Thursday, March 9, 2017

General Linux Interview Questions

Q) What is Run Level?

Run level is one of the modes that the UNIX-based operating system will run in. Each run level has a certain no. of services stopped or started, giving the user control over the behavior of machines.
There are total seven run levels present numbered from 0 to 6.
i.              Run level 0: Halt the system
ii.            Run level 1: Single user mode (for administrative tasks)
iii.          Run level 2: Multi-User Mode, without NFS (Network file system)
iv.          Run level 3: Multi-User Mode with networking and command line interface.
v.            Run level 4: Not used
vi.          Run level 5: Multi-User Mode with networking and X Window (GUI)
vii.        Run level 6: Reboot the system

Q) What is the difference between SSH and Telnet?
SSH which is known as Secure Shell is a networking protocol used to securely log in to the remote system. It is a most common way to access remote Linux or UNIX type system over the internet.
SSH run on port no 22 by default; however, it can be easily changed.
SSH is very secure protocol because it shares and sends the information in an encrypted format which provides confidentiality and security of data over an unsecured network such as the internet.
Once the data for communication is encrypted using SSH, it is very difficult to decrypt and read that data, so our password also become secure to travel on the public network.
SSH uses public-key for the authentication of users accessing the servers and it is a great practice providing us extreme security.

Telnet is the joint abbreviation of Telecommunication and network and it is the networking protocol best known for UNIX platform.
Telnet uses the port 23 and it was designed specifically for local area network.
Telnet is not a secure communication protocol because it does not use any security mechanism and transfers the data over the network/internet in plain text format including the password and so anyone can sniff the packet to get that important information.
There are no authentication policies and data encryption techniques used in telnet causing huge security threat that is why telnet is no longer used for accessing network devices and servers over the public network.


Q) Boot Process.

1. Power On/Restart:

When you power on or restart your computer the power is supplied to your computer SMPS.
One of the main components of the computer is SMPS (Switch Mode Power Supply). The primary objective of SMPS is to supply perfect required voltage level to the devices attached to the machine such as a motherboard, HDD’s, Keyboard, Mouse, CD-DVD ROM etc.
The most intelligent device in the computer is Processor (CPU) when supplied with the power start running sequence of operations stored in its memory. The first instruction it will run is to pass control to BIOS.

2. BIOS

BIOS stands for Basic Input-Output System. The most important use of BIOS is to do POST (Power on Self-Test) during the boot process. POST is the series of test conducted by BIOS to check the proper functioning of all the hardware components attached to the computers.
Once the POST is completed successfully, BIOS will check CMOS setting to know what the boot order is.
Boot order is nothing but a user defined order which tells where to look for the operating system. BIOS will select first boot device for booting, the devices can be Hard Drive, CD Rom, Floppy Drive, Network Interface or other removable media such as USB drive.
BIOS is programmed to look at the first sector of your Hard Drive which is known as Boot sector. This location is also known as MBR, which contains the program that will help our computer to load the operating system. As soon as BIOS finds a valid MBR, it will load entire content of MBR into the RAM and further execution is done by the content of MBR.

3. MBR

MBR stands for Master Boot Recorder which is located at the first sector of your hard disk. It is just a 512 Bytes in size. MBR is not located inside any partition.
MBR has following three components.
a. Primary boot loader code (size: 446Bytes)
b. Partition table information (size: 64 Bytes)
c. Magic number (size: 2 Byte)

a. Primary boot loader code: This code provides boot loader information and location details of actual bootloader code on the hard disk.

b. Partition table: MBR contains 64 bytes of data which stores Partition table information such as what is the start and end of each partition, the size of the partition, type of partition (Whether it's a primary or extended etc.). We can create maximum 4 primary partitions each of 16 Bytes only.

c. Magic Number: The magic number service as validation check for MBR. If MBR gets corrupted this magic number is used to retrieve it. 

MBR cannot directly load kernel as it is unaware of file system concept and requires bootloader with file system driver with each supported file system. To overcome this situation GRUB is used with the details of the file system in /boot/grub/grub.conf and file system drivers.

4. GRUB

GRUB (Grand Unified Boot Loader) loads the kernel in 3 stages.

GRUB stage 1:
Its primary function is to load either stage 1.5 or stage 2 boot loader.

GRUB stage 1.5:
Stage 1 can load stage 2 directly but it is normally setup to load stage 1.5.
This can happen when the /boot partition is situated beyond 1024 cylindrical head of the hard disk.
GRUB Stage 1.5 is located in the first 30KB of hard disk immediately after MBR and before the first partition. This space is utilized to store file system drivers and modules.
This enabled stage 1.5 to load stage 2 to load from any known location on the file system i.e. /boot/grub

GRUB stage 2:
This is responsible for loading kernel from /boot/grub/grub.conf and any other module needed.
GRUB loads the user-selected (or default) kernel into memory and passes control on to the kernel. If the user does not select the OS after a defined timeout GRUB will load the default kernel in the memory for starting it.

4. Kernel

The kernel can be considered as the heart of the operating system responsible for handling all system processes. Kernel acts as a mediator of hardware and software.
The kernel is a compressed image file, it is basically an executable bzImage file.
The kernel verifies hardware configurations (floppy drive, hard drive, network adapter etc.) and configures drivers for the system.
Now the kernel uncompresses Initrd image. Initrd stands for initial ramdisk used by the kernel as temporary root file system until the kernel is booted and real root filesystem is mounted.
It also contains necessary drivers compile inside which helps it to access the hard drive partition and other hardware.
Once all modules are loaded which are present in Initrd image, it umount initrd image and mounts the root partition as specified in grub.conf file as read only.

5. INIT

Once the kernel starts its operation the first thing it does is executing INIT process.
The init process is the root/parent process of all the processes running under Linux.
As soon as init process is executed it will look at /etc/inittab file to know what the default run level is.
Based on the appropriate run-level, scripts are executed to start/stop various processes to run the system and make it functional.
Scripts for run levels 0 to 6 are located in subdirectories /etc/rc.d/rc0.d through /etc/rc.d/rc6.d respectively. There are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.

/etc/rc0.d/ –Contain Start/Kill scripts which should be run in Runlevel 0
/etc/rc1.d/ –Contain Start/Kill scripts which should be run in Runlevel 1
/etc/rc2.d/ –Contain Start/Kill scripts which should be run in Runlevel 2
/etc/rc3.d/ –Contain Start/Kill scripts which should be run in Runlevel 3
/etc/rc4.d/ –Contain Start/Kill scripts which should be run in Runlevel 4
/etc/rc5.d/ –Contain Start/Kill scripts which should be run in Runlevel 5
/etc/rc6.d/ –Contain Start/Kill scripts which should be run in Runlevel 6


At last, INIT runs one file which is /etc/rc.local 

Q) What is Soft Link/Symlink?
Soft Link or Symlink is the actual link to an original file. Soft link is a file which contains a reference to another file or directory in the form of absolute or relative path.
In short, you can create a shortcut of the file or directory to the other path.
1. These links will have different inode values.
2. Soft link points to original file so if the original file is deleted then the soft link fails. If you delete soft link nothing will happen to file.
3. Soft link can link to directory also.
4. Soft link can cross the file system.
5. Soft link contains the path for original file/directory, not the actual content.

Q) What is Hard link?
Hard link is the mirror copy of the original file. Hard links point directly to the physical file on disk, and not on the path name.
1. These links share same inode value.
2. Changes made to the original file or hard linked file will reflect other. When you delete original file or hard linked file nothing will happen to other.
3. Hard link can link to files only not to the directory.
4. Hard link can’t cross file system.
5. Removing any link, just reduces the link count but doesn't affect the other links.

Q) What is UMASK?
UMASK stands for User File Creation Mask. It is a default set of permission given when new file/directory is created on Linux machine.
Default UMASK value for Normal user: 002
Default UMASK value for root user: 022
Base permission for directories are: 0777
Base permissions for files are: 0666

Q) What is ulimit?
The ulimit command provides the control over the resources available to the shell and/or to processes started by it.
You can limit the user to a specific range by editing /etc/security/limits.conf at the same time system wide settings can be updated in /etc/sysctl.conf.


Q) What is DNS?
DNS (Domain Name System) is service which translates between Internet name and Internet address i.e. it is used to resolve human-readable hostname like google.com into machine-readable IP address 216.58.203.142.

Q) What are DNS records and Types of DNS records?
DNS records are held in zone file used for mapping URL to IP address. DNS records are basically mapping file that tells DNS server which IP address each domain name is associated with, and how to handle requests sent to each domain. These records are typically the connection of your website with outside world.
Request for your website are forwarded to your DNS server and then get pointed to web server that serves the website or to the Email server that handles the incoming mail.

1. A Record:
A records are one of the key record types within the DNS. The A record is used to associate the domain name to IP address.

2. AAAA Record:
AAAA records are similar to A record. The only difference is that the AAAA records points to ipv6 address instead of ipv4 addresses.

3. CNAME Record:
CNAME stands for Canonical name. A CNAME record points one of your subdomains to a different domain name. i.e. CNAME record is used to define one domain an alias of other domain.

4. MX Record:
MX record stands for Mail Exchange Record. These records are used to identify the servers that handle the email address for your domain name.

5. NS Record:
NS or Nameserver record maps the domain name to a list of DNS servers authoritative for that domain. NS records indicate authoritative nameserver for the domain.

6. PTR Record:
PTR record type is used to perform the exact opposite functionality of DNS A record type. PTR record is used to translate an IP address to the domain name.

7. SOA Record:
SOA record stands for Start of Authority record. This record is used to inform resolver that the server which contains this record is the authoritative server for the requested domain name. That means it provides authoritative information about the domain.

Q) Types of the File system.
1. Ext2:
> Second extended file system.
> Introduced in 1993, developed by Remy Card.
> Ext2 does not have journaling Feature.
> Max Individual file size: 16 GB to 2 TB
> Overall file system size: 2 TB to 32 TB

2. Ext3:
> Third extended file system.
> Introduced in 2001, developed by Stephen Tweedie
> Ext3 have journaling feature enabled.
> Max Individual file size: 16 GB to 2 TB
> Overall file system size: 2 TB to 32 TB

3. Ext4:
> Fourth extended file system.
> Introduced in 2008.
> It has the option to turn off journaling feature, other features like delayed allocation, multi-block allocation, fast fsck etc.
> Max Individual file size: 16 GB to 16 TB
> Overall file system size: 1 EB (1EB = 1024PB = 1024 TB)
  
Q) What is Journaling?
Journaling file systems provide new level of safety to the Linux kernel. Instead of writing data directly to the storage device and then updating inode table, journaling filesystem writes file changes into a temporary file (called as journal) first. After data is successfully written to the storage device and the inode table, the journal entry is deleted.
When the system crashes, the possibility of file system corruption is less because of journaling.

If the system crash or suffer a power outage before the data can be written to the storage device, the journaling file system just reads through the journal file and processes any uncommitted data left over.

Q) TCP and UDP Difference.
TCP:
1. TCP stands for Transmission Control Protocol.
2. It is connection oriented protocol.
3. TCP header size is 20 bytes
4. TCP is reliable but slower in transferring.
5. TCP guarantee delivery of data.
6. The order of data at receiving end is same as on sending end.
7. TCP does error checking and error recovery.

UDP:
1. UDP stands for User Datagram Protocol.
2. It is connectionless protocol.
3. UDP Header size is 8 bytes.
4. UDP is not reliable, but faster in transferring.
5. UDP doesn’t provide guaranteed delivery of data.
6. UDP doesn’t provide any ordering of data.
7. UDP makes error checking but no reporting.


Q) Raid Levels?
RAID stands for Redundant Array of Independent (or Inexpensive) Disk. RAID is the way of combining several independent and relatively small disks into a single storage of large size. The disks included in the array are called as an array member. The disk can be combined into the array in different ways known as RAID levels.

1. RAID 0 (Striping)
In Raid 0, Data are splits up into blocks and then get written across all the drives in the array. Raid 0 provides high performance such as high read and write speed.
Utilizes all the storage capacity.
Raid 0 does not provide fault-tolerance, if one of the disks fails, all the data in Raid 0 array are lost.
We need at least minimum 2 disks to create a RAID 0 (Striping).

2. RAID 1 (Mirroring)
Data are stored twice by writing them to both the data drive and mirror drive. If a drive fails, the controller uses either the data drive or the mirror drive to recover data and continues operations.
The effective storage capacity is only half of the total drive capacity because all data get written twice.
In case a drive fails, data do not have to be rebuilt, they just have to be copied to the replacement drive.
We need at least minimum 2 disks to create a RAID 1 (Mirroring).

3. RAID 5 (Distributed parity)
Raid 5 is the most common secure raid level. Data blocks are striped across the drives and on one drive a parity checksum of all the block data is written. The parity data are not written to fixed drive, they are spread across all drives.
Raid 5 array can withstand a single drive failure.
If one of the drives fails, parity info will be used to rebuild the data.
We need minimum 3 disks to create a RAID 5 (Distributed parity). 

4. RAID 6 (Striping with double parity)
RAID 6 is like RAID 5 only, but the parity data are written to two drives.
RAID 6 can withstand 2 drive failure simultaneously.
If two drives fail, you still have access to all data, even while the failed drives are being replaced. So RAID 6 is more secure than RAID 5.
We need minimum 4 Drives to create RAID 6 


Q) Recursive query in DNS?
The recursive query is a kind of query in which DNS server who receives your query will do all the job of fetching the answer and giving back to you.
During this process, the DNS server might also query other DNS servers on the internet for your answer.

Step by step understanding
1. Suppose that you want to browse www.example.com and your resolver.conf has got an entry of ISP DNS server.

2. DNS server on receiving the query will look into its table (cache) to find IP address ie A record for example.com.

3. If DNS server does not have the answer for the query in its cache, then it will send this query to “root” DNS server for the answer.

4. The root DNS server will reply with the list of server’s (referral) that are responsible for handling “.com” TLD server.

5. Our DNS server will select one of the .com TLD servers from the list given by root server to query the answer for example.com.

6. Similar to root servers, the TLD servers are also iterative in nature, so it replies back to our DNS server with the list of IP address of DNS servers responsible for the domain (authoritative nameserver) example.com.

7. This time also our DNS server will select one of the IP from given list of authoritative nameserver and queries A record for example.com.

8. Now our DNS server will reply us back with IP domain pair. Now browser will send the request to the web server for the content using IP address that it has learned.

9. Our DNS server now stores this record in its table (cache), so next time when it receives the same query then it will serve it from its cache.

Q) Iterative query in DNS?
In an Iterative query, the DNS server will not go and fetch the complete answer for your query but will give back referral to other DNS server which might have the answer.
If the DNS server is not recursive (i.e iterative) in nature then, it will give the answer if it has in its record. Otherwise, will give us the referral to root servers, that means it will not query root server and other DNS servers.

Now its job of our resolver to query root servers, TLD servers, and authoritative name servers.

Reference link: DNS query explained

AWS Interview Questions


AWS Interview Question and Answer Series

Refer below links
https://blog.goinit.net/2021/03/aws-interview-questions-part-3.html


Q) What is amazon EC2?

Amazon Elastic Compute Cloud (EC2) provides scalable (resizable) computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 you can launch as many virtual servers you need and configure security, networking and also manage storage.

Q) What is EC2 Instance?
An EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running application on Amazon Web Service (AWS) infrastructure.

Q) Features of EC2?
1. Virtual computing environment known as instances
2. Preconfigured templates for your instances known as Amazon Machine Images (AMI).
3. Various configurations of CPU, Memory, Storage and networking capacity known instance types.
4. Secure login information for your instances using key pair.
5. Storage volumes for temporary data that’s deleted when you stop or terminate the instances known as instance store volume.
6. Persistent storage volume for your data using Amazon Elastic Block Store (EBS) known as Amazon EBS volume.
7. Multiple physical locations for your resources such as instances and Amazon EBS volumes known as regions and Availability zones.
8. A Firewall that enables you to specify the protocol, ports and source IP ranges that can reach your instances using security groups.
9. Static IP addresses for dynamic cloud computing knows as Elastic IP Addresses.
10. Metadata i.e. tags that you can create and assign to your Amazon EC2 resources.
11. Virtual networks you can create that are logically isolated from rest of the AWS cloud and that you can optionally connect to your own network know as Virtual Private Cloud (VPC)

Q) What is AMI?
It’s a template that provides information (an operating system, an application server and applications) required to launch an instance, which is a copy of AMI running as a virtual server in AWS cloud.
An AMI includes following:
1. A template for root volume for instance (an operating system, an application server and applications)
2. Launch permission that control which AWS accounts can use the AMI to launch the instances.
3. A block device mapping that specifies the volumes to attached to the instance when it is launched.

Q) Types of AMI?
You can select an AMI to use based on following characters.
1. Regions and availability zones.
2. Operating Systems
3. Architecture (32-bit or 64-bit)
4. Launch permission     
5. Storage for root device

Q) What is instance type?
When you launch an instance, the instance type that you specify determines the hardware of the host computer used for your instance.
Each instance type offers different compute, memory and storage capabilities and are grouped into instance families based on these capabilities.

Q) What is VPC?
Amazon Virtual Private Cloud (VPC) enables you to launch Amazon Web Services (AWS) Resources into the virtual network that you have defined.
A virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account.
It is logically isolated from other virtual networks in AWS cloud. You can launch AWS resources such as amazon EC2 instances into your VPC.
You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways and security settings.

Q) What is Security group?
A Security group act as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign an instance to up to five security group.
Security group act at the instance level, not the subnet level. Therefore each instance in a subnet in your VPC could be assign to a different set of security groups.
If you don’t specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.
For each security group, you add rules that control the inbound traffic to instances and a separate set of rules that control the outbound traffic.

Q) Basic Characteristics of Security group for VPC.
i. You can create up to 500 security groups per VPC. You can add up to 50 inbound and outbound rules to each security group. You can associate up to 5 security group per network interface.
ii. You can specify allow rules, but not deny rules.
iii. You can specify separate rules for inbound and outbound traffic.
iv. By default, no inbound traffic is allowed until you add inbound rules to the security groups.
v. By default, an outbound rule allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only.
vi. Security groups are stateful means the responses to allowed inbound traffic are allowed to flow outbound regardless of outbound rules and vice versa.
vii. Instances associated with security groups can’t talk to each other unless you add rules allowing it.
Viii. Security groups are associated with network interfaces. After you launch an instance, you can change security group associated with the instance, which changes the security group’s associated with a primary network interface (eth0).
You can also change security group associated with any other network interface.

Q) What is S3?
Amazon S3 is storage for the internet. A Simple Storage Service that offers software developers a high-scalable, reliable and low-latency data storage infrastructure at very low costs. It is designed to make web-scale computing easier for developers.
Amazon S3 provides a web service interface which you can use to store and retrieve any amount of data, at any time, from anywhere on the web.
Using this web service, developers can easily build applications that make use of internet storage.

Q) Amazon EBS Volume?
Amazon Elastic Block store (Amazon EBS) provides the block level storage volume for use with amazon EC2 Instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in same availability zone.
Amazon EBS is recommended when data must be quickly accessible and requires long-term persistence. EBS volumes particularly well suited for the use as the primary storage for the file systems, databases, or for any applications that requires fine granular updates and access to raw, unformatted and block level storage.
Amazon EBS is well suited to both database-style applications that rely on random reads and writes and to throughput-intensive application that performs long, continuous read and writes.
Amazon EBS provide following volume type:
1. General purpose SSD (gp2)
2. Provisioned IOPS SSD (io1)
3. Throughput Optimized HDD (st1)
4. Cold HDD (sc1)
5. Magnetic (standard)

Q) Instance store volume?
An Instance store provides temporary block level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, cache, scratch data, and other temporary content or for the data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on instance store volumes is lost.

Q) What is IaaS?
Cloud Infrastructure Service, known as Infrastructure as a Service. IaaS model provides computing infrastructure including servers, storage, networking, and networking services (eg firewall).
IaaS provider offers these cloud servers and their associated resources via dashboard and/or API. IaaS clients have direct access to their servers and storage, just as they would with traditional servers but gain access to a much higher order of scalability. Users of IaaS can outsource and build a “virtual data center” in the cloud and have access to many of the same technologies and resource capabilities of a traditional data center without having to invest in capacity planning or the physical maintenance and management of it.

Examples: Amazon EC2, Windows Azure, Rackspace, Google Compute Engine.

Q) What is PaaS?
Cloud Platform Service or Platform as a Service provides the platform on which software can be developed or deployed. It provides you computing platforms which typically includes an operating system, programming language execution environment, database, web server etc.

Examples: AWS Elastic Beanstalk, Google App Engine, Apache Stratos.

Q) What is SaaS?
Cloud application services, or Software as a Service (SaaS), is the most popular and known form of cloud service for consumers. SaaS moves the task of managing software and its deployment to third-party services.
In IaaS model you are provided with access to application software’s often refer to as on-demand software.
Use of SaaS applications tends to reduce the cost of software ownership by removing the need for technical staff to manage install, manage, and upgrade software, as well as reduce the cost of licensing software.
Examples: Google Apps, Netflix, WebEx, GoToMeetings and DropBox, Microsoft Office 365.

Q) Regions and Availability zones?
Amazon EC2 is hosted in multiple locations worldwide. These locations are composed of regions and availability zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability zones. Amazon EC2 provides you the ability to place the resources, such as instances and data in multiple locations.
Each region is completely independent. Each availability zone is isolated, but the availability zones in a region are connected through low-latency link.
Amazon EC2 resources are either global, tied to a region, or tied to an Availability Zone.

Availability zone:
Availability zones are effectively different data centers located within the regions. Each availability zone is completely independent of others which enable them to reside in different areas within the same region providing a level of business continuity in the event of a disaster.
All the Availability zones within the same regions are linked by extremely low latency link providing high availability feature for many of AWS service such as S3, RDS etc. to communicate with each other.

Q) What is Edge Location?
Edge locations are used in conjunction with the AWS CloudFront service which is a global Content Delivery Network service. Edge locations are deployed across the world in multiple locations to reduce the latency for the traffic served over the CDN and as a result, are usually located in high populated areas.

Q) What is shared instance?
i. Shared instances are Amazon EC2 instances which are running on hardware that is not dedicated to single AWS account i.e. different instances from different AWS account sharing same physical host.
ii. In case of stop and start of instances, the underlying hardware (i.e. host) would change

Q) What is dedicated instance?
i. Dedicated instances are Amazon EC2 instances that run in Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer.
ii. Your dedicated instances are physically isolated at host hardware level from the instances that belong to other AWS account.
iii. Dedicated instances may share hardware with other instances from the same AWS account that are not dedicated instances.
iv. In case of stop and start of instances, the underlying hardware (i.e. host) would change.

Q) What is Dedicated Hosts?
i. An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. You can use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use.
ii. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server.
iii. In case of stop and start of instances, the underlying hardware will not change.


Q) What is Route 53?
Amazon Route 53 is highly available and scalable cloud DNS web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end user to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
Amazon Route 53 performs three main functions:
1. Register domain names.
2. Route internet traffic to the resources for your domain.
3. Check the health of your resources.

Apache Web server Interview Questions

Q) What is Apache web server?

Apache is one of the most popular, open source, robust, reliable and powerful web application used to hosts the website on a web server by serving the web files on the Internet.
A web server delivers content that can be accessed through the internet. This includes HTML documents, multimedia such as images and videos, CSS style sheets and client-side scripts such as Java scripts.
Apache supports cryptographic protocol SSL, an authentication mechanism, virtual hosting, CGI and load balancing across multiple servers to handle a large amount of traffic and many other features. It can be integrated with other open source and proprietary applications such as PHP, MySQL, Python, Tomcat applications.


Q) What is Virtual Hosting in Apache?
Virtual hosting is the method of hosting multiple domain names on a server with single IP address.
Virtual hosting allows one server to share its resources such as memory and processor cycle in order to use its resources more effectively.
There are two types of virtual hosting in Apache.
1. Name Based Virtual Hosting
2. IP-Based Virtual Hosting

1) What is Name Based Virtual Hosting in Apache?
With the name based virtual hosting you can host several domains/websites on a single machine with single IP. All the domains on that server will be sharing single IP. It is easier to configure Name Based virtual hosting than IP Based virtual hosting because you need to only configure the DNS of that domain to map it with the correct IP address and then configure apache to recognize it with the domain name.

2)What is IP-Based Virtual Hosting in Apache?
With the IP-based virtual hosting, you can assign separate IP address for each domain on a single server.  These IP’s can be attached to the server with single NIC card and as well as multiple NIC’s.


Q) What is DocumentRoot in Apache?
The DocumentRoot Directive in Apache is used to define top level root directory from which Apache will serve web files. The directory defined in DocumentRoot contains the file that Apache will serve when it receives the request with the URL /.
The default DocumentRoot for both secure and non-secure web server is the” /var/www/html” directory.
This can be changed to anything by setting ‘DocumentRoot’ in virtual host section of configuration file.


Q) What is DirectoryIndex in apache?
DirectoryIndex is the name of the first file which apache will look for when a request comes from the domain.
For Eg: when www.example.com is requested by the client, apache will go to DocumentRoot of that website and look for the index file.

Q) How to hide server version detail in HTTP response header?
Add following lines in httpd.conf file.
ServerTokens Prod
ServerSignature Off


Q) What is Apache graceful restart?
During graceful restart, apache causes its children to continue to serve their current request until they can be replaced with children running the new configuration.
The parent re-reads its configuration files and re-opens its log files.


Q) Apache Directives

<Directory>: This directive refers to the directory in the filesystem and specifies how apache will behave with regards to that directory.
   <File>: This directive refers to the file within the directory in the filesystem on the server. This will control the behavior of the web server with regards to the specific file.
   <Location>: This directive controls the behavior of the web server with regards to the particular path requested by the client.  
   When applying directives to objects that reside in the filesystem always use <Directory> or <Files>. When applying directives to objects that do not reside in the filesystem (such as a web page generated from a database), use <Location>.
Order:

Order allow, deny
If you set Order allow, deny only those host names or IP addresses associated with allow directive are allowed access. All remaining hosts or IP address would be denied.
Order deny, allow
If you set Order deny, allow only those host names or IP addresses associated with deny directive are denied access. All remaining hosts or IP address would be allowed.

Reference link: more about apache configuration structure. 

Q) User based security/authentication in apache.
User based authentication allows only certain users or group of users to access the website.
To setup user based security/authentication we need to setup “Directory” or “Location” container with following directives.
For Eg:
      AuthType Basic
      AuthName "Protected Space"
      AuthUserFile /path/to/user/file
Or   AuthGroupFile /path/to/group/file
      Require valid-user

AuthType: The type of authentication being used. In this case, it is set to Basic.

AuthName: The authentication realm or name. This is the message that the user will see in the username/password pop-up.

AuthUserFile: The location of the password file.

AuthGroupFile: The location of the group file.

Require: What conditions need to be satisfied in order to allow the user through.