Cloud and DevOps knowledge is no longer optional for backend engineers. AWS Lambda, Docker, and microservices show up in job requirements for roles that used to be purely application-focused. Azure Entra ID is now a standard topic for any role touching enterprise Microsoft environments.
This guide covers 50 questions across 6 categories, written to be said out loud in an interview: specific, grounded in real behavior, with working code examples throughout.
Full article with all answers, code snippets, and a quick reference table:
devencyclopedia.com/blog/cloud-devops-interview-questions
What's covered
Category 1: Serverless & AWS Lambda (Q1–Q8)
- What is serverless and what problem does it solve?
- How does the Lambda execution model work?
- Lambda cold starts and how to reduce them (
provisioned concurrency,SnapStart, runtime choice) - Reserved vs unreserved vs provisioned concurrency
- Lambda Layers, invocation types, limits, and production monitoring
Category 2: AWS API Gateway (Q9–Q14)
- REST API vs HTTP API vs WebSocket API
- Integration types: Lambda proxy, HTTP, AWS Service, Mock
- Authorization: IAM, Lambda Authorizer, JWT Authorizer
- Throttling, stages, canary deployments
Category 3: AWS S3 (Q15–Q20)
- Core concepts: buckets, objects, keys
- Storage classes: Standard, IA, Glacier, Intelligent-Tiering, Deep Archive
- Versioning, presigned URLs (GET and PUT), event notifications
- Bucket policy vs ACL
Category 4: Docker (Q21–Q32)
- Docker vs VM: shared kernel, boot time, resource overhead
- Image vs container, layer caching, efficient Dockerfiles
- Multi-stage builds (fat build image vs lean production image)
- Compose, network drivers, volumes vs bind mounts
- Container security: non-root, distroless,
cap-drop, read-only FS - Docker Swarm vs Kubernetes
Category 5: Microservices (Q33–Q42)
- Monolith vs microservices: when to use each
- Synchronous (REST, gRPC) vs async (queues, Kafka) communication
- Circuit Breaker pattern (Closed, Open, Half-Open states)
- Saga pattern: choreography vs orchestration
- Event sourcing, distributed tracing, service mesh, 12-factor app
Category 6: Azure Entra ID (Q43–Q50)
- What Entra ID is and how it differs from on-premises AD
- App Registration vs Service Principal
- OAuth 2.0 flows: Auth Code, PKCE, Client Credentials, OBO, Device Code
- Managed Identities (why they replace client secrets)
- Conditional Access, Azure RBAC vs Entra ID roles, SSO, PIM
Quick sample: Q29 — Multi-stage Docker build
# Stage 1: build
FROM node:22 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Stage 2: production image
FROM node:22-alpine AS production
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY --from=builder /app/dist ./dist
USER node
EXPOSE 3000
CMD ["node", "dist/server.js"]
The production image contains only the Alpine runtime, production deps, and compiled output. The build environment is discarded. Result: ~80MB instead of ~800MB.
Quick sample: Q36 — Circuit Breaker (Node.js)
const CircuitBreaker = require("opossum");
const breaker = new CircuitBreaker(callPaymentService, {
timeout: 3000,
errorThresholdPercentage: 50,
resetTimeout: 30000,
});
breaker.fallback(() => ({ status: "deferred", message: "Payment queued for retry" }));
breaker.on("open", () => logger.warn("Circuit OPEN"));
const result = await breaker.fire(paymentData);
Quick reference: all 50 questions at a glance
The full article includes a table with every question and its core concept in one pass — useful for a last-minute scan before an interview.
5 things to have solid before you walk in:
- Cold start mitigation:
provisioned concurrency,SnapStart, small packages - REST API vs HTTP API: caching and usage plans vs price and JWT authorizers
- Multi-stage Docker build: separate build image from production image
- Saga pattern: choreography vs orchestration for distributed transactions
- Managed identities: why they replace client secrets in Azure
Full guide (all 50 answers + code examples):
👉 devencyclopedia.com/blog/cloud-devops-interview-questions
Top comments (0)