Skip to content

Common Interview Questions

"What Happens When..." Questions

These questions test your ability to explain complex processes end-to-end.

What happens when you type a command in the terminal?

Complete answer covering fork/exec flow:

  1. Shell reads input using read() system call from stdin

  2. Shell parses command (user space parsing)

  3. Shell calls fork() to create child process:

    • Kernel creates new Process Control Block (PCB)
    • Assigns new PID
    • Copies parent's memory using Copy-on-Write
    • Copies file descriptor table
    • Returns PID to parent, 0 to child

  4. Child process calls exec() to load command:

    • Kernel opens executable file
    • Verifies ELF header
    • Replaces process image (code, data, stack)
    • Loads program segments into memory
    • Sets up arguments and environment
    • Jumps to entry point

  5. Kernel schedules child using CFS scheduler

  6. Program executes, making system calls as needed

  7. Program exits, calling exit() system call:

    • Closes file descriptors
    • Releases memory
    • Sends SIGCHLD to parent
    • Becomes zombie process

  8. Parent receives SIGCHLD signal

  9. Parent calls wait() to collect exit status:

    • Kernel provides exit status
    • Kernel frees child's PCB
    • Child is fully terminated

  10. Shell prints new prompt

Deep dive topics to mention:

  • Copy-on-Write optimization
  • File descriptor inheritance
  • Zombie process prevention
  • Signal handling

What happens when you type www.google.com in your browser?

Complete networking answer:

  1. Browser checks cache for IP address

  2. OS checks /etc/hosts

  3. DNS Resolution:

    • Query recursive resolver (ISP or 8.8.8.8)
    • Resolver queries root servers → .com TLD → google.com authoritative
    • Returns IP address (e.g., 142.250.185.46)
    • Result cached with TTL

  4. ARP Resolution (if on local network):

    • Need gateway MAC address
    • Send ARP request broadcast
    • Gateway responds with MAC

  5. TCP Connection (port 443 for HTTPS):

    • SYN → SYN-ACK → ACK (three-way handshake)
    • Connection established

  6. TLS Handshake:

    • Client Hello (supported ciphers, TLS version)
    • Server Hello (chosen cipher, certificate)
    • Client verifies certificate (CA chain)
    • Key exchange (DH or RSA)
    • Both derive session keys
    • Encrypted communication ready

  7. HTTP Request:

    • GET / HTTP/2 or HTTP/3
    • Host: www.google.com
    • Headers (User-Agent, Accept, etc.)

  8. Server Processing:

    • Load balancer receives request
    • Routes to backend server
    • Application processes
    • Database queries if needed

  9. HTTP Response:

    • Status: 200 OK
    • Headers (Content-Type, etc.)
    • HTML body

  10. Browser Rendering:

    • Parse HTML (DOM tree)
    • Parse CSS (CSSOM)
    • Execute JavaScript
    • Fetch additional resources (images, CSS, JS)
    • Render page

  11. Connection: Keep-alive or close

What happens when fork() is called?

  1. System call entry: User space → kernel mode

  2. Create new PCB: Allocate task_struct

  3. Assign PID: Get next available PID

  4. Copy process state:

    • File descriptor table (increment reference counts)
    • Signal handlers
    • Current working directory
    • Resource limits

  5. Memory setup:

    • Copy page tables (virtual memory mappings)
    • Mark pages as Copy-on-Write
    • Don't copy physical pages yet (optimization)

  6. Copy kernel structures:

    • Open file table pointers
    • Credentials (UID, GID)
    • Timers

  7. Add to scheduler: Child is now runnable

  8. Return:

    • Parent gets child PID
    • Child gets 0

  9. Both processes continue from same point

What happens when malloc() is called?

For small allocation (< 128KB):

  1. Check glibc free lists:

    • Fast bins (recently freed small chunks)
    • Small bins (exact size match)
    • Large bins (size ranges)

  2. If found in bins: Return quickly

  3. If not found:

    • Request more heap space from kernel
    • Call brk() or sbrk() to increase program break
    • Kernel extends data segment

  4. Split chunk: If larger than requested

  5. Return pointer: To usable memory (after metadata)

For large allocation (>= 128KB):

  1. Call mmap() system call:

    • Request anonymous memory mapping
    • Page-aligned allocation
    • Separate from main heap

  2. Kernel allocates virtual memory:

    • Updates page tables
    • Doesn't allocate physical pages yet (lazy)

  3. Return pointer

Internal glibc structures:

  • Each chunk has header (size, flags, pointers)
  • Bins organize free chunks
  • Thread caching (tcache) for performance

What happens during a system boot?

(See Boot Process for detailed answer)

  1. Power on → BIOS/UEFI POST
  2. Boot loader (GRUB) loads kernel
  3. Kernel initialization
  4. Load initramfs
  5. Mount root filesystem
  6. Start init/systemd (PID 1)
  7. Start configured services
  8. Reach target (e.g., multi-user.target)

Technical Deep Dive Questions

Explain inodes

An inode is a data structure that stores file metadata:

  • File type and permissions
  • Owner (UID/GID)
  • File size
  • Timestamps (atime, mtime, ctime)
  • Link count (hard links)
  • Data block pointers (direct, indirect, double indirect, triple indirect)

Important: Does NOT contain filename! Filenames are in directory entries (dentries).

Relationship:

  • Directory entry maps filename → inode number
  • Inode contains metadata and points to data blocks
  • Multiple dentries can point to same inode (hard links)

Explain the relationship between file descriptors and inodes

Three-level structure:

  1. File Descriptor (per-process):

    • Integer (0, 1, 2, ...)
    • Index into process's FD table
    • Points to file table entry

  2. File Table Entry (system-wide):

    • File offset (current position)
    • Access mode (read/write/append)
    • Reference count
    • Points to inode

  3. Inode (filesystem):

    • File metadata
    • Points to data blocks

Example:

  • Process calls open("file.txt") → Returns FD 3
  • FD 3 → File table entry → Inode 12345 → Data blocks
  • Multiple FDs can share same file table entry (dup(), fork())
  • Multiple file table entries can reference same inode (multiple opens)

How does Copy-on-Write work?

After fork():

  1. Initial state: Child and parent share physical pages

  2. Pages marked read-only: In both page tables

  3. On write attempt:

    • Page fault occurs

    • Kernel's page fault handler:

      • Allocates new physical page
      • Copies data to new page
      • Updates writing process's page table
      • Marks page as writable
      • Resumes execution

  4. Result: Only modified pages are copied

Benefits:

  • Fast fork() (no immediate copying)
  • Memory efficient (only copy what changes)
  • Most processes fork then exec (never write)

Explain virtual memory

Virtual memory provides each process with its own address space:

Benefits:

  • Isolation: Processes can't access each other's memory
  • Larger address space: Process can use more than physical RAM
  • Simplified programming: Continuous address space

How it works:

  • MMU translates virtual → physical addresses
  • Page tables map virtual pages to physical frames
  • TLB caches recent translations
  • Pages can be in RAM or swapped to disk

Virtual address (48-bit on x86-64):

[PGD index][PUD index][PMD index][PTE index][Offset]

Each index navigates page table levels to find physical page.

Explain TCP three-way handshake in detail

(See Protocols for complete answer)

sequenceDiagram
    participant Client
    participant Server

    Client->>Server: SYN (seq=x)
    Note right of Server: Create connection state
    Server-->>Client: SYN-ACK (seq=y, ack=x+1)
    Note left of Client: Connection state
    Client->>Server: ACK (ack=y+1)
    Note left of Client: ESTABLISHED
    Note right of Server: ESTABLISHED

Why three-way?:

  • Synchronize sequence numbers
  • Prevent old duplicate connections
  • Establish bidirectional communication

Practice More Questions

Process Management & System Calls

  1. What happens when you type a command (like ls) in a shell and press enter? Explain the entire process flow including fork(), exec(), and related system calls.
  2. What is the difference between a process and a thread?
  3. Explain what happens when you run curl www.google.com from the perspective of Linux internals.
  4. What is a Process Control Block (PCB) and what information does it contain?
  5. Explain the difference between fork() and exec() system calls.
  6. What is a zombie process and how do you prevent it?

Memory Management

  1. Explain the difference between virtual memory and physical memory.
  2. What are the different segments of process memory (text, data, heap, stack)? Describe each.
  3. How does malloc() work internally? Explain memory allocation mechanisms like sbrk() and mmap().
  4. What is the difference between user space and kernel space? Why can't we directly access kernel space?
  5. How does the page cache work?
  6. Explain page faults and how the kernel handles them.

File Systems & I/O

  1. What is an inode? What information does it store?
  2. What happens when you open a file? Trace the system calls involved.
  3. Explain the difference between hard links and soft (symbolic) links.
  4. What is /proc filesystem and what is it used for? Give examples of useful files in /proc.
  5. Explain file descriptors. What are stdin, stdout, and stderr?
  6. What happens when you delete a file that's still open?

Signals & IPC

  1. What are signals in Linux? Explain the difference between SIGTERM and SIGKILL.
  2. What is a zombie process? How do you handle it?
  3. Explain different inter-process communication (IPC) mechanisms (pipes, sockets, shared memory, etc.).
  4. What is the difference between mutex and semaphore?
  5. What happens when you press Ctrl+C in a terminal?
  6. Explain the HUP signal and its typical use case.
  7. What happens during a context switch?

Boot & System Architecture

  1. Explain the Linux boot process from power-on to login prompt.
  2. What is the role of the init system (systemd/init)?
  3. Explain context switching. What triggers it and what is its cost?
  4. What is a system call? How does control transfer from user space to kernel space?

Troubleshooting & Performance

  1. A process is consuming 100% CPU. How do you troubleshoot this?
  2. What is the difference between a crash and a panic?
  3. How would you use strace to debug a failing application?
  4. What tools would you use to identify memory leaks in a running process?
  5. Explain the meaning of load average in Linux. What does "1.0" mean?
  6. A disk is showing 100% utilization. Walk through your troubleshooting steps.
  7. Explain how DNS resolution works.