do you implement IPTables firewall?

Answer:

# Flush existing rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t mangle -F

# Default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Loopback
iptables -A INPUT -i lo -j ACCEPT

# Established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# SSH
iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT

# HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Rate limiting
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP

# Save rules
iptables-save > /etc/iptables/rules.v4

Q1764: How do you configure AppArmor?

Answer:

# Install AppArmor
apt install apparmor apparmor-utils

# Check status
aa-status

# Create profile
aa-genprof /usr/bin/myapp

# Profile example
# /etc/apparmor.d/usr.bin.myapp
#include <tunables/global>
/usr/bin/myapp {
    #include <abstractions/base>
    /etc/myapp/** r,
    /var/log/myapp/* rw,
    network inet stream,
}

# Enforce mode
aa-enforce /usr/bin/myapp

# Complain mode (testing)
aa-complain /usr/bin/myapp

# Reload profile
apparmor_parser -r /etc/apparmor.d/usr.bin.myapp

Q1765: How do you configure SELinux?

Answer:

# Check status
getenforce
sestatus

# Set mode
setenforce 1  # Enforcing
setenforce 0  # Permissive

# Configure
# /etc/selinux/config
SELINUX=enforcing
SELINUXTYPE=targeted

# Manage contexts
chcon -t httpd_sys_content_t /var/www/html/index.html

# Make persistent
semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
restorecon -Rv /web

# Boolean values
getsebool -a
setsebool -P httpd_can_network_connect on

# Create module
# myapp.te
module myapp 1.0;
require { type httpd_t; }
allow httpd_t self:tcp_socket { accept listen };

# Compile and install
checkmodule -M -m -o myapp.mod myapp.te
semodule_package -o myapp.pp -m myapp.mod
semodule -i myapp.pp

Linux Performance Tuning

Q1766: How do you tune CPU performance?

Answer:

# View CPU info
lscpu
cat /proc/cpuinfo

# CPU frequency scaling
cpupower frequency-info
cpupower frequency-set -g performance

# Set CPU affinity
taskset -c 0-3 myapp

# Process priority
nice -n 10 myapp
renice 5 -p $(pgrep myapp)

# Disable turbo boost (if needed)
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo

# CFS scheduler tuning
# /etc/sysctl.conf
kernel.sched_latency_ns = 10000000
kernel.sched_min_granularity_ns = 1000000
kernel.sched_wakeup_granularity_ns = 2000000

Q1767: How do you tune memory performance?

Answer:

# View memory
free -h
cat /proc/meminfo

# Swappiness
# /etc/sysctl.conf
vm.swappiness=10
vm.vfs_cache_pressure=50

# Drop caches
sync && echo 3 > /proc/sys/vm/drop_caches

# Huge pages
# /etc/sysctl.conf
vm.nr_hugepages=1024

# Memory overcommit
# /etc/sysctl.conf
vm.overcommit_memory=1
vm.overcommit_ratio=50

# Transparent huge pages
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag

# Enable
sysctl -p

Q1768: How do you tune I/O performance?

Answer:

# Check I/O scheduler
cat /sys/block/sda/queue/scheduler

# Set scheduler
echo deadline > /sys/block/sda/queue/scheduler

# Make permanent
# /etc/udev/rules.d/60-ioschedulers.rules
ACTION=="add|change", KERNEL=="sda", SUBSYSTEM=="block", ATTR{queue/scheduler}="deadline"

# I/O priorities
ionice -c 2 -n 0 -p $(pgrep myapp)

# Read ahead
cat /sys/block/sda/queue/read_ahead_kb
echo 4096 > /sys/block/sda/queue/read_ahead_kb

# Queue depth
cat /sys/block/sda/queue/nr_requests
echo 1024 > /sys/block/sda/queue/nr_requests

# Filesystem options
# /etc/fstab
/dev/sda1 / ext4 noatime,nodiratime,errors=remount-ro 0 1

Q1769: How do you tune network performance?

Answer:

/etc/sysctl.conf

# Network buffer sizes
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 65536 16777216

# TCP tuning
net.ipv4.tcp_congestion_control=cubic
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_max_syn_backlog=8192
net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_keepalive_time=600
net.ipv4.tcp_keepalive_intvl=60

# Enable offloading
ethtool -K eth0 tso on
ethtool -K eth0 gso on
ethtool -K eth0 gro on

# Ring buffer
ethtool -G eth0 rx 4096 tx 4096

# Apply
sysctl -p

Q1770: How do you use performance monitoring tools?

Answer:

# System monitoring
top
htop
atop

# Process monitoring
pidstat -p <pid> 1
ps aux --sort=-%cpu | head

# CPU monitoring
mpstat -P ALL 1
sar -u 1

# Memory monitoring
vmstat 1
sar -r 1

# I/O monitoring
iostat -xz 1
iotop

# Network monitoring
nethogs
iftop
sar -n DEV 1

# Full analysis
perf record -g ./myapp
perf report

# System resource usage
ss -s
netstat -s

Linux Container Management

Q1771: How do you configure Docker networking?

Answer:

# Create custom network
docker network create --driver bridge mynetwork
docker network create --driver overlay myoverlay

# Network inspection
docker network inspect bridge

# Connect container
docker network connect mynetwork container

# Port mapping
docker run -d -p 8080:80 nginx

# Host network
docker run --network host nginx

# DNS configuration
docker run --dns 8.8.8.8 nginx
docker run --network-alias db mysql

# Macvlan
docker network create -d macvlan \
  --subnet=192.168.1.0/24 \
  --gateway=192.168.1.1 \
  -o parent=eth0 mymacvlan

Q1772: How do you manage Docker volumes?

Answer:

# Create volume
docker volume create mydata

# Mount volume
docker run -v mydata:/data mysql

# Bind mount
docker run -v /host/path:/container/path nginx

# tmpfs mount
docker run --tmpfs /tmp nginx

# List volumes
docker volume ls

# Inspect volume
docker volume inspect mydata

# Remove unused volumes
docker volume prune

# Backup volume
docker run --rm -v mydata:/data -v $(pwd):/backup alpine \
  tar cvf /backup/backup.tar /data

Q1773: How do you configure Docker Compose?

Answer:

docker-compose.yml

version: '3.8'
services:
  web:
    build: .
    ports:
      - "8080:80"
    environment:
      - NODE_ENV=production
    volumes:
      - ./data:/data
    depends_on:
      - db
    networks:
      - frontend
      - backend
    restart: always

  db:
    image: postgres:14
    environment:
      POSTGRES_PASSWORD: secret
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - backend

  redis:
    image: redis:alpine
    networks:
      - backend

volumes:
  db-data:

networks:
  frontend:
  backend:

Q1774: How do you secure Docker containers?

Answer:

# Run as non-root
docker run -u 1000:1000 nginx

# Read-only filesystem
docker run --read-only nginx

# Limit capabilities
docker run --cap-drop ALL --cap-add NET_BIND_SERVICE nginx

# Disable networking
docker run --network none nginx

# Resource limits
docker run --memory=256m --cpus=0.5 nginx

# Selinux/AppArmor
docker run --security-opt seccomp:default nginx

# Scan images
trivy image nginx
docker scan nginx

# Best practices
# Use specific versions
# Don't store secrets in images
# Multi-stage builds
# Minimal base images

Q1775: How do you configure Kubernetes networking?

Answer:

# Service
apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  selector:
    app: myapp
  ports:
  - port: 80
    targetPort: 8080
  type: ClusterIP

---
# Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp
spec:
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: myapp
            port:
              number: 80

---
# NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress

Linux Virtualization

Q1776: How do you configure KVM?

Answer:

# Install KVM
apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils

# Verify
kvm-ok

# Create VM
virt-install \
  --name webserver \
  --ram 2048 \
  --disk path=/var/lib/libvirt/images/webserver.qcow2,size=20 \
  --vcpus 2 \
  --os-type linux \
  --os-variant ubuntu22.04 \
  --network bridge=virbr0 \
  --graphics vnc \
  --location 'http://archive.ubuntu.com/ubuntu/dists/jammy/main/installer-amd64/' \
  --extra-args 'console=ttyS0'

# Manage VMs
virsh list --all
virsh start webserver
virsh shutdown webserver
virsh reboot webserver
virsh undefine webserver

# Manage storage pools
virsh pool-list
virsh pool-info default

Q1777: How do you configure libvirt?

Answer:

# Connect to libvirt
virsh --connect qemu:///system

# Create network
virsh net-define /tmp/network.xml
virsh net-start mynetwork
virsh net-autostart mynetwork

# Create storage pool
virsh pool-define-as default dir --target /var/lib/libvirt/images
virsh pool-build default
virsh pool-start default

# Create snapshot
virsh snapshot-create-as webserver --name "before-update"
virsh snapshot-list webserver
virsh snapshot-revert webserver before-update

# Migrate VM
virsh migrate --live webserver qemu+ssh://dest-host/system

# Clone VM
virt-clone --original webserver --name webserver2 --auto-clone

Q1778: How do you configure LXC?

Answer:

# Install LXC
apt install lxc

# Create container
lxc-create -n mycontainer -t ubuntu

# Start container
lxc-start -n mycontainer
lxc-attach -n mycontainer

# Configuration
# /var/lib/lxc/mycontainer/config
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.uts.name = mycontainer
lxc.network.type = veth
lxc.network.link = lxcbr0

# Clone container
lxc-copy -n mycontainer -N mycontainer2

# Snapshot
lxc-snapshot -n mycontainer

# Manage
lxc-ls -f
lxc-info -n mycontainer
lxc-stop -n mycontainer
lxc-destroy -n mycontainer

Q1779: How do you configure NFS?

Answer:

# Install server
apt install nfs-kernel-server

# Configure exports
# /etc/exports
/data 192.168.1.0/24(rw,sync,no_subtree_check,no_root_squash)
/backup 192.168.1.10(rw,sync,all_squash,anonuid=1000,anongid=1000)

# Export
exportfs -a

# Install client
apt install nfs-common

# Mount
mount -t nfs server:/data /mnt/data

# Auto mount
# /etc/fstab
server:/data /mnt/data nfs defaults,_netdev 0 0

# Verify
showmount -e server
mount | grep nfs

Q1780: How do you configure CIFS?

Answer:

# Install client
apt install cifs-utils

# Mount manually
mount -t cifs //server/share /mnt -o user=username

# Auto mount
# /etc/fstab
//server/share /mnt cifs credentials=/root/.smbcredentials,iocharset=utf8 0 0

# Create credentials file
# /root/.smbcredentials
username=smbuser
password=password
domain=WORKGROUP

# Secure credentials
chmod 600 /root/.smbcredentials

# Test
smbclient -L //server -U username

Linux Cloud Integration

Q1781: How do you configure AWS CLI?

Answer:

# Install AWS CLI
apt install awscli

# Configure
aws configure
# AWS Access Key ID: ***
# AWS Secret Access Key: ***
# Region: us-east-1
# Output format: json

# S3 commands
aws s3 ls
aws s3 mb s3://mybucket
aws s3 cp file.txt s3://mybucket/
aws s3 sync ./folder s3://mybucket/folder

# EC2 commands
aws ec2 describe-instances
aws ec2 start-instances --instance-ids i-xxx
aws ec2 stop-instances --instance-ids i-xxx

# IAM
aws iam list-users
aws iam create-user --user-name myuser

# Get instance metadata
curl http://169.254.169.254/latest/meta-data/
curl http://169.254.169.254/latest/user-data/

Q1782: How do you configure cloud-init?

Answer:

cloud-config.yaml

#cloud-config
package_update: true
packages:
  - nginx
  - curl

write_files:
  - path: /var/www/html/index.html
    content: |
      <html><h1>Hello from Cloud-Init</h1></html>
    permissions: '0644'

runcmd:
  - systemctl enable nginx
  - systemctl start nginx
  - echo "192.168.1.10 webserver" >> /etc/hosts

users:
  - name: admin
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      - ssh-rsa AAAA...

# Mount data disk
mounts:
  - [ /dev/sdb, /data, "ext4", "defaults,nofail", "0", "2" ]

Q1783: How do you use Packer?

Answer:

{
  "builders": [{
    "type": "amazon-ebs",
    "region": "us-east-1",
    "source_ami": "ami-0c55b159cbfafe1f0",
    "instance_type": "t2.micro",
    "ssh_username": "ubuntu",
    "ami_name": "myapp-{{timestamp}}"
  }],
  "provisioners": [{
    "type": "shell",
    "inline": [
      "apt-get update",
      "apt-get install -y nginx"
    ]
  }, {
    "type": "ansible",
    "playbook_file": "playbook.yml"
  }]
}

# Build image
packer build template.json

# Validate
packer validate template.json

Q1784: How do you use Terraform?

Answer:

main.tf

provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t3.micro"

  tags = {
    Name = "webserver"
  }

  user_data = <<-EOF
              #!/bin/bash
              yum update -y
              yum install -y nginx
              systemctl start nginx
              EOF
}

resource "aws_security_group" "web" {
  name = "web-sg"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# Commands
terraform init
terraform plan
terraform apply
terraform destroy
terraform show

Q1785: How do you configure Kubernetes?

Answer:

# Install kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/

# Configure
mkdir -p ~/.kube
cp /path/to/admin.conf ~/.kube/config

# Create deployment
kubectl create deployment nginx --image=nginx

# Scale deployment
kubectl scale deployment nginx --replicas=3

# Expose service
kubectl expose deployment nginx --port=80 --type=LoadBalancer

# View resources
kubectl get pods,svc,deployments
kubectl describe pod nginx
kubectl logs nginx

# Apply configuration
kubectl apply -f deployment.yaml
kubectl delete -f deployment.yaml

Linux Automation

Q1786: How do you use Ansible?

Answer:

playbook.yml

- name: Configure webserver
  hosts: webservers
  become: yes

  vars:
    http_port: 80

  tasks:
    - name: Install Apache
      apt:
        name: apache2
        state: present
      when: ansible_os_family == "Debian"

    - name: Start Apache
      service:
        name: apache2
        state: started
        enabled: yes

    - name: Configure Apache
      template:
        src: templates/httpd.conf.j2
        dest: /etc/apache2/apache2.conf
      notify: restart apache

  handlers:
    - name: restart apache
      service:
        name: apache2
        state: restarted

Q1787: How do you use Vagrant?

Answer:

# Vagrantfile
Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/jammy64"

  config.vm.network "private_network", ip: "192.168.33.10"
  config.vm.network "forwarded_port", guest: 80, host: 8080

  config.vm.synced_folder "./data", "/vagrant_data"

  config.vm.provider "virtualbox" do |vb|
    vb.memory = "2048"
    vb.cpus = 2
  end

  config.vm.provision "shell", inline: <<-SHELL
    apt update
    apt install -y apache2
  SHELL
end

# Commands
vagrant up
vagrant ssh
vagrant halt
vagrant destroy
vagrant provision

Q1788: How do you use Chef?

Answer:

cookbook/recipes/default.rb

package 'httpd' do
  action :install
end

service 'httpd' do
  action [:enable, :start]
end

template '/var/www/html/index.html' do
  source 'index.html.erb'
  mode '0644'
end

# Run chef
chef-client --local-mode recipe.rb

# Bootstrap
knife solo bootstrap user@server

Q1789: How do you use Puppet?

Answer:

manifests/site.pp

node 'webserver.example.com' {
  package { 'apache2':
    ensure => installed,
  }

  service { 'apache2':
    ensure     => running,
    enable     => true,
    require    => Package['apache2'],
  }

  file { '/var/www/html/index.html':
    ensure  => file,
    content => template('webserver/index.html.erb'),
    mode    => '0644',
    require => Service['apache2'],
  }
}

# Run
puppet apply manifests/site.pp

Q1790: How do you use Salt?

Answer:

/srv/salt/webserver.sls

apache:
  pkg.installed: []

service.running:
  - name: apache2
  - enable: True
  - require:
    - pkg: apache

apache_config:
  file.managed:
    - name: /etc/apache2/apache2.conf
    - source: salt://apache/apache2.conf
    - require:
      - pkg: apache
    - watch_in:
      - service: apache

# Run
salt '*' state.apply webserver
salt '*' pkg.install nginx
salt '*' service.restart apache2

Linux Troubleshooting

Q1791: How do you debug system issues?

Answer:

# System information
uname -a
cat /etc/os-release
lsb_release -a

# Hardware info
lshw
lspci
lsblk

# System logs
dmesg | tail
journalctl -xe
tail -f /var/log/syslog

# Process status
ps auxf
top
htop

# Resource usage
df -h
free -h
vmstat 1
iostat -xz 1

# Network status
ip addr
ip route
netstat -tulpn
ss -tulpn

# Service status
systemctl status service
systemctl list-failed

Q1792: How do you debug network issues?

Answer:

# Interface status
ip link
ip addr
ethtool eth0

# Routing
ip route
ip route get 8.8.8.8
ip neighbor show

# DNS
dig example.com
getent hosts example.com
cat /etc/resolv.conf

# Connectivity
ping -c 4 8.8.8.8
traceroute 8.8.8.8
mtr -n 8.8.8.8

# Ports
nc -zv host port
telnet host port

# Capture
tcpdump -i eth0 host 192.168.1.1
tcpdump -i eth0 port 80

# Firewall
iptables -L -n -v
firewall-cmd --list-all

Q1793: How do you debug disk issues?

Answer:

# Disk usage
df -h
df -i
du -sh /*

# Find large files
find / -type f -size +100M -exec ls -lh {} \; 2>/dev/null | sort -k5 -h

# I/O stats
iostat -xz 1
sar -d 1

# Mount status
mount
cat /proc/mounts

# Filesystem check
fsck -n /dev/sda1

# SMART status
smartctl -a /dev/sda

# LVM status
lvs
pvs
vgs

# Deleted files
lsof +L1

Q1794: How do you debug service failures?

Answer:

# Service status
systemctl status service
systemctl list-units --failed

# Service logs
journalctl -u service -n 50
journalctl -u service --since "1 hour ago"
journalctl -xe

# Process info
ps auxf | grep service
lsof -p $(pgrep -f service)

# Configuration test
nginx -t
apache2ctl configtest
mysqladmin ping

# Dependencies
systemctl list-dependencies service
systemctl is-active service

# Strace
strace -f -p $(pgrep -f service)
strace -c service

# Limits
cat /proc/$(pgrep -f service)/limits

Q1795: How do you debug performance issues?

Answer:

# CPU
top
htop
mpstat -P ALL 1

# Memory
free -h
vmstat 1

# I/O
iostat -xz 1
iotop

# Network
nethogs
iftop

# System-wide
sar -A 1 5

# Process
perf top
perf record -g -p <pid>
perf report

# Flame graph
git clone https://github.com/brendangregg/FlameGraph.git
perf record -F 99 -g -p <pid>
perf script | ./stackcollapse-perf.pl | ./flamegraph.pl > flame.svg

Linux Backup and Recovery

Q1796: How do you configure automated backups?

Answer:

/usr/local/bin/backup.sh

#!/bin/bash
set -euo pipefail

BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d)
RETENTION_DAYS=30

# Create backup directory
mkdir -p $BACKUP_DIR/{mysql,files,configs}

# Database backup
mysqldump -u root -p --all-databases | gzip > $BACKUP_DIR/mysql/all-$DATE.sql.gz

# Files backup
tar -czf $BACKUP_DIR/files/files-$DATE.tar.gz /var/www/html/ --exclude='*.log'

# Configs backup
tar -czf $BACKUP_DIR/configs/configs-$DATE.tar.gz /etc/

# Clean old backups
find $BACKUP_DIR -type f -mtime +$RETENTION_DAYS -delete

# Report
echo "Backup completed at $(date)"

Q1797: How do you test backup restoration?

Answer:

# Test backup file integrity
gzip -t backup.tar.gz
sha256sum backup.tar.gz

# Test database restoration
mysql -u root -p -e "DROP DATABASE IF EXISTS test_restore;"
mysql -u root -p test_restore < backup.sql
mysql -u root -p -e "SHOW TABLES;" test_restore

# Test file restoration
mkdir /tmp/test_restore
tar -xzf backup.tar.gz -C /tmp/test_restore
ls -la /tmp/test_restore/

# Test in VM
vagrant up test
vagrant ssh test -c "mysql -u root -p mydb < /vagrant/backup.sql"
vagrant ssh test -c "ls /var/www/html/"
vagrant destroy test

Q1798: How do you implement disaster recovery?

Answer:

# DR Plan
# 1. Document critical systems
# 2. Define RTO/RPO
# 3. Create runbooks
# 4. Test regularly

# Recovery steps
# 1. Assess damage
# 2. Provision new infrastructure
# 3. Restore from backups
# 4. Verify services
# 5. Update DNS

# Database recovery
systemctl stop myapp
gunzip < backup.sql | mysql -u root -p mydb

# File recovery
tar -xzf configs.tar.gz -C /

# Verification
systemctl start myapp
curl http://localhost/health

Q1799: How do you implement incremental backups?

Answer:

#!/bin/bash
# Incremental backup with tar

SOURCE="/data"
BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d)

# Full backup on Sunday
if [ $(date +%w) -eq 0 ]; then
    echo "Creating full backup"
    rm -rf $BACKUP_DIR/full
    tar -czf $BACKUP_DIR/full.tar.gz -g $BACKUP_DIR/snapshot $SOURCE/
else
    # Incremental backup
    echo "Creating incremental backup"
    tar -czf $BACKUP_DIR/inc-$DATE.tar.gz -g $BACKUP_DIR/snapshot $SOURCE/
fi

# Retention
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete

# Restore incremental
# tar -xzf full.tar.gz
# tar -xzf inc-20240102.tar.gz
# tar -xzf inc-20240103.tar.gz

Q1800: How do you configure remote backup?

Answer:

#!/bin/bash
# Remote backup using rsync over SSH

SOURCE="/data"
REMOTE_USER="backup"
REMOTE_HOST="backup-server.example.com"
REMOTE_DIR="/backups/$(hostname)"

# Rsync over SSH with compression
rsync -avz --delete \
    -e "ssh -i /root/.ssh/backup_key" \
    --exclude='*.tmp' \
    $SOURCE/ $REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/

# Verify
rsync -avzn -e "ssh" $SOURCE/ $REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/

# Daily incremental with link-dest
rsync -avz --delete \
    -e "ssh" \
    --link-dest=$REMOTE_DIR/previous \
    $SOURCE/ $REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR/current

Linux High Availability

Q1801: How do you configure Keepalived?

Answer:

# Install
apt install keepalived

# Configure
# /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100

    virtual_ipaddress {
        192.168.1.100/24
    }

    track_interface {
        eth0 weight -20
    }

    authentication {
        auth_type PASS
        auth_pass secret123
    }
}

# Backup configuration
# state BACKUP
# priority 90

Q1802: How do you configure HAProxy?

Answer:

# Install
apt install haproxy

# Configure
# /etc/haproxy/haproxy.cfg
global
    log /dev/log local0
    maxconn 4096
    user haproxy
    group haproxy

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull

frontend http_front
    bind *:80
    default_backend app_servers

backend app_servers
    balance roundrobin
    option httpchk GET /health
    server app1 192.168.1.10:8080 check inter 2000 fall 3 rise 2
    server app2 192.168.1.11:8080 check inter 2000 fall 3 rise 2

Q1803: How do you configure Corosync?

Answer:

# Install
apt install pacemaker corosync pcs

# Configure corosync
# /etc/corosync/corosync.conf
totem {
    version: 2
    cluster_name: mycluster
    transport: udpu
}

nodelist {
    node {
        ring0_addr: node1.example.com
        nodeid: 1
    }
    node {
        ring0_addr: node2.example.com
        nodeid: 2
    }
}

quorum {
    provider: corosync_votequorum
    expected_votes: 2
}

# Setup cluster
pcs host auth node1 node2
pcs cluster setup mycluster node1 node2
pcs cluster start --all
pcs cluster enable --all

Q1804: How do you configure Pacemaker?

Answer:

# Create resource
pcs resource create VirtualIP ocf:heartbeat:IPaddr2 \
  ip=192.168.1.100 cidr_netmask=24 op monitor interval=30s

pcs resource create WebService ocf:heartbeat:apache \
  configfile=/etc/apache2/apache2.conf \
  op monitor interval=30s

# Constraints
pcs constraint colocation add WebService VirtualIP INFINITY
pcs constraint order VirtualIP then WebService

# Stickiness
pcs resource meta WebService resource-stickiness=100

# Failover
pcs constraint location WebService prefers node1=50

# View status
pcs status
pcs resource show

Q1805: How do you configure DRBD?

Answer:

# Install
apt install drbd-utils

# Configure
# /etc/drbd.d/web.res
resource web {
    protocol C;

    on node1 {
        device /dev/drbd0;
        disk /dev/sdb1;
        address 192.168.1.10:7788;
        meta-disk internal;
    }

    on node2 {
        device /dev/drbd0;
        disk /dev/sdb1;
        address 192.168.1.11:7788;
        meta-disk internal;
    }
}

# Initialize
drbdadm create-md web
drbdadm up web

# Primary
drbdadm primary --force web

# Filesystem
mkfs.xfs /dev/drbd0
mount /dev/drbd0 /var/www

# Status
cat /proc/drbd

Linux Scripting Advanced

Q1806: How do you write efficient bash scripts?

Answer:

#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

# Use functions
log() {
    echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*"
}

# Use arrays
files=("file1" "file2" "file3")
for file in "${files[@]}"; do
    [[ -f "$file" ]] || continue
    process "$file"
done

# Process efficiently
while IFS= read -r line; do
    ((count++))
done < <(grep -r "pattern" .)

# Parallel processing
parallel -j 4 process {} ::: *.log

Q1807: How do you parse JSON in bash?

Answer:

# Using jq
cat data.json | jq '.name'
cat data.json | jq '.items[].value'
cat data.json | jq '.items[] | select(.id > 5)'

# Create JSON
jq -n '{name: "test", items: [1,2,3]}'

# Modify
jq '.name = "new"' data.json

# Filter
jq '.items[] | select(.age > 25)' data.json

Q1808: How do you use awk?

Answer:

# Basic
awk '{print $1}' file.txt

# Field separator
awk -F: '{print $1, $6}' /etc/passwd

# Conditional
awk '$3 > 1000 {print $1, $3}' /etc/passwd

# Calculations
awk '{sum+=$1} END {print sum}' numbers.txt

# Patterns
awk '/ERROR/ {print}' logfile

# Multiple fields
awk '{for(i=1;i<=NF;i++) sum[i]+=$i} END {for(i in sum) print i, sum[i]}' file.txt

Q1809: How do you use sed?

Answer:

# Replace
sed 's/old/new/' file.txt
sed 's/old/new/g' file.txt
sed -i 's/old/new/g' file.txt

# Delete lines
sed '/pattern/d' file.txt
sed '1,5d' file.txt

# Insert
sed '1i\Header' file.txt

# Regex
sed -E 's/[0-9]{4}/[REDACTED]/g' file.txt

# In-place with backup
sed -i.bak 's/old/new/g' file.txt

Q1810: How do you write Python scripts?

Answer:

#!/usr/bin/env python3
import subprocess
import json
import sys

def run_command(cmd):
    result = subprocess.run(
        cmd, shell=True, capture_output=True, text=True
    )
    return result.stdout.strip()

def main():
    # Get system info
    cpu = run_command("nproc")
    mem = run_command("free -h | awk '/^Mem:/ {print $2}'")

    # Process JSON
    with open('config.json') as f:
        config = json.load(f)

    # Output
    result = {"cpu": cpu, "memory": mem, "config": config}
    print(json.dumps(result, indent=2))

    return 0

if __name__ == "__main__":
    sys.exit(main())

Linux Security Advanced

Q1811: How do you implement user authentication?

Answer:

/etc/pam.d/common-auth

# PAM configuration
auth required pam_tally2.so deny=3 unlock_time=600

# Password policy
# /etc/pam.d/common-password
password required pam_pwhistory.so remember=5
password requisite pam_cracklib.so try_first_pass retry=3 minlen=12

# Account expiry
# /etc/login.defs
PASS_MAX_DAYS 90
PASS_MIN_DAYS 1
PASS_WARN_AGE 14

# User expiry
passwd -x 90 -w 14 -n 1 username

Q1821: How do you implement system monitoring?

Answer:

# Prometheus + node_exporter
# Install
apt install prometheus-node-exporter

# Configure
# /etc/default/prometheus
ARGS="--collector.interval=30s"

# Start service
systemctl start prometheus-node-exporter
systemctl enable prometheus-node-exporter

# Metrics
curl http://localhost:9100/metrics

Q1822: How do you configure Grafana?

Answer:

# Install
apt install grafana

# Configure datasource
# HTTP URL: http://localhost:9090

# Create dashboard
# Add panel with query
# node_exporter metrics:
# - node_cpu_seconds_total
# - node_memory_MemAvailable_bytes
# - node_filesystem_avail_bytes

Q1823: How do you use ELK stack?

Answer:

# Install Elasticsearch
apt install elasticsearch

# Configure
# /etc/elasticsearch/elasticsearch.yml
cluster.name: mycluster
network.host: 0.0.0.0

# Install Kibana
apt install kibana
# /etc/kibana/kibana.yml
# server.host: "0.0.0.0"

# Install Logstash
apt install logstash

# Configure Filebeat
apt install filebeat
# /etc/filebeat/filebeat.yml
filebeat.inputs:
  - type: log
    paths:
      - /var/log/*.log
output.logstash:
  hosts: ["localhost:5044"]

Q1824: How do you configure Nagios?

Answer:

# Install
apt install nagios4

# Create check script
# /usr/local/nagios/lib/check_disk.sh
#!/bin/bash
USAGE=$(df -h / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$USAGE" -gt 90 ]; then
    echo "CRITICAL - Disk usage is ${USAGE}%"
    exit 2
fi
echo "OK - Disk usage is ${USAGE}%"
exit 0

# Configure service
# /etc/nagios4/conf.d/services.cfg
define service{
    host_name           localhost
    service_description Disk Usage
    check_command       check_disk
}

Q1825: How do you configure Zabbix?

Answer:

# Install Zabbix server
apt install zabbix-server-mysql zabbix-frontend-php

# Configure database
mysql -u root -p
CREATE DATABASE zabbix CHARACTER SET utf8 COLLATE utf8_bin;
CREATE USER 'zabbix'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost';
FLUSH PRIVILEGES;
quit;

# Import schema
zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql -u zabbix -p zabbix

# Configure Zabbix
# /etc/zabbix/zabbix_server.conf
DBPassword=password

# Start services
systemctl start zabbix-server
systemctl start apache2

Linux Expert Topics

Q1826: How do you implement zero trust security?

Answer:

# Network policies (Kubernetes)
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  - Egress
EOF

# iptables zero trust
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

# mTLS
# Use service mesh (Istio) for automatic mTLS

Q1827: How do you implement chaos engineering?

Answer:

# Install Chaos Mesh
helm repo add chaos-mesh https://charts.chaos-mesh.org
helm install chaos-mesh chaos-mesh/chaos-mesh -n chaos-mesh --create-namespace

# Create experiment
apiVersion: chaos-mesh.org/v1alpha1
kind: PodChaos
metadata:
  name: pod-failure
spec:
  action: pod-failure
  mode: one
  duration: 60s
  selector:
    namespaces:
      - default

# Apply
kubectl apply -f experiment.yaml

Q1828: How do you implement GitOps?

Answer:

# Install ArgoCD
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

# Create application
kubectl apply -f - <<EOF
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: myapp
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/org/repo.git
    targetRevision: HEAD
    path: k8s
  destination:
    server: https://kubernetes.default.svc
    namespace: default
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
EOF

Q1829: How do you implement service mesh?

Answer:

# Install Istio
curl -L https://istio.io/downloadIstio | sh -
istioctl install --set profile=demo

# Enable injection
kubectl label namespace default istio-injection=enabled

# Deploy application
kubectl apply -f app.yaml

# Configure mTLS
kubectl apply -f - <<EOF
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
  name: default
spec:
  mtls:
    mode: STRICT
EOF

# Configure traffic
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
  name: myapp
spec:
  hosts:
  - myapp
  http:
  - route:
    - destination:
        host: myapp
        subset: v1
      weight: 90
    - destination:
        host: myapp
        subset: v2
      weight: 10

Q1830: How do you implement edge computing?

Answer:

# Install K3s
curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--write-kubeconfig-mode 644" sh -

# Install KubeEdge
# Cloud node
helm install cloudcore kubeedge/cloudcore --namespace kubeedge

# Edge node
wget https://github.com/kubeedge/kubeedge/releases/download/v1.12.0/kubeedge_1.12.0_linux_amd64.tar.gz
tar -xzf kubeedge_1.12.0_linux_amd64.tar.gz
edgecore --config=/etc/kubeedge/config/edgecore.yaml

# Deploy to edge
kubectl apply -f deployment.yaml

Q1831: How do you implement supply chain security?

Answer:

# Dependency scanning
# Snyk
npm install -g snyk
snyk test

# Trivy for containers
trivy image myimage:latest
trivy image --severity HIGH,CRITICAL myimage:latest

# SBOM generation
# Syft
syft myimage:latest

# Cosign for signing
cosign sign myimage:latest
cosign verify myimage:latest

# GitHub Dependabot
# Enable in repo settings
# .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"

Q1832: How do you implement cost optimization?

Answer:

# Right-sizing
# AWS
aws ec2 describe-instance-types --instance-type t3.micro

# Reserved instances
# Purchase for steady workloads

# Spot instances
# Use for fault-tolerant workloads

# Autoscaling
# Scale in when not needed

# Storage lifecycle
# Move cold data to Glacier
aws s3api put-bucket-lifecycle-configuration --bucket mybucket \
  --lifecycle-configuration file://lifecycle.json

# Budget alerts
aws budgets create-budget \
  --account-id 123456789012 \
  --budget file://budget.json

Q1833: How do you implement compliance automation?

Answer:

# OPA Gatekeeper
# Install
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper-library/master/library/general/allownswidgetpolicies/template.yaml

# Policy example
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sRequiredLabels
metadata:
  name: require-labels
spec:
  match:
    kinds:
      - apiGroups: [""]
        kinds: ["Namespace"]
  parameters:
    labels:
      - key: "environment"

Q1834: How do you implement data governance?

Answer:

# Data classification
# Public, Internal, Confidential, Restricted

# Encryption at rest
# LUKS
cryptsetup luksFormat /dev/sdb1

# Encryption in transit
# TLS everywhere

# Access control
# IAM policies
# Database permissions

# Data loss prevention
# Block sensitive data exfiltration

# Audit logging
# Track all access

Q1835: How do you implement FinOps?

Answer:

# Visibility
# Tag all resources
# Environment, Team, Project

# Monitoring
# AWS Cost Explorer
# Budget alerts

# Optimization
# Right-size instances
# Use savings plans
# Spot instances

# Showback
# Report costs by team

# Automation
# Terminate unused resources
# Move cold data to cheaper storage

Linux Interview Scenarios

Q1836: How do you handle a production outage?

Answer:

# 1. Detection
# Monitor alerts
# User reports

# 2. Assessment
# Check severity
# Determine impact

# 3. Communication
# Create incident channel
# Update status page

# 4. Mitigation
# Stop bleeding
# Restore service

# 5. Resolution
# Fix root cause

# 6. Post-incident
# Document timeline
# Identify root cause
# Action items

Q1837: How do you troubleshoot slow database queries?

Answer:

# Check slow queries
# PostgreSQL
# pg_stat_statements
# EXPLAIN ANALYZE

# MySQL
# SHOW PROCESSLIST
# EXPLAIN

# Check indexes
# Missing indexes
# Outdated statistics

# Fixes
# Add indexes
# Rewrite queries
# Tune configuration
# Scale horizontally

Q1838: How do you design a backup strategy?

Answer:

# 3-2-1 rule
# 3 copies of data
# 2 different storage types
# 1 offsite copy

# Backup types
# Full backup: Daily
# Incremental: Hourly
# Transaction logs: Every 15 minutes

# Retention
# Daily: 7 days
# Weekly: 4 weeks
# Monthly: 12 months
# Yearly: 7 years

# Testing
# Monthly restoration tests

Q1839: How do you secure a Linux server?

Answer:

# Updates
# Regular patching

# Firewall
# Configure iptables/firewalld

# SELinux/AppArmor
# Enable and configure

# Users
# Disable root login
# SSH keys only

# Services
# Disable unused

# Network
# Harden kernel parameters

# Monitoring
# Enable audit logging

# Encryption
# Full disk encryption
# TLS everywhere

Q1840: How do you design a monitoring system?

Answer:

# Components
# 1. Metrics: Prometheus
# 2. Logs: ELK/Loki
# 3. Traces: Jaeger

# 4. Alerting: AlertManager

# 5. Dashboards: Grafana

# Implementation
# - Install exporters
# - Configure scrape intervals
# - Set up alerts
# - Create dashboards

# Best practices
# - Alert on symptoms
# - Avoid alert fatigue
# - Have runbooks

Q1841: How do you optimize Linux performance?

Answer:

# 1. CPU
# Tune scheduler
# Process priority
# CPU affinity

# 2. Memory
# Swappiness
# Huge pages
# Cache tuning

# 3. I/O
# I/O scheduler
# Filesystem choice
# Mount options

# 4. Network
# Buffer sizes
# TCP tuning
# Offloading

# 5. Kernel
# Update regularly
# Tune parameters

Q1842: How do you implement disaster recovery?

Answer:

# Define RTO/RPO
# Recovery Time Objective
# Recovery Point Objective

# Strategy
# Backup & Restore
# Pilot Light
# Warm Standby
# Multi-region

# Implementation
# Automated backups
# Replication
# Infrastructure as Code

# Testing
# Regular DR tests

# Documentation
# Runbooks
# Contact list

Q1843: How do you implement zero-downtime deployment?

Answer:

# Strategies
# 1. Rolling update
kubectl rolling-update myapp --image=myapp:v2

# 2. Blue-green
# Deploy to green
# Test
# Switch traffic

# 3. Canary
# Route 10% to new version
# Monitor
# Gradually increase

# 4. Feature flags
# Toggle features without deployment

Q1844: How do you handle capacity planning?

Answer:

# Current state
# Measure utilization
sar -u 1
sar -r 1
sar -d 1

# Trends
# Analyze growth rate

# Forecasting
# Predict future needs

# Planning
# Add capacity proactively

# Optimization
# Right-size resources
# Use automation

Q1845: How do you implement compliance?

Answer:

# Framework
# SOC 2, PCI-DSS, HIPAA, GDPR

# Controls
# Access control
# Encryption
# Monitoring
# Auditing

# Automation
# Policy as Code

# Evidence
# Automated collection

# Training
# Security awareness

# Testing
# Vulnerability scans
# Penetration tests

Q1846: How do you design for scale?

Answer:

# Horizontal scaling
# Stateless applications
# Load balancers
# Auto-scaling

# Database scaling
# Read replicas
# Sharding
# Caching

# Caching
# Redis/Memcached
# CDN

# Async
# Message queues

# Optimization
# Profiling
# Database tuning

# Monitoring
# Early detection

Q1847: How do you implement observability?

Answer:

# Metrics
# Prometheus
# Custom metrics

# Logs
# Structured logging
# ELK/Loki

# Traces
# Distributed tracing

# Correlation
# Trace IDs
# Request IDs

# Alerting
# Based on SLOs

# Dashboards
# Service overview
# Troubleshooting

# Post-mortems
# Blameless analysis

Q1848: How do you secure containers?

Answer:

# Images
# Minimal base
# No secrets
# Scan for vulnerabilities

# Runtime
# Non-root user
# Read-only root
# Resource limits

# Network
# Network policies
# Service mesh

# Orchestrator
# RBAC
# Pod security

# Secrets
# Use secrets manager

Q1849: How do you implement infrastructure as code?

Answer:

# Version control
# Git

# Modules
# Reusable components

# State management
# Remote state
# State locking

# Testing
# Validate
# Plan

# CI/CD
# Automated deployment

# Drift detection
# Detect changes

Q1850: How do you manage secrets in CI/CD?

Answer:

# Never commit secrets

# Use secrets management
# HashiCorp Vault
# AWS Secrets Manager
# Azure Key Vault

# Environment variables
# Inject at runtime

# CI/CD integration
# GitHub Secrets
# GitLab CI variables

# Rotation
# Auto-rotate secrets

# Audit
# Log access

Q1851: How do you design a secure network?

Answer:

# Segmentation
# DMZ
# Internal
# Database

# Firewall
# Whitelist approach
# Default deny

# Encryption
# TLS everywhere
# VPN for access

# Monitoring
# IDS/IPS
# NetFlow

# DDoS protection
# CDN
# WAF
# Rate limiting

Q1852: How do you handle database failover?

Answer:

# Automatic detection
# Health checks

# Failover process
# Promote replica
# Update DNS

# Application handling
# Connection retry
# Circuit breakers

# Monitoring
# Alert on failover

# Testing
# Regular drills

Q1853: How do you implement caching?

Answer:

# CDN
# Static assets

# Application cache
# Redis
# Memcached

# Database cache
# Query cache
# Buffer pool

# Browser cache
# Headers

# Invalidation
# TTL
# Cache busting
# Patterns

Q1854: How do you design for high availability?

Answer:

# Redundancy
# Multiple AZs
# Multiple regions

# Load balancing
# Health checks
# Failover

# Data replication
# Synchronous
# Asynchronous

# Monitoring
# Fast detection

# Automation
# Self-healing

# Testing
# Chaos engineering

Q1855: How do you secure Kubernetes?

Answer:

# RBAC
# Least privilege

# Network policies
# Default deny

# Pod security
# Standards

# Secrets
# External

# Images
# Scanning

# Runtime
# Falco

# Updates
# Regular

Q1856: How do you design API security?

Answer:

# Authentication
# OAuth 2.0
# JWT

# Authorization
# RBAC
# Scopes

# Rate limiting
# Throttling

# Input validation
# Sanitization

# TLS
# Encryption

# Monitoring
# Anomaly detection

Q1857: How do you implement logging?

Answer:

# Format
# JSON
# Structured

# Levels
# DEBUG, INFO, WARN, ERROR

# Correlation
# Trace IDs

# Rotation
# Logrotate

# Aggregation
# ELK/Loki

# Retention
# Policy

Q1858: How do you design for security?

Answer:

# Defense in depth
# Multiple layers

# Least privilege
# Minimize access

# Zero trust
# Verify always

# Encryption
# Everywhere

# Monitoring
# Continuous

# Automation
# Respond fast

Q1859: How do you implement incident response?

Answer:

# Preparation
# Runbooks
# Tools

# Detection
# Alerts

# Containment
# Isolate

# Eradication
# Fix

# Recovery
# Restore

# Lessons learned
# Post-mortem

Q1860: How do you optimize cloud costs?

Answer:

# Right-sizing
# Match needs

# Reservations
# Steady state

# Spot
# Fault-tolerant

# Automation
# Scale down

# Cleanup
# Unused resources

# Monitoring
# Alerts

Q1861: How do you implement change automation?

Answer:

# GitOps
# All changes in Git

# CI/CD
# Automated testing

# Approval gates
# Manual steps

# Rollback
# Automatic

# Monitoring
# Quick detection

Q1862: How do you design for failure?

Answer:

# Redundancy
# Multiple copies

# Graceful degradation
# Partial service

# Circuit breakers
# Prevent cascade

# Bulkheads
# Isolate

# Recovery
# Fast

# Testing
# Chaos

Q1863: How do you implement access control?

Answer:

# Authentication
# MFA

# Authorization
# RBAC

# Least privilege
# Minimal access

# Audit
# Log access

# Review
# Regular

Q1864: How do you secure data?

Answer:

# Classification
# Sensitivity

# Encryption
# At rest
# In transit

# Access control
# Need to know

# Backup
# Encrypted

# Monitoring
# Audit

Q1865: How do you design APIs?

Answer:

# REST
# Resources
# HTTP verbs

# Versioning
# URL path

# Error handling
# Consistent

# Pagination
# Large sets

# Rate limiting
# Throttle

# Documentation
# OpenAPI

Q1866: How do you implement service mesh?

Answer:

# Traffic management
# Routing

# Security
# mTLS

# Observability
# Tracing

# Resilience
# Retries

# Tools
# Istio
# Linkerd
# Consul Connect

Q1867: How do you optimize databases?

Answer:

# Indexing
# Proper indexes

# Query optimization
# EXPLAIN

# Caching
# Use cache

# Connection pooling
# Pool

# Scaling
# Read replicas
# Sharding

# Configuration
# Tune parameters

Q1868: How do you implement secrets management?

Answer:

# Centralized
# Vault

# Rotation
# Auto

# Audit
# Log access

# Encryption
# Encrypt

# Access control
# Least privilege

Q1869: How do you design for disasters?

Answer:

# Backup
# Regular

# Replication
# Cross-region

# Automation
# Fast recovery

# Testing
# Regular

# Documentation
# Runbooks

Q1870: How do you implement observability?

Answer:

# Metrics
# Prometheus

# Logs
# ELK

# Traces
# Jaeger

# Correlation
# Trace IDs

# Alerting
# SLO-based

Q1871: How do you handle kernel upgrades?

Answer:

# Test in staging
# Check compatibility
# Backup
# Schedule window
# Apply
# Monitor
# Rollback plan

Q1872: How do you design multi-tenant systems?

Answer:

# Isolation
# Namespaces
# RBAC

# Quotas
# Resources

# Billing
# Usage tracking

# Data separation
# Logical/physical

# Network
# Segmentation

Q1873: How do you implement edge computing?

Answer:

# Lightweight K8s
# K3s

# Data processing
# Local first

# Sync
# Periodic

# Security
# Edge-specific

# Management
# Centralized

Q1874: How do you optimize Linux for containers?

Answer:

# OS
# Minimal OS

# Kernel
# Tuned for containers

# Storage
# Overlay2

# Network
# CNI

# Runtime
# containerd

# Security
# Hardened

Q1875: How do you design for GDPR?

Answer:

# Data minimization
# Collect less

# Consent
# Explicit

# Right to erasure
# Delete capability

# Portability
# Export data

# Breach notification
# Process

# DPO
# Appoint

Q1876: How do you implement zero-downtime patching?

Answer:

# Blue-green
# Two environments

# Canary
# Gradual

# Rolling
# One by one

# Health checks
# Before switch

# Rollback
# Quick

Q1877: How do you design for IoT?

Answer:

# Edge
# Local processing

# Protocol
# MQTT

# Security
# Device auth

# Scale
# Millions

# OTA updates
# Secure

Q1878: How do you implement RBAC?

Answer:

# Roles
# Define

# Permissions
# Map

# Assignment
# Users

# Audit
# Regular review

# Tools
# LDAP integration

Q1879: How do you optimize network performance?

Answer:

# Offloading
# Hardware

# Buffer tuning
# TCP

# Compression
# Accept encoding

# CDN
# Static

# Keepalive
# HTTP

Q1880: How do you design for mobile?

Answer:

# API design
# Efficient

# Compression
# gz/brotli

# Caching
# Aggressive

# Offline
# PWA

# Security
# Certificate pinning

Q1881: How do you implement chaos engineering?

Answer:

# Define steady state
# What works

# Hypothesize
# What will fail

# Experiment
# Inject failure

# Learn
# Observe

# Improve
# Fix

# Tools
# Chaos Mesh
# Litmus
# Gremlin

Q1882: How do you implement immutable infrastructure?

Answer:

# Images
# Pre-built

# No changes
# Rebuild

# Versioned
# All

# Rollback
# Previous image

# Tools
# Packer
# Container

Q1883: How do you design for high performance?

Answer:

# Profiling
# Find bottleneck

# Optimization
# Targeted

# Caching
# Multi-layer

# Async
# Non-blocking

# Scaling
# Horizontal

Q1884: How do you implement multi-cloud?

Answer:

# Abstraction
# Terraform

# Portability
# Container

# Vendor lock-in
# Avoid

# Data
# Strategy

# Operations
# Unified

Q1885: How do you implement cost allocation?

Answer:

# Tagging
# All resources

# Tracking
# By team/project

# Reporting
# Regular

# Budgets
# Alerts

# Showback
# Chargeback

Q1886: How do you implement compliance automation?

Answer:

# Policy as code
# OPA

# Scanning
# Automated

# Evidence
# Auto-collect

# Remediation
# Auto-fix

# Audit
# Regular

Q1887: How do you implement API rate limiting?

Answer:

# Token bucket
# Leaky bucket

# Per-user
# By key

# Headers
# Rate limit

# Response
# 429

# Throttling
# Graceful

Q1888: How do you design for IoT security?

Answer:

# Device identity
# Certificates

# OTA updates
# Signed

# Network
# Segmentation

# Data
# Encryption

# Monitoring
# Anomaly

Q1889: How do you implement infrastructure monitoring?

Answer:

# Metrics
# Collect

# Storage
# Time-series

# Visualization
# Dashboards

# Alerting
# Thresholds

# Analysis
# Trends

Q1890: How do you implement database sharding?

Answer:

# Key strategy
# Choose shard key

# Routing
# Application

# Rebalancing
# Plan

# Cross-shard
# Minimize

# Monitoring
# Performance

Q1891: How do you design for 5G?

Answer:

# Edge computing
# Local processing

# Network slicing
# Dedicated

# Low latency
# Optimization

# Massive IoT
# Scale

Q1892: How do you implement service discovery?

Answer:

# DNS
# Consul

# Health checks
# Registration

# Load balancing
# Client-side

# Failover
# Automatic

Q1893: How do you optimize web performance?

Answer:

# CDN
# Static assets

# Compression
# gz/brotli

# Caching
# Headers

# Minification
# CSS/JS

# Images
# Optimization

Q1894: How do you implement backup verification?

Answer:

# Test restore
# Regular

# Automation
# Script

# Checksums
# Verify

# Documentation
# Procedures

Q1895: How do you design for privacy?

Answer:

# Data minimization
# Collect less

# Encryption
# Strong

# Access control
# Strict

# Audit
# Logging

# Retention
# Policy

Q1896: How do you implement auto-remediation?

Answer:

# Detection
# Alerts

# Classification
# Severity

# Action
# Runbook

# Automation
# Scripts

# Verification
# Confirm fix

Q1897: How do you optimize storage?

Answer:

# Tiering
# Hot/cold

# Compression
# Deduplication

# Lifecycle
# Policies

# Monitoring
# Usage

# Cleanup
# Regular

Q1898: How do you implement MFA?

Answer:

# Factors
# Multiple

# Methods
# TOTP/Push

# Rollout
# Gradual

# Backup
# Recovery codes

# Enforcement
# Policy

Q1899: How do you design for resilience?

Answer:

# Redundancy
# Multiple

# Fault tolerance
# Graceful

# Recovery
# Fast

# Testing
# Chaos

# Monitoring
# Real-time

Q1900: How do you implement cost reporting?

Answer:

# Tagging
# Comprehensive

# Collection
# Automated

# Analysis
# By team

# Visualization
# Dashboards

# Actions
# Optimization

Q1901: How do you design for IoT data?

Answer:

# Collection
# MQTT/HTTP

# Processing
# Stream

# Storage
# Time-series

# Analysis
# Real-time

# Retention
# Policy

Q1902: How do you implement service catalog?

Answer:

# Self-service
# Portal

# Standardization
# Templates

# Governance
# Approval

# Documentation
# Auto-generated

Q1903: How do you optimize database queries?

Answer:

# EXPLAIN
# Analyze

# Indexing
# Strategic

# Rewriting
# Equivalent

# Caching
# Query cache

# Profiling
# Slow queries

Q1904: How do you implement API gateway?

Answer:

# Routing
# Path-based

# Authentication
# JWT

# Rate limiting
# Quotas

# Caching
# Response

# Monitoring
# Usage

Q1905: How do you design for compliance?

Answer:

# Controls
# Framework

# Automation
# Policy

# Evidence
# Collection

# Monitoring
# Continuous

# Audit
# Regular

Q1906: How do you implement incident automation?

Answer:

# Detection
# Automated

# Triage
# Classification

# Response
# Runbooks

# Escalation
# Rules

# Resolution
# Tracking

Q1907: How do you optimize Kubernetes?

Answer:

# Resources
# Requests/limits

# Scheduling
# Affinity

# Networking
# CNI

# Storage
# Classes

# Autoscaling
# HPA/VPA

Q1908: How do you implement data governance?

Answer:

# Classification
# Sensitivity

# Ownership
# Clear

# Quality
# Rules

# Lineage
# Tracking

# Compliance
# Policy

Q1909: How do you design for ML infrastructure?

Answer:

# Data pipeline
# ETL

# Training
# Distributed

# Serving
# Model serving

# Monitoring
# Drift

# MLOps
# Automation

Q1910: How do you implement cloud governance?

Answer:

# Policies
# Guardrails

# Tagging
# Standards

# Cost control
# Budgets

# Security
# Baseline

# Compliance
# Audit

Q1911: How do you design for edge security?

Answer:

# Device auth
# Certificates

# Data encryption
# TLS

# Network
# Segmentation

# Updates
# Signed

# Monitoring
# Centralized

Q1912: How do you implement container orchestration?

Answer:

# Scheduling
# Placement

# Scaling
# Auto

# Networking
# Service mesh

# Storage
# CSI

# Security
# Policies

Q1913: How do you optimize network latency?

Answer:

# CDN
# Geographic

# Caching
# Multi-layer

# Compression
# gz/brotli

# HTTP/2
# Multiplexing

# DNS
# Anycast

Q1914: How do you implement data protection?

Answer:

# Encryption
# At rest/transit

# Access control
# RBAC

# Backup
# Automated

# Monitoring
# Audit

# Incident
# Response

Q1915: How do you design for real-time processing?

Answer:

# Stream processing
# Kafka/Spark

# Low latency
# Optimization

# Scalability
# Horizontal

# Monitoring
# Metrics

# Backpressure
# Handling

Q1916: How do you implement application security?

Answer:

# SDLC
# Secure

# SAST/DAST
# Scanning

# Dependencies
# Scanning

# Runtime
# Protection

# Training
# Developers

Q1917: How do you optimize Linux for databases?

Answer:

# Filesystem
# XFS/ext4

# I/O scheduler
# Deadline/noop

# Memory
# Huge pages

# Network
# Buffer sizes

# Disk
# SSD/NVMe

Q1918: How do you implement data retention?

Answer:

# Policy
# Defined

# Classification
# By type

# Automation
# Scripts

# Compliance
# Legal holds

# Verification
# Regular

Q1919: How do you design for compliance reporting?

Answer:

# Evidence
# Automated

# Framework
# Mapping

# Controls
# Validation

# Audit
# Support

# Remediation
# Tracking

Q1920: How do you implement Kubernetes networking?

Answer:

# CNI plugin
# Calico/Flannel

# Network policies
# Segmentation

# Services
# Types

# Ingress
# Controller

# DNS
# CoreDNS

Q1921: How do you optimize database connections?

Answer:

# Pooling
# Connection pool

# Sizing
# Pool size

# Timeouts
# Configure

# Monitoring
# Active connections

# Tuning
# Database config

Q1922: How do you implement backup automation?

Answer:

# Scheduling
# Cron

# Retention
# Policy

# Verification
# Test restore

# Offsite
# Replication

# Monitoring
# Alerts

Q1923: How do you design for regulatory compliance?

Answer:

# Assessment
# Gap analysis

# Controls
# Implementation

# Monitoring
# Continuous

# Documentation
# Evidence

# Audit
# Support

Q1924: How do you implement service level objectives?

Answer:

# Define
# Metrics

# Measurement
# Collection

# Alerting
# Budget

# Reporting
# Regular

# Improvement
# Action

Q1925: How do you optimize Linux storage?

Answer:

# Filesystem
# Choice

# Mount options
# Tuning

# LVM
# Flexible

# RAID
# Configuration

# Monitoring
# I/O

Q1926: How do you implement network segmentation?

Answer:

# VLANs
# Isolation

# Firewalls
# Zones

# Zero trust
# Micro-segmentation

# Monitoring
# Traffic

# Compliance
# Audit

Q1927: How do you design for ML model serving?

Answer:

# Framework
# TensorFlow Serving

# Scaling
# Horizontal

# A/B testing
# Canary

# Monitoring
# Drift

# Updates
# Rolling

Q1928: How do you implement vulnerability management?

Answer:

# Scanning
# Regular

# Prioritization
# Severity

# Remediation
# Process

# Verification
# Rescan

# Reporting
# Metrics

Q1929: How do you optimize web application security?

Answer:

# WAF
# Deploy

# Headers
# Security

# Input validation
# Sanitization

# SQL injection
# Prevention

# XSS
# Protection

Q1930: How do you design for compliance automation?

Answer:

# Policy as code
# OPA

# Scanning
# Continuous

# Remediation
# Auto

# Evidence
# Collection

# Reporting
# Automated

Q1931: How do you implement incident communication?

Answer:

# Stakeholders
# Identification

# Status page
# Updates

# Channels
# Multiple

# Timing
# Regular

# Post-incident
# Communication

Q1932: How do you optimize Kubernetes resources?

Answer:

# Requests
# Set appropriately

# Limits
# Configure

# HPA
# Auto-scale

# VPA
# Recommendations

# Monitoring
# Usage

Q1933: How do you implement data classification?

Answer:

# Categories
# Public, Internal, Confidential

# Labeling
# Automatic

# Policies
# Based on class

# Training
# Awareness

# Auditing
# Regular

Q1934: How do you design for regulatory requirements?

Answer:

# Framework
# Selection

# Controls
# Implementation

# Monitoring
# Continuous

# Evidence
# Automated

# Audit
# Support

Q1935: How do you implement cost allocation tags?

Answer:

# Tagging policy
# Required tags

# Enforcement
# SCP

# Reporting
# By tag

# Alerts
# Budget

# Optimization
# Action

Q1936: How do you optimize Linux for networking?

Answer:

# Buffer sizes
# Tuning

# Offloading
# Enable

# TCP
# Parameters

# Queue
# Tuning

# Monitoring
# Metrics

Q1937: How do you implement service mesh security?

Answer:

# mTLS
# Enable

# Authorization
# Policies

# Encryption
# Automatic

# Audit
# Logging

# Updates
# Regular

Q1938: How do you design for disaster recovery testing?

Answer:

# Schedule
# Regular

# Scope
# Defined

# Documentation
# Runbooks

# Validation
# Success

# Improvements
# Action items

Q1939: How do you implement API versioning?

Answer:

# Strategy
# URL path

# Deprecation
# Policy

# Documentation
# Swagger

# Migration
# Guide

# Support
# Timeline

Q1940: How do you optimize container images?

Answer:

# Base image
# Minimal

# Layers
# Reduce

# Caching
# Build cache

# Multi-stage
# Build

# Scanning
# Security

Q1941: How do you implement compliance monitoring?

Answer:

# Controls
# Continuous

# Alerts
# Deviation

# Reporting
# Regular

# Remediation
# Tracking

# Audit
# Support

Q1942: How do you design for data pipelines?

Answer:

# Source
# Connectors

# Processing
# ETL/ELT

# Quality
# Validation

# Destination
# Storage

# Monitoring
# Alerts

Q1943: How do you implement zero trust network?

Answer:

# Verify
# Always

# Least privilege
# Access

# Micro-segmentation
# Network

# Encryption
# All traffic

# Monitoring
# Continuous

Q1944: How do you optimize Linux for high availability?

Answer:

# Keepalived
# Configure

# HAProxy
# Tune

# Health checks
# Configure

# Monitoring
# Comprehensive

# Testing
# Regular

Q1945: How do you implement security automation?

Answer:

# Scanning
# Automated

# Remediation
# Auto-fix

# Response
# Playbooks

# Integration
# CI/CD

# Monitoring
# Continuous

Q1946: How do you design for event-driven architecture?

Answer:

# Event sourcing
# Design

# Message broker
# Kafka

# Consumers
# Scaling

# Idempotency
# Handle

# Monitoring
# Events

Q1947: How do you implement infrastructure testing?

Answer:

# Validation
# Terraform

# Integration
# Kitchen

# Compliance
# InSpec

# Security
# Scanning

# Chaos
# Engineering

Q1948: How do you optimize for DevOps?

Answer:

# CI/CD
# Optimize

# Automation
# Everything

# Monitoring
# Feedback

# Collaboration
# Teams

# Culture
# Improvement

Q1949: How do you implement data encryption?

Answer:

# At rest
# LUKS

# In transit
# TLS

# Application
# Field-level

# Keys
# Management

# Rotation
# Policy

Q1950: How do you design for incident recovery?

Answer:

# Detection
# Fast

# Containment
# Quick

# Eradication
# Complete

# Recovery
# Fast

# Post-incident
# Learning

Q1951: How do you implement container security scanning?

Answer:

# Build time
# Scan images

# Registry
# Scan stored

# Runtime
# Scan running

# Policies
# Define

# Automation
# CI/CD

Q1952: How do you optimize Linux for virtualization?

Answer:

# CPU
# Pinning

# Memory
# Overcommit

# Network
# Para-virtual

# Storage
# VirtIO

# Monitoring
# Per-VM

Q1953: How do you implement access certification?

Answer:

# Review schedule
# Quarterly

# Certification
# Campaign

# Remediation
# Tasks

# Exceptions
# Approval

# Reporting
# Audit

Q1954: How do you design for data recovery?

Answer:

# Backups
# Multiple

# Point in time
# Capability

# Testing
# Regular

# Documentation
# Procedures

# Team
# Training

Q1955: How do you implement API authentication?

Answer:

# OAuth 2.0
# Implement

# JWT
# Tokens

# API keys
# Management

# Rotation
# Policy

# Monitoring
# Usage

Q1956: How do you optimize database indexing?

Answer:

# Identify
# Slow queries

# Analyze
# EXPLAIN

# Create
# Appropriate

# Composite
# Order

# Maintenance
# Rebuild

Q1957: How do you implement incident triage?

Answer:

# Classification
# Severity

# Impact
# Assessment

# Prioritization
# Order

# Assignment
# Owner

# Escalation
# Path

Q1958: How do you design for cloud migration?

Answer:

# Assessment
# Discovery

# Planning
# Strategy

# Migration
# Execute

# Validation
# Testing

# Optimization
# Post-migration

Q1959: How do you implement security policies?

Answer:

# Framework
# Define

# Implementation
# Deploy

# Enforcement
# Monitor

# Training
# Awareness

# Review
# Regular

Q1960: How do you design for data architecture?

Answer:

# Storage
# Selection

# Processing
# Pipeline

# Integration
# API

# Governance
# Policy

# Security
# Encryption

Q1961: How do you implement compliance reporting?

Answer:

# Collect evidence
# Automated

# Map controls
# Framework

# Generate reports
# Templates

# Review
# Stakeholders

# Archive
# Secure

Q1962: How do you design for ML ops?

Answer:

# Version control
# Models

# Experimentation
# Tracking

# Deployment
# CI/CD

# Monitoring
# Performance

# Retraining
# Automation

Q1963: How do you implement secure coding?

Answer:

# Training
# Developers

# Standards
# OWASP

# Review
# Code review

# Testing
# SAST/DAST

# Dependencies
# Scanning

Q1964: How do you design for API management?

Answer:

# Gateway
# Deploy

# Rate limiting
# Configure

# Authentication
# OAuth

# Documentation
# OpenAPI

# Analytics
# Usage

Q1965: How do you implement incident management automation?

Answer:

# Triage
# Automated

# Response
# Playbooks

# Escalation
# Rules

# Communication
# Templates

# Resolution
# Tracking

Q1966: How do you optimize storage performance?

Answer:

# SSD
# Use

# RAID
# Configuration

# Filesystem
# Choice

# Caching
# Enable

# Monitoring
# I/O metrics

Q1967: How do you design for zero downtime?

Answer:

# Load balancing
# Health checks

# Database
# Blue-green

# Caching
# Warm up

# Deployment
# Canary

# Rollback
# Quick

Q1968: How do you implement infrastructure cost optimization?

Answer:

# Right-sizing
# Continuous

# Reservations
# Plan

# Spot instances
# Use

# Cleanup
# Scheduled

# Monitoring
# Alerts

Q1969: How do you design for data privacy?

Answer:

# Classification
# Automated

# Encryption
# End-to-end

# Access control
# Fine-grained

# Audit logging
# Comprehensive

# Retention
# Policy

Q1970: How do you implement network automation?

Answer:

# Ansible
# Network modules

# Templates
# Jinja2

# Testing
# CI/CD

# Documentation
# Auto-generated

# Version control
# Git

Q1971: How do you optimize Linux for cloud?

Answer:

# Cloud provider
# Optimized kernel

# Instance types
# Right-sized

# Storage
# EBS optimization

# Network
# ENA

# Monitoring
# CloudWatch

Q1972: How do you implement cost governance?

Answer:

# Tagging
# Mandatory

# Budgets
# Teams

# Alerts
# Thresholds

# Reporting
# Regular

# Optimization
# Action items

Q1973: How do you design for digital transformation?

Answer:

# Assessment
# Current state

# Strategy
# Roadmap

# Implementation
# Phased

# Training
# Change management

# Measurement
# KPIs

Q1974: How do you implement security operations?

Answer:

# SIEM
# Deploy

# SOAR
# Automate

# Threat intelligence
# Integrate

# Incident response
# Playbooks

# Monitoring
# 24/7

Q1975: How do you design for container registry?

Answer:

# Registry
# Deploy

# Scanning
# Automatic

# Retention
# Policy

# Access control
# IAM

# Replication
# Multi-region

Q1976: How do you implement data catalog?

Answer:

# Catalog
# Deploy

# Metadata
# Automate

# Discovery
# Self-service

# Governance
# Policies

# Lineage
# Track

Q1977: How do you optimize Kubernetes storage?

Answer:

# Storage classes
# Choose

# PVC
# Configure

# Snapshot
# Enable

# Backup
# Velero

# Monitoring
# Metrics

Q1978: How do you design for API gateway?

Answer:

# Gateway
# Deploy

# Routing
# Configure

# Authentication
# Implement

# Rate limiting
# Policy

# Monitoring
# Analytics

Q1979: How do you implement security scanning?

Answer:

# SAST
# Integrate

# DAST
# Automated

# SCA
# Dependencies

# Container
# Scanning

# Runtime
# Protection

Q1980: How do you optimize database performance?

Answer:

# Profiling
# Identify bottleneck

# Indexing
# Optimize

# Caching
# Configure

# Query
# Rewrite

# Scaling
# Plan

Q1981: How do you design for multi-region?

Answer:

# Architecture
# Multi-region

# Data replication
# Configure

# DNS
# Global

# CDN
# Deploy

# Testing
# Failover

Q1982: How do you implement observability platform?

Answer:

# Metrics
# Prometheus

# Logs
# Loki/ELK

# Traces
# Jaeger

# Dashboards
# Grafana

# Alerting
# PagerDuty

Q1983: How do you design for data mesh?

Answer:

# Domain ownership
# Decentralized

# Data products
# Define

# Platform
# Self-service

# Governance
# Federated

# Architecture
# Scalable

Q1984: How do you implement compliance as code?

Answer:

# Policy
# Write

# Testing
# Validate

# Enforcement
# Gatekeeper

# Reporting
# Automated

# Audit
# Evidence

Q1985: How do you optimize Linux for IoT?

Answer:

# Minimal OS
# Build

# Kernel
# Strip

# Storage
# Optimize

# Network
# Configure

# Security
# Hardened

Q1986: How do you design for API first?

Answer:

# Design
# OpenAPI

# Versioning
# Strategy

# Documentation
# Auto-generate

# Mocking
# Enable

# Testing
# Contract

Q1987: How do you implement incident readiness?

Answer:

# Runbooks
# Create

# Training
# Regular

# Tools
# Prepare

# Communication
# Templates

# Post-incident
# Review process

Q1988: How do you design for edge architecture?

Answer:

# Compute
# Edge location

# Storage
# Local cache

# Networking
# Low latency

# Security
# Hardened

# Management
# Centralized

Q1989: How do you implement security posture?

Answer:

# Assessment
# Continuous

# Hardening
# CIS benchmarks

# Monitoring
# Real-time

# Response
# Automated

# Improvement
# Action items

Q1990: How do you optimize for DevSecOps?

Answer:

# Shift left
# Security

# Automation
# Pipeline

# Scanning
# Integrate

# Training
# Developers

# Governance
# Policies

Q1991: How do you design for data platform?

Answer:

# Ingestion
# Batch/Stream

# Processing
# Spark/Flink

# Storage
# Data Lake

# Serving
# Query engines

# Governance
# Catalog

Q1992: How do you implement cloud security?

Answer:

# Shared responsibility
# Understand

# IAM
# Least privilege

# Network
# Segmentation

# Encryption
# Enable

# Monitoring
# Configure

Q1993: How do you optimize for cost efficiency?

Answer:

# Rightsizing
# Continuous

# Reservations
# Purchase

# Spot
# Use

# Automation
# Scale down

# Cleanup
# Scheduled

Q1994: How do you design for resilience engineering?

Answer:

# Antifragility
# Build

# Chaos
# Test

# Graceful degradation
# Implement

# Recovery
# Automate

# Learning
# Continuous

Q1995: How do you implement DevOps metrics?

Answer:

# DORA metrics
# Track

# Deployment frequency
# Measure

# Lead time
# Monitor

# MTTR
# Calculate

# Change failure rate
# Analyze

Q1996: How do you design for zero trust architecture?

Answer:

# Verify explicitly
# Always

# Least privilege access
# Grant

# Assume breach
# Design

# Micro-segmentation
# Implement

# Monitor
# Continuously

Q1997: How do you implement cloud migration?

Answer:

# Assess
# Discover

# Plan
# Strategy

# Migrate
# Execute

# Validate
# Test

# Optimize
# Post-migration

Q1998: How do you implement Kubernetes security?

Answer:

# RBAC
# Configure

# Network policies
# Apply

# Pod security
# Standards

# Secrets
# External

# Scanning
# Integrate

Q1999: How do you design for data protection?

Answer:

# Encryption
# At rest/transit

# Access control
# Implement

# Backup
# Automate

# Recovery
# Test

# Compliance
# Meet

Q2000: How do you implement SRE practices?

Answer:

# Error budgets
# Define

# SLOs
# Set

# Toil
# Reduce

# Monitoring
# Implement

# Post-incident
# Review

# Automation
# Enable