DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

Multiple Choice Interview questions

— ny_wk

Multiple Choice Interview questions

These Linux system administration interview questions and answers cover the core RHEL topics hiring managers ask experienced candidates: the systemd boot process, file permissions, RAID parity, DNS resolution, NFS over TCP, storage snapshots, and reading process states. Every answer below is corrected and accurate, organized by topic so you actually understand the concept instead of memorizing a one-liner.

The aim of these Linux system admin interview questions is depth. An interviewer rarely wants the textbook definition alone; they want to know whether you can reason about why a system behaves the way it does and how you would troubleshoot it under pressure. Use each section as a study unit.

Boot process and the init system in RHEL 7

Which process replaces init in RHEL 7?

systemd replaces the traditional SysV init starting with RHEL 7. It is still spawned as PID 1, and for backward compatibility /sbin/init is a symbolic link to /usr/lib/systemd/systemd. Where classic init ran sequential shell scripts from /etc/rc.d/, systemd starts services in parallel using dependency-aware units, which makes boot faster and more deterministic.

Key concepts to mention in an interview:

  • Units end in suffixes such as .service, .mount, .socket, .target and .timer.
  • Targets replace runlevels. multi-user.target is roughly runlevel 3 and graphical.target is runlevel 5.
  • The control tool is systemctl: systemctl status sshd, systemctl enable --now httpd, systemctl get-default.
  • Logs moved to the journal, read with journalctl (for example journalctl -xe or journalctl -b for the current boot).

RHEL 7.1 is not booting after a fresh installation. How do you fix it?

Approach this methodically rather than guessing. The most common post-install boot failures are a missing or corrupt boot loader, a bad /etc/fstab entry, or an initramfs that is missing the storage driver.

  1. Watch the console messages. A drop to an emergency or dracut shell almost always points to a filesystem or fstab problem.
  2. Boot the RHEL 7.1 DVD or ISO and choose Troubleshooting > Rescue a Red Hat Enterprise Linux system. Let it mount your install under /mnt/sysimage, then run chroot /mnt/sysimage.
  3. Reinstall and regenerate the GRUB2 boot loader: grub2-install /dev/sda followed by grub2-mkconfig -o /boot/grub2/grub.cfg (on UEFI systems the config path is under /boot/efi/EFI/redhat/grub.cfg).
  4. If a wrong device or UUID in /etc/fstab stalls the boot, correct the entry. Verify every UUID with blkid.
  5. Rebuild the initramfs so the root storage driver is present: dracut -f /boot/initramfs-$(uname -r).img $(uname -r).

Exit the chroot, reboot, and confirm. The mindset interviewers reward here is isolate, then repair: read the actual error before touching anything.

RHEL 6.7 is failing at the GRUB screen. What is your fix?

RHEL 6 uses GRUB Legacy (version 0.97), not GRUB2, so the commands differ from RHEL 7. A halt at the GRUB prompt usually means a corrupt stage1/stage2, a damaged /boot/grub/grub.conf, or a missing MBR.

  1. Boot the RHEL 6.7 media in rescue mode (linux rescue) and chroot into the install at /mnt/sysimage.
  2. Reinstall the boot loader from the GRUB shell: run grub, then root (hd0,0), setup (hd0), and quit.
  3. Confirm /boot/grub/grub.conf lists the correct kernel and initrd lines and that the default and root entries are valid.

Note the modern reality: RHEL 6 reached end of maintenance support in November 2020, and even Extended Life-cycle Support has wound down. Today you would run RHEL 8 or 9 with GRUB2 and BLS (Boot Loader Specification) snippets under /boot/loader/entries/. Still, knowing GRUB Legacy demonstrates depth for environments that maintain legacy systems.

What does the "D" state mean in ps output?

D = uninterruptible sleep, almost always a process blocked waiting on I/O (a slow disk, an NFS server that has gone away, or a hung device). A process in state D cannot be killed by a normal signal, not even SIGKILL, because it is parked inside a kernel system call and will not return until the I/O completes.

Common process states to know cold:

CodeMeaning
RRunning or runnable (on the run queue)
SInterruptible sleep (waiting for an event)
DUninterruptible sleep (blocked on I/O)
TStopped (job control or being traced)
ZZombie (finished, parent has not reaped it)

If you see many D-state processes, suspect the storage layer: a failing disk, a saturated SAN path, or a dead NFS mount.

File permissions and security in Linux

What does permission 2764 mean?

This is a four-digit octal mode. The leading digit is the special permission set; the last three are owner, group, and other.

  • 2 = the setgid bit.
  • 7 = owner has read + write + execute (4+2+1).
  • 6 = group has read + write (4+2), no execute.
  • 4 = other has read only.

So 2764 means -rwxrwSr--. Notice the group field shows a capital S: setgid is set, but the group has no execute bit, so the S is uppercase. On a directory the setgid bit is far more useful, it forces newly created files to inherit the directory's group, which is the classic way to set up a shared team folder. Apply it with chmod 2764 reports or chmod g+s reports.

What is the purpose of the /etc/shadow file?

/etc/shadow stores the encrypted (hashed) user passwords and password aging policy, separated from the world-readable /etc/passwd. Because /etc/passwd must be readable by everyone, keeping hashes there would expose them to offline cracking, so the hashes were moved to /etc/shadow, which is readable only by root (mode 0000 or 0640 depending on distro).

Each line has nine colon-separated fields. The important ones:

  • Username and the password hash (modern RHEL uses SHA-512, the $6$ prefix).
  • Last password change (days since the epoch), minimum and maximum age.
  • Warning period, inactivity grace, and the account expiration date.

Manage these fields with chage (for example chage -l username) rather than editing by hand.

Storage: RAID, snapshots, clones, and mount troubleshooting

Which RAID level uses parity for data protection?

RAID 5 is the classic parity level: it stripes data across all disks and distributes parity blocks so it can survive the loss of one drive. RAID 6 uses double distributed parity and survives the loss of two drives, at the cost of one more disk of capacity. RAID 4 also uses parity but stores it on a single dedicated disk, which becomes a write bottleneck, so it is rarely used in practice.

LevelTechniqueFault tolerance
RAID 0Striping onlyNone (no redundancy)
RAID 1MirroringOne disk per mirror
RAID 5Striping + single parityOne disk
RAID 6Striping + double parityTwo disks
RAID 10Mirror of stripesOne per mirrored pair

A strong answer adds the trade-off: parity RAID is space-efficient but has a write penalty because every write recomputes parity, and a RAID 5 rebuild on large modern drives is slow and risky, which is why RAID 6 or RAID 10 are often preferred for big arrays.

What is the difference between a snapshot and a clone?

Both capture a point-in-time view of a volume, but they differ in independence and storage cost.

  • A snapshot is a lightweight, read-mostly reference to a volume at a moment in time. It typically uses copy-on-write, so it consumes almost no space initially and only grows as the source changes. A snapshot depends on the original volume.
  • A clone is a full, independent, writable copy of the volume. It occupies the full size of the source (unless the platform supports thin clones) and can live on without the original.

In LVM terms, you create a snapshot with lvcreate -s -L 1G -n db_snap /dev/vg0/db; it is ideal for a consistent backup or a quick rollback point. A clone is what you want when you need a separate, fully usable copy, such as standing up a test database from production data.

A customer cannot read any files under one mount point. How do you troubleshoot?

Work outward from the cheapest checks to the most disruptive.

  1. Confirm something is actually mounted there: mount | grep /data or findmnt /data. An empty directory often means the filesystem failed to mount and you are seeing the bare mount point.
  2. Check permissions and ownership on the mount point and its contents with ls -ld /data and ls -l /data. Verify the user is in the right group.
  3. Look for a read-only remount: mount output showing (ro) means the kernel remounted it read-only after detecting errors. Inspect dmesg and journalctl -k for filesystem or disk errors.
  4. Rule out SELinux. A wrong context blocks access even when standard permissions look fine. Run ls -Z /data, check ausearch -m avc -ts recent or /var/log/audit/audit.log, and relabel with restorecon -Rv /data if needed.
  5. Check free space and inodes with df -h and df -i; a full filesystem can break operations.
  6. If corruption is suspected, unmount and run a filesystem check (fsck for ext4, xfs_repair for XFS, never fsck on a mounted volume).

The interviewer is testing your diagnostic order: mount status, then permissions, then SELinux, then the hardware and filesystem layer.

Networking: DNS, NFS, and interface speed

What is recursive DNS?

A recursive DNS resolver does the full lookup on a client's behalf. When you ask it for a name, it chases the chain itself, querying a root server, then the appropriate top-level-domain server, then the domain's authoritative name server, and finally returns the complete answer to you. It then caches the result for the record's TTL so repeat queries are instant.

Contrast this with an iterative query, where each server simply returns a referral ("ask this other server") and the client follows each step itself. In short: a recursive resolver does the work and hands back the final IP; iterative resolution makes the client do the legwork hop by hop.

What is multicast?

Multicast delivers a single stream of packets to a group of interested receivers at once, instead of sending a separate copy to each (unicast) or to everyone on the segment (broadcast). Receivers join a multicast group using IGMP on IPv4. The reserved range is 224.0.0.0 to 239.255.255.255 (the old class D space). It is the efficient way to do video streaming, market-data feeds, and service discovery, because the network replicates the stream only where it branches.

Why is TCP advantageous for NFS?

NFS can run over UDP or TCP, but TCP is the modern default and the recommended transport, especially for NFSv4 which requires it. The advantages:

  • Reliability: TCP guarantees ordered, retransmitted delivery, so dropped packets are recovered transparently instead of surfacing as I/O errors.
  • Better behavior on busy or WAN links: TCP's flow control and congestion control adapt to load, where UDP can flood a congested network and cause stalls.
  • Large transfers: TCP handles big read/write window sizes far more gracefully than UDP fragmentation.
  • Stateful recovery: a TCP connection lets client and server detect and recover from interruptions cleanly.

This is also why a wedged NFS-over-TCP mount can leave processes stuck in the D state we discussed earlier, they are blocked waiting on I/O that never returns.

How do you check the link speed of a network interface?

Use ethtool, the standard tool for inspecting and tuning NIC settings:

  1. Run ethtool eth0 and read the Speed and Duplex lines (for example Speed: 1000Mb/s, Duplex: Full).
  2. The Link detected: yes line confirms the cable and link are up.
  3. For a quick value you can also read the sysfs file: cat /sys/class/net/eth0/speed (the number is in Mb/s).

A classic gotcha to mention: a duplex mismatch (one side full, the other half) causes terrible throughput with no obvious error, so always confirm both speed and duplex.

Package and module management on RHEL

What does rpm -Uvh <package> do?

The rpm -Uvh command upgrades a package, and installs it fresh if it is not already present. Decoding the flags:

  • -U = upgrade: install the new version and remove the older one. (Compare with -i install, which fails if any version exists, and -F freshen, which upgrades only if an older version is already installed.)
  • -v = verbose output.
  • -h = print hash marks (#) as a progress bar.

Important caveat for interviews: rpm itself does not resolve dependencies, it only reports them and fails. In real operations you use yum or dnf (or microdnf on minimal images), which pull in dependencies automatically from configured repositories. Reach for raw rpm mainly to query (rpm -qa, rpm -qf /path) or to install a single local file when you know the deps are satisfied.

Which file resolves modprobe dependencies when a module is loaded?

/lib/modules/$(uname -r)/modules.dep holds the module dependency map that modprobe consults so it can load any prerequisite modules first. You do not edit it by hand, it is generated by the depmod command, which scans the installed modules and writes modules.dep (and its binary index modules.dep.bin). Run depmod -a after adding a new kernel module so modprobe can find and order it correctly. User-tunable options and aliases live separately under /etc/modprobe.d/*.conf.

Key Takeaways

  • systemd replaces SysV init in RHEL 7 as PID 1, using parallel dependency-aware units and targets instead of sequential runlevel scripts.
  • Permission 2764 = -rwxrwSr-- (setgid set, but group lacks execute); setgid on a directory makes new files inherit the directory's group.
  • RAID 5 uses single distributed parity (survives one disk loss); RAID 6 uses double parity (survives two), with a write penalty either way.
  • A snapshot is a space-efficient copy-on-write reference that depends on the source; a clone is a full, independent, writable copy.
  • The D process state is uninterruptible sleep on I/O, often caused by failing disks or a dead NFS-over-TCP mount, and cannot be killed with a normal signal.

Frequently Asked Questions

What is the difference between systemd and init?

Classic SysV init ran shell scripts sequentially based on numbered runlevels, which was slow and order-dependent. systemd starts services in parallel using dependency-aware units and targets, manages logging through the journal, and supervises services so they can be restarted automatically. It runs as PID 1, and /sbin/init is a symlink to it for compatibility.

How do I find why a process is stuck in D state?

Inspect what it is blocked on with cat /proc/<pid>/stack or cat /proc/<pid>/wchan, and check dmesg and journalctl -k for disk or NFS errors. Because D state means uninterruptible I/O wait, the fix is at the storage or network layer, recovering the dead NFS mount or replacing the failing disk, not killing the process.

Is RAID 5 or RAID 6 better for large drives?

RAID 6 is generally safer for large modern drives. RAID 5 survives only one disk failure, and on multi-terabyte drives the long rebuild window creates a real risk of a second drive failing before the array recovers. RAID 6 tolerates two simultaneous failures, trading one extra disk of capacity for that protection.

Why use TCP instead of UDP for NFS?

TCP gives NFS reliable, ordered delivery with built-in retransmission and congestion control, so it behaves well on busy or wide-area networks and handles large transfers cleanly. NFSv4 requires TCP, and it is the default in modern RHEL because UDP can lose packets and flood congested links, surfacing as I/O errors.

If these Linux system admin interview questions helped, subscribe to @explorenystream on YouTube for more hands-on RHEL and Linux walkthroughs.