Skip to content

Mental Models Core

← Back to all decks

34 cards — 🟢 11 easy | 🟡 15 medium | 🔴 1 hard

🟢 Easy (11)

1. What is the relationship between kernel, userspace, and distro?

Show answer The kernel is the actual OS — it manages hardware, memory, processes, and syscalls in privileged mode. Userspace is everything running on top of the kernel via syscalls (shells, daemons, apps). A distro is a packaging decision: kernel + userspace tools + package manager + default configs. When people say "Linux" they usually mean all three, which causes confusion.

2. What is the difference between a program, a process, and a service?

Show answer A program is a file on disk (an executable). A process is a running instance of a program — it has a PID, memory, file descriptors, and runtime state. A service is a process managed by an init system (e.g., a systemd unit). One program can have zero or many processes. People say "restart the program" when they mean "restart the service's process."

3. Why is RAID not a backup?

Show answer RAID provides real-time redundancy across disks — survives disk failure but not data corruption, accidental deletion, or ransomware (changes replicate instantly). A backup is a separate copy at a point in time — survives disaster, corruption, and deletion. A snapshot is a frozen view sharing storage with the original — fast to create but usually on the same device. All three protect against different failure modes.

4. What is a Git branch, really?

Show answer A branch is a mutable pointer to a commit — a 41-byte file in .git/refs/heads/ containing a SHA. It is NOT a folder of files. Creating a branch is O(1). A commit is an immutable snapshot with parent pointers forming a DAG. A tag is an immutable pointer to a commit. HEAD is a pointer to the current branch (or directly to a commit when detached).

5. What are the three storage areas in Git?

Show answer Working tree: your actual files on disk (what you edit). Index/staging area: a binary file (.git/index) listing what goes into the next commit. Repository: the .git/ directory (object store + refs). git add copies from working tree to index. git commit records the index as a tree object. git diff shows working tree vs index; git diff --staged shows index vs HEAD.

6. What is the nesting structure in Ansible?

Show answer Playbook (YAML file) contains plays. A play maps hosts to tasks. A task calls one module — the atomic unit. A role bundles tasks + handlers + vars + templates into a reusable directory. A handler is a task that only runs when notified and only once at the end of the play. Handlers exist for "restart X only if config changed" patterns.

7. How does a container differ from a VM?

Show answer A VM runs a full guest OS with its own kernel on virtualized hardware — strong isolation, slow start. A container is a normal host process with namespace isolation + cgroup limits + layered filesystem — shares the host kernel, fast start, weaker isolation. A kernel vulnerability in a container affects the host. "Looks isolated" vs "shares the kernel" is where confusion lives.

8. What is the difference between a container image and a container?

Show answer An image is a read-only layered filesystem + metadata — a template. A container is a running or stopped instance of an image with a writable top layer. docker build creates images; docker run creates containers. Image tags are mutable pointers to image IDs (like git branches). Multiple containers can run from the same image simultaneously.

9. Why does Kubernetes have pods instead of just containers?

Show answer A pod is a group of containers sharing network namespace, IPC, and volumes. Containers in the same pod share localhost. Pods enable the sidecar pattern: main app + log shipper + proxy in one network context. Most pods have exactly one container. The pod is the scheduling unit — Kubernetes schedules pods to nodes, not individual containers.

10. How does a reverse proxy differ from a load balancer?

Show answer A reverse proxy sits in front of backends, forwarding client requests — adds TLS termination, caching, compression, URL rewriting. A load balancer distributes traffic across backends — adds health checks, session affinity, weighted routing. They overlap heavily: nginx does both, HAProxy is primarily an LB. L4 LB routes by IP/port; L7 routes by hostname/path/headers.

11. What is the CI/CD mental model?

Show answer CI/CD is an event → pipeline → artifact → promotion → policy system. Event (git push) triggers a pipeline (build, test, scan). Pipeline produces an immutable artifact (container image, binary). Artifact is promoted through environments (dev → staging → prod) with increasing confidence. Key principle: build once, deploy the same artifact everywhere. "CD" means Delivery (human gate) or Deployment (automatic).

🟡 Medium (15)

1. How do file, inode, pathname, and symlink relate?

Show answer An inode IS the file — it holds metadata and data block pointers but has no name. A pathname is a name pointing to an inode via a directory entry (hard link). One inode can have multiple pathnames. A symlink is a separate inode whose content is a pathname string. Deleting a pathname decrements the link count; data is freed when count reaches 0.

2. What are the four permission systems in Linux?

Show answer Mode bits (rwx): per-inode three-level access control (owner/group/other). Ownership (uid/gid): who the file belongs to. ACLs: fine-grained per-user/group permissions beyond mode bits. Capabilities: fine-grained decomposition of root's powers (process-level, not file-level). setuid/setgid are mode bits that change the effective uid/gid of the running process.

3. What is the difference between start and enable in systemd?

Show answer start/stop control runtime state — the unit runs now or stops now. enable/disable control boot-time behavior by creating/removing symlinks into a target's wants directory. enable does NOT start the service. A common pattern is 'systemctl enable --now' to do both. Similarly, wants is a weak dependency (continue if it fails) while requires is hard (fail if it fails).

4. What are the three roles in DNS resolution?

Show answer Stub resolver: on your machine, sends one query, gets one answer (configured via /etc/resolv.conf). Recursive resolver: walks the DNS tree on your behalf (e.g., 8.8.8.8). Authoritative server: owns the zone file, returns the actual records. Resolution path: stub → recursive → root → TLD → authoritative. Most confusion comes from collapsing all three into "DNS server."

5. What are the five layers of the Linux storage stack?

Show answer Disk (block device, /dev/sda) → Partition (GPT/MBR subdivisions, /dev/sda1) → LVM (abstracts physical partitions into resizable logical volumes: PV → VG → LV) → Filesystem (organizes blocks into files: ext4, xfs, btrfs) → Mount (attaches filesystem to a directory). Each layer except disk and filesystem is optional. People skip layers mentally, going from "disk" straight to "format it."

6. When should you use rebase vs merge?

Show answer Merge creates a new commit with two parents, preserving full history. Rebase replays your commits on a new base, rewriting SHAs for linear history. Golden rule: never rebase commits that others have based work on (shared history). Use merge for shared branches and pull requests. Use rebase for cleaning up local work before sharing. Both integrate changes; they differ in history shape.

7. How does Ansible inventory work?

Show answer Inventory defines what machines to manage and how to group them. A host is a target (IP/hostname). A group is a named set of hosts. Implicit groups: 'all' and 'ungrouped'. Variables attach at host (host_vars/) or group (group_vars/) level. Static inventory is an INI/YAML file; dynamic inventory queries cloud APIs. The hosts: field in a play selects targets.

8. What does idempotence mean in Ansible?

Show answer Running the same task twice produces the same result with no unnecessary changes. Modules enforce this by checking current state before acting (desired state → check → act if needed). The changed/ok distinction reports whether action was actually taken. command/shell modules are NOT idempotent by default — they always report changed. Modules run on the target; plugins run on the controller.

9. How do Deployment, ReplicaSet, and Pod relate?

Show answer Three layers: Deployment creates ReplicaSets, ReplicaSets create Pods. Pod runs containers but has no self-healing. ReplicaSet ensures N pod replicas exist, replacing dead ones. Deployment manages ReplicaSets for rolling updates and rollbacks. You almost never create ReplicaSets directly. Rolling update = new RS scales up while old RS scales down.

10. What is the difference between a Service and an Ingress?

Show answer Service: stable L4 endpoint for a set of pods — gets a cluster IP, load-balances via label selectors. Types: ClusterIP (internal), NodePort (port per node), LoadBalancer (cloud). Ingress: L7 HTTP routing rules mapping hostnames/paths to Services. Ingress requires an Ingress Controller to function. Service = L4 load balancing to pods, Ingress = L7 HTTP routing to services.

11. Why does Kubernetes have both PV and PVC?

Show answer PV (PersistentVolume): a piece of provisioned storage. PVC (PersistentVolumeClaim): a user's request for storage that binds to a matching PV. The split separates concerns: admins manage storage (PVs), users request it (PVCs). StorageClass enables dynamic provisioning — creating a PVC automatically creates and binds a PV. Pods reference PVCs, not PVs directly.

12. How does the Kubernetes control plane work?

Show answer K8s is a declarative reconciliation engine. You describe desired state; controllers converge toward it in a continuous loop: observe → compare → act → repeat. API server is the front door (stores state in etcd). Scheduler assigns pods to nodes. Controller manager runs controllers (Deployment, ReplicaSet, Node). kubelet on each node ensures containers match pod specs. Eventual consistency, not transactions.

13. What is Terraform's core mental model?

Show answer Terraform is a desired-state engine. .tf files declare what should exist; Terraform builds a dependency graph. The state file records what Terraform thinks exists (a cache, not reality). Plan = diff desired vs state → action list. Apply = execute the plan via provider API calls. Drift occurs when reality diverges from state. The dependency graph and state file are the core concepts.

14. How do logs, metrics, and traces differ in cost, cardinality, and use case?

Show answer Logs: timestamped event records, high cardinality, good for debugging specifics ("what happened"). Metrics: numerical time-series, low cardinality, good for dashboards and alerts ("how much/how often"). Traces: request-scoped records showing flow through services, good for latency analysis ("where did time go"). Metrics are cheap to store; logs preserve context; traces show causality.

15. What is the core design choice that gives Btrfs its features?

Show answer Copy-on-write (CoW): data is never overwritten in place — new versions are written to new locations. This one choice enables free snapshots (CoW clone of a subvolume), free reflinks (CoW clone of a file), and checksumming of all data. Subvolumes replace partitions (no fixed size, share the pool). Snapshots are NOT backups — they share the same device. Disable CoW (chattr +C) for database workloads to avoid fragmentation.

🔴 Hard (1)

1. What is the practical rule for Ansible variable precedence?

Show answer Ansible has ~22 precedence levels, but the practical rule is: role defaults (lowest) < inventory vars < play/role vars < extra vars -e (highest). Role defaults/ are safe fallbacks anyone can override. Extra vars always win.
Common mistake: putting variables in role vars/ instead of defaults/, which blocks overrides. For most work, remembering 4 levels is enough.