DevOps / SRE
This DevOps / SRE interview question bank covers 15 questions across CICD, Infrastructure, Incident response, Monitoring, Containers, Cloud. Each one mirrors a mid to senior level screen, so you can rehearse the exact areas a hiring panel digs into and walk in ready.
What this interview tests
- CICD
- Infrastructure
- Incident response
- Monitoring
- Containers
- Cloud
DevOps / SRE interview questions
- Question 1Focus area: CICD
Walk me through how you would design a CI/CD pipeline for a microservices application with 15 services. What stages would you include and what decisions are critical?
What a strong answer covers
A strong answer covers mono-repo vs poly-repo CI considerations, parallelization, service-specific pipelines with shared libraries, environment promotion strategy (dev -> staging -> prod), canary/blue-green deployment, rollback automation, migration safety. Be ready to discuss: How do you handle a situation where one service's tests are flaky and blocking deployments of other services? How would you implement canary deployments for critical services? What's your strategy for database migrations in a CI/CD pipeline?
- Question 2Focus area: Infrastructure
Describe how you would set up infrastructure as code for a new cloud environment. What tools would you choose and how would you organize the code?
What a strong answer covers
A strong answer covers tool selection reasoning (Terraform, Pulumi, CDK), module organization by service or environment, state backend (S3 + DynamoDB), drift detection, secrets management (Vault, SOPS, sealed secrets), code review process for infra changes. Be ready to discuss: How do you handle state management and prevent drift? How do you manage secrets in your IaC workflow?
- Question 3Focus area: Incident response
It's 3 AM and you get paged for a production outage. Walk me through your incident response process from the moment you're woken up.
What a strong answer covers
A strong answer covers structured triage (assess severity, user impact, check dashboards), communication protocol (status page, Slack channel), systematic diagnosis (recent deploys, infrastructure changes), escalation criteria, blameless post-mortem, action items with owners. Be ready to discuss: How do you decide when to escalate versus continuing to troubleshoot yourself? What does your post-incident review process look like?
- Question 4Focus area: Monitoring
How do you approach monitoring and observability for a distributed system? What's the difference between the two, and how do you implement both?
What a strong answer covers
A strong answer covers three pillars (logs, metrics, traces), monitoring as known-unknowns vs observability for unknown-unknowns, SLI/SLO/SLA definitions, alert design (symptom-based not cause-based), Prometheus/Grafana/Datadog experience, distributed tracing (Jaeger, Tempo). Be ready to discuss: How do you avoid alert fatigue while ensuring critical issues are caught? What SLIs and SLOs would you define for a typical web service?
- Question 5Focus area: Containers
Explain your approach to container orchestration. How would you design a Kubernetes cluster for a production workload, and what considerations are top of mind?
What a strong answer covers
A strong answer covers namespace strategy, resource requests/limits, HPA/VPA, node pool design, network policies, RBAC, pod security standards, health checks (liveness, readiness, startup probes), image scanning, GitOps for cluster state management. Be ready to discuss: How do you handle resource limits and autoscaling? What's your approach to Kubernetes security hardening?
- Question 6Focus area: Cloud
Tell me about a time you had to migrate a production workload from one cloud provider or infrastructure to another. What was your approach?
What a strong answer covers
A strong answer covers thorough assessment and planning, data migration strategy, DNS cutover planning, parallel running period, rollback plan, testing in the new environment before cutover, stakeholder communication, post-migration validation. Be ready to discuss: How did you minimize downtime during the migration? What unexpected challenges did you encounter?
- Question 7Focus area: CICD
How would you implement a zero-downtime deployment strategy for a service that handles 10,000 requests per second?
What a strong answer covers
A strong answer covers rolling update with readiness probes, connection draining, canary analysis with automated rollback, feature flags for decoupling deploy from release, traffic shifting, error rate and latency monitoring during rollout. Be ready to discuss: How do you handle long-running requests during a deployment? What metrics do you monitor during the rollout to decide whether to proceed or roll back?
- Question 8Focus area: Infrastructure
Describe how you would implement a disaster recovery plan for a multi-region application. What are the key components?
What a strong answer covers
A strong answer covers rPO/RTO definitions and tiering, data replication strategy (synchronous vs asynchronous), automated failover, regular DR drills (chaos engineering), runbooks, DNS failover, stateful service handling, cost-benefit analysis of multi-region. Be ready to discuss: How do you test your disaster recovery plan? What RPO and RTO targets would you set for different tiers of services?
- Question 9Focus area: CICD
A team complains that their build times have grown from 5 minutes to 45 minutes over the past year. How would you diagnose and fix this?
What a strong answer covers
A strong answer covers profiling the build pipeline (identifying slowest stages), Docker layer caching, dependency caching, parallelization, incremental builds, build runner sizing, artifact reuse between stages, remote build caches. Be ready to discuss: What caching strategies would you implement? How do you balance build speed with build reproducibility?
- Question 10Focus area: Infrastructure
How do you manage configuration across multiple environments (development, staging, production) while keeping secrets secure?
What a strong answer covers
A strong answer covers separation of config from code (12-factor), environment-specific overlays (Kustomize, Helm values), secrets management (Vault, AWS SSM, sealed secrets), dynamic config (feature flags, config maps), secret rotation automation, audit trails. Be ready to discuss: How do you handle configuration changes that need to take effect without redeployment? What's your approach to secret rotation?
- Question 11Focus area: Monitoring
Explain how you would set up centralized logging for a system with 50 microservices. What architecture would you use?
What a strong answer covers
A strong answer covers log aggregation architecture (ELK, Loki, CloudWatch), structured logging (JSON), correlation IDs / trace IDs, log levels and filtering, retention policies, cost management (sampling, cold storage), log-based alerting. Be ready to discuss: How do you handle log volume and cost management? How do you correlate logs across services for a single user request?
- Question 12Focus area: Cloud
Describe your approach to implementing network security in a cloud environment. What layers of defense would you put in place?
What a strong answer covers
A strong answer covers defense in depth (VPC, subnets, security groups, NACLs), zero-trust networking, service mesh (Istio, Linkerd) for mTLS, WAF, DDoS protection, egress controls, network policy enforcement, regular audits and penetration testing. Be ready to discuss: How do you handle service-to-service authentication in a microservices architecture? How do you audit and verify your network security posture?
- Question 13Focus area: Infrastructure
You need to scale a stateful service (like a database or message queue) to handle 10x the current load. What's your approach?
What a strong answer covers
A strong answer covers vertical vs horizontal scaling tradeoffs, read replicas, sharding strategies, connection pooling, caching layers, capacity planning based on metrics, load testing before migration, gradual traffic shifting. Be ready to discuss: How do you handle the data migration when sharding? What monitoring would you put in place to anticipate the next scaling need?
- Question 14Focus area: Incident response
How would you implement chaos engineering practices in your organization? What would you start with and how would you build confidence?
What a strong answer covers
A strong answer covers starting with game days and tabletop exercises, steady-state hypothesis, blast radius control, starting in non-production then graduating, tools (Chaos Monkey, Litmus, Gremlin), measuring system resilience improvements, building organizational confidence gradually. Be ready to discuss: How do you get buy-in from stakeholders who are nervous about intentionally causing failures? What's the difference between chaos engineering and just randomly breaking things?
- Question 15Focus area: CICD
Tell me about how you would implement a GitOps workflow for managing infrastructure and application deployments. What are the benefits and challenges?
What a strong answer covers
A strong answer covers git as single source of truth, pull-based reconciliation (ArgoCD, Flux), drift detection and auto-remediation, sealed secrets or external secrets operator, promotion between environments via PRs, audit trail via Git history, handling of emergency changes. Be ready to discuss: How do you handle secrets in a GitOps workflow where everything is in version control? What happens when someone makes a manual change in production that diverges from the Git state?
Questions asked in almost every interview
Ready to practice for real?
Rehearse these DevOps / SRE questions out loud with an AI interviewer that speaks Arabic and English, then get instant feedback on your answers.
Practice with AI, start free