Interview Questions Answered

A place of compiled interesting interview questions with my answers.  No sense in reinventing the wheel.  This is a good place to start to get to know who I am before the interview.  Good luck. 😉

These questions come from two techies that have been at this for more than 20 years each.  I asked them to interview me and prepare me.  You would think because it is my spouse and brother that they would go easy on me, but no way!!  Here are the questions and the answers I provided to them.  Please note that not all the answers are complete (I am constantly updating them as I learn), and in some cases, they may be wrong (the newbie in me). 

Basic Admin Questions:

Q: How would you configure an LACP bonded interface? 

Wow!  We are just starting off with a bang.  I can not give you the exact steps, but I understand that the reason for bonding is to take multiple nic cards and create redundancy and failover so if one card fails communication can still continue.

Q: Why should you use SSL over telnet for remote connections to a server?

Telnet is not secure, there is absolutely no encryption so if you use telnet you are sending information including username/password in plain text.  SSH is a secure shell and uses encryption.  However, there are several times when testing that taking the complication of encryption out of the picture will make errors easier to identify./p>

Q: What is the name and location of the default system log file?

/var/log is where you will find all logs.  It really depends on what system you are on; however, it could be messages or syslog.   

Q: What is crontab?  Explain its function.

Crontab is used to run scripts/commands at a given time in the future, it can be used for many things such as checks, cleanup/maintenance type tasks. Crontab can be used by a specific user or as root if certain commands require root access to run. 

Q: Using crontab how would you setup a script to run every hour?

Well, first I would have to cheat and remember the fields by looking at /etc/crontab.  Then I would run crontab -l to list out the current jobs I have, just to make sure I don’t already have it.  Finally, run crontab -e to create a new cron job. 

0 * * * * logger Here we are at the top of the hour.

Q: List several diff filesystems, can you add some pro/cons?

First, there is the ext family (ext 2, ext3, ext4), FAT, NFS, XFS, ZFS, BTRFS.

XFS is the base of Red Hat, it is a very good filesystem with the one downfall of only being able to grow.  You can’t shrink an XFS filesystem.  If you need to shrink you will need to used EXT4, which is still very common out there.

BTRFS seemed to be inline to be adopted by Red Hat as the next step after EXT4, but it did not provide the stability required by RHEL.

Q: What is your preferred file system and why?

I have found XFS to be very stable and fault-tolerant, it does have the downfall of shrinking, but in truth 99.9% of the time, a system needs to grow, not shrink.

Q: What is your fav distro and why?

My current machine runs Ubuntu, but I like CentOS because it mirrors Red Hat Enterprise Linux.  I have experience with SUSE and other distros way back there, but so far ago that I don’t even have touchpoints to those distros anymore. 

Q: Can you list different options to show the currently running processes?

ps is the best command to look for processes that are running.  ps aux is a good standard command to run, as it will show you all the processes and users, including root. There are many additional flags taht can be used depending on what you are trying to find out, such as piping it through grep in order to find a specific service. 

In addition, you can run top or htop to just get an overall look at what processes are going on and the state of the system. 

Q: What is swap space or swap partition?

Swap is a dedicated space on the harddrive that will be used when the RAM is being consumed and more memory is needed.  Swap is also a place that the kernel will move data out of memory that is “stale” or has not been recently accessed, to make room for memory that is currently being worked with. 

Q: What is LILO?

It is a bootloader that is used by Linux.  Most distros now use GRUB, but LILO is still out there, burried deep in the datacenters closests. 

Q: Describe the root account?  How would you protect this account?

Root operates in the kernel space, there is no barrier checking if root should be running a command, root just can.

The easiest way is to use sudo access for users that need to have superuser powers, but should not use root directly.  Very few people should hold the actual root password. 

Q: What is the max length of a file name?

Ugh…I know it is two hundred something and it is a relevant number 255 comes to mind but that is not right for file length max. 

There is also a max path length as well.  I have never run into this being a problem, but I know in production environmets it can become an issue.

Q: How can you find if an account is locked?

Looked this one up this morning and if you cat the /etc/shadow file and pipe it through grep for the username if there are !! in front of the password then it is locked.  If not using shadow file passwd -S <username> will display the word locked in the results. 

Q: What is the difference between “rm” and “rm -r”?  What would the -f option do?

rm is the remove command it is should be used with caution, especially the -f as -f is “force” and it will remove without asking if you really want to or not.  With the -r option it will do so recursively, so the strongest rm is rm -rf which means remove everything without asking for confirmation. 

Q: How would you change file permissions in linux?

chmod is the command that is used to change permissions.  It can either be used with the hex numbers you would like to see like chmod 755 means that ‘user’ has r,w,x and both groups and others have r,x. Or if you want to add something across the board like execution you can simply ‘chmod +x’ and it will add the ability to execute to user, group, and others.

Of course, the next step is the SUID, GUID, and sticky bit which is easy to set with the chmod g+s <directory>or chmod 2755 <directory> either will add the group uid special bit.  

Q: Do you know any commands you can use to edit a file without opening it using VI or another editor?

The easiest is to use echo.  This is the most common if you are tuning a system, for instance: echo b > /proc/sysrq-trigger Not a graceful shudown for sure, but it is sending the message directly into that file without opening it. 

Before vi there was sed and awk.  Sed is most commonly used to do a find and replace in a file without having to open it.

Finally cat will work, but it opens up an environment that is close to the file itself.  If you type cat >> new.file type what you need then make sure to type ctrl-c to save it, anything else will dump the buffer.   

Q: Explain grep and a few ways it can be used

grep is a very powerful tool that is a pattern matching command it can be used as a standalone command to find a pattern such as grep -Hn ‘test’ and then if you needed to make it recursive you can add the -r and it will look down the file system from where you are starting at.  It can also be combined with command like find in order to find files that match a certain pattern

find / -type f -name ‘*sys*’ | xargs grep -Hn ‘address’ \+ 2> /dev/null

That command will find all the files with ‘sys’ in the name and contain the word ‘address’ it will dump out the permission denied to /dev/null 

Q: How can you get a list of listening ports?

netstat is a good command for finding out what ports are listening.  There are a few ways to use it ‘netstat -peanut’ is a good general one that will list the (pid, extended, all, ip address, udb, tcp)

In truth, nestat was replaced with ss, but many still use netstat because of the layout.  ss tunap is a decent way to see both tcp and udp ports. 

Advanced Admin Questions:

Q: Explain network bonding?  Can you list some of the different types?

So my understanding is much like the question above where it is used to bond several of the same thing to operate as a single unit.  I know it used for NIC cards, but I am not aware of any other devices it would be used for. 

Q: Why should you use shadow password format?  What advantages does it provide?

Shadow password format uses encryption on the password, so the password is not stored on the system in plain text. 

Q: What is key based authentication?  Why would you use it over password?

Key based authentication is when you generate a public and private key.  It is even more secure than a password and allows the machines that are communicating to authenticate each other.  SSH is a big place that keys can come in handy and verify a single user across a network without having to type in their password at every machine they need to visit.  

Q: What are soft links, can you describe some of the features?

Funny story, I was in class recently and the teacher has a pet peeve about “softlinks”; he said, “It is a symbolic link, not a soft link…then long rant”

Symbolic links can be used for many things, but often it is to share information without having to copy it and in times that you want a single source of “truth’ that everyone is looking at.  The link is created to a file or directory, but if that file or directory is deleted the symbolic link will be broken.  A hard link will actually maintain connection to the content if the original is deleted, as a hard link gets its own inode for that file or directory. 

Q: How would you reduce or shrink and LVM partition? How about increase the size?

The most important part of resizing a logical volume is to maintain the filesystem when it is reduced.  This is done with a -r with the lvresize command.  The nice thing about lvresize is that it can be used to increase or decrease a logical volume.

lvresize -r -L +1G <lvname>

Of course to shrink it would be a minus sign instead of the plus. 

Q: What is selinux? How would you check if is causing application issues? What are the different modes?  Can you explain them.

SELinux is a way to harden your server and secure it.  It was created by the NSA and it makes your server very compartmentalized.

For the modes you have enforcing and permissive.  Enforcing is when it is actually doing its job.  Permissive is set when you are troubleshooting as it will send errors in access to the logs, but it will still allow things to go through.  It is in essense turned off in permissive mode.  

To check if there are issues the easiest way is to have sealerts installed.  This will allow you to run the error thorugh its AI and for the most part get an answer on what needs to be fixed.  You still have to understand what it is asking you to do as it can still lead you down the wrong path.

There are two common things that need to be addressed.  One is the file context needs to be adjusted so an application can access a directory to write.  The second is a port adjustment so an application can use a non-standard port for communication. 

Q: What advantage would running a process in the background be, how would you do this?

You can background a process by using the & after the command.  Many times you will do this when you know that the process will take time to run and you don’t need to monitor or input anything.  It allows the process to run and you can continue working while it is processing. 

When the job is finished it will alert you in the terminal.  

Q: Why should the “finger” server service be disables with not in use?

Finger allows a savvy hacker the ability to know everything.  It is a look up the client can use that will display username, shell, mail, etc.  Things that you don’t want them to know.  

Q: You are trying to clean up a partition on a server.  You find a log dir with over 400k files. When you run the rm command you get the error “argument list too long”.  How would you address this problem, can you think of more than one way.

The first thing that comes to mind for me is to write a script that will chunk the rm out into smaller groups using a loop structure. 

Of course you can also do that by hand on the command line as well. 

You could also chunk it out by shortening the list using something like find if it is time stamped or some other way to easily pull a partial list of the directory and then pipe it through to rm 

Q: What is the difference between /proc and /sys?

Both are great places to tune a system.  The /proc system is where the kernel will dump information that is used by utilities.  These utilities, like free, will then display the information in a very human readable format.  However, it can be viewed in the /proc system as well.

For tuning purposes, /proc is where you would go if you want to tune the kernel and /sys is where you want to go if you are tuning kernel modules. 

Q: What do you do if you have a mount that will not unmount?

The first thing is to run lsof to see if there any files open or being used in the mounted directory.  Once identified the program using that file will need to be paused or closed and/or the files itself will need to be closed. 

Check to make sure that you are not actually in the directory in another terminal.  Yeah, I know newbie mistake, but sometimes it is the little things.

Then if that is all cleared up run umount -l it will perform a lazy umount and try to de-couple things in a graceful way.  

Finally, if all else fails, use the umount -f to force the issue, but be aware that certain things may not have closed appropriately and there can be corruption or data loss.  

Non-Tech Questions:

Q: What do you think the responsibilities of a linux system administrator are?

In small organizations the linux system administrator is responsible for everything from user management, software installs, configuration, automation, security, the list goes on….

In a large organization it would depend on the team.  All of the things that a sys admin of a small organization does has been broken into smaller teams with specializations.  Each organization does things differently, but in general a sys admin still needs awareness of the basics of all the different tasks.  


Q: Explain the difference between the master and minion?

A master is the server(s) that are designated as holding the source of truth on what the machines need to look like.  The master tracks all configurations and has tools to run on systems to verify that the minions are in compliance.

The minion is the worker machine.  It listens for the master.  When the master sends out a message the minion checks to see if the message is relevent to it, if so it executes what the master sent.  

Q: Describe pillar.

The pillar is where information is stored.  The most common is a protected pillar that will house inforamtion that needs to be shared, but also needs to be protected.  This can passwords, internal urls, etc. 

Q: Can you run salt without a master?  If so why would you do this.

Yes, salt can be run without a master.  One of the most common useses is to salt the saltmaster.  It can also be useful for testing before you throw something into production.  

Q: What are salt grains?  Can you explain a few ways they can be used to help automate system deployments and discovery?

Salt grains are the inforamtion that each minion keeps about itself.  This can be about its hardware, its OS, or its function in the network.  These grains can be used to identify if the particular minion fits the criteria for an update or querry. 


Q: What is a default gateway? 

A default gateway is the first hop for that machine.  This allows the ability to manage where each machine takes its first step into the network.  This hop may be to another machine, or to a router. 

Q: What purpose does the net mask have when assigning address?

The net mask is used to describe in the IP address for that machine.  The net mask will break up the IP address into which portion describes the network address and which part describes the host address.   

It is usually displayed in CIDR format: would mean that 24 bits are used to describe the network and 8 bits are used for host addressing.  

Q: You have 2 computers with the information below for addresses:

Computer A

IP address:



Computer B

IP address



Why are the 2 computers not able to talk to each other?  What would you need to adjust to address the issue. Is there more than one option, if so why?

Computer A right now is in a loopback and it would need to have a gateway address that knows how to reach 

They are also on two different subnets so they do not have a way to communicate.  So next they would need to be on the same subnet. 

Finally depending on what subnet is selected the IP address itself may cause a problem.  If the subnet is Computer B, then they would have the same IP address as Computer A would need to change to the 10.0.1 networking scheme and visa versa if the subnet from Computer A would be used.  

Changing the IP address of either would be the final step to ensure they could communicate. 

Q: You have 2 computers in different locations.  They are able to talk to the internet and can ping each other.  One of the computers is running a web server but the other system is not able to access it.  Can you list several options that could be causing the issue?

Could be an internal DNS issue if the machine is trying to access it via its hostname and not by IP.  So I would first want to eliminate that as an issue by trying to access the web server using its IP address.  You did mention that they ping, so DNS might already be eliminated if hostnames were used instead of IP addresses.  

Could be a difference of IPv4 and IPv6 where IPv6 may be blocked.  The only reason I know this is that I happened to bring up an Apache server the other day using only IPv6 and Matt blocks IPv6 at the firewall level, so the splash page could be accessed by me, but not his machine. 

The webserver could have been brought up to listen to a specific port (not the default 80) and the accessing computer is trying to access the default port.  Simply appending :port# to the back of the URI will solve that problem. 

Q: What are the parts of a 3 way handshake.

Three way handshake is a process of two computers initial communication. 

  1. Request from computer one to chat with a SYN (sequence number)
  2. ACK & SYN from computer two (acknowledgement and the SYN that it will use)
  3. ACK from computer one

Once handshake is complete they can communicate and provide the SYN in their communication so it can be mapped to who is talking. 

Q: Can you explain the purpose of NAT?

Network Address Transmission sets up to only communicate using the IP address either static or dynamic.

Q: How about PAT?

Port Address Transmission which allow a port to be attached and whether that port is TCP or UDP. 

Q: Explain the reason for using each?

I need to study this more, but my basic understanding is that NAT is basic communication and is what is generally used, but in some cases there are specific ports that need to be accessed in order to communicate and that is when you would use PAT. 

Q: What are the default port numbers used by the follow:



DHCP/UDP 67,68

DNS 53

SSH  22

SMTP – 25 (but there are a couple of others that can be used)