Top 10 SRE Interview Questions & Answers to Ace Your Next Interview

1. What is an Incident Command System?

Incident Command System (ICS) is a standardized framework for efficiently managing emergencies or incidents. It offers a clear hierarchical structure with defined roles (e.g., Incident Commander, Scribe, Subject Matter Experts), structured communication and coordination, and scalability for both small events and large outages. In IT/SRE, it is adapted to manage production incidents.

2. What types of shells exist and which are most common?

A shell is a command‑line interpreter in Unix/Linux systems. Common shells include Bash, Zsh, Ksh, and Fish, among others.

3. What happens when you type www.google.com and press Enter?

URL parsing: The browser extracts the protocol (https) and hostname (www.google.com).

DNS lookup: A DNS resolver translates the hostname to an IP address.

TCP connection: The browser initiates a TCP three‑way handshake to the IP on port 443.

TLS handshake: Encryption keys and certificates are exchanged to establish a secure channel.

HTTP request: An HTTP GET request is sent to retrieve the page.

Server processing: Google’s servers handle the request and prepare a response.

HTTP response: The server returns HTML, CSS, JavaScript, and other resources.

Rendering: The browser parses HTML, applies styles, and runs scripts to render the page.

Final display: The Google homepage appears on your screen.

4. What is SSH and how does it work?

Secure Shell (SSH) is a protocol for establishing encrypted connections to remote systems over insecure networks. It works by:

Start: User runs ssh user@hostname.

Key exchange: Client and server securely negotiate encryption keys.

Authentication: User authenticates via password or public‑key pair.

Encrypted session: A secure channel is created for command execution and data transfer.

5. What is an error budget?

An error budget defines the acceptable level of service failure based on a Service Level Objective (SLO). For example, a 99.9% monthly uptime SLO yields an error budget of 0.1% downtime (≈43.2 minutes). It balances reliability with innovation—unused budget can be spent on new releases, while exhausting the budget shifts focus to stability.

6. What is toil and how can it be reduced?

Toil refers to manual, repetitive, automatable work with no lasting value in operating production systems. Examples include manual service restarts, periodic access approvals, and repetitive log checks.

Reduction strategies:

Automation: Write scripts or tools to automate repetitive tasks (e.g., self‑healing restarts).

Process improvement: Eliminate unnecessary approvals or steps.

Tool enhancement: Improve monitoring and alerting to reduce manual intervention.

Standardization: Use templates for deployments and configurations.

7. Describe the Linux boot process.

BIOS/UEFI: Performs Power‑On Self‑Test and loads the bootloader from disk.

Bootloader (GRUB/LILO): Loads the Linux kernel into memory and transfers control.

Kernel initialization: Initializes hardware, mounts the root filesystem.

init/systemd: Starts the first process (PID 1), either init or systemd.

Runlevel targets/services: Launches configured services and background daemons (network, sshd, cron, etc.).

User login: Displays a login prompt for user access.

8. What are the benefits of protocols like QUIC?

QUIC, developed by Google, runs over UDP and provides:

Faster connection establishment: Combines TLS and transport handshakes into a single round‑trip, reducing latency.

Built‑in encryption: Uses TLS 1.3 by default for security.

Multiplexing without head‑of‑line blocking: Independent streams avoid the slowdown caused by packet loss in TCP.

Improved performance on unreliable networks: Better recovery from loss and mobile network changes.

9. When is UDP used for long‑distance VPN connections?

UDP is preferred for long‑distance VPNs (e.g., OpenVPN over UDP) because it offers lower latency (no connection‑establishment overhead), avoids TCP‑over‑TCP collapse, and provides better throughput for real‑time applications that can tolerate occasional packet loss.

10. Which protocols are commonly used in enterprise networks?

TCP/IP suite

TCP: Reliable communication for traffic, file sharing, email.

UDP: Used by DNS, VoIP, video conferencing.

HTTPS: Secure web communication.

SMB/CIFS: Windows file sharing.

LDAP: Directory service authentication.

IPSec or SSL/TLS: VPN and secure connections.