DevOps-Interview: docs: Add essential cloud DevOps interview questions and answers

Signed-off-by: NotHarshhaa <[email protected]>

Author: NotHarshhaa

cloud/README.md

@@ -0,0 +1,398 @@
+# **Cloud - DevOps Interview Questions**  
+
+## **Beginner Level (1-20 Questions)**  
+
+### **1. What is cloud computing?**  
+
+**Answer:**  
+Cloud computing is the on-demand delivery of computing services such as servers, storage, databases, networking, and software over the internet. It eliminates the need for owning and maintaining physical hardware, allowing users to access scalable resources on a pay-as-you-go model.  
+
+### **2. What are the different types of cloud computing?**  
+
+**Answer:**  
+Cloud computing is classified into three types:  
+
+- **Public Cloud:** Services provided by third-party vendors like AWS, Azure, and GCP, accessible over the internet.  
+- **Private Cloud:** Cloud infrastructure dedicated to a single organization, either on-premises or hosted by a provider.  
+- **Hybrid Cloud:** A combination of public and private clouds, allowing data and applications to be shared between them.  
+
+### **3. What are the benefits of cloud computing?**  
+
+**Answer:**  
+
+- **Scalability:** Resources can be easily scaled up or down.  
+- **Cost Efficiency:** No need to invest in physical hardware.  
+- **Flexibility:** Access from anywhere using the internet.  
+- **Disaster Recovery:** Cloud providers offer backup and recovery solutions.  
+
+### **4. What are the different cloud service models?**  
+
+**Answer:**  
+
+- **Infrastructure as a Service (IaaS):** Provides virtualized computing resources (e.g., AWS EC2, Azure Virtual Machines).  
+- **Platform as a Service (PaaS):** Offers a managed environment for application development (e.g., AWS Elastic Beanstalk, Google App Engine).  
+- **Software as a Service (SaaS):** Delivers software applications over the internet (e.g., Gmail, Office 365, Salesforce).  
+
+### **5. What is serverless computing?**  
+
+**Answer:**  
+Serverless computing allows developers to run applications without managing underlying infrastructure. The cloud provider dynamically allocates resources as needed. Examples include AWS Lambda, Azure Functions, and Google Cloud Functions.  
+
+### **6. What is virtualization in cloud computing?**  
+
+**Answer:**  
+Virtualization is the process of creating virtual instances of servers, storage, or networks. It enables multiple virtual machines (VMs) to run on a single physical server, improving resource utilization.  
+
+### **7. What is multi-cloud?**  
+
+**Answer:**  
+Multi-cloud refers to using multiple cloud service providers (e.g., AWS, Azure, GCP) for redundancy, cost optimization, and avoiding vendor lock-in.  
+
+### **8. What are some common cloud deployment models?**  
+
+**Answer:**  
+
+- **Community Cloud:** Shared infrastructure for a specific group of organizations.  
+- **Hybrid Cloud:** Combination of on-premises, private, and public clouds.  
+- **Public Cloud:** Services offered to multiple customers over the internet.  
+
+### **9. What is the difference between vertical and horizontal scaling?**  
+
+**Answer:**  
+
+- **Vertical Scaling (Scaling Up):** Increasing resources (CPU, RAM) in an existing server.  
+- **Horizontal Scaling (Scaling Out):** Adding more servers to distribute the load.  
+
+### **10. What is an Availability Zone (AZ)?**  
+
+**Answer:**  
+An Availability Zone is a physically separate data center within a cloud provider's region, designed for fault tolerance and high availability.  
+
+### **11. What is the Shared Responsibility Model in cloud security?**  
+
+**Answer:**  
+Cloud providers and customers share security responsibilities:  
+
+- **Provider:** Secures hardware, networking, and cloud infrastructure.  
+- **Customer:** Secures applications, data, and user access.  
+
+### **12. What is a Virtual Private Cloud (VPC)?**  
+
+**Answer:**  
+A VPC is an isolated cloud environment where users can define their own network settings, including subnets, IP addresses, and security groups.  
+
+### **13. What is an Elastic Load Balancer (ELB)?**  
+
+**Answer:**  
+An ELB distributes incoming traffic across multiple servers to ensure high availability and fault tolerance.  
+
+### **14. What is Object Storage in the cloud?**  
+
+**Answer:**  
+Object storage is a cloud-based storage architecture that stores data as objects (instead of files or blocks). Examples include Amazon S3 and Azure Blob Storage.  
+
+### **15. What is Block Storage in cloud computing?**  
+
+**Answer:**  
+Block storage stores data in fixed-sized blocks, commonly used for databases and virtual machines. Examples: AWS EBS, Azure Managed Disks.  
+
+### **16. What is a Content Delivery Network (CDN)?**  
+
+**Answer:**  
+A CDN is a distributed network of servers that caches content close to users for faster delivery. Examples: AWS CloudFront, Azure CDN.  
+
+### **17. What is an IAM role in cloud security?**  
+
+**Answer:**  
+An IAM (Identity and Access Management) role grants permissions to cloud services without needing credentials stored on a server.  
+
+### **18. What is CloudFormation in AWS?**  
+
+**Answer:**  
+AWS CloudFormation is an Infrastructure as Code (IaC) tool that automates provisioning of cloud resources using YAML or JSON templates.  
+
+### **19. What is Google Kubernetes Engine (GKE)?**  
+
+**Answer:**  
+GKE is Google Cloud's managed Kubernetes service for deploying and managing containerized applications.  
+
+### **20. What is Azure DevOps?**  
+
+**Answer:**  
+Azure DevOps is a set of development and CI/CD tools for building, testing, and deploying applications in the cloud.  
+
+---
+
+I'll now provide detailed answers for the **Intermediate and Advanced** level questions in the **Cloud** section.  
+
+---
+
+## **Intermediate Level (21-40 Questions)**  
+
+### **21. What is a cloud region?**  
+
+**Answer:**  
+A cloud region is a geographic area where a cloud provider has multiple data centers. Each region consists of multiple **availability zones (AZs)**, ensuring redundancy and high availability.  
+
+- Example: AWS **us-east-1 (North Virginia)** has multiple AZs like **us-east-1a, us-east-1b, etc.**  
+- Cloud providers like **AWS, Azure, and GCP** allow users to select regions based on factors like **latency, compliance, and pricing.**  
+
+### **22. How does AWS Lambda differ from EC2?**  
+
+**Answer:**  
+
+| Feature | AWS Lambda | Amazon EC2 |
+|---------|------------|------------|
+| **Type** | Serverless function | Virtual machine |
+| **Scaling** | Auto-scales instantly | Requires manual scaling or auto-scaling setup |
+| **Billing** | Pay-per-execution | Pay for running instances |
+| **Use case** | Short-lived tasks | Long-running applications |
+| **Example** | Trigger a function when an S3 file is uploaded | Run a web server for hosting applications |
+
+### **23. What are Reserved Instances in AWS?**  
+
+**Answer:**  
+Reserved Instances (RIs) are a pricing model in AWS where users commit to a specific instance type for **1 or 3 years** in exchange for significant discounts (up to 75%) compared to On-Demand pricing.  
+
+- **Types of RIs:**
+  - **Standard RIs** – Best discounts, but limited flexibility.  
+  - **Convertible RIs** – Can switch to another instance type.  
+  - **Scheduled RIs** – Available at specific times (e.g., weekends).  
+
+### **24. How do you secure data in cloud storage?**  
+
+**Answer:**  
+To secure data in cloud storage:  
+
+- **Encryption:** Use AES-256 encryption for data at rest and TLS for data in transit.  
+- **Access Control:** Implement IAM policies and bucket policies to restrict access.  
+- **Versioning:** Enable object versioning to recover deleted/modified files.  
+- **Auditing:** Use AWS CloudTrail, Azure Monitor, or GCP Audit Logs to track access.  
+
+### **25. What is the difference between Kubernetes and Docker Swarm?**  
+
+**Answer:**  
+
+| Feature | Kubernetes | Docker Swarm |
+|---------|------------|--------------|
+| **Complexity** | Steeper learning curve | Easier to set up |
+| **Scaling** | Automated, fine-grained | Manual or auto-scaling |
+| **Networking** | Uses CNI (Customizable) | Simple overlay network |
+| **Load Balancing** | Built-in service discovery | DNS-based service discovery |
+| **Use case** | Enterprise-grade orchestration | Lightweight container orchestration |
+
+### **26. What is a Stateful vs. Stateless application in the cloud?**  
+
+**Answer:**  
+
+- **Stateless Application:** Doesn’t retain session data. Each request is independent (e.g., REST APIs, serverless functions).  
+- **Stateful Application:** Retains user state across requests (e.g., databases, messaging queues).  
+- **Cloud Implication:** Stateless apps scale easily, while stateful apps require persistent storage (e.g., AWS EBS, Azure Managed Disks).  
+
+### **27. What is auto-scaling, and how does it work?**  
+
+**Answer:**  
+Auto-scaling automatically adjusts the number of cloud instances based on traffic load.  
+
+- **Types:**  
+  - **Horizontal scaling:** Adds/removes instances.  
+  - **Vertical scaling:** Increases/decreases resources on existing instances.  
+- **Example:** AWS Auto Scaling Group increases EC2 instances when CPU usage exceeds 70%.  
+
+### **28. What is Terraform, and how does it help in cloud automation?**  
+
+**Answer:**  
+Terraform is an **Infrastructure as Code (IaC)** tool used to define and provision cloud resources using declarative configurations.  
+
+- **Benefits:**  
+  - Enables version control for infrastructure  
+  - Supports multi-cloud deployments  
+  - Automates infrastructure provisioning  
+
+### **29. How do you handle logging in a cloud environment?**  
+
+**Answer:**  
+
+- **AWS:** Use CloudWatch Logs and CloudTrail  
+- **Azure:** Use Monitor and Log Analytics  
+- **GCP:** Use Stackdriver Logging  
+- Best practices: **Centralized logging, structured logs (JSON), retention policies**  
+
+### **30. What is a Bastion Host, and why is it used?**  
+
+**Answer:**  
+A **Bastion Host** is a publicly accessible server that provides secure SSH access to private cloud resources.  
+
+- Reduces **attack surface** by acting as an **entry point** to internal instances.  
+
+---
+
+## **Advanced Level (41-60 Questions)**  
+
+### **41. What is a Service Level Agreement (SLA) in cloud computing?**  
+
+**Answer:**  
+An SLA is a contract between a cloud provider and a customer that defines:  
+
+- **Uptime Guarantee** (e.g., AWS offers 99.99% uptime for EC2).  
+- **Response Time** (e.g., Support request resolution in 24 hours).  
+- **Penalties** if SLA is not met (e.g., refund or service credits).  
+
+### **42. How do you optimize cloud costs?**  
+
+**Answer:**  
+
+- **Use Reserved or Spot Instances** instead of On-Demand.  
+- **Enable Auto-scaling** to scale down during low traffic.  
+- **Monitor usage with AWS Cost Explorer/Azure Cost Management.**  
+- **Right-size resources** by selecting appropriate instance sizes.  
+
+### **43. What is Kubernetes federation?**  
+
+**Answer:**  
+Kubernetes Federation allows managing multiple Kubernetes clusters as a single unit for **high availability** and **multi-cloud support.**  
+
+### **44. How does Chaos Engineering apply to cloud environments?**  
+
+**Answer:**  
+Chaos Engineering **intentionally injects failures** to test system resilience.  
+
+- Example: Netflix **Simian Army** kills random instances to test system fault tolerance.  
+
+### **45. What is a Kubernetes operator?**  
+
+**Answer:**  
+A **Kubernetes Operator** automates complex tasks for stateful applications (e.g., managing databases in Kubernetes).  
+
+### **46. How do you implement multi-region deployments?**  
+
+**Answer:**  
+
+- **Data Replication:** Sync databases across regions.  
+- **Traffic Routing:** Use DNS-based routing (e.g., AWS Route 53).  
+- **Failover Mechanism:** Auto-switch to another region in case of failure.  
+
+### **47. What is a Cloud Access Security Broker (CASB)?**  
+
+**Answer:**  
+A CASB is a security layer between cloud users and providers, enforcing **compliance, threat protection, and data security.**  
+
+### **48. How do you ensure compliance in cloud environments?**  
+
+**Answer:**  
+
+- **Use Compliance Frameworks:** HIPAA, SOC 2, GDPR.  
+- **Enable Logging & Auditing:** AWS CloudTrail, Azure Security Center.  
+
+### **49. What is zero-trust security in cloud environments?**  
+
+**Answer:**  
+Zero-trust security assumes **no implicit trust** and enforces strict identity verification for every request.  
+
+### **50. How does serverless architecture improve scalability?**  
+
+**Answer:**  
+Serverless auto-scales **instantly** based on demand, eliminating pre-provisioning of resources.  
+
+### **51. What is an egress charge in cloud pricing?**  
+
+**Answer:**  
+Egress charges are fees for **data transfer out of the cloud provider's network.**  
+
+### **52. How do you prevent DDoS attacks in the cloud?**  
+
+**Answer:**  
+
+- Use **AWS Shield, Azure DDoS Protection, Cloudflare WAF.**  
+- Implement **Rate Limiting** on API endpoints.  
+
+### **53. What are the best practices for cloud security?**  
+
+**Answer:**  
+
+- **Least Privilege Access** (IAM policies).  
+- **Encrypt Data at Rest & Transit** (KMS, SSL/TLS).  
+- **Enable Multi-Factor Authentication (MFA).**  
+
+### **54. What are the risks of vendor lock-in, and how do you mitigate them?**  
+
+**Answer:**  
+Vendor lock-in occurs when a company becomes dependent on a single cloud provider, making migration difficult due to high costs or compatibility issues.  
+**Mitigation strategies:**  
+
+- Use **multi-cloud** strategies to distribute workloads.  
+- Adopt **open-source** and **portable** tools (e.g., Kubernetes, Terraform).  
+- Design applications with **cloud-agnostic architectures** using containerization and microservices.  
+
+### **55. What is Kubernetes pod affinity and anti-affinity?**  
+
+**Answer:**  
+Pod affinity and anti-affinity define rules for **where Kubernetes pods should be scheduled** based on labels.  
+
+- **Pod Affinity:** Ensures pods are scheduled together (e.g., for performance reasons).  
+- **Pod Anti-Affinity:** Ensures pods are placed on different nodes (e.g., for high availability).  
+- **Example YAML:**  
+
+  ```yaml
+  affinity:
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchExpressions:
+              - key: app
+                operator: In
+                values:
+                  - backend
+          topologyKey: "kubernetes.io/hostname"
+  ```
+
+### **56. How do you prevent DDoS attacks in cloud environments?**  
+
+**Answer:**  
+To prevent **DDoS (Distributed Denial of Service) attacks**, use:  
+
+- **Web Application Firewalls (WAF):** AWS WAF, Azure WAF.  
+- **DDoS Protection Services:** AWS Shield, Azure DDoS Protection, Cloudflare.  
+- **Rate Limiting & Traffic Throttling:** Block excessive requests from suspicious IPs.  
+- **Network ACLs & Security Groups:** Restrict unnecessary traffic at the firewall level.  
+
+### **57. What is confidential computing in the cloud?**  
+
+**Answer:**  
+Confidential computing encrypts data **even while it is being processed** to enhance security.  
+
+- Uses **Trusted Execution Environments (TEEs)** to protect data.  
+- Examples:  
+  - **AWS Nitro Enclaves**  
+  - **Azure Confidential Computing**  
+  - **Google Cloud Confidential VMs**  
+
+### **58. What is a policy-as-code approach in cloud security?**  
+
+**Answer:**  
+Policy-as-Code (PaC) automates security and compliance checks using **code-based policies**.  
+
+- Tools:  
+  - **AWS Config, Azure Policy**  
+  - **OPA (Open Policy Agent)**  
+  - **HashiCorp Sentinel**  
+- Example: Enforce that all S3 buckets must be encrypted.  
+
+### **59. How do you implement cloud governance?**  
+
+**Answer:**  
+Cloud governance ensures compliance, security, and cost control.  
+
+- **Identity & Access Control:** Enforce least-privilege access.  
+- **Budget & Cost Management:** Use AWS Budgets, Azure Cost Management.  
+- **Automated Compliance Checks:** Use AWS Config, Azure Policy.  
+
+### **60. What are the best practices for cloud security?**  
+
+**Answer:**  
+
+- **Identity & Access Management (IAM):** Enforce **least privilege** access.  
+- **Data Encryption:** Encrypt at rest (AES-256) and in transit (TLS).  
+- **Multi-Factor Authentication (MFA):** Require MFA for user accounts.  
+- **Network Security:** Implement firewalls, VPNs, and private subnets.  
+- **Logging & Monitoring:** Enable **AWS CloudTrail, Azure Monitor, Google Cloud Logging** for real-time threat detection.