Skip to content

Corporate It Fluency

← Back to all decks

42 cards — 🟢 23 easy | 🟡 3 medium | 🔴 10 hard

🟢 Easy (23)

1. What is the difference between an Incident and a Problem in ITSM?

Show answer An Incident is an unplanned interruption to a service — the goal is to restore service ASAP. A Problem is a root cause investigation into why incidents keep happening — the goal is to eliminate the underlying cause. An Incident says "fix it now," a Problem says "figure out why it keeps breaking."

Remember: ITSM tools (ServiceNow, Jira Service Management, Zendesk) track incidents, changes, and requests. Every change should have a ticket for audit trail.

2. What is a Change Advisory Board (CAB)?

Show answer A recurring meeting (usually weekly) where proposed changes to production systems are reviewed and approved. You present a Change Request describing what you're changing, why, the rollback plan, and risk assessment. The board approves, rejects, or defers.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

3. What is a CMDB and why does it matter?

Show answer Configuration Management Database — the org's inventory of all IT assets (servers, apps, network devices, cloud resources) and their dependencies. It answers "what do we have and how is it connected?" During incidents, it helps trace which services depend on a failed component.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

4. What do the letters in a RACI matrix stand for?

Show answer R = Responsible (does the work), A = Accountable (owns the outcome — only one person per task), C = Consulted (provides input before the work), I = Informed (told about the outcome after). Every row should have exactly one A.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

5. What is the difference between CapEx and OpEx?

Show answer CapEx (Capital Expenditure) is buying an asset — e.g., purchasing servers — depreciated over years. OpEx (Operational Expenditure) is ongoing usage costs — e.g., monthly cloud bills — expensed in the current period. Cloud migration is often described as a CapEx-to-OpEx shift.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

6. What is the difference between an RFI, RFP, and RFQ?

Show answer RFI (Request for Information) = "tell us what you offer" (early research). RFP (Request for Proposal) = "give us a formal proposal with pricing" (competitive bidding). RFQ (Request for Quote) = "we know what we want, how much?" (price comparison).

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

7. What does "Run vs Grow" mean in IT budgeting?

Show answer Run the business = keeping lights on (maintenance, licensing, patching, support contracts). "Grow the business" = new capabilities (migrations, new platforms, automation). When budgets get cut, "grow" gets cut first. Knowing which bucket your project is in tells you how vulnerable it is.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

8. What is a Standard Change vs a Normal Change?

Show answer A Standard Change is a pre-approved, low-risk, routine change (e.g., restart a service, add a DNS record) that skips CAB review. A Normal Change requires full CAB review and approval. Understanding which your deployments are determines your deploy velocity.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

9. What is ITIL and how does it relate to IT service management?

Show answer ITIL (Information Technology Infrastructure Library) is the most widely used IT Service Management framework. It defines processes for incident management, problem management, change management, and more. You don't need certification — you need to know the vocabulary.

Remember: ITIL = IT Infrastructure Library. Framework for IT service management. Key processes: Incident, Problem, Change, Release, Service Level management.

10. What does "IC" mean in a job listing?

Show answer IC = Individual Contributor — a technical role with no direct reports. "Senior IC" means a senior engineer who does technical work rather than managing people. The IC track (IC1 through IC6+) allows career advancement in seniority without becoming a people manager.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

11. What is the difference between "dotted line" and "solid line" reporting?

Show answer Solid line = your actual manager who does your performance reviews and approvals. Dotted line = someone you also report to functionally (e.g., a project lead or matrix manager) but who does not manage your career or reviews.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

12. What does "let's take that offline" usually mean in a corporate meeting?

Show answer It usually means "stop talking about this now." It may or may not lead to a follow-up conversation. If the topic is important to you, don't wait for the other person — follow up directly within 24 hours. If they dodge twice, escalate or raise it again in the next meeting.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

13. What is a "tiger team"?

Show answer A small, focused group assembled to solve a specific problem fast. Unlike a standing team, a tiger team is temporary and cross-functional — pulled together for a specific mission (e.g., "fix the payment reliability issues") and disbanded when done.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

14. What does "swim lane" mean in a corporate context?

Show answer Your team's or function's area of responsibility. "That's in their swim lane" means it's another team's responsibility. Swim lane diagrams visually show which team owns which steps in a process. Staying in your swim lane means not doing work that belongs to another team.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

15. What does "north star" mean in corporate IT?

Show answer The long-term guiding vision or metric for a team or project. "Our north star is 99.99% availability" means that is the overarching goal that should guide all technical decisions. It's not a near-term target — it's the direction everything should point toward.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

16. What does "table stakes" mean in business context?

Show answer The minimum expected capability — not a differentiator. "Monitoring is table stakes" means every team should have it; having it doesn't make you special, but not having it is a problem. Used to set baseline expectations.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

17. What does "blast radius" mean in IT?

Show answer How many things break if something goes wrong. "What's the blast radius of this change?" asks how many services, users, or systems are affected if the change fails. Smaller blast radius = lower risk. Used in change management and deployment strategy.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

18. What is HIPAA and when does it apply?

Show answer HIPAA (Health Insurance Portability and Accountability Act) governs healthcare data in the US. If your systems handle Protected Health Information (PHI), you must implement strict access controls, encryption, and audit logging. Violations carry significant fines.

Remember: HIPAA = Health Insurance Portability and Accountability Act. Protects PHI (Protected Health Information). Fines up to $1.9M per violation category per year.

19. What is GDPR and how does it affect infrastructure?

Show answer GDPR (General Data Protection Regulation) is the EU's data privacy law. It affects data retention policies, right to deletion (you must be able to delete a user's data), data residency (where data is stored geographically), and breach notification requirements (72-hour disclosure).

Remember: GDPR = General Data Protection Regulation (EU). Right to be forgotten, data portability, 72-hour breach notification, fines up to 4% of global revenue.

20. What does "target state architecture" mean?

Show answer What the organization wants the system to look like in 1-2 years. Paired with "current state" (how it works now). The gap between current and target state drives roadmap priorities and project justifications. Usually represented as architecture diagrams.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

21. What does "lift and shift" mean?

Show answer Moving workloads to the cloud by copying them as-is (usually as VMs) with no redesign. Fast and low-risk but doesn't leverage cloud-native benefits. Contrasted with "cloud-native refactor" which redesigns the application for containers, managed services, and auto-scaling.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

22. What is a POC and when should you be skeptical of one?

Show answer POC = Proof of Concept — a small test to validate an idea works. Be skeptical when: the POC is proposed after a decision seems blocked (stalling tactic), the success criteria are vague, or nobody defines what happens after the POC succeeds. A good POC has clear criteria, a time box, and a decision framework.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

23. What are "guardrails" in enterprise IT?

Show answer Automated policies that prevent bad configurations or actions — e.g., "no public S3 buckets," "all EC2 instances must have tags," "no deployments without passing security scan." Unlike manual reviews, guardrails enforce policy automatically and continuously. Common tools: OPA, Kyverno, AWS SCPs, Azure Policy.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

🟡 Medium (3)

1. What is a risk register?

Show answer A living document that tracks known risks with their likelihood, impact, mitigation plans, and owners. When InfoSec says "add this to the risk register," they want the risk documented, assessed, assigned, and tracked. Risk acceptance (deciding a risk is acceptable given mitigation cost) is also documented here.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

2. What is the difference between an SOW and an MSA?

Show answer SOW (Statement of Work) defines what a vendor will deliver, by when, and for how much — it's the specific project scope. MSA (Master Service Agreement) is the umbrella legal agreement covering all work with that vendor. You can have many SOWs under one MSA.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

3. What are the key considerations in a "buy vs build" decision?

Show answer Buy: faster to deploy, vendor handles maintenance, but ongoing licensing cost and less customization. Build: fully customized, no licensing, but development cost, maintenance burden, and opportunity cost of engineering time. Key factors: is this a core differentiator (build) or commodity capability (buy)?

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

🔴 Hard (10)

1. What is the difference between an SLA, an OLA, and an Underpinning Contract (UC)?

Show answer SLA (Service Level Agreement) is between IT and the customer/business. OLA (Operational Level Agreement) is between internal IT teams. UC (Underpinning Contract) is between IT and an external vendor. The SLA is the promise; OLAs and UCs are what make it achievable.

Remember: SLA = Service Level Agreement. Contractual commitment. SLO = internal target. SLI = the actual measurement. SLA >= SLO > SLI (target hierarchy).

2. What is a SOC2 audit and what does a "finding" mean?

Show answer SOC2 (Service Organization Control 2) is an audit framework for cloud/SaaS companies that examines access controls, logging, and change management. A "finding" means an auditor identified a gap in controls. Critical findings must be fixed before the audit period ends; high findings need a remediation plan with a deadline.

Remember: SOC 2 = Service Organization Control. Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy. Mnemonic: 'SAPCP.'

3. What does TCO mean and why is it different from purchase price?

Show answer TCO (Total Cost of Ownership) includes the full cost: purchase, licensing, support contracts, labor to operate, power, cooling, training, and eventual decommission. A $10K server might have a 5-year TCO of $50K when you add support, power, rack space, and admin time.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

4. What is an Emergency Change and when is it used?

Show answer An Emergency Change bypasses normal CAB process to address an urgent issue (typically during a P1 incident). It still requires approval — usually from the change manager or an on-call approver — and mandatory post-implementation review. It is not a way to skip process; it is a fast-tracked version of it.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

5. What is a Known Error in ITSM?

Show answer A Known Error is a Problem that has been diagnosed — the root cause is understood and documented, but the permanent fix has not yet been implemented. It typically includes a workaround so that future Incidents can be resolved faster while the real fix is planned.

Remember: ITSM tools (ServiceNow, Jira Service Management, Zendesk) track incidents, changes, and requests. Every change should have a ticket for audit trail.

6. What is a RAID log in project management?

Show answer RAID = Risks, Assumptions, Issues, Dependencies. It's a project tracking tool: Risks (what might go wrong), Assumptions (what we're taking as true), Issues (what's already wrong), Dependencies (what we need from others). Updated regularly and reviewed in project status meetings.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

7. What is a "single-threaded owner"?

Show answer One person with full ownership and authority over a specific initiative or decision. The concept (popularized by Amazon) means this person's only job is to drive that initiative — they are not splitting attention across multiple projects. It ensures clear accountability.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

8. What is PCI-DSS and when does it apply?

Show answer PCI-DSS (Payment Card Industry Data Security Standard) applies to any system that stores, processes, or transmits credit card data. It mandates specific controls: network segmentation, encryption, access controls, logging, regular testing. Non-compliance can result in fines and loss of ability to process cards.

Remember: PCI DSS = Payment Card Industry Data Security Standard. 12 requirements for handling cardholder data. Applies if you store, process, or transmit card data.

9. What does "rationalization" mean in enterprise IT?

Show answer Cutting duplicate tools, platforms, or systems. "Application rationalization" means inventorying everything the org uses and consolidating. "We have 4 monitoring tools; let's pick one" is rationalization. Driven by cost savings, reduced complexity, and easier compliance.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.

10. What is the "strangler fig pattern"?

Show answer A migration strategy where you gradually replace an old system piece by piece, rather than doing a big-bang cutover. New functionality is built in the new system while the old system continues to serve existing features. Over time, the new system "strangles" the old one until nothing depends on it.

Remember: understanding corporate IT infrastructure helps DevOps engineers bridge the gap between traditional IT operations and modern cloud-native practices.