25 Advanced Linux Interview Questions
Expert-level questions for senior, staff, and principal engineer positions
Download Free PDF Cheat SheetAt senior level, interviews shift from "can you use Linux?" to "can you architect, scale, and troubleshoot production Linux infrastructure?". These 25 questions cover kernel internals, advanced networking, security architecture, performance engineering, and system design — topics that separate good engineers from great ones.
Target roles: Senior Systems Engineer, Staff/Principal Engineer, Infrastructure Architect, Senior SRE.
Kernel & System Internals
Q1: How does the Linux CFS scheduler work?
The Completely Fair Scheduler maintains a red-black tree of runnable tasks sorted by virtual runtime (vruntime). The task with the lowest vruntime runs next. Nice values adjust the weight — lower nice = more CPU time. Real-time tasks use SCHED_FIFO or SCHED_RR and always preempt CFS tasks.
Q2: What is eBPF and how is it used in production?
Extended Berkeley Packet Filter allows sandboxed programs to run in kernel space without modifying the kernel. Production uses: tracing (bpftrace), networking (XDP for packet processing at NIC speed), security (Falco, Cilium CNI), and observability (continuous profiling). eBPF is the most significant Linux innovation of the last decade.
Q3: Explain cgroups v2 resource management.
Cgroups v2 provides a unified hierarchy (vs v1's multiple trees). Controllers: cpu (cpu.max for quota), memory (memory.max, memory.high for throttling), io (io.max for bandwidth limits), pids (pids.max). Systemd uses cgroup slices for service isolation. Containers rely heavily on cgroups for resource limits.
Advanced Networking
Q4: How does the Linux network stack process a packet?
NIC receives frame via DMA to ring buffer. Hardware IRQ triggers softirq/NAPI processing. Packet passes through netfilter PREROUTING hooks, routing decision (local vs forward), INPUT chain for local delivery, then to socket buffer and application. XDP can intercept packets before the entire network stack for ultra-fast processing.
Q5: Explain TCP congestion control algorithms.
Default CUBIC: window-based growth. BBR (Google): measures bandwidth and RTT for optimal sending rate — excels on lossy/high-latency links. DCTCP: for data centers with ECN support. View current: sysctl net.ipv4.tcp_congestion_control. BBR has become the standard for internet-facing servers.
Security Architecture
Q6: Design a defense-in-depth strategy for Linux infrastructure.
Layers: Network (firewall, IDS/IPS, network segmentation), Host (SELinux/AppArmor, auditd, CIS benchmarks, immutable infrastructure), Application (WAF, container image scanning, SAST/DAST), Data (encryption at rest/transit, key management with Vault), Process (RBAC, MFA, security audits, incident response runbooks).
Q7: How do you implement container security at scale?
Minimal base images (distroless/alpine), non-root users, read-only rootfs, Seccomp profiles, AppArmor/SELinux policies, image scanning (Trivy/Grype) in CI/CD, signed images (cosign/Notary), runtime security (Falco), network policies, no privileged containers, regular patching automation.
Performance Engineering
Q8: How do you use the USE method for performance analysis?
Brendan Gregg's USE Method: for every resource (CPU, memory, disk, network), check Utilization (how busy), Saturation (queue length), Errors (error counts). This systematic approach covers 80% of performance issues. Tools: mpstat (CPU), free/vmstat (memory), iostat (disk), sar (network).
Q9: Explain NUMA and its performance impact.
Non-Uniform Memory Access: each CPU socket has local memory. Accessing remote NUMA node memory is 50-100% slower. Critical for databases: bind process to one NUMA node with numactl --cpunodebind=0 --membind=0. Check topology: numactl --hardware. Monitor: numastat.
Architecture & Design
Q10: Design a highly available Linux infrastructure.
Eliminate single points of failure: Load balancers (keepalived/VRRP), app servers (horizontal scaling), databases (replication + automated failover), storage (DRBD/Ceph), network (bonding, dual uplinks, BGP). Use Pacemaker/Corosync for cluster management. Define RTO/RPO and test regularly with chaos engineering.
Senior Interview Strategy
At this level, demonstrate architectural thinking. Discuss trade-offs, failure modes, and operational considerations. Show you understand not just HOW but WHY and WHEN to use each approach. Reference real production experience whenever possible.
Download the Complete Cheat Sheet
Get all 25 advanced questions with detailed answers in a professionally designed PDF.
Download Advanced Cheat Sheet (PDF)
