Cloud - DevOps Interview Questions

Beginner Level (1-20 Questions)

1. What is cloud computing?

Answer:
Cloud computing is the on-demand delivery of computing services such as servers,
storage, databases, networking, and software over the internet. It eliminates the need
for owning and maintaining physical hardware, allowing users to access scalable
resources on a pay-as-you-go model.

2. What are the different types of cloud computing?

Answer:
Cloud computing is classified into three types:

 Public Cloud: Services provided by third-party vendors like AWS, Azure, and
GCP, accessible over the internet.
 Private Cloud: Cloud infrastructure dedicated to a single organization, either on-
premises or hosted by a provider.
 Hybrid Cloud: A combination of public and private clouds, allowing data and
applications to be shared between them.

3. What are the benefits of cloud computing?

Answer:

 Scalability: Resources can be easily scaled up or down.

 Cost Efficiency: No need to invest in physical hardware.
 Flexibility: Access from anywhere using the internet.
 Disaster Recovery: Cloud providers offer backup and recovery solutions.

4. What are the different cloud service models?

Answer:
  Infrastructure as a Service (IaaS): Provides virtualized computing resources
(e.g., AWS EC2, Azure Virtual Machines).
 Platform as a Service (PaaS): Offers a managed environment for application
development (e.g., AWS Elastic Beanstalk, Google App Engine).
 Software as a Service (SaaS): Delivers software applications over the internet
(e.g., Gmail, Office 365, Salesforce).

5. What is serverless computing?

Answer:
Serverless computing allows developers to run applications without managing
underlying infrastructure. The cloud provider dynamically allocates resources as needed.
Examples include AWS Lambda, Azure Functions, and Google Cloud Functions.

6. What is virtualization in cloud computing?

Answer:
Virtualization is the process of creating virtual instances of servers, storage, or networks.
It enables multiple virtual machines (VMs) to run on a single physical server, improving
resource utilization.

7. What is multi-cloud?
Answer:
Multi-cloud refers to using multiple cloud service providers (e.g., AWS, Azure, GCP) for
redundancy, cost optimization, and avoiding vendor lock-in.

8. What are some common cloud deployment models?

Answer:

 Community Cloud: Shared infrastructure for a specific group of organizations.

 Hybrid Cloud: Combination of on-premises, private, and public clouds.
 Public Cloud: Services offered to multiple customers over the internet.

9. What is the difference between vertical and horizontal scaling?

Answer:
  Vertical Scaling (Scaling Up): Increasing resources (CPU, RAM) in an existing
server.
 Horizontal Scaling (Scaling Out): Adding more servers to distribute the load.

10. What is an Availability Zone (AZ)?

Answer:
An Availability Zone is a physically separate data center within a cloud provider's region,
designed for fault tolerance and high availability.

11. What is the Shared Responsibility Model in cloud security?

Answer:
Cloud providers and customers share security responsibilities:

 Provider: Secures hardware, networking, and cloud infrastructure.

 Customer: Secures applications, data, and user access.

12. What is a Virtual Private Cloud (VPC)?

Answer:
A VPC is an isolated cloud environment where users can define their own network
settings, including subnets, IP addresses, and security groups.

13. What is an Elastic Load Balancer (ELB)?

Answer:
An ELB distributes incoming traffic across multiple servers to ensure high availability and
fault tolerance.

14. What is Object Storage in the cloud?

Answer:
Object storage is a cloud-based storage architecture that stores data as objects (instead
of files or blocks). Examples include Amazon S3 and Azure Blob Storage.

15. What is Block Storage in cloud computing?

Answer:
Block storage stores data in fixed-sized blocks, commonly used for databases and virtual
machines. Examples: AWS EBS, Azure Managed Disks.

16. What is a Content Delivery Network (CDN)?

Answer:
A CDN is a distributed network of servers that caches content close to users for faster
delivery. Examples: AWS CloudFront, Azure CDN.

17. What is an IAM role in cloud security?

Answer:
An IAM (Identity and Access Management) role grants permissions to cloud services
without needing credentials stored on a server.

18. What is CloudFormation in AWS?

Answer:
AWS CloudFormation is an Infrastructure as Code (IaC) tool that automates provisioning
of cloud resources using YAML or JSON templates.

19. What is Google Kubernetes Engine (GKE)?

Answer:
GKE is Google Cloud's managed Kubernetes service for deploying and managing
containerized applications.

20. What is Azure DevOps?

Answer:
Azure DevOps is a set of development and CI/CD tools for building, testing, and
deploying applications in the cloud.

I'll now provide detailed answers for the Intermediate and Advanced level questions in
the Cloud section.
Intermediate Level (21-40 Questions)

21. What is a cloud region?

Answer:
A cloud region is a geographic area where a cloud provider has multiple data centers.
Each region consists of multiple availability zones (AZs), ensuring redundancy and
high availability.

 Example: AWS us-east-1 (North Virginia) has multiple AZs like us-east-1a, us-
east-1b, etc.
 Cloud providers like AWS, Azure, and GCP allow users to select regions based
on factors like latency, compliance, and pricing.

22. How does AWS Lambda differ from EC2?

Answer:

Feature AWS Lambda Amazon EC2

Type Serverless function Virtual machine

Requires manual scaling or auto-
Scaling Auto-scales instantly
scaling setup
Billing Pay-per-execution Pay for running instances
Use case Short-lived tasks Long-running applications
Trigger a function when an S3 file is Run a web server for hosting
Example
uploaded applications

23. What are Reserved Instances in AWS?

Answer:
Reserved Instances (RIs) are a pricing model in AWS where users commit to a specific
instance type for 1 or 3 years in exchange for significant discounts (up to 75%)
compared to On-Demand pricing.
  Types of RIs:
o Standard RIs – Best discounts, but limited flexibility.
o Convertible RIs – Can switch to another instance type.
o Scheduled RIs – Available at specific times (e.g., weekends).

24. How do you secure data in cloud storage?

Answer:
To secure data in cloud storage:

 Encryption: Use AES-256 encryption for data at rest and TLS for data in transit.
 Access Control: Implement IAM policies and bucket policies to restrict access.
 Versioning: Enable object versioning to recover deleted/modified files.
 Auditing: Use AWS CloudTrail, Azure Monitor, or GCP Audit Logs to track access.

25. What is the difference between Kubernetes and Docker

Swarm?
Answer:

Feature Kubernetes Docker Swarm

Complexity Steeper learning curve Easier to set up

Scaling Automated, fine-grained Manual or auto-scaling
Networking Uses CNI (Customizable) Simple overlay network
Load Balancing Built-in service discovery DNS-based service discovery
Use case Enterprise-grade orchestration Lightweight container orchestration

26. What is a Stateful vs. Stateless application in the cloud?

Answer:

 Stateless Application: Doesn’t retain session data. Each request is independent

(e.g., REST APIs, serverless functions).
 Stateful Application: Retains user state across requests (e.g., databases,
messaging queues).
  Cloud Implication: Stateless apps scale easily, while stateful apps require
persistent storage (e.g., AWS EBS, Azure Managed Disks).

27. What is auto-scaling, and how does it work?

Answer:
Auto-scaling automatically adjusts the number of cloud instances based on traffic load.

 Types:
o Horizontal scaling: Adds/removes instances.
o Vertical scaling: Increases/decreases resources on existing instances.
 Example: AWS Auto Scaling Group increases EC2 instances when CPU usage
exceeds 70%.

28. What is Terraform, and how does it help in cloud automation?

Answer:
Terraform is an Infrastructure as Code (IaC) tool used to define and provision cloud
resources using declarative configurations.

 Benefits:
o Enables version control for infrastructure
o Supports multi-cloud deployments
o Automates infrastructure provisioning

29. How do you handle logging in a cloud environment?

Answer:

 AWS: Use CloudWatch Logs and CloudTrail

 Azure: Use Monitor and Log Analytics
 GCP: Use Stackdriver Logging
 Best practices: Centralized logging, structured logs (JSON), retention policies

30. What is a Bastion Host, and why is it used?

Answer:
A Bastion Host is a publicly accessible server that provides secure SSH access to private
cloud resources.
  Reduces attack surface by acting as an entry point to internal instances.

Advanced Level (41-60 Questions)

41. What is a Service Level Agreement (SLA) in cloud computing?

Answer:
An SLA is a contract between a cloud provider and a customer that defines:

 Uptime Guarantee (e.g., AWS offers 99.99% uptime for EC2).

 Response Time (e.g., Support request resolution in 24 hours).
 Penalties if SLA is not met (e.g., refund or service credits).

42. How do you optimize cloud costs?

Answer:

 Use Reserved or Spot Instances instead of On-Demand.

 Enable Auto-scaling to scale down during low traffic.
 Monitor usage with AWS Cost Explorer/Azure Cost Management.
 Right-size resources by selecting appropriate instance sizes.

43. What is Kubernetes federation?

Answer:
Kubernetes Federation allows managing multiple Kubernetes clusters as a single unit
for high availability and multi-cloud support.

44. How does Chaos Engineering apply to cloud environments?

Answer:
Chaos Engineering intentionally injects failures to test system resilience.

 Example: Netflix Simian Army kills random instances to test system fault
tolerance.
45. What is a Kubernetes operator?
Answer:
A Kubernetes Operator automates complex tasks for stateful applications (e.g.,
managing databases in Kubernetes).

46. How do you implement multi-region deployments?

Answer:

 Data Replication: Sync databases across regions.

 Traffic Routing: Use DNS-based routing (e.g., AWS Route 53).
 Failover Mechanism: Auto-switch to another region in case of failure.

47. What is a Cloud Access Security Broker (CASB)?

Answer:
A CASB is a security layer between cloud users and providers, enforcing compliance,
threat protection, and data security.

48. How do you ensure compliance in cloud environments?

Answer:

 Use Compliance Frameworks: HIPAA, SOC 2, GDPR.

 Enable Logging & Auditing: AWS CloudTrail, Azure Security Center.

49. What is zero-trust security in cloud environments?

Answer:
Zero-trust security assumes no implicit trust and enforces strict identity verification for
every request.

50. How does serverless architecture improve scalability?

Answer:
Serverless auto-scales instantly based on demand, eliminating pre-provisioning of
resources.
51. What is an egress charge in cloud pricing?
Answer:
Egress charges are fees for data transfer out of the cloud provider's network.

52. How do you prevent DDoS attacks in the cloud?

Answer:

 Use AWS Shield, Azure DDoS Protection, Cloudflare WAF.

 Implement Rate Limiting on API endpoints.

53. What are the best practices for cloud security?

Answer:

 Least Privilege Access (IAM policies).

 Encrypt Data at Rest & Transit (KMS, SSL/TLS).
 Enable Multi-Factor Authentication (MFA).

54. What are the risks of vendor lock-in, and how do you mitigate
them?
Answer:
Vendor lock-in occurs when a company becomes dependent on a single cloud provider,
making migration difficult due to high costs or compatibility issues.
Mitigation strategies:

 Use multi-cloud strategies to distribute workloads.

 Adopt open-source and portable tools (e.g., Kubernetes, Terraform).
 Design applications with cloud-agnostic architectures using containerization
and microservices.

55. What is Kubernetes pod affinity and anti-affinity?

Answer:
Pod affinity and anti-affinity define rules for where Kubernetes pods should be
scheduled based on labels.
  Pod Affinity: Ensures pods are scheduled together (e.g., for performance
reasons).

 Pod Anti-Affinity: Ensures pods are placed on different nodes (e.g., for high
availability).

 Example YAML:

 affinity:
 podAntiAffinity:
 requiredDuringSchedulingIgnoredDuringExecution:
 - labelSelector:
 matchExpressions:
 - key: app
 operator: In
 values:
 - backend
topologyKey: "kubernetes.io/hostname"

56. How do you prevent DDoS attacks in cloud environments?

Answer:
To prevent DDoS (Distributed Denial of Service) attacks, use:

 Web Application Firewalls (WAF): AWS WAF, Azure WAF.

 DDoS Protection Services: AWS Shield, Azure DDoS Protection, Cloudflare.
 Rate Limiting & Traffic Throttling: Block excessive requests from suspicious IPs.
 Network ACLs & Security Groups: Restrict unnecessary traffic at the firewall
level.

57. What is confidential computing in the cloud?

Answer:
Confidential computing encrypts data even while it is being processed to enhance
security.

 Uses Trusted Execution Environments (TEEs) to protect data.

 Examples:
o AWS Nitro Enclaves
o Azure Confidential Computing
o Google Cloud Confidential VMs
58. What is a policy-as-code approach in cloud security?
Answer:
Policy-as-Code (PaC) automates security and compliance checks using code-based
policies.

 Tools:
o AWS Config, Azure Policy
o OPA (Open Policy Agent)
o HashiCorp Sentinel
 Example: Enforce that all S3 buckets must be encrypted.

59. How do you implement cloud governance?

Answer:
Cloud governance ensures compliance, security, and cost control.

 Identity & Access Control: Enforce least-privilege access.

 Budget & Cost Management: Use AWS Budgets, Azure Cost Management.
 Automated Compliance Checks: Use AWS Config, Azure Policy.

60. What are the best practices for cloud security?

Answer:

 Identity & Access Management (IAM): Enforce least privilege access.

 Data Encryption: Encrypt at rest (AES-256) and in transit (TLS).
 Multi-Factor Authentication (MFA): Require MFA for user accounts.
 Network Security: Implement firewalls, VPNs, and private subnets.
 Logging & Monitoring: Enable AWS CloudTrail, Azure Monitor, Google
Cloud Logging for real-time threat detection.