Answer:
The shell parses the command and calls fork() to create a child process.
The child calls exec() to replace its memory with /bin/ls.
The kernel handles file access via syscalls (e.g. open(), readdir(), write()).
Output is written to stdout (file descriptor 1).
// Underlying C system calls
fork();
execvp("ls", args);Scorecard:
- 5 – Mentions fork/exec, syscalls, file descriptors
- 3 – Describes at a high level (command, output)
- 1 – Can’t explain or confuses core parts
For: Junior, Senior
Answer:
fork() creates a duplicate process.
exec() replaces the child’s memory space with a new program.
This is how Linux spawns new processes without loading a full new shell.
pid_t pid = fork();
if (pid == 0) execvp(cmd, args); // childScorecard:
- 5 – Explains fork/exec separation and process model clearly
- 3 – Describes behavior but not relationship
- 1 – Confuses their roles or thinks they’re the same
For: Junior, Senior
Answer:
A process has its own memory space and system resources.
A thread shares the memory and resources of the parent process.
Threads are lightweight and faster to spawn but require synchronization.
# View threads of a process
ps -T -p <PID>Scorecard:
- 5 – Clearly distinguishes memory/resource sharing and gives examples
- 3 – Understands difference but lacks depth
- 1 – Confuses or interchanges the two
For: Junior, Senior
Answer:
Use tools like lsof, netstat, or ss.
lsof -i :8080
netstat -tulnp | grep 8080
ss -ltnp | grep 8080These commands show the PID and process name.
Scorecard:
- 5 – Knows multiple tools and explains output
- 3 – Uses one command correctly
- 1 – Doesn’t know or guesses incorrectly
For: Junior, Senior
Answer:
A zombie is a completed child process not reaped by its parent.
It stays in the process table with a status Z.
You can clean it by killing the parent or ensuring it calls wait().
ps aux | grep ZScorecard:
- 5 – Understands the parent-child relationship and
wait() - 3 – Defines zombie but not cleanup
- 1 – Thinks it’s an active or harmful process
For: Junior, Senior
Answer:
RSS (Resident Set Size): Actual physical memory used.
Virtual Memory: Total memory the process can access (may include swapped or unmapped pages).
cat /proc/<pid>/statusScorecard:
- 5 – Correctly explains both and uses tools like
/procorsmem - 3 – Vaguely aware of virtual memory
- 1 – Confuses the two or guesses
For: Junior, Senior
Answer:
An inode stores metadata about a file (owner, permissions, timestamps, etc.).
The filename is just a pointer to an inode.
ls -i file.txt
stat file.txtScorecard:
- 5 – Explains metadata concept and separation from filename
- 3 – Understands inode basics
- 1 – Thinks inode is part of filename or doesn’t know
For: Junior, Senior
Answer:
A hard link points directly to the same inode.
A symlink points to the file path and can break if the target is removed.
ln original.txt hardlink.txt
ln -s original.txt symlink.txtScorecard:
- 5 – Correctly explains and shows both use cases
- 3 – Understands one type
- 1 – Thinks they're the same
For: Junior, Senior
Answer:
Use iostat, iotop, or dstat.
iostat -dx 1
iotop
dstat -cdngyLook for high await, util, or heavy I/O processes.
Scorecard:
- 5 – Uses appropriate tools and knows metrics
- 3 – Names tools but not interpretation
- 1 – No clue or uses wrong tools (e.g.
toponly)
For: Junior, Senior
Answer:
The file is removed from the directory listing, but the data remains on disk until all file descriptors are closed.
lsof | grep deletedScorecard:
- 5 – Explains descriptor-handle concept and cleanup
- 3 – Partial understanding
- 1 – Thinks file is immediately wiped
For: Junior, Senior
Answer:
Permissions: r (4), w (2), x (1) — for owner, group, others
chmod 750 script.sh
chown user:group file
ls -l fileScorecard:
- 5 – Explains bits, uses examples, understands
chownandchmod - 3 – Knows how to use commands
- 1 – No clue or misuses commands
For: Junior, Senior
Answer:
/etc/fstab defines filesystems to mount at boot.
Each line contains device, mount point, type, and options.
/dev/sda1 / ext4 defaults 0 1
mount -a # to testScorecard:
- 5 – Explains format, knows testing and troubleshooting
- 3 – Knows it's for auto-mounting
- 1 – Never used it or confuses with
mount
For: Junior, Senior
Answer:
stat()works with file paths.fstat()works with file descriptors.
struct stat s;
fstat(fd, &s); // open fileScorecard:
- 5 – Understands syscall-level detail
- 3 – Vaguely explains usage
- 1 – Doesn’t know or mixes up terms
For: Senior
Answer:
lsof # all open files
lsof -p <PID> # per-process
ls /proc/<pid>/fdUseful for file descriptor leaks or log cleanup.
Scorecard:
- 5 – Uses multiple tools with correct context
- 3 – Knows
lsof - 1 – Doesn’t know any method
For: Junior, Senior
Answer:
df -h # disk usage
df -i # inode usage
du -sh * # per-directory usageCheck for inode exhaustion on systems with lots of small files.
Scorecard:
- 5 – Differentiates inode vs block usage
- 3 – Knows
dfbut not-i - 1 – Uses wrong tools or guesses
For: Junior, Senior
Answer:
- TCP is connection-oriented, reliable, with built-in error handling and retransmission.
- UDP is connectionless, faster, but does not guarantee delivery or order.
Used cases:
- TCP: web, SSH, email
- UDP: DNS, video streaming, games
# Check listening TCP and UDP ports
ss -tulnScorecard:
- 5 – Explains reliability, ordering, connection model
- 3 – Describes high-level idea with correct use cases
- 1 – Confuses them or doesn't know differences
For: Junior, Senior
Answer:
- Check
/etc/hosts - Check DNS cache
- Query recursive resolver (configured in
/etc/resolv.conf) - Resolver queries root → TLD → authoritative DNS
- Returns IP to client
dig openai.com
nslookup openai.comScorecard:
- 5 – Explains resolution chain clearly with tools
- 3 – Describes recursion or lookup vaguely
- 1 – Thinks it’s hardcoded or local only
For: Junior, Senior
Answer:
A socket is an abstraction for a network endpoint (IP + port). Used in inter-process or remote communication.
# Simple TCP server in Python
import socket
s = socket.socket()
s.bind(('0.0.0.0', 8000))
s.listen()Scorecard:
- 5 – Understands socket lifecycle and protocols
- 3 – Knows basic usage
- 1 – Doesn’t know or confuses with files
For: Junior, Senior
Answer:
- DNS resolution
- TCP connection handshake
- TLS handshake (HTTPS)
- HTTP request (GET /)
- Server responds → data printed to stdout
curl -v https://google.comScorecard:
- 5 – Mentions DNS, TCP, TLS, HTTP layers
- 3 – Partial flow described
- 1 – Just says “it shows a page”
For: Junior, Senior
Answer:
- Ping test (basic connectivity)
tracerouteormtrto find route issues- Check firewall with
telnet,nc, orss - Use
tcpdumporwiresharkfor packet-level issues
ping <host>
traceroute <host>
nc -zv host portScorecard:
- 5 – Uses structured approach with tools
- 3 – Uses 1–2 tools only
- 1 – Guesswork or unclear steps
For: Junior, Senior
Answer:
MTU (Maximum Transmission Unit) is the largest packet size sent without fragmentation.
Mismatched MTUs can cause dropped packets or degraded performance (esp. in VPNs or tunnels).
ip link | grep mtu
ping -M do -s 1472 <host>Scorecard:
- 5 – Knows MTU concept and troubleshooting
- 3 – Defines MTU, no impact explanation
- 1 – Doesn’t know or misuses term
For: Senior
Answer:
- Authentication is verifying identity (e.g., username/password).
- Authorization is checking if the authenticated user has permission to do something (e.g., access a file).
Think:
- AuthN → Who are you?
- AuthZ → What can you do?
Scorecard:
- 5 – Clearly separates both with real-world analogy or example
- 3 – Understands both but mixes terminology
- 1 – Uses the terms interchangeably or incorrectly
For: Junior, Senior
Answer:
They enforce access control via:
- Owner, group, others permissions (rwx)
- Prevent unauthorized access/modification
- Controlled using
chmod,chown, and umask
chmod 640 config.yml
chown root:admin config.ymlScorecard:
- 5 – Explains use cases like protecting logs, keys
- 3 – Understands syntax but not implications
- 1 – Uses chmod/chown without understanding
For: Junior, Senior
Answer:
- Disable root login
- Use key-based auth (disable password login)
- Change default port
- Use
fail2banor rate limiting - Restrict by IP using
AllowUsersor firewall
# Disable root login
PermitRootLogin no
# Enforce key auth
PasswordAuthentication noScorecard:
- 5 – Covers config, firewall, key management
- 3 – Lists 1–2 things
- 1 – Just says "use SSH"
For: Junior, Senior
Answer:
ss -tuln
netstat -tuln
nmap localhostss and netstat show open ports; nmap scans from external or internal point of view.
Scorecard:
- 5 – Uses right tools and interprets results
- 3 – Knows one tool, limited understanding
- 1 – Confuses outbound vs inbound
For: Junior, Senior
Answer:
They are Mandatory Access Control (MAC) systems.
- SELinux/AppArmor enforce fine-grained access policies beyond standard Unix permissions.
- Restrict what processes can read/write/execute, regardless of user.
getenforce # check SELinux status
aa-status # for AppArmorScorecard:
- 5 – Explains MAC and differences from DAC (file permissions)
- 3 – Knows they restrict access
- 1 – Doesn’t know or confuses with firewall
For: Senior
Answer:
- Never hard-code secrets into source code.
- Use environment variables, encrypted secrets managers (e.g., AWS Secrets Manager, Vault).
- Use file permissions or gpg-encrypted files if local.
export DB_PASS=$(aws secretsmanager get-secret-value --secret-id db_pass)Scorecard:
- 5 – Understands secret lifecycle and secure practices
- 3 – Uses env vars or hardcoded with justification
- 1 – Admits to hardcoding or storing in Git
For: Junior, Senior
Answer:
Use df to check usage and send an alert if over threshold:
#!/bin/bash
THRESHOLD=80
df -h | awk 'NR>1 {print $5 " " $6}' | while read output; do
usep=$(echo $output | awk '{ print $1}' | tr -d '%')
partition=$(echo $output | awk '{ print $2}')
if [ $usep -ge $THRESHOLD ]; then
echo "Running out of space on $partition ($usep%)"
fi
doneScorecard:
- 5 – Dynamic partitions, parameterized threshold, alert logic
- 3 – Hardcoded logic, partial check
- 1 – Doesn’t know
dfor how to parse it
For: Junior, Senior
Answer:
Use try-except blocks to handle predictable errors and prevent crashes.
try:
value = int(input("Enter number: "))
except ValueError:
print("Invalid input.")This avoids program termination and allows logging or recovery.
Scorecard:
- 5 – Knows try/except, can explain error boundaries
- 3 – Can use syntax but unsure when to use
- 1 – Doesn't use error handling at all
For: Junior, Senior
Answer:
- Bash: Great for orchestration, system commands, glue logic
- Python: Better for complex logic, data structures, REST APIs
# Bash: quick disk check
df -h
# Python: parse JSON from API
import requests
r = requests.get("https://api.example.com/data")Scorecard:
- 5 – Explains purpose-fit choices
- 3 – Knows one but not when to use the other
- 1 – Uses everything in one language poorly
For: Junior, Senior
Answer:
Read line-by-line for efficiency:
with open("app.log") as f:
for line in f:
if "ERROR" in line:
print(line)Avoids loading entire file into memory.
Scorecard:
- 5 – Uses efficient iteration and explains performance
- 3 – Works but loads whole file
- 1 – Doesn’t know how to process files
For: Junior, Senior
Answer:
Shell:
echo "Hello $1"
./script.sh WorldPython:
import sys
print("Hello", sys.argv[1])Or better with argparse.
Scorecard:
- 5 – Uses
argparseor positional args clearly - 3 – Only hardcodes inputs
- 1 – Doesn't know how to pass arguments
For: Junior, Senior
Answer:
Use cron:
# Edit crontab
crontab -e
# Run at midnight
0 0 * * * /usr/local/bin/myscript.sh >> /var/log/script.log 2>&1Scorecard:
- 5 – Correct syntax and redirection
- 3 – Knows cron but gets time syntax wrong
- 1 – Doesn’t know cron at all
For: Junior, Senior
Answer:
- EC2: Virtual machines (compute)
- S3: Object storage for files/blobs
- RDS: Managed relational database (e.g., MySQL, Postgres)
Use case mapping:
- EC2 → host apps
- S3 → store backups, media
- RDS → production-grade SQL DBs without self-managing
Scorecard:
- 5 – Maps each to real-world use cases
- 3 – Knows what they are but not when to use
- 1 – Confuses them or mixes terms
For: Junior, Senior
Answer:
- IAM User: Long-lived identity (username/password, access keys)
- IAM Role: Temporary, assumed by services (EC2, Lambda, etc.)
Roles help implement least privilege without hardcoding keys.
aws sts assume-role --role-arn ...Scorecard:
- 5 – Explains temp credentials, use in automation
- 3 – Knows roles are different but not why
- 1 – Thinks they’re the same
For: Junior, Senior
Answer:
A VPC (Virtual Private Cloud) is a logically isolated network in AWS.
You define:
- Subnets (public/private)
- Route tables
- Security groups and NACLs
- Internet gateways/NAT gateways
This gives you control over network access.
Scorecard:
- 5 – Explains network isolation and control
- 3 – Understands high-level concept
- 1 – Thinks it’s just another EC2 type
For: Junior, Senior
Answer:
Using AWS CLI:
aws ec2 run-instances \
--image-id ami-1234 \
--count 1 \
--instance-type t2.micro \
--key-name my-key \
--security-groups my-sec-groupOr via Console with the same inputs.
Scorecard:
- 5 – CLI and/or Console understanding with right parameters
- 3 – Knows general steps but not all config
- 1 – Has never launched one
For: Junior, Senior
Answer:
- Security Group: Stateful firewall at instance level
- NACL (Network ACL): Stateless firewall at subnet level
Security group remembers connections; NACLs require inbound/outbound rules.
# Example: allow 22 from IP
aws ec2 authorize-security-group-ingress \
--group-id sg-123456 --protocol tcp --port 22 --cidr 1.2.3.4/32Scorecard:
- 5 – Explains stateful/stateless behavior clearly
- 3 – Knows they are for access control
- 1 – Confuses or thinks they’re the same
For: Senior
Answer:
Steps:
- Create Launch Template
- Define Auto Scaling Group (ASG)
- Attach target group or ELB
- Set scale-in/out policies based on metrics
# CloudWatch scaling
aws autoscaling put-scaling-policy ...Scorecard:
- 5 – Understands full lifecycle and policies
- 3 – Knows basic scaling concept
- 1 – Never used ASG or confuses with EC2 instance
For: Senior
Answer:
- Ansible is a push-based configuration management tool using YAML playbooks and SSH.
- Terraform is declarative IaC for provisioning infrastructure.
- Chef is pull-based, uses Ruby DSL, more complex agent model.
Ansible is agentless and great for config tasks (installing packages, deploying code).
Scorecard:
- 5 – Explains execution model, use case comparison
- 3 – Knows basic tool usage but not trade-offs
- 1 – Doesn’t differentiate or confuses with other tools
For: Junior, Senior
Answer:
- name: Install NGINX
hosts: web
become: yes
tasks:
- name: Install NGINX package
apt:
name: nginx
state: presentScorecard:
- 5 – Correct playbook with privilege escalation
- 3 – Knows tasks and modules, minor syntax errors
- 1 – Can’t write or understand basic playbook
For: Junior, Senior
Answer:
- Tasks: Core actions (e.g., install package)
- Handlers: Triggered on
notify(e.g., restart service) - Roles: Reusable unit (grouping tasks, handlers, vars, templates)
- name: Reload nginx
service:
name: nginx
state: reloaded
listen: reload_nginxScorecard:
- 5 – Explains how they compose scalable playbooks
- 3 – Understands usage but mixes terminology
- 1 – Uses only tasks or misuses handlers
For: Junior, Senior
Answer:
Use modules (like apt, copy, template) that check state before acting. Avoid shell unless necessary.
- name: Ensure NGINX is present
apt:
name: nginx
state: presentAvoids re-running if already installed.
Scorecard:
- 5 – Understands idempotency and implications
- 3 – Follows examples but not the principle
- 1 – Writes commands that always change things
For: Junior, Senior
Answer:
Use Ansible Vault to encrypt variables:
ansible-vault encrypt secrets.yml
ansible-playbook site.yml --ask-vault-passAlternatively, use ansible-vault with environment variables or HashiCorp Vault integration.
Scorecard:
- 5 – Knows vault and production-grade practices
- 3 – Encrypts secrets manually or insecurely
- 1 – Hardcodes secrets in playbooks
For: Junior, Senior
Answer:
- Inventory: List of managed hosts
- host_vars: Variables specific to a given host
- Can be defined in file-based or dynamic inventory setup.
[web]
web1 ansible_host=192.168.1.10
# host_vars/web1.yml
nginx_port: 8080Scorecard:
- 5 – Understands scope and inheritance clearly
- 3 – Uses inventory but not vars
- 1 – Doesn’t understand inventory file or variable system
For: Junior, Senior
Answer:
- The shell parses the command and calls
fork()to create a child process. - The child process uses
exec()to run/bin/ls. - The kernel handles syscalls like
open(),readdir(), andwrite()for file listing.
fork();
execvp("ls", args);Scorecard:
- 5 – Mentions fork/exec, syscalls, file descriptors
- 3 – Describes at a high level (command, output)
- 1 – Can’t explain or confuses core parts
For: Junior, Senior
Answer:
- Hard link: Points to the same inode. File continues to exist until all hard links are deleted.
- Soft link (symlink): Pointer to another file path.
ln file.txt file_hard
ln -s file.txt file_softScorecard:
- 5 – Explains inode-level concept with examples
- 3 – Describes symbolic vs hard link only
- 1 – Doesn’t know or confuses terms
For: Junior, Senior
Answer:
- Each process has a unique PID; child processes have a PPID of the parent.
ps,pstreeshow hierarchy.
ps -ef | grep nginx
pstree -pScorecard:
- 5 – Knows about PID, PPID, forking
- 3 – Understands
psonly - 1 – Doesn’t know what PPID means
For: Junior, Senior
Answer:
-
Integers representing open files:
- 0 = stdin
- 1 = stdout
- 2 = stderr
-
Used in redirection and syscalls.
echo "Hello" > out.txt # uses fd 1Scorecard:
- 5 – Understands use in syscalls, redirection
- 3 – Can list but not apply
- 1 – Thinks they are "file names"
For: Junior, Senior
Answer:
- Permissions are divided by user/group/other.
chmodchanges mode,chownchanges ownership.
chmod 755 script.sh
chown user:group script.shScorecard:
- 5 – Knows permission matrix and security impact
- 3 – Can set perms but doesn't know what they mean
- 1 – Doesn't use these commands properly
For: Junior, Senior
Answer:
/etc/fstablists filesystems to auto-mount at boot.- Fields: device, mount point, fs type, options, dump, pass.
# Example line:
UUID=... /data ext4 defaults 0 2Use mount -a to test.
Scorecard:
- 5 – Knows all fields and recovery strategies
- 3 – Knows where fstab is, not full format
- 1 – Thinks it's dynamic or for user config only
For: Senior
Answer:
- Virtual FS exposing kernel and process info.
/proc/<pid>/contains command, fd, environ, limits, etc.
cat /proc/self/status
ls /proc/$(pidof nginx)/fdScorecard:
- 5 – Can explore running processes, file usage
- 3 – Knows it exists but unsure of structure
- 1 – Doesn’t use
/procat all
For: Senior
Answer:
-rwxr-xr-- 1 user group 1234 Jul 1 10:00 filerwx: Owner (read/write/execute)r-x: Group (read/execute)r--: Others (read)
Scorecard:
- 5 – Parses each section correctly
- 3 – Partial understanding
- 1 – Misinterprets completely
For: Junior, Senior
Answer:
fstat()fetches metadata about a file from a file descriptor (not a path).- Used in low-level file inspection.
struct stat st;
fstat(fd, &st);Scorecard:
- 5 – Knows when to use over
stat(), real use - 3 – Knows what it returns
- 1 – Never heard of it
For: Senior
Answer:
- Use tools like
df -h,du -sh *,iotop,dstat,iostat - Check inode exhaustion:
df -i - Look for large logs, deleted files still in use
lsof | grep deletedScorecard:
- 5 – Uses structured tools, knows inode vs space
- 3 – Looks at space only
- 1 – Just guesses or reboots
For: Senior
| Section | Question (Short Description) | For | 5 (Excellent) | 3 (Adequate) | 1 (Weak) |
|---|---|---|---|---|---|
| Linux Internals | ls execution process |
Both | Explains fork, exec, syscalls | General description | Doesn’t understand shell execution |
| Hard vs Soft links | Both | Knows inodes, explains persistence | Knows command usage | Confuses the two | |
| PID and PPID | Both | Knows process hierarchy | Recognizes ps, pstree |
Doesn’t understand process relationship | |
| File descriptors | Both | Explains std fds and redirection | Lists them, unclear on use | Thinks they are filenames | |
File permissions (chmod, chown) |
Both | Understands permission matrix and use cases | Can use commands, unclear on implications | Doesn’t know syntax or impact | |
fstab structure and mounting |
Senior | Knows syntax, fields, mount recovery | Knows file location | Doesn’t know fstab |
|
Using /proc to debug processes |
Senior | Uses procfs tools, knows structure |
Knows it exists | Never uses it | |
ls -l permission bits |
Both | Can read and explain each segment | Knows basics | Misreads bits | |
fstat() syscall |
Senior | Explains descriptor-based metadata | Knows similar to stat() |
Unaware of fstat() |
|
| Filesystem diagnostics | Senior | Uses multiple tools + inode checks | Checks disk usage only | Random guesses / reboots |
| Section | Question (Short Description) | For | 5 (Excellent) | 3 (Adequate) | 1 (Weak) |
|---|---|---|---|---|---|
| Scripting | Disk alert script (Shell) | Both | Param-driven, clean logic | Hardcoded, works | Doesn’t know df or loops |
| Python exceptions | Both | Uses try/except properly | Uses, but unclear on need | Never uses exception handling | |
| Bash vs Python | Both | Knows when to use each | Knows both but uses one always | Misuses both or doesn’t distinguish | |
| Parse logs (Python) | Both | Line-by-line, memory efficient | Works, but inefficient | Doesn’t understand file IO | |
| Script arguments | Both | Uses argparse, handles errors |
Uses sys.argv or $1 |
Hardcodes values | |
Scheduling via cron |
Both | Correct cron syntax, logs output | Knows cron exists | Doesn’t know or use cron |
| Section | Question (Short Description) | For | 5 (Excellent) | 3 (Adequate) | 1 (Weak) |
|---|---|---|---|---|---|
| Cloud & AWS | EC2, S3, RDS difference | Both | Matches use cases to services | Describes basic function | Mixes them up |
| IAM Role vs User | Both | Explains roles, automation, no keys | Knows concept, unsure on differences | Thinks they’re same | |
| What is a VPC | Both | Explains subnets, routing, security | Knows isolated network | Confuses with EC2 | |
| EC2 with SG + Key Pair | Both | Knows CLI/console and inputs | Knows steps but misses detail | Never launched EC2 | |
| SG vs NACL | Senior | Explains stateful/stateless & hierarchy | Knows purpose, not internals | Doesn’t know NACL or uses only SG | |
| Setup Auto Scaling Group | Senior | Knows templates, scaling policies | Knows concept, not config | Never used or confused |
| Section | Question (Short Description) | For | 5 (Excellent) | 3 (Adequate) | 1 (Weak) |
|---|---|---|---|---|---|
| Ansible & IaC | Ansible vs Terraform vs Chef | Both | Knows tools, models, trade-offs | Basic understanding | Confuses or unaware |
| Install NGINX via playbook | Both | Valid playbook, privilege use | Working syntax, some gaps | Can't write playbook | |
| Roles, Tasks, Handlers | Both | Knows structure, when to use | Uses tasks only | Doesn’t know handlers | |
| Idempotency in Ansible | Both | Uses proper modules, avoids shell |
Understands idea | Ignores or misuses | |
| Secret management with Vault | Both | Uses Vault securely, or external tooling | Encrypts manually | Hardcodes secrets | |
| Inventory vs host_vars | Both | Understands scope/merge hierarchy | Uses inventory but not vars | Doesn’t know structure |
| Category | Evaluation Metric | Junior Pass Criteria | Senior Pass Criteria |
|---|---|---|---|
| Linux Internals | File system, processes, syscalls, permissions | Understands basics of ls, chmod, ps, links |
Explains syscalls, fstat, /proc, mount/fstab |
| Scripting | Shell + Python usage, parsing, cron | Can write basic scripts, knows cron & args | Clean, idiomatic Python/Bash, can optimize logic |
| Cloud & AWS | Core AWS services, VPC, IAM, scaling | EC2, S3, IAM User vs Role | VPC, SG vs NACL, Auto-scaling, architecture-aware |
| Ansible & IaC | Playbooks, idempotency, secrets, config mgmt | Can write small playbooks, understands Vault | Modular roles, idempotent, secure and reusable |
| Depth & Reasoning | Problem-solving, clarity, correctness | Can follow logic, make tradeoffs in scripts | Understands low-level implications, offers better design |
| Debugging/Diagnosis | Commands, logs, filesystem issues | Uses df, ps, top, cron |
Uses iotop, lsof, procfs, inode analysis |
| Level | Description |
|---|---|
| 5 (Expert) | Teaches others, writes optimized and modular code, handles edge cases, offers trade-offs |
| 3 (Solid) | Solves the task, some minor gaps or less efficient methods |
| 1 (Weak) | Misses key concepts, fumbles basic commands or logic |
| Final Score Range (Per Section) | Junior Outcome | Senior Outcome |
|---|---|---|
| Mostly 5s | Top-tier Junior, can level up fast | Strong hire, may mentor others |
| Mix of 3s & 5s | Good hire with room to grow | Acceptable if senior in niche domain |
| Mostly 3s | Junior hire with structured onboarding | Senior may need support |
| Any 1s in core areas | Reject or consider for support role | Not suitable for senior |
You can fill this table after each candidate's interview:
| Section | Score (1–5) | Notes |
|---|---|---|
| Linux Internals | ||
| Scripting | ||
| Cloud & AWS | ||
| Ansible & IaC | ||
| Overall Impression | Communication, clarity, decision-making | |
| Hire Decision | ✅ Hire / ❌ Reject / 🤔 Hold |