I got this from someone who works at amazon at a senior level, and uses this

Doc when taking interviews for Cloud Support Associates/Engineers –

Networking
Difference between router, switch.
What is TCP and UDP?

Transmission Control Protocol (TCP) is a standard that defines how to establish and
maintain a network conversation by which applications can exchange data.

TCP works with the Internet Protocol (IP), which defines how computers send
packets of data to each other. Together, TCP and IP are the basic rules that define
the internet.
TCP Example
Secure Shell (SSH), File Transfer Protocol (FTP), Telnet
Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), Internet Message
Access Protocol (IMAP): For sending and receiving email, HTTP: For web access.

UDP is classified as a datagram protocol, or connectionless protocol, because it has

no way of detecting whether both applications have finished their back-and-forth
communication. Instead of correcting invalid data packets, as TCP does, UDP
discards those packets and defers to the application layer for more detailed error
detection.
UDP Example: VoIP, Video Streaming, DNS, online games.
Name Common port numbers and if they are UDP or TCP?
67, 68 Dynamic Host Configuration Protocol (DHCP) UDP

20, 21 File Transfer Protocol (FTP) TCP

 22 Secure Shell (SSH) TCP and UDP

23 Telnet TCP

25 Simple Mail Transfer Protocol (SMTP) TCP

TCP, 3 way handshake

Once Browser initiates a TCP connection with the server. In order to transfer data
packets between your computer(client) and the server, it is important to have a TCP
connection established.

This connection is established using a process called the TCP/IP three-way

handshake.

This is a three step process where the client and the server exchange
SYN(synchronize) and ACK(acknowledge) messages to establish a connection.

Step 1 (SYN) : In the first step, client wants to establish a connection with server, so
it sends a segment with SYN(Synchronize Sequence Number) which informs server
that client is likely to start communication and with what sequence number it starts
segments with

Step 2 (SYN + ACK): Server responds to the client request with SYN-ACK signal bits
set. Acknowledgement(ACK) signifies the response of segment it received and SYN
signifies with what sequence number it is likely to start the segments with

Step 3 (ACK) : In the final part client acknowledges the response of server and they
both establish a reliable connection with which they will start the actual data transfer

The steps 1, 2 establish the connection parameter (sequence number) for one
direction and it is acknowledged. The steps 2, 3 establish the connection parameter
(sequence number) for the other direction and it is acknowledged. With these, a full-
duplex communication is established

What command shows the hops between two networks?

How does traceroute command obtain these hops?
When host is trying to ping server, but if it is not working then we can check the
problems in between routers, for that we can use traceroute, which gives us the
complete network devices list in between with their ip addresses, so we can ping
each of them individually & check where’s the problem.

Traceroute uses the TTL (Time to Live) field in the IP packet header. Normally, TTL
is used to prevent packets from being forwarded forever when there is a routing loop.
Whenever an IP packet is forwarded by a router, the TTL is decreased by one. When
the TTL is zero, the IP packet will be discarded.

TTL is used to prevent packets from being forwarded forever when there is a routing
loop.
Tracert –d : do not resolve hostname to IP address.
Traceroute uses the TTL (Time to Live) field in the IP packet to send probes to the
destination, allowing us to discover the path from the source to the destination. You
have also seen how Windows uses ICMP and Linux uses UDP for tracerout

What is MTU?
A maximum transmission unit (MTU) is the largest packet or frame size, specified in
octets (eight-bit bytes) that can be sent in a packet such as the internet. The
internet’s transmission control protocol (TCP) uses the MTU to determine the
maximum size of each packet in any transmission. MTU is usually associated with
the Ethernet protocol, where a 1500-byte packet is the largest allowed in it.

One of the most common problems related to MTU is that sometimes higher-level
protocols may create packets larger than a particular link supports, and you’ll need to
make adjustments to make it work.

To solve this IPv4 allows fragmentation which divides the datagram into pieces.
Each piece is small enough to pass over the single link that it is being fragmented
for, using the MTU parameter configured for that interface. This fragmentation
process takes place at the IP layer (OSI layer 3) and marks the packets it fragments
as such. This ensures the IP layer of the destination host knows it should
reassemble the packets into the original datagram.

command checks for open ports?

Netstat -an, lsof

What is a Broadcast Domain?

The term broadcast domain is used to describe a group of devices on a specific
network segment that can reach each other with Ethernet broadcasts. Broadcasts
sent by a device in one broadcast domain are not forwarded to devices in another
broadcast domain. This improves the performance of the network because not all
devices on a network will receive and process broadcasts.

How do you edit the file descriptor?

open files of a specific process?

First use the ps command to get the process id and then we can use lsof -p PID top list all
open files belong to that process

What command checks the routing table in Linux?

Netstat -rn
Windows: route print

DNS and DNS process

1. whenever a user enters an URL and hits enter immediately browser checks for the
IP address in the cache. Browser maintains the cache of DNS records which were
previously visited
2. If the DNS record is not found in the cache then it query a DNS recursive server.
ISP providers will maintain DNS recursive servers where they also maintains a
cache much like a local systems, almost many ISPs use the same recursive servers
so it is much likely to have an A record for the request
3. if it is not found in the DNS recursive server then it will go to Authoritative DNS
server. The search will continue until the name server for that domain is found.
These are responsible for having all the DNS records
4.to locate the IP address of the website Authoritative DNS server will be queried.
Recursive DNS server will now get the IP address from authoritative name server. It
then stores it in cache and the next time user visits that website it will know the IP.
5. now the recursive DNS server have the a record which it will return the browser
and browser loads the web page.

● An “A” record, which stands for “address” is the most basic type of syntax
used in DNS records, indicating the actual IP address of the domain. The
“AAAA” record is an IPV6 address record that maps a hostname to a 128-bit
Ipv6 address. Regular DNS addresses are mapped for 32-bit IPv4 addresses.
● CNAME” record stands for “canonical name” and serves to make one domain
an alias of another domain. CNAME is often used to associate new
subdomains with an existing domain's DNS records.
● MX” record stands for “mail exchange” and is basically a list of mail exchange
servers that are to be used for the domain.
● PTR” record stands for “pointer record” and maps an Ipv4 address to the
CNAME on the host.
● NS record stands for “name server” and indicates which Name Server is
authoritative for the domain.
● SOA” record stands for “State of Authority” and it stores important information
like when the domain was last updated and much more.
● An “SRV” record stands for “service” and is used to define a TCP service on
which the domain operates.
● “TXT” record lets the administrator insert any text they'd like into the DNS
record, and it is often used for denoting facts about the domain.

DHCP.
The Dynamic Host Configuration Protocol (DHCP) is a network management
protocol used on Internet Protocol (IP) networks for automatically assigning IP
addresses and other communication parameters to devices connected to the
network using a client–server architecture.[1]

The technology eliminates the need for individually configuring network devices
manually, and consists of two network components, a centrally installed network
DHCP server and client instances of the protocol stack on each computer or device.
When connected to the network, and periodically thereafter, a client requests a set of
parameters from the DHCP server using the DHCP protocol

Flow control
It is an important function of the Data Link Layer. It refers to a set of procedures that
tells the sender how much data it can transmit before waiting for acknowledgement
from the receiver.

Any receiving device has a limited speed at which it can process incoming data and
also a limited amount of memory to store incoming data. If the source is sending the
data at a faster rate than the capacity of the receiver, there is a possibility of the
receiver being swamped. The receiver will keep loosing some of the frames simply
because they are arriving too quickly and the buffer is also getting filled up. This will
generate waste frames on the network. Therefore, the receiving device must have
some mechanism to inform the sender to send fewer frames or stop transmission
temporarily. In this way, flow control will control the rate of frame transmission to a
value that can be handled by the receiver.

Error Control
Error control function of the data link layer will detect for the errors in the transmitted
frames and retransmit all the erroneous frames

How HTTP works

HTTP is an application layer protocol built on top of TCP that uses a client-server
communication model. HTTP clients and servers communicate through request and
response messages. The three main HTTP message types are GET, POST, and
HEAD.
HTTP Error Codes
1xx indicates an informational message only
2xx indicates success of some kind,. 200= ok
3xx redirects the client to another URL
4xx indicates an error on the client’s part, 404=not found, 403= forbidden
5xx indicates an error on the server’s part
https://httpstatuses.com/

HTTP is an application layer protocol built on top of TCP that uses a client-server
communication model. HTTP clients and servers communicate through request and
response messages. The three main HTTP message types are GET, POST, and
HEAD.

view the ip address of amazon

Nslookup, ping

What is public and private ip

Private IP address of a system is the IP address which is used to communicate
within the same network. Using private IP data or information can be sent or
received within the same network.
Range: Class A: 10.0. 0.0 — 10.255. 255.255.
Class B: 172.16. 0.0 — 172.31. 255.255.
Class C: 192.168. 0.0 — 192.168. 255.255.

Public IP address of a system is the IP address which is used to communicate

outside the network. Public IP address is basically assigned by the ISP (Internet
Service Provider).
What is NAT
To access the Internet, one public IP address is needed, but we can use a private IP
address in our private network. The idea of NAT is to allow multiple devices to
access the Internet through a single public address. To achieve this, the translation
of a private IP address to a public IP address is required. Network Address
Translation (NAT) is a process in which one or more local IP address is translated
into one or more Global IP address and vice versa in order to provide Internet
access to the local hosts.
Network Address Translation (NAT) working –
Generally, the border router is configured for NAT i.e the router which has one
interface in the local (inside) network and one interface in the global (outside)
network. When a packet traverse outside the local (inside) network, then NAT
converts that local (private) IP address to a global (public) IP address. When a
packet enters the local network, the global (public) IP address is converted to a local
(private) IP address.

● Inside local address – An IP address that is assigned to a host on the Inside

(local) network. The address is probably not an IP address assigned by the
service provider i.e., these are private IP addresses. This is the inside host
 seen from the inside network.

● Inside global address – IP address that represents one or more inside local IP
addresses to the outside world. This is the inside host as seen from the
outside network.

● Outside local address – This is the actual IP address of the destination host in
the local network after translation.

● Outside global address – This is the outside host as seen from the outside
network. It is the IP address of the outside destination host before translation.
Default gateway
A default gateway makes it possible for devices in one network to communicate with
devices in another network. Think of a default gateway as an intermediate device
between the local network and the internet. The default gateway transfers internal
data to the internet and back again.
the lack of a default gateway address means your computer will have no way of
getting to the Internet.

OSI Layer
On source side
1. Application layer receives the HTTP request and encapsulates the HTTP
request into a HTTP header and transfers it to the next layer
2. Then the presentation layer provides the format of the data like asci for text ,
JPEG for images. And then the sessions layer will now establish the control
and ends the session between the local and the remote applications
3. Now the transport layer will receive the data supplied and encapsulates it into
a TCP/UDP header forming a segment. It adds the destination and the source
ports to the segment and handles it to the network layer
4. Now the network layer encapsulate the TCP/IP header into a IP packet adding
the source and destination IP addresses and routes the packet using outgoing
NIC through datalink layer
5. Datalink layer now receives the IP packet and encapsulates it into a Ethernet
header and trailer by adding the MAC address of source and destination and
finally forwards the frame to next hop using the physical layer
6. Now, physical layer will receive the frame and convert it into bits and encodes
these bits into signals and transmits it accordingly based on the transmission
media used
On destination side
1. First physical layer receives the frame and it will convert those electrical signal
into the bit stream and handles it to the data link layer
2. Data link layer now receives the frames and conducts a frame check
sequence finding for any errors and if there is no error it decapsulate the
frame and discard the mac address handling the ip packet to network layer
3. Now the network layer will route the packet to the destination IP address
based on the routing table entries
 4. Now the transmission layer receives the ip packet and decapsulate the ip
packet into a segment thus dropping the ip information and it will transfer it to
the destination port and handles it to the application layer
5. Application layer will check the request in the packet and accordingl to that
opens a new data connection for transferring the data.

troubleshoot slow website?

● I would first ask the user whether every application on the computer is slow or
is it just one particular application. if it is just one, try and sort that out.
If the answer is all applications are running slow, look at common causes like, virus
scans scheduled, free disk
space on the home drive, RAM, lastly if the deployment team is rolling out any
updates (which should not be done during business hours, but i've seen that happen
too ;)
If you suspect network latency, a simple ping test from the user's computer will tell
you how many milli seconds network traffic is taking to reach the server.

At a high level there are 3 things one or more of which may be slow:
01. Your computer, 02. internet connection, 03. the server

01. Your computer it can be slow because of some anti-virus scan, some process
using high processor/network, HDD may be full, your computer may be virus
infected, and thousands other possible reasons.
02. Internet: Your proxy setting may be using a slow proxy, your ISP may be slow,
the server may have failed over to a different Geo, so it is taking long time to route
the calls, etc.
03. Slow server: Server might be under DOS attack, All the instances may not be up,
because of festival season/deal/new offering much more than usual # of people are
using the site, servers running out of space, Networking issue in data center, slow or
dead partner servers, etc. to name a few.

DO “tracert” command in cmd and If there are a large number of failed hops it may
be an indication that some ISPs along the route are having some network issues
which in turn are causing your site to load slowly.

Difference between static and dynamic routing

1. The routers are configured manually, and the table is also created manually in
static routing whereas in dynamic routing the configuration and table creation
is automatic and router driven.
2. In static routing, the routes are user-defined while in dynamic routing the
routes are updated as topology changes.
3. Static routing does not employ complex algorithms. As against, dynamic
routing uses the complex algorithm for calculating shortest path or route.
4. Dynamic routing is suitable for large networks where the number of hosts is
high. Conversely, static routing can be implemented in a small network.
5. When a link fails in static routing, the rerouting is discontinued and requires
manual intervention to route traffic. In contrast, link failure in dynamic routing
does not disrupt rerouting.
 6. The message broadcast and multicast in dynamic routing makes it less
secure. On the other hand, static routing does not involve advertisement
which makes it more secure.
7. Dynamic routing involves protocols such as RIP, EIGRP, BGP, etc. Inversely,
static routing does not require such protocols.
8. Static routing does not need any additional resources while dynamic routing
requires additional resources such as memory, bandwidth, etc.

Firewalls
Stateless firewalls watch network traffic and restrict or block packets based on
source and destination addresses or other static values. They’re not ‘aware’ of traffic
patterns or data flows. A stateless firewall uses simple rule-sets that do not account
for the possibility that a packet might be received by the firewall ‘pretending’ to be
something you asked for.
A stateless firewall filter, also known as an access control list (ACL), does not
statefully inspect traffic. Instead, it evaluates packet contents statically and does not
keep track of the state of network connections. Purpose of Stateless Firewall Filters
The basic purpose of a stateless firewall filter is to enhance security through the use
of packet filtering. Packet filtering enables you to inspect the components of
incoming or outgoing packets and then perform the actions you specify on packets
that match the criteria you specify. The typical use of a stateless firewall filter is to
protect the Routing Engine processes and resources from malicious or untrusted
packets.
STATEFUL Firewall
Stateful firewalls can watch traffic streams from end to end. They are aware of
communication paths and can implement various IP Security (IPsec) functions such
as tunnels and encryption. In technical terms, this means that stateful firewalls can
tell what stage a TCP connection is in (open, open sent, synchronized,
synchronization acknowledge or established). It can tell if the MTU has changed and
whether packets have fragmented. etc.
Neither is really superior and there are good arguments for both types of firewalls.
Stateless firewalls are typically faster and perform better under heavier traffic loads.
Stateful firewalls are better at identifying unauthorized and forged communications.
VLAN
VLANs (Virtual LANs) are logical grouping of devices in the same broadcast domain.
VLANs are usually configured on switches by placing some interfaces into one
broadcast domain and some interfaces into another. Each VLAN acts as a subgroup
of the switch ports in an Ethernet LAN.

VLANs can spread across multiple switches, with each VLAN being treated as its
own subnet or broadcast domain. This means that frames broadcasted onto the
network will be switched only between the ports within the same VLAN

Common Port Number

FTP-20,21 SSH-22 Telnet-23 IPSec-50,51
DNS-53 DHCP-67,68 HTTP-80 HTTPS-443
BGP-179 SMTP-25 RDP – 3389
FTP
FTP is an application protocol ,which use to transfer files to/from remote file system.
It’s based on client-server model. FTP client contacts FTP server on port 21 using
TCP and browse remote directory by sending different ˝commands. For example if
FTP client wants to have list of all files and folders present on FTP server, it issue
“list” command on port 21, and FTP server sends the list on port 20,which is used for
data connection. (USER,PASS,LIST,RETR,STOR)

SNMP:
Simple Network Management Protocol (SNMP) is an application-layer protocol used
to manage and monitor network devices and their functions using NMS. Provides
common language for network . SNMP is supported on routers, switches, ap,
printers, scanners etc. SNMP can be used to monitor services such as Dynamic
Host
Configuration Protocol (DHCP).

SNMP performs many functions rely on PUSH/PULL communications between N/W

device and management system .
SNMP issue read/write commands .ex: resetting password or change configuration
settings. Give bandwidth, cpu, memory in use with some SNMP mangers to admin.

GET: Generated by the SNMP manager and sent to an agent to obtain the value of a
variable, identified by its OID, in an MIB(management info base) .

RESPONSE: Sent by the agent to the SNMP manager, issued in reply to a GET
request. Contains the values of the requested variables.

GETNEXT: Sent by the SNMP manager to agent to retrieve the values of the next
OID in the MIB's hierarchy. GETBULK: Sent by the SNMP manager to the agent to
obtain large tables of data by performing multiple GETNEXT commands.

SET: Sent by the SNMP manager to the agent to issue configurations or commands.

TRAP: An asynchronous alert sent by the agent to the SNMP manager to indicate a
significant event, such as an error or failure, has occurred.

Simple Mail Transfer Protocol (SMTP)

Email is emerging as the one of the most valuable service in internet today. Most of
the internet systems use SMTP as a method to transfer mail from one user to
another. SMTP is a push protocol and is used to send the mail whereas POP (post
office protocol) or IMAP (internet message access protocol) are used to retrieve
those mails at the receiver’s side.
Working:
SMTP has persistent connections.
3 phase: handshaking, transfer, closure.

Proxy server:
It acts as intermediary between Server and client(requesting machine).A client
connects to the proxy server, requesting some service, such as a file, connection,
web page, or other resource available from a different server and the proxy server
evaluates the request as a way to simplify and control its complexity. proxies
reduces overload of main server by serving requests by themselves. Proxy servers
can make a network virtually invisible to external users.
An advantage of a proxy server is that its cache can serve all users. If one or more
Internet sites are frequently requested, these are likely to be in the proxy's cache,
which will improve user response time.

Linux
check for running processes?
The most common way to list processes currently running on your system is to
use the command ps (short for process status). This displays only the processes that
are started from the current shell

To get information about all processes running on the system, use ps -A

The most used options with ps are a, u and x. This displays all processes running for
all users on your system, along with useful information such as the username of the
process′ owner, CPU loads, the starting time of the process, the command that
initiated the process, etc.

What does the inode

An inode is a file data structure that stores information about any Linux file except its
name and data.
Data is stored on your disk in the form of fixed-size blocks. If you save a file that
exceeds a standard block, your computer will find the next available segment on
which to store the rest of your file. Over time, that can get super confusing.

That’s where inodes come in. While they don’t contain any of the file’s actual data, it
stores the file’s metadata, including all the storage blocks on which the file’s data can
be found.
What is the zombie process?
A zombie process is a process in its terminated state. This usually happens in a
program that has parent-child functions. After a child function has finished execution,
it sends an exit status to its parent function. Until the parent function receives and
acknowledges the message, the child function remains in a “zombie” state, meaning
it has executed but not exited.

A zombie process is also known as a defunct process.

How to check the service is running?

systemctl --type=service
systemctl --type=service --state=active

systemctl --type=service –state=running

What's the difference between git pull and git fetch?

git fetch only downloads new data from a remote repository - but it doesn't integrate
any of this new data into your working files. Fetch is great for getting a fresh view on
all the things that happened in a remote repository.
Due to it's "harmless" nature, you can rest assured: fetch will never manipulate,
destroy, or screw up anything.

Pull
$ git pull origin master
git pull, in contrast, is used with a different goal in mind: to update your current
HEAD branch with the latest changes from the remote server. This means that pull
not only downloads new data; it also directly integrates it into your current working
copy files.

What is runlevel?
A runlevel is the operating state of a Linux operating system. Linux relies on
runlevels to determine which services are started and which services are stopped.
Runlevels are numbered from 0 to 6, with each runlevel offering different services.
Runlevels 0, 1, and 6 are standard runlevels reserved for special purposes.
Runlevels 2, 3, and 4 are used for whatever purpose you or your Linux distribution
provider decide

● 0 – System halt i.e the system can be safely powered off with no activity.
● 1 – Single user mode.
● 2 – Multiple user mode with no NFS(network file system).
● 3 – Multiple user mode under the command line interface and not under
the graphical user interface.
● 4 – User-definable.

● 5 – Multiple user mode under GUI (graphical user interface) and this is the
standard runlevel for most of the LINUX based systems.
● 6 – Reboot which is used to restart the system.

Swap Space and change

Whenever a user installs a Linux distribution, must have noticed the existence of the
“swap space” during the partitioning phase (it is usually found as /sda5). This is a
dedicated space in your hard drive that is usually set to at least twice the capacity of
your RAM, and along with it constitutes the total virtual memory of your system.
From time to time, the Linux kernel utilizes this swap space by copying chunks from
your RAM to the swap, allowing active processes that require more memory than it is
physically available to run.

The swappiness parameter value is stored in a simple configuration text file located
in /proc/sys/vm and is named “swappiness”. If you navigate there through the file
manager, you will be able to locate the file and open it to check your system's
swappiness. You can also check it or change it through the terminal (which is faster)
by typing the following command:

sudo systemctl vm.swappiness=10

Linux Boot process

1.whenever the power button is turned on. BIOS initializes and it performs some
integrity checks on the hard drive. Then it searches for the boot loader usually
master boot record. In simple terms BIOS performs searches the boot loader and
handles the control to the MBR
2. Then MBR takes the control and it is generally located in the first sector of the
hard disk. It is generally of 512 bytes in size. First 446 bytes contains the information
about the primary boot loader followed by 64 bytes containing info about partition
table info and the next 2 bytes contain MBR validation checks. Then MBR loads the
GRUB boot loader and handles the control to it.
3. GRUB also stands for Grand Unified Bootloader which contains the info about the
Kernel. If the bootloader has multiple Kernels it will display them and gives the option
to select one or executes the default one. It contains the info about the Kernel
images and initrd. It will loads and executes the Kernel and initrd
4. Kernel loads the root file system and executes the init programs. As init is the first
program to run it process id (PID) will be 1. Initrd stands for initial RAM disk it is
used as a temporary file system until the kernel tis booted and the original root file
system is mounted. It also contains necessary drivers compiled inside, which helps it
to access the hard drive partitions, and other hardware.
6. Init decide the runlevel. And there are 7 run levels starting from 0-6
0 – halted or safely turned off
1 – Single user mode
2 – Multiuser mode without NFS or network
3 – full multiuser mode without GUI
4 – User defined
5- Multiuser mode containing GUI. Generally most of Linux distributions run at
this level
6 – Reboot
What is top command load average means
The top command is used to show the active Linux processes. It provides a dynamic
real-time view of the running system. Usually, this command shows the summary
information of the system and the list of processes or threads which are currently
managed by the Linux kernel.

The load average is the average system load on a Linux server for a defined period
of time. In other words, it is the CPU demand of a server that includes sum of the
running and the waiting threads.
Typically, the top or the uptime command will provide the load average of your
server with output that looks like: 3 numbers
the load average output (0.5, 1.5, 3.0) that we got above:
the three numbers represent averages over progressively longer periods of time
(one, five, and fifteen-minute averages), and that lower numbers are better.

Slow server
https://scoutapm.com/blog/slow_server_flow_chart

Permission 466

Chmod 466 (chmod a+rwx,u-wx,g-x,o-x) sets permissions so that, (U)ser / owner can
read, can't write and can't execute. (G)roup can read, can write and can't execute.
(O)thers can read, can write and can't execute.

How to modify the file permissions

• chmod +rwx filename to add permissions.
• chmod -rwx directoryname to remove permissions.
• chmod +x filename to allow executable permissions.
• chmod -wx filename to take out write and executable permissions.

Windows

File systems
A file system is a process that manages how and where data on a storage disk is
stored, accessed and managed. It is a logical disk component that manages a disk's
internal operations as it relates to a computer and is abstract to a human user.
file system is a method of organizing and retrieving files from a storage medium
(e.g., hard drive).
the file system (often abbreviated as FS) is a structured representation of data and a
set of metadata describing this data. It is applied to the storage during the format
operation.

Commonly used file systems include File Allocation Table 32 (FAT 32), New
Technology File System (NTFS) and Hierarchical File System (HFS).

Linux: Ext, Ext2, Ext3, Ext4, JFS, XFS, btrfs

Journaling
Its purpose is to keep track of changes not yet committed to the file system. Even
after any crashes or unexpected shutdowns, you can still access the latest file
version mostly without being corrupted.
Journaling offers improved filesystem reliability and fast crash recovery
Server Performance Issue
Switch to High-Performance Power
Check for CPU or RAM Consuming Processes
Scan for Malware
Check Network Speeds
Update Relevant Drivers
Check for Signs of Attack
DDoS attacks can eat up server resources and slow down an entire machine. Check
network activity and look for unusual spikes or anything that might max out
resources. There are many ways to protect a server against a DDoS attack, but it
depends on the kind of attack. If you identify an attack, you can investigate further.

Disable SMB Packet Signing

Run SFC /Scannow
One way to check for such errors is to use the System File Checker. Running SFC
with /Scannow will perform a full system scan looking for filesystem errors or
corrupted system files. If it finds any, it will offer you the option to repair them, which
should help resolve the issue.
Review Hardware for Faults

Performance Monitor
The Microsoft Windows Performance Monitor is a tool that administrators can use to
examine how programs running on their computers affect the computer's performance. The
tool can be used in real time and also be used to collect information in a log to analyse the
data at a later time.
According to Microsoft, Windows Performance Monitor uses configuration information,
performance counters and event trace data to make a full examination of a computer's
performance. All of the information can be combined into Data Collector Sets. Event trace
data is collected with trace provider components in individual applications or operating
system components. Admins can combine multiple trace providers into something called a
trace session. Performance counters take system activity and system state measurements in
individual applications or the whole operating system. Microsoft says current values in
performance counters can be requested by Windows Performance Monitor in specific
intervals of time.

what is soft link and hard link

a soft link is a special sort of file that points at a different file. In Windows vocabulary,
you could think of it like a shortcut.
A hard link is a mirror copy of the original file. The distinguishing characteristic of a
hard link from a soft link is that deleting the original file doesn't affect a hard link,
while it renders a soft link inoperable.

What is virtualization
Virtualization creates a simulated, or virtual, computing environment as opposed to a
physical environment. Virtualization often includes computer-generated versions of
hardware, operating systems, storage devices, and more. This allows organizations
to partition a single physical computer or server into several virtual machines. Each
virtual machine can then interact independently and run different operating systems
or applications while sharing the resources of a single host machine.
What is a hypervisor?
A hypervisor, also known as a virtual machine monitor or VMM, is software that
creates and runs virtual machines (VMs). A hypervisor allows one host computer to
support multiple guest VMs by virtually sharing its resources, such as memory and
processing.

Types of hypervisors
There are two main hypervisor types, referred to as “Type 1” (or “bare metal”) and
“Type 2” (or “hosted”). A type 1 hypervisor acts like a lightweight operating system
and runs directly on the host’s hardware, while a type 2 hypervisor runs as a
software layer on an operating system, like other computer programs.

The most commonly deployed type of hypervisor is the type 1 or bare-metal

hypervisor, where virtualization software is installed directly on the hardware where
the operating system is normally installed. In addition, they generally perform better
and more efficiently than hosted hypervisors. For these reasons, most enterprise
companies choose bare-metal hypervisors for data center computing needs.

While bare-metal hypervisors run directly on the computing hardware, hosted

hypervisors run on top of the operating system (OS) of the host machine. The
downside of hosted hypervisors is that latency is higher than bare-metal hypervisors.
This is because communication between the hardware and the hypervisor must pass
through the extra layer of the OS. Hosted hypervisors are sometimes known as client
hypervisors because they are most often used with end users and software testing,
where higher latency is less of a concern.

Task Scheduler
Task Scheduler is a tool that allows you to create and run virtually any task
automatically. Typically, the system and certain apps use the scheduler to automate
maintenance tasks (such as disk defragmentation, disk cleanup, and updates), but
anyone can use it.
Task Scheduler works by keeping tabs of the time and events on your computer and
executes the task as soon as the condition is met.

Resolv.conf
● It is used to configure dns name servers.

● The file /etc/resolv.conf file contains information that is read by the resolver
routines the first time they are invoked by a process.
● The file is designed to be human readable and contains a list of keywords with
values that provide various types of resolver information.
● The resolv.conf file can contain one domain entry or one search entry, a
maximum of three nameserver entries, and any number of options entries.

MFT
Managed file transfer (MFT) is a type of software used to provide secure internal,
external and ad-hoc data transfers through a network. MFT software and products
are designed to help organizations meet the increasing security, compliance and
operational demands of moving information.
Sysprep
Sysprep is Microsoft's System Preparation tool intended to duplicate, test and deliver
new installations for the Windows operating system based on an established
installation. It is a command-line tool that can be run manually or through a script.

Uses
Sysprep is used to clone an existing Windows installation across multiple PCs.
Cloning Microsoft Windows without first running Sysprep would be problematic
because Windows 10, Windows Server and other versions of Microsoft
Windows include security identifiers (SIDs) that must be unique from one
computer to the next. Sysprep generalizes Windows by removing the security
identifiers and other computer-specific information.

For example, a company that builds a high volume of identical PCs (such as Lenovo
or Dell) might use Sysprep to establish a baseline Windows configuration. It could
then test or update the baseline configuration and prepare an identical installation
image for distribution to PCs using the same hardware configuration or model.
Similarly, a business might use Sysprep to establish a standard desktop image using
a prescribed mix of drivers and applications, and then use that image for all identical
PCs provided to employees.

domain and a workgroup?

Computers on a network can be part of a workgroup or a domain. The main
difference between workgroups and domains is how resources on the network are
managed. Computers on home networks are usually part of a workgroup, and
computers on workplace networks are usually part of a domain.

In a workgroup:

All computers are peers; no computer has control over another computer.
Each computer has a set of user accounts. To use any computer in the workgroup,
you must have an account on that computer.
There are typically no more than ten to twenty computers.
All computers must be on the same local network or subnet.

In a domain:
One or more computers are servers. Network administrators use servers to control
the security and permissions for all computers on the domain. This makes it easy to
make changes because the changes are automatically made to all computers.
If you have a user account on the domain, you can log on to any computer on the
domain without needing an account on that computer.
There can be hundreds or thousands of computers.
The computers can be on different local networks.

RAID
Redundant Array of Independent Disks (RAID) is a virtual disk technology that
combines multiple physical drives into one unit. RAID can create redundancy,
improve performance, or do both.
RAID should not be considered a replacement for backing up your data. If critical
data is going onto a RAID array, it should be backed up to another physical drive or
logical set of drives.

The following are terms that are normally used in connection with RAID:

Striping: data is split between multiple disks.

Mirroring: data is mirrored between multiple disks.
Parity: also referred to as a checksum. Parity is a calculated value used to
mathematically rebuild data.

Registry
The Windows Registry is a collection of databases of configuration settings for
operating systems. The Windows Registry stores information and settings for
software programs, hardware devices, user preferences, and operating-system
configurations.

Directory where 3 party software stored?

/opt is for "the installation of add-on application software packages".

/usr/local is "for use by the system administrator when installing software locally".

directory log files stored?

Almost all logfiles are located under /var/log directory and its sub-directories on
Linux.
Windows: C:\WINDOWS\system32\config\

Eventviewer

Windows references logs as events, The event viewer is a system application included
on all versions of Windows servers. This program allows you to view logs recorded
to it by applications and the system. The event viewer has four main views you will
see when you first launch the application:

Custom Views
Windows Logs
Application and Services logs
Subscriptions

All logs are assigned an event level. This event level denotes the severity or
seriousness of any issues noted in the logs. The default view of the list below is by
acuity.

Audit Success - (Security category only)

Audit Failure - (Security category only)
Critical
Error
Warning
Information

Device manager
Device Manager provides a central and organized view of all the Microsoft Windows
recognized hardware installed in a computer.

Device Manager is used to manage the hardware devices installed in a computer like hard
disk drives, keyboards, sound cards, USB devices, and more.

You can use Device Manager to change hardware configuration options, manage drivers,
disable and enable hardware, identify conflicts between hardware devices, and much more.

Safe mode and uses

Safe Mode is a basic diagnostic mode for your operating system that starts the computer
without most of its drivers and software.
You can use Safe Mode to solve serious issues like uninstalling incompatible software or
malware that's preventing your computer from running properly.
The intention is to start the computer with the minimum configuration to give you the best
chance of identifying and solving the problem you're experiencing.

Service
Windows service is an application that usually serves a core operating system function
running in the background and has no user interface. The Windows operating system makes
use of these applications or services to do what an OS does, such as manage network
connections, play sound, provide file system functionality, provide security and
authentication, display colors and interact with the user through the GUI.

Always running and no UI

Page file
In storage, a pagefile is a reserved portion of a hard disk that is used as an extension of
random access memory (RAM) for data in RAM that hasn't been used recently. A pagefile
can be read from the hard disk as one contiguous chunk of data and thus faster than re-
reading data from many different original locations.

Boot Process
During every process, a program is loaded. Depending on whether it uses Legacy BIOS or
UEFI, the file paths and files change.

1.) PreBoot: POST or Power-On Self-Test loads firmware settings. It checks for a valid disk
system, and if the system is good to go for the next phase. If the computer has a valid MBR,
i.e. Master Boot Record, the boot process moves further and loads Windows Boot Manager.

2.) Windows Boot Manager: This step determines if you have multiple OS installed on your
computer. If yes, then it offers a menu with the names of the OSs. When you select the OS, it
will load the right program, i.e. Winload.exe to boot you into the correct OS.

3.) Windows OS Loader: WinLoad.exe loads important drivers to kick start the Windows
Kernel. The kernel uses the drivers to talk to the hardware and do rest of the things required
for the boot process to continue.
4.) Windows NT OS Kernel: This is the last stage which picks up the Registry settings,
additional drivers, etc. Once that has been read, the control is taken by the system manager
process. It loads up the UI, the rest of the hardware and software. That’s when you finally get
to see your Windows 10 Login screen.

Behaviour
Why Amazon?
"I want to work for Amazon for a few reasons.1st- It is, undoubtedly, the best company on
the planet in terms of how it serves its customers. It is continually looking to innovate and
break into new markets. Amazon is clearly obsessed with customers in everything you do. I
understand that you start with the customer and you then work backwards and that’s a great
model and I believe that putting the customer first leads to better product and software. I'm
very eager to work in such an environment where the designs meet the real human needs.

Second reason why I want to work for Amazon is because having personally used Amazon’s
products and services over the years, I feel they are always created to a very high standard
and are always trying to solve customers’ problems and that is one of the main reasons why I
believe customers are constantly coming back to this organisation.

Third reason why I want to work for Amazon is because of your leadership principles. Your
16 leadership principles, I still think of it in detail. I was impressed by them and I believe
they are the foundation of why Amazon has always been successful and if I am successful in
applying for this position I will look forward to implementing all of them in my daily work.

Lastly, with all the reviews I got when I spoke with some of my friends about the culture they
told me many good things about the work culture, and the ongoing learning opportunities. I
am eager to be immersed in a workspace that values my learning and development.

About Me
Why this role

When did you make a mistake, or fail? How did you respond, and how did
you grow from that experience?
When was the last time you learned a new technology very fast (OR) Big
Risk you took

Achievement

Challenging Task/situation when dealing a customer

where do you see yourself in 5 years?

What can you bring to team/company or why you feel suitable for this role

Project
Multitenancy has been one of the most abiding topic in cloud computing. My project is to
design a solution to implement multitenancy in Kubernetes cluster such that there should be a
secured environment for every tenant. For any customer to be in multitenancy environment
are security issues and the performance.
By default K8s is not built for multitenancy and it requires complex configurations to achieve
desired level of security and performance. To achieve this every tenant is provided with their
own dedicated namespace and network isolation is done such that no pods or resources can
communicate with pods in other namespaces. Basically it is to implement hard multitenancy
and zero trust among tenants. Network isolation is done using a calico CNI using a GNP
which is cluster scoped. Each tenant is configured with their required resources and isolation
was done at every level such as network, resources to limit the security challenges. Many
other features such as roles, role bindings, resource quotas were implemented.

Do you Collaborate well

Least favourite task

Questions
About the Role and Team:

● Can you describe the day-to-day responsibilities of this role?

● What are the short-term and long-term goals for the team or department?
● How does this role contribute to achieving broader organizational objectives?

Team Dynamics and Collaboration:

● How would you describe the team culture here?

● How do team members typically collaborate and communicate on projects?
● What opportunities are there for professional growth and mentorship within
the team?

Challenges and Expectations:

● What are some of the current challenges or priorities for the team?
● How is success measured for this role/team, and what are the key
performance indicators (KPIs)?
● What are the expectations for someone in this role within the first 30, 60, and
90 days?