Looking to ace your next DevOps or Cloud interview? 🧠 Here’s a carefully curated list of 40 real-world questions across Terraform, Kubernetes, Docker, and Kubernetes Networking, grouped by topic.

Each question includes the correct answer and explanation so you can practice or quiz yourself effectively.

🛠 Terraform (Infrastructure as Code)

1. You encounter a lock error when running `terraform apply`. What might resolve it?

A) Delete the .terraform directory
B) Run terraform force-unlock with the lock ID
C) Reinitialize with terraform init
D) Use the -lock=false flag

Correct Answer: B - Run terraform force-unlock with the lock ID
Explanation: Releases a stuck lock in the state file.

2. What does the `terraform refresh` command do?

A) Updates state file to match real-world resources
B) Resets the Terraform configuration
C) Deletes unused resources
D) Updates the provider plugin

Correct Answer: A - Updates state file to match real-world resources

3. What happens if a resource is removed from the Terraform configuration?

A) It is ignored during the next apply
B) It is deleted during the next apply
C) It generates an error during plan
D) Terraform will prompt you to confirm the deletion

Correct Answer: B - It is deleted during the next apply

4. Which backend is commonly used to store Terraform state in AWS?

A) AWS DynamoDB
B) Amazon RDS
C) Amazon S3
D) AWS Lambda

Correct Answer: C - Amazon S3

5. How do you prevent sensitive data from being logged in Terraform state files?

A) Use the sensitive argument in variable definitions
B) Encrypt the state file manually
C) Use an external key management tool
D) Store variables in .tfvars

Correct Answer: A - Use the sensitive argument in variable definitions

6. Which Terraform command is used to apply changes to infrastructure?

A) terraform init
B) terraform plan
C) terraform apply
D) terraform validate

Correct Answer: C - terraform apply

7. How do you define a reusable module in Terraform?

A) Use a .module file
B) Organize resources in a directory and reference it in module blocks
C) Write a custom provider
D) Use a terraform block

Correct Answer: B - Organize resources in a directory and reference it in module blocks

8. Which provider configuration syntax is correct in Terraform?

A) provider "aws" { region = "us-west-2" }
B) aws_provider { region = "us-west-2" }
C) aws { region = "us-west-2" }
D) provider aws { region = "us-west-2" }

Correct Answer: A - provider "aws" { region = "us-west-2" }

9. What does `terraform plan` do?

A) Applies changes directly to infrastructure
B) Validates syntax
C) Shows changes that will be made without applying them
D) Removes state files

Correct Answer: C - Shows changes that will be made without applying them

10. Which file should be added to `.gitignore` in a Terraform project?

A) main.tf
B) terraform.tfstate
C) variables.tf
D) outputs.tf

Correct Answer: B - terraform.tfstate

11. What is the purpose of `terraform validate`?

A) To apply configuration
B) To check for provider updates
C) To verify syntax correctness
D) To clean up old state

Correct Answer: C - To verify syntax correctness

12. Which command upgrades Terraform providers to newer versions?

A) terraform update
B) terraform refresh
C) terraform upgrade
D) terraform init -upgrade

Correct Answer: D - terraform init -upgrade

13. How can you manage multiple environments (dev, stage, prod) in Terraform?

A) Use hardcoded values
B) Use separate workspaces or variable files
C) Use local backend
D) Use a single main.tf file

Correct Answer: B - Use separate workspaces or variable files

☸️ Kubernetes

14. How can you ensure that a pod is scheduled on a specific node?

A) Use a Node Selector
B) Use an Affinity Rule
C) Set a Node Label and use Node Affinity
D) All of the above

Correct Answer: D - All of the above

15. Which command can you use to debug a running Kubernetes pod?

A) kubectl logs
B) kubectl exec
C) kubectl describe pod
D) All of the above

Correct Answer: D - All of the above

16. You notice a pod in the `CrashLoopBackOff` state. What should you check first?

A) Logs of the failed pod
B) Node status
C) Kubernetes API server logs
D) Network policies

Correct Answer: A - Logs of the failed pod

17. You need to securely inject sensitive data into a Kubernetes pod. What should you use?

A) ConfigMap
B) Secret
C) Environment Variables
D) Persistent Volume

Correct Answer: B - Secret

18. What is the primary purpose of a Kubernetes Ingress?

A) Handle internal pod communication
B) Provide external HTTP and HTTPS routing to services
C) Allocate persistent storage
D) Monitor pod health

Correct Answer: B - Provide external HTTP and HTTPS routing to services

19. Which Kubernetes object maintains a specific number of pod replicas?

A) Deployment
B) StatefulSet
C) DaemonSet
D) ReplicaSet

Correct Answer: D - ReplicaSet

20. What is the default restart policy for Kubernetes pods created by a Deployment?

A) Never
B) OnFailure
C) Always
D) Manual

Correct Answer: C - Always

21. How can you manually scale a deployment to 5 replicas?

A) kubectl scale replicas=5
B) kubectl edit deployment
C) kubectl scale deployment <name> --replicas=5
D) kubectl set replicas=5

Correct Answer: C - kubectl scale deployment <name> --replicas=5

22. What is the use of a ConfigMap in Kubernetes?

A) Securely store secrets
B) Expose services externally
C) Store non-sensitive configuration data
D) Schedule pods

Correct Answer: C - Store non-sensitive configuration data

23. What does `kubectl get all` return?

A) Only running pods
B) All Kubernetes resources in the cluster
C) All resources in the current namespace
D) All node logs

Correct Answer: C - All resources in the current namespace

24. How do you create a Kubernetes resource from a YAML file?

A) kubectl install -f file.yaml
B) kubectl start -f file.yaml
C) kubectl apply -f file.yaml
D) kubectl deploy -f file.yaml

Correct Answer: C - kubectl apply -f file.yaml

🐳 Docker

25. You want to run a container in the background and expose a port. Which command should you use?

A) docker run -it
B) docker run -d -p
C) docker exec -p
D) docker-compose up -d

Correct Answer: B - docker run -d -p

26. How can you reduce the size of a Docker image during the build process?

A) Use a lightweight base image
B) Use multiple RUN commands for each package installation
C) Include development dependencies
D) Use the ADD directive instead of COPY

Correct Answer: A - Use a lightweight base image

27. You need to deploy an application with a dependency on a specific version of a library. What do you do?

A) Specify the version in the Docker Compose file
B) Include the version in the FROM directive of the Dockerfile
C) Use an external config file
D) Use multistage build

Correct Answer: B - Include the version in the FROM directive of the Dockerfile

28. Which Docker command shows all running and stopped containers?

A) docker ps
B) docker ps -a
C) docker container list
D) docker inspect

Correct Answer: B - docker ps -a

29. A container can't connect to an external API. What should you check first?

A) The container’s DNS configuration
B) The CMD directive in the Dockerfile
C) The container’s CPU allocation
D) The container’s image version

Correct Answer: A - The container’s DNS configuration

30. What does the `docker build` command do?

A) Downloads an image
B) Creates a Docker volume
C) Creates an image from a Dockerfile
D) Installs Docker

Correct Answer: C - Creates an image from a Dockerfile

31. What is the default Docker network driver?

A) Host
B) None
C) Bridge
D) Overlay

Correct Answer: C - Bridge

32. What is the difference between `ENTRYPOINT` and `CMD`?

A) CMD always overrides ENTRYPOINT
B) ENTRYPOINT sets the main command; CMD provides default arguments
C) CMD runs before ENTRYPOINT
D) No difference

Correct Answer: B - ENTRYPOINT sets the main command; CMD provides default arguments

33. How do you remove all stopped containers?

A) docker stop --all
B) docker rm $(docker ps -a -q)
C) docker clean
D) docker kill -a

Correct Answer: B - docker rm $(docker ps -a -q)

34. What is the purpose of a `.dockerignore` file?

A) To ignore build errors
B) To exclude files during startup
C) To exclude files from docker build context
D) To disable Docker features

Correct Answer: C - To exclude files from docker build context

🌐 Kubernetes Networking

35. What type of Kubernetes service is used to expose an application to the internet?

A) ClusterIP
B) NodePort
C) LoadBalancer
D) ExternalName

Correct Answer: C - LoadBalancer

36. What is a ClusterIP service?

A) Exposes service to the internet
B) Internal-only service reachable within the cluster
C) Exposes a pod to a node
D) DNS record for a service

Correct Answer: B - Internal-only service reachable within the cluster

37. What is a NodePort service?

A) Exposes a service on a high port on each Node
B) Creates internal service routing
C) Used only with Ingress
D) Opens port 80 on all pods

Correct Answer: A - Exposes a service on a high port on each Node

38. What does CoreDNS do in Kubernetes?

A) Monitors network policies
B) Provides DNS resolution for pods and services
C) Balances node traffic
D) Manages ingress rules

Correct Answer: B - Provides DNS resolution for pods and services

39. What does the `ExternalName` service type do?

A) For internal-only traffic
B) Maps service name to external DNS name
C) Load balances between pods
D) Exposes service on host port

Correct Answer: B - Maps service name to external DNS name

40. Which component handles traffic routing for Ingress in Kubernetes?

A) kube-proxy
B) Ingress Controller
C) CoreDNS
D) etcd

Correct Answer: B - Ingress Controller

💬 How many did you get right?
📌 Bookmark this list and share it with others preparing for DevOps interviews.
🧠 Follow me on Hashnode for more hands-on tutorials and interview prep!

🚀 Kubernetes, Terraform & Docker Interview Questions You Must Know!