HireHireInterview Quizzes › Systems / Infrastructure Engineer

Systems / Infrastructure Engineer Interview Questions

Think you're ready? These are the questions that actually decide Systems / Infrastructure Engineer interviews. Warm up on Easy — then face the Hard round, where 95% of candidates crumble. 30 questions across 3 levels, instant score, completely free.

30Questions
3Difficulty levels
95%Fail the hard round
FreeInstant score
Easy
Warm-up · 10 Qs
Medium
Practical · 10 Qs
Hard
Brutal · 10 Qs
⚡ Take the Systems / Infrastructure Engineer quiz — get your score →

The Systems / Infrastructure Engineer interview questions

Below are the real questions, grouped by difficulty. Expand any one to reveal the correct answer and why — or take the timed quiz for a score you can share. Can you clear the Hard round?

Easy round 10 questions

In Linux, which signal does the default `kill` command send to a process, allowing it to terminate gracefully?
  • A. SIGKILL (9)
  • B. SIGTERM (15) ✓
  • C. SIGHUP (1)
  • D. SIGSTOP (19)
Correct answer: B. `kill` without a signal number sends SIGTERM (15), which can be caught or ignored, allowing graceful shutdown, unlike SIGKILL which cannot be trapped.
A server shows high load average but low CPU utilization. What is the most likely cause?
  • A. Processes are CPU-bound and saturating all cores
  • B. Processes are blocked waiting on I/O (uninterruptible sleep) ✓
  • C. The kernel is misreporting the load figures
  • D. There is insufficient physical RAM installed
Correct answer: B. Linux load average counts processes in the uninterruptible (D) state waiting on I/O, so high load with low CPU usage typically indicates I/O wait.
In the TCP three-way handshake, what is the correct sequence of segments?
  • A. SYN, SYN-ACK, ACK ✓
  • B. ACK, SYN, SYN-ACK
  • C. SYN, ACK, FIN
  • D. SYN-ACK, SYN, ACK
Correct answer: A. The client sends SYN, the server replies SYN-ACK, and the client completes with ACK to establish the connection.
Which RAID level provides striping with distributed parity, tolerating the failure of exactly one disk?
  • A. RAID 0
  • B. RAID 1
  • C. RAID 5 ✓
  • D. RAID 10
Correct answer: C. RAID 5 stripes data with distributed parity across all disks and can survive a single disk failure by rebuilding from parity.
In an /etc/fstab entry, what is the primary purpose of the `dump` field (the fifth field)?
  • A. Sets the filesystem mount order at boot
  • B. Indicates whether the dump utility should back up the filesystem ✓
  • C. Specifies the fsck check order at boot
  • D. Defines the default mount permissions
Correct answer: B. The fifth fstab field is used by the `dump` backup utility to decide whether the filesystem should be backed up (1) or not (0).
Which command correctly changes a file's permissions to read/write for the owner and read-only for group and others?
  • A. chmod 755 file
  • B. chmod 644 file ✓
  • C. chmod 664 file
  • D. chmod 600 file
Correct answer: B. Octal 644 sets owner to read+write (6) and group and others to read-only (4), matching the requirement.
In Kubernetes, what is the main difference between a liveness probe and a readiness probe?
  • A. Liveness restarts the container on failure; readiness removes the pod from Service endpoints ✓
  • B. Liveness removes the pod from endpoints; readiness restarts the container
  • C. Both restart the container but at different intervals
  • D. Both only run once at container startup
Correct answer: A. A failing liveness probe causes the kubelet to restart the container, while a failing readiness probe removes the pod from Service load-balancing endpoints without restarting it.
What does the `TTL` value in a DNS record primarily control?
  • A. The maximum number of DNS hops a query can take
  • B. How long a resolver may cache the record before re-querying ✓
  • C. The priority of the record among multiple answers
  • D. The encryption strength of the DNS response
Correct answer: B. TTL (Time To Live) specifies, in seconds, how long a resolver or client may cache the record before it must query the authoritative server again.
In an infrastructure-as-code tool like Terraform, what is the primary purpose of the state file?
  • A. To store provider API credentials securely
  • B. To map declared resources to real-world infrastructure objects ✓
  • C. To cache the module registry for offline use
  • D. To define the execution order of provisioners
Correct answer: B. Terraform's state file records the mapping between resources in configuration and the actual objects created in the provider, enabling plan/diff operations.
A process is leaking file descriptors. Which command best shows the open file descriptors held by a running process with PID 1234?
  • A. ps -ef | grep 1234
  • B. lsof -p 1234 ✓
  • C. netstat -tulpn
  • D. free -m
Correct answer: B. `lsof -p 1234` lists all open files, including file descriptors, held by the process with that PID.

Medium round 10 questions

A Linux server is running low on disk space. You run `df -h` and see the root filesystem is 95% full, but `du -sh /*` only accounts for about half that usage. What is the most likely cause?
  • A. The `du` command is miscounting sparse files
  • B. A deleted file is still held open by a running process, keeping its space allocated ✓
  • C. The filesystem journal is corrupted
  • D. Disk quotas are misconfigured for the root user
Correct answer: B. When a process holds a deleted file open, the inode and its blocks remain allocated until the process closes it, so `df` counts the space but `du` cannot see the unlinked file.
You want a systemd service to automatically restart if it crashes, but not enter a restart loop if it fails repeatedly at startup. Which combination of directives best achieves this?
  • A. `Restart=always` with no other limits
  • B. `Restart=on-failure` with `StartLimitIntervalSec` and `StartLimitBurst` ✓
  • C. `Restart=no` with a cron job to check status
  • D. `RemainAfterExit=yes` with `Restart=always`
Correct answer: B. `Restart=on-failure` restarts only on abnormal exit, while `StartLimitIntervalSec`/`StartLimitBurst` cap restart attempts in a window to prevent rapid crash loops.
In a CIDR block `10.0.4.0/22`, how many usable host addresses are available (excluding network and broadcast)?
  • A. 510
  • B. 1022 ✓
  • C. 254
  • D. 2046
Correct answer: B. A /22 has 2^(32-22)=1024 addresses, and subtracting the network and broadcast addresses leaves 1022 usable hosts.
A web server behind an Nginx reverse proxy is logging the proxy's IP address instead of the real client IP in its access logs. What is the standard fix?
  • A. Disable keepalive connections on the proxy
  • B. Configure the backend to trust and read the `X-Forwarded-For` header set by the proxy ✓
  • C. Switch the proxy from HTTP/1.1 to HTTP/2
  • D. Enable gzip compression on the proxy
Correct answer: B. The reverse proxy forwards the client IP in the `X-Forwarded-For` header, and the backend must be configured to read that header (from trusted proxies) to log the real client.
You need to give a colleague read-only access to run `kubectl get pods` in one namespace only, with no access to other namespaces. Which Kubernetes RBAC objects should you use?
  • A. A ClusterRole bound with a ClusterRoleBinding
  • B. A Role in that namespace bound with a RoleBinding ✓
  • C. A PodSecurityPolicy applied to the namespace
  • D. A NetworkPolicy restricting the namespace
Correct answer: B. A Role is namespace-scoped and a RoleBinding grants it within a single namespace, correctly limiting the permissions to just that namespace.
Your Terraform apply fails midway, and now the real infrastructure doesn't match what Terraform thinks exists. A resource was created in the cloud but isn't tracked in state. What is the correct way to bring it under management without recreating it?
  • A. Delete the resource manually and re-run `terraform apply`
  • B. Run `terraform import` to associate the existing resource with the state ✓
  • C. Run `terraform refresh` to auto-detect all untracked resources
  • D. Manually edit the `.tfstate` JSON file to add the resource
Correct answer: B. `terraform import` maps an existing real-world resource into Terraform state so it can be managed without being destroyed and recreated.
A Docker container running a Java application keeps getting OOM-killed even though the host has plenty of free memory. The container was started with `--memory=512m`. What is the most likely issue?
  • A. Docker is ignoring the memory limit flag
  • B. The JVM heap is sized based on host memory, not the container's cgroup limit, so it exceeds 512m ✓
  • C. The host kernel does not support cgroups
  • D. The container image is corrupted
Correct answer: B. Older JVMs (or misconfigured ones) size the heap from total host memory rather than the container's cgroup limit, causing the process to exceed the container memory limit and get OOM-killed.
You SSH into a server but every command is extremely slow to start, though the network ping is fast. What should you check first?
  • A. Whether the CPU is overloaded
  • B. Reverse DNS resolution timing out (e.g., sshd `UseDNS` or a slow resolver) ✓
  • C. Whether the disk is failing
  • D. Whether the SSH key is too large
Correct answer: B. Slow SSH logins with fast network are commonly caused by reverse DNS lookups timing out, since sshd (and login) may block on resolving the client's hostname.
In a CI/CD pipeline, you want to ensure a deployment only proceeds to production after tests pass AND a human approves. Which pattern is most appropriate?
  • A. Run all stages in parallel to save time
  • B. Use a manual approval gate/stage after the automated test stage ✓
  • C. Disable tests in production to speed up deploys
  • D. Deploy to production first, then run tests as a rollback trigger
Correct answer: B. A manual approval gate placed after automated tests ensures both automated validation and human sign-off before a production deployment proceeds.
You're writing a bash script that processes files and want it to exit immediately if any command fails, treat unset variables as errors, and catch failures in pipelines. Which line should you add near the top?
  • A. `set -x`
  • B. `set -euo pipefail` ✓
  • C. `set +e`
  • D. `trap cleanup EXIT`
Correct answer: B. `set -euo pipefail` exits on error (`-e`), errors on unset variables (`-u`), and makes a pipeline fail if any component fails (`pipefail`).

Hard round 10 questions

A production server reports `df -h` showing `/var` at 96% full, yet `du -sh /var` sums to only 40% of the partition. `du` was run as root. The app was recently restarted after a log-rotation script `truncate`d nothing but instead `rm`'d a 20GB active log file. What is the single most reliable command to confirm the root cause and reclaim the space without a reboot?
  • A. Run `sync && echo 3 > /proc/sys/vm/drop_caches` to flush the page cache holding the deleted file's dirty pages
  • B. Run `lsof +L1` (or `lsof | grep deleted`) to find the process holding the unlinked inode, then restart or signal that process to close the fd ✓
  • C. Run `fsck` on the `/var` filesystem to reclaim orphaned inodes left by the failed `rm`
  • D. Run `fstrim /var` to release blocks that the SSD firmware has not yet marked as free after the deletion
Correct answer: B. An unlinked file with an open file handle keeps its data blocks allocated until every fd is closed, so `lsof +L1` reveals the holding process and closing it (or the app was already restarted, releasing it) reclaims the space—no reboot or fsck needed.
A high-throughput reverse proxy under load starts refusing new outbound connections to a backend with `EADDRNOTAVAIL`, while `ss -s` shows tens of thousands of sockets in TIME_WAIT toward that single backend IP:port. Which change most directly addresses the exhaustion without risking data corruption from delayed duplicate segments?
  • A. Set `net.ipv4.tcp_tw_recycle=1` to aggressively recycle TIME_WAIT sockets globally
  • B. Lower `net.ipv4.tcp_fin_timeout` to 5 seconds so sockets leave TIME_WAIT much faster
  • C. Enable `net.ipv4.tcp_tw_reuse=1` and widen `net.ipv4.ip_local_port_range` so the client can safely reuse TIME_WAIT sockets for new outbound connections ✓
  • D. Increase `net.core.somaxconn` and the backend's listen backlog to accept the pending connections
Correct answer: C. `tcp_tw_reuse` safely reuses TIME_WAIT sockets for new outbound connections using timestamps (unlike the removed/unsafe `tcp_tw_recycle`), and widening the ephemeral port range increases the 4-tuple space, directly relieving source-port exhaustion.
A Kubernetes Service has the correct label selector but `kubectl get endpoints my-svc` returns no addresses, even though three Pods with matching labels are `Running`. The Pods' `readinessProbe` is an HTTP GET on `/healthz` port 8080. Which is the most likely cause of the empty endpoint list?
  • A. The Pods are Running but not Ready because the readiness probe is failing, so the endpoints controller excludes them ✓
  • B. The Service `targetPort` does not match `containerPort`, which prevents the endpoints controller from populating addresses
  • C. kube-proxy has not yet programmed iptables rules, so the endpoints object stays empty until it syncs
  • D. The Pods lack a `podIP` because the CNI plugin has not assigned addresses to Running Pods
Correct answer: A. The EndpointSlice/endpoints controller only includes Pod IPs once the Pod passes its readiness probe; a failing `/healthz` keeps Pods Running-but-not-Ready and thus absent from endpoints, while targetPort mismatch or kube-proxy syncing would not empty the endpoints list.
You must import an existing resource into Terraform state, but two engineers ran `terraform apply` simultaneously against an S3 backend and the DynamoDB lock table now shows a stale lock from a crashed run. What is the correct and safest recovery?
  • A. Delete the `.terraform/terraform.tfstate` local cache and re-run apply so Terraform re-acquires a fresh lock
  • B. Run `terraform force-unlock <LOCK_ID>` using the ID reported in the error after confirming no apply is actually running ✓
  • C. Manually delete the lock item from the DynamoDB table and immediately run `terraform apply`
  • D. Set `-lock=false` on the next apply to bypass the stale lock and let Terraform overwrite it
Correct answer: B. `terraform force-unlock` with the reported LOCK_ID is the supported, auditable way to clear a confirmed-stale lock, whereas `-lock=false` or hand-deleting the DynamoDB item risks two concurrent writers corrupting state.
An application intermittently sees ~5 second stalls on outbound requests to an internal API. `dig api.internal` is fast, but tcpdump shows the app sending two simultaneous A and AAAA queries and one response is consistently lost, after which the resolver waits before retrying. On a musl/Alpine-based container, which mechanism best explains and fixes this?
  • A. CoreDNS negative caching is returning NXDOMAIN for AAAA, so raising the negative TTL fixes the stall
  • B. The 5s stall is the glibc/musl resolver retransmit timeout triggered by a dropped parallel A/AAAA UDP reply (a conntrack race); set `single-request-reopen` / use `use-vc` or disable parallel lookups ✓
  • C. The MSS is too large for the DNS UDP packet, causing fragmentation drops; lowering MTU to 1400 resolves it
  • D. CoreDNS is rate-limiting the pod, and increasing its cache size eliminates the retries
Correct answer: B. Parallel A/AAAA queries sharing a socket can hit a conntrack insert race that drops one reply, and the resolver's ~5s retransmit timeout produces the stall—mitigated by serializing queries (single-request/single-request-reopen) or forcing TCP, not by TTL or MTU changes.
Consider this systemd unit fragment for a service that must start only after the network is truly up and its data mount is available: ``` [Unit] Wants=network-online.target After=network.target RequiresMountsFor=/data ``` The service still occasionally starts before connectivity exists. What is the precise fix?
  • A. Change `Wants=network-online.target` to `Requires=network.target` so the dependency becomes mandatory
  • B. Add `After=network-online.target` because `Wants` only pulls the target in but does not order the service after it ✓
  • C. Replace `RequiresMountsFor=/data` with `After=data.mount` since RequiresMountsFor does not enforce ordering
  • D. Add `Before=network.target` so the service is sequenced relative to the network stack
Correct answer: B. `Wants=` establishes a dependency (pulls the target in) but not ordering; you must also add `After=network-online.target` so the service is actually sequenced after connectivity is established.
A memory-sensitive service on a node with 32GB RAM and no swap is being OOM-killed while `free -m` shows ~8GB in `buff/cache`. The container has a cgroup v2 `memory.max` of 4GB. `memory.current` sits near 4GB and `memory.stat` shows large `active_file`/`inactive_file`. What is happening?
  • A. Page cache counts against the cgroup's `memory.max`; under pressure the kernel reclaims reclaimable file pages first, but the workload's anonymous memory exceeds what's left, triggering the cgroup OOM killer ✓
  • B. The node has 8GB of unreclaimable cache, so the global OOM killer fires despite the cgroup limit being irrelevant
  • C. cgroup v2 does not account page cache, so the OOM must be caused by a kernel memory leak in slab
  • D. Because there is no swap, `memory.max` is ignored and the process is killed by the node-level OOM killer at 32GB
Correct answer: A. In cgroup v2, page cache is charged to the cgroup and counts toward `memory.max`; the kernel reclaims clean/reclaimable file pages under pressure, but if anonymous (unreclaimable, unswappable) memory still exceeds the limit, the cgroup-level OOM killer fires.
You are designing delivery guarantees for a payment event consumer reading from a partitioned log (e.g., Kafka). The business requires that a duplicate delivery never double-charges. Which design is both correct and the least brittle at scale?
  • A. Use exactly-once by committing the consumer offset before processing so a message is never reprocessed
  • B. Rely on at-least-once delivery plus an idempotent handler keyed by a stable business idempotency key persisted transactionally with the side effect ✓
  • C. Enable at-most-once delivery so duplicates are impossible, accepting occasional lost charges
  • D. Deduplicate using an in-memory LRU set of recently seen message IDs on each consumer instance
Correct answer: B. True end-to-end exactly-once across external side effects is generally unachievable, so the robust pattern is at-least-once delivery with an idempotent handler that records a durable idempotency key in the same transaction as the effect; committing offsets first causes lost messages and an in-memory set fails across restarts and rebalances.
A read-heavy service fronts a database with a cache. When a hot key's TTL expires, thousands of concurrent requests all miss and stampede the database, briefly saturating it. Which mitigation most directly prevents the recomputation storm while keeping data reasonably fresh?
  • A. Set the hot key's TTL to a much larger value so it expires far less often
  • B. Add jitter to all TTLs so keys do not expire at the same wall-clock moment
  • C. Use a per-key mutex/single-flight so only one request recomputes and repopulates while others wait or serve stale ✓
  • D. Switch the cache eviction policy from LRU to LFU so hot keys are never evicted
Correct answer: C. A single-flight lock (or request coalescing) ensures exactly one caller recomputes the expired hot key while the rest wait or serve stale, directly stopping the thundering herd; TTL jitter helps correlated expiry across many keys but not a single hot key stampede.
During an incident, p50 latency is normal but p99 spiked 20x. CPU utilization averages 55%, and the service uses a fixed thread pool of 50 with a synchronous downstream call. A downstream dependency's p99 rose from 20ms to 800ms. Which explanation best accounts for the tail blowup despite modest average CPU?
  • A. Average 55% CPU proves headroom exists, so the tail must be caused by GC pauses unrelated to the downstream
  • B. Slow downstream calls occupy pool threads longer, so under bursty arrivals the queue builds and requests wait behind blocked threads—Little's Law/queueing means utilization of the pool, not CPU, is saturated at the tail ✓
  • C. The load balancer is using round-robin instead of least-connections, which only affects p50
  • D. The p99 spike is a measurement artifact of averaging CPU across cores and disappears with per-core metrics
Correct answer: B. With a bounded thread pool and synchronous blocking calls, slow downstream responses hold threads longer, so effective concurrency capacity (not CPU) saturates and queueing delay explodes the tail—classic Little's Law behavior where average CPU can look modest while the pool is the bottleneck.

Prep for another role

Questions are original, written and independently verified for HireHire's role interview quizzes. They reflect the kind of knowledge Systems / Infrastructure Engineer interviews test, not any specific company's questions. HireHire maps live tech & IT jobs across India, updated regularly. Last updated: July 2026.