Linux & Networking Screen Interview

Many interview processes for DevOps/Infrastructure/Cloud/SRE engineers have an initial screen interview (often carried out by a recruiter) consisting of short networking and Linux questions. These questions are supposed to be basic, answers are short so they can be easily checked and candidates need to answer correctly most of them to pass to the next phase.

Here are some of the most popular networking and Linux questions we’ve seen in these screen interviews. Note that the answers here are succinct and you want to study further if you are not familiar with a topic. This list is of course not exhaustive but it will give you an idea of what to expect in most initial interviews.


  • What’s the three way handshake in TCP?
    Client sends SYN, server responds with SYN + ACK (both bits set in the packet), client replies with ACK. SYN synchronizes (sends) the Sequence Number, a counter to keep track of the bytes sent. ACK acknowledges receipt of all prior bytes; the value of this field is the next sequence number that the sender of the ACK is expecting.
  • What’s the difference between UDP and TCP? Give examples.
    TCP is connection-based, it guarantees the delivery of data by checking for errors and retransmitting lost packets. Used in most protocols due to its reliability (for ex, HTTP, SSH, SMTP). It does not support broadcasting and it’s slower than UDP due to the overhead of acknowledgements. UDP is “fire and forget”, faster than TCP and supports broadcasting. Used in DNS (which can use TCP too), TFTP and real-time communications like VoIP.
  • Name some TCP flags
    See SYN (Synchronization), ACK (Acknowledgement Number) from the 3-way handshake. Other flags are Window, used to communicate the size of the receive window to the sender and Finish (FIN) and Reset (RST), used to terminate the connection.
  • What’s the DNS record that maps a hostname to an IP address?
    The “A” record. Other popular records they may ask about:
    • CNAME: alias of one name to another
    • MX: mail record
    • PTR: pointer to canonical name, for reverse DNS lookups.
    • TXT: arbitrary data. Used for domain validation, DKIM and DMARC for ex.
  • What’s the size of an IPv6 address?, what’s the name of its A record, how is “localhost” represented?
    • An IPv4 address is 4 bytes, an IPv6 address is 16 bytes.
    • The “A” record in IPv6 is “AAAA” (pronounced “quad A”)
    • “localhost” in IPv6 is represented by: ::1
  • How does traceroute work?
    Traceroute is an ICMP tool to trace the path of an IP packet as it traverses routers. It uses the “Time to live” TTL field in the IP packet and the fact that routers decrease TTL by one.
  • What’s the port number for (common protocols) DNS, SSH, HTTP(S)?. How many TCP/UDP ports are there?
    The TCP and UDP port number field in the packer header is two bytes so there can be 2^16 = 65,535 ports (counting from 0). Port numbers below 1024 are privileged (normal users are not allowed to run servers on them). You should port numbers of some very common protocols like DNS (53), HTTP (80) or HTTPS (443).
  • How can we check in Linux what ports are open?
    We can use the commands ss or netstat. If they are installed also lsof and nmap are possibilities.
  • What’s the HTTP response code for “success”?
    200 (learn other common HTTP response codes)

Linux File System

  • What’s an inode
    The inode (index node) is a data structure in a file system that describes a file or a directory. Each inode stores the attributes (metadata) and disk block locations of the file’s data. We can see this metadata with the stat or ls -l command, they are basically:

    • file type: regular files (-), directories (d), and special files: block (b), character device (c), named pipe (p), symbolic link (l) and socket files (s)
    • permissions
    • owner and group IDs
    • size of the file
    • timestamps (accessed, modified and changed)
  • File permissions
    This is a wide topic but often questions with short answers are created from it.

    • Learn the octal description of file permissions: read r (4), write w (2) and execute x (1), and how to change them with chmod.
    • Remember that for directories, execute is used to allow access to it.
    • Learn about the special file permissions: SUID (executes as the user who owns the file, no matter who is running the command), SGID and sticky bit (directory-level special permission that restricts file deletion to the file owner).
    • The dot (.) at the end means an SELinux context is present.
    • Learn about listing and changing file attributes with lsattr and chattr.
  • How do you find the disk usage?
    With df (for example df -h) or du. In terms of differences, du is better for specific directories rather than the whole system since it traverses all files. Also du won’t count space still occupied by deleted files (unlike df).

  • How do you find the type of file systems present?
    There are several options df -T, lsblk -f or mount

Linux Processes

  • process management
    • process states
    • life cycle
    • can you kill a zombie
  • uptime -> load
  • signals
    • what signals you cannot ignore
    • what signal to reload config
  • yes | apt-get install blah , how does it stop
  • strace

Other Linux Questions

  • explain what happens: ls *.txt (the “what happens when you enter in a browser” of Linux)
  • find version of linux kernel uname
  • how to load kernel module
  • user limits ulimit
  • kernel params sysctl (eg: how to set ip forwarding)