How do you speed up slow integration tests without compromising quality?
Tests your ability to optimize CI/CD pipelines while preserving coverage. A strong answer covers parallel execution, Test Impact Analysis, ephemeral containers, and test data as code. Red flag: proposing to delete tests or disable integration stage entirely.
Explain GitOps and how an agent knows when to apply changes
Tests declarative infrastructure and pull-based reconciliation. A strong answer says Git is the source of truth and the agent polls or watches for drift, then applies diffs. Red flag: calling a push-based CI pipeline GitOps.
Describe the difference between a Deployment and a StatefulSet
Tests stateful pod identity versus stateless scaling. Outline: contrast Deployments' interchangeable replicas with StatefulSets' stable hostnames, per-pod PVCs, and ordered rollout; give a database example.
What is IaC and its CI/CD benefits over manual provisioning?
WHAT IT TESTS: Your understanding of IaC as versioned, declarative infrastructure that stops snowflake environments and drift. ANSWER OUTLINE: Cover descriptive models, idempotency, and on-demand environments for repeatable CI/CD.
How would you integrate artifact signing into CI/CD and secure the keys?
Tests supply chain architecture and secrets management. A strong answer: remote HSM or KMS signing isolated from build runners, signature verification at deploy gates, and key rotation with audit logging.
What is Infrastructure as Code (IaC), and how does it support CI/CD?
This tests if you link declarative definitions to repeatable pipelines. A strong answer covers idempotence, versioned templates, and preventing snowflake environments. A red flag is calling IaC mere scripting without CI/CD integration.
What does shift left mean in CI/CD, and give two concrete examples?
Your grasp of moving verification earlier to reduce cost and risk. Define shift left as earlier-stage testing; cite two concrete examples like pre-commit unit tests and PR-level SAST scans. Never call it "more testing" instead of earlier feedback.
Name three Linux namespaces and explain what each one isolates.
WHAT IT TESTS: Kernel primitives behind container isolation. ANSWER OUTLINE: Name three of PID, Network, Mount, UTS, IPC, User, Cgroup, Time; say what each hides; cite CLONE_NEW* or /proc/pid/ns.
How do Docker images and containers differ and relate?
This tests your grasp of the immutable template versus mutable runtime boundary. A good answer: an image is a read-only layered template with code and dependencies; a container is a runnable instance with a writable layer on top.
How does shared responsibility shift between IaaS and SaaS?
Tests your understanding of security ownership across cloud stacks. Strong answer: in IaaS you own OS, apps, and network controls; in SaaS you only own data, identities, endpoints, and accounts while the provider manages the rest.
AWS Cost and Usage Report (CUR)
Think of CUR as your AWS itemized receipt, delivered daily to S3. It breaks down charges by hour, product, resource, and tag for spreadsheets or Athena queries. Mid-month numbers are estimates, so do not lock budgets until the report finalizes after invoicing.
How do you implement security policies as code across CI pipelines?
This tests operationalizing Policy as Code for security scanners at scale. Strong answers cover centralized version-controlled rules consumed by CI pipelines with automated gates and exception workflows. Red flag: teams maintaining independent scanner configs.
How would you add E2E tests to CI and what challenges arise?
This tests CI/CD pipeline design. Cover Dockerized environments, parallel runs, flaky-test retries, and selective execution such as critical tests per commit and full suites nightly. Red flag: running all tests on every commit without isolation or retries.
How would you implement zero-downtime secrets rotation?
WHAT IT TESTS: rotating credentials without downtime. OUTLINE: inventory secrets and app caching; baseline monitoring; dual-phase rotation with overlapping secrets; verify before revoking old.
.webp&w=3840&q=75)
How would you design an automated artifact repository cleanup policy?
WHAT IT TESTS: Balancing cost, compliance, and speed via tiered artifact retention. A strong answer covers age rules, deployment state, protected tags, and dry-run gates.
Compare monorepo and polyrepo strategies in CI/CD
Tests repo structure impact on builds, dependencies, and pipeline triggers. Contrast monorepo atomicity with polyrepo autonomy; cover monorepo change-detection versus polyrepo versioning and contract tests.
Design a dynamic, risk-based quality gate system
Tests if you can move CI/CD from binary pass/fail to contextual risk scoring. Strong answers define criticality tiers, weight signals by severity and blast radius, and emit GO/CAUTION/STOP states.
Design a secure multi-tenant CI/CD runner on Kubernetes
WHAT IT TESTS: Hard multi-tenancy for untrusted CI. ANSWER OUTLINE: Apply namespaces, NetworkPolicies, Pod Security Standards; cap resources with ResourceQuotas and LimitRanges; schedule to dedicated or sandboxed nodes. RED FLAG: Labels or RBAC alone suffice.
Design a Docker artifact system for cost, traceability, and speed
Tests cost-speed-auditability tradeoffs for artifacts at scale. Strong answers cover tiered storage with lifecycle policies,immutable build provenance,regional caching, and automated garbage collection. Red flag: infinite mutable storage with no cleanup rules.
How would you collect metrics and KPIs for your Internal Developer Platform?
This tests product-thinking: treating developers as customers, not captive users. Strong answers cover adoption (golden-path usage), developer experience (deploy speed, NPS), and business value. Red flag: tracking CPU or uptime without linking to adoption.