Skip to content

Intermediate Questions

How to use these interview questions

๐Ÿง  Read each question carefully.

Try answering it yourself before expanding the answer to compare with the ideal response.

Level: Intermediate

๐ŸŸก Practical Applications & Troubleshooting.

Focus on real-world scenarios, debugging, optimization, and deeper configuration.

1. What is "Drift Detection" in AWS CloudFormation?

A feature that detects if a stack's actual configuration differs from its template.

โœ” Use Case: It highlights resources (e.g., Security Group rules) that have been manually modified via Console/CLI outside of CloudFormation, violating IaC principles.

2. How can you speed up a slow build process in AWS CodeBuild?

Enable local caching.

Caching dependencies (like node_modules or pip cache) to S3 or using local caching significantly reduces build time. You can also use larger compute types.

3. When using Terraform with an S3 backend, what is needed to implement state locking?

An Amazon DynamoDB table.

Terraform uses a DynamoDB table to acquire a lock, preventing two developers from running terraform apply simultaneously and corrupting the state file.

4. What is a "Canary Deployment" strategy?

Slowly rolling out traffic to a small percentage of users (e.g., 10%) to verify stability before full release.

โœ” Benefit: Minimizes the blast radius of a bad release. If metrics spike, you can rollback immediately impacting only a few users.

5. How does AWS EKS handle permissions for individual Pods securely?

Using IAM Roles for Service Accounts (IRSA).

IRSA uses OIDC to map a Kubernetes Service Account to an IAM Role. This allows a specific Pod to access AWS S3/DynamoDB with least privilege, without giving broad node-level permissions to the worker node.

6. In AWS Lambda, what creates the "Image Manifest Error" (exec format error) for container images?

Building a container image on a different architecture (e.g., ARM64 Mac) than the target Lambda architecture (e.g., x86_64).

โœ” Fix: Build with --platform linux/amd64.

7. What is "Immutable Infrastructure"?

A paradigm where servers are never modified after deployment. If you need to update software, you replace the entire server with a new one built from a new image.

โœ” Benefits: Prevents configuration drift and ensures consistency.

8. How do you optimize a Docker image size for faster deployment?

Use multi-stage builds and minimal base images (like Alpine or Distroless).

Multi-stage builds allow you to compile in a heavy image and copy only the binary/artifact to a lightweight runtime image.

9. What is the difference between ECS Launch Types: Fargate vs. EC2?
  • Fargate: Serverless. You pay per vCPU/RAM of the task. No OS access. Faster scaling, less ops overhead.
  • EC2 Mode: You manage the underlying EC2 instances (patching, scaling, agents).
10. What mechanism in CodeDeploy helps prevent a failed deployment from affecting all users in a Rolling update?

Deployment Health Constraints (Minimum Healthy Hosts).

CodeDeploy monitors the health of instances during deployment and stops if the number of healthy instances falls below the defined threshold.

11. How can you trigger an automatic rollback in CodeDeploy if an application error rate spikes?

Configure CloudWatch Alarms to monitor errors (e.g., HTTP 500s) and attach them to the Deployment Group.

If the alarm breaches, CodeDeploy halts the deployment and rolls back to the last successful revision automatically.

12. In AWS Systems Manager, what is the safest way to store a database password?

Parameter Store as a SecureString.

SecureString parameters use KMS to encrypt the data at rest.

13. What serves as the "source of truth" in a GitOps workflow?

The Git repository.

In GitOps, the desired state of the infrastructure is declared in Git, and an agent (like ArgoCD) ensures the live cluster matches it.

14. How can you manage CloudFormation stacks across multiple accounts and regions centrally?

Use CloudFormation StackSets.

StackSets allow you to create, update, or delete stacks across multiple accounts and regions with a single operation from an administrator account.

15. What is a "Nested Stack" in CloudFormation?

A stack created as a resource within another stack to reuse common templates.

โœ” Benefit: Helps overcome resource limits (200 resources per stack) and modularize large templates.

16. Using OpsWorks provides managed instances of which configuration management tools?

Chef and Puppet.

17. How do you securely pass secrets to an ECS Task definition?

Reference them from Secrets Manager or SSM Parameter Store in the container definition (via secrets property).

The ECS agent injects the sensitive data as environment variables at runtime, keeping them out of the task definition text.

18. What is the "hub-and-spoke" network topology service frequently managed by DevOps for connectivity?

AWS Transit Gateway.

It simplifies network architecture by connecting VPCs and on-premises networks through a central hub, avoiding complex peering meshes.

19. Which deployment strategy involves creating a completely new environment (Green) alongside the existing one (Blue)?

Blue/Green Deployment.

Allows for instant traffic switching and instant rollback but requires double the capacity temporarily.

20. What is "Compliance as Code" using AWS Config?

Using Config Rules to automatically check and remediate non-compliant resources.

Example: A rule that checks if all EBS volumes are encrypted. If not, it can trigger an SSM document to encrypt them or notify the team.

๐Ÿงช Ready to test yourself?

๐Ÿ‘‰ Take the AWS DevOps Engineer Intermediate Quiz

๐Ÿ“ฌ DevopsPilot Weekly โ€” Learn DevOps, Cloud & Gen AI the simple way.
๐Ÿ‘‰ Subscribe here