TECHNICAL ASSESSMENT

Position : System Engineer Specialist (SES)

Duration: 2 x 24 hours

1. Describe any steps you would take in case hosts on another network segment are
unreachable, while the networking system is not provided by your company.
Answer :
First I will find out the network by doing traceroute to destination host, if I already know
the unreachable host i will check the segment ip in the host.

2. Case:
● Public IP = 11.12.123.250/30
● Local Network = 172.20.2.0/24
● Server 1 = PostgreSQL with public access
● Server 2 = stream server with public access (port: 9001-9050)
● Server 3 = ftp server with read-only public access
● Server 4 = web server with SSL
● 1x router with 5 ports (1Gbps/port)

a. Based on the information above, create the network diagram. add any devices
you see fit if necessary.
Answer :
b. Explain how you could make all services from “Server 1” to “Server 4” accessible
from the public.
Answer :
Configure Server 1
- Login as postgres user using sudo su command, enter :
$ postgres
- Edit the file:
$ vi /var/lib/pgsql/data/pg_hba.conf
- Append the following configuration lines to give access to 172.20.2.0/24
network :
host all all 172.20.2.0/24 trust
- Save and close the file.
- Enable networking for PostgreSQL
# vi /var/lib/pgsql/data/postgresql.conf
tcpip_socket = true
- Save and close the file.
- Restart PostgreSQL Server
# /etc/init.d/postgresql restart

Configure Server 2
- Login sudo su command, enter :
$sudo su
- Set IP : 172.20.2.2 & Subnet : 255.255.255.0 & Gateway : 172.20.2.254
- check firewall with ufw
$ systemctl status ufw
- if we have dead, we need to active ufw
$ systemctl start ufw
- if we have actived, we need check policy firewall is accept
$ iptables -L
- if we have accept, we have allow port 9001-9050
$ ufw allow 9001:9050/tcp
- we have accept to range IP
$ufw allow from 172.20.2.1 to 172.20.2.254 port 9001-9050

Configure Server 3
- Login sudo su command, enter :
$sudo su
- Set IP : 172.20.2.3 & Subnet : 255.255.255.0 & Gateway : 172.20.2.254
- install vsftpd
$apt-get install vsftpd
- enable firewall ufw
$ufw enable
- check status and enable port
$ufw status
 - create folder FTP
$mkdir /home/ftp
- set ownership
$chown nobody:nogroup /home/ftp
- remove write permissions :
$chmod a-w /home/ftp
- restart vsftpd
$systemctl restart vsftpd

Configure Server 4
- Login sudo su command, enter :
$sudo su
- Set IP : 172.20.2.4 & Subnet : 255.255.255.0 & Gateway : 172.20.2.254
- install apache2
$apt-get install apache2
- configure ssl in apache2
- give access in firewall

Configure Router
- Routing ip 172.20.2.0/24 to 11.12.123.250/30
- setting DNS : 8.8.8.8
- setting firewall

3. File “example.list” located in “/home/path/”, contains:

/home/path/to/folder1/in-folder1/1.txt
/home/path/to/folder1/in-folder1/2.txt
/home/path/to/folder1/in-folder1/3.txt
/home/path/to/folder1/in-folder1/4.txt
/home/path/to/folder1/in-folder1/5.txt

change the content of “example.list” with “sed” command to :

/home/path/to/folder2/1.txt
/home/path/to/folder2/2.txt
/home/path/to/folder2/3.txt
/home/path/to/folder2/4.txt
/home/path/to/folder2/5.txt

4. Volume Group = vg_nodeflux

Logical Volume = lv_home
 Please explain the steps to create a new LVM on a newly installed 10 TB HDD which
are using GPT as it’s partition table, and use the new volume to extend /home partition
based on information above.
Answer :

5. Create an installation script to install FTP server and it’s configuration as followed:
● FTP root folder = /home/$USER/ftp
● USER1 = nodeflux ; Permission = full access
● USER2 = donkey ; Permission = read only, on USER1 root folder
● USER3 = gandalf ; Permission = block access to FTP
Answer :

6. Routing Table

Destination Gateway Genmask Flags Metric Ref Use Iface

169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 virbr0

172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0

192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

PC running on Ubuntu 16.04 operating system with IP address 192.168.1.101/24 is

attached to interface eth0. Current situation is the PC cannot access any other hosts on
the same network and cannot access to the internet. The gateway is 192.168.1.1

Based on information above, make changes to the configuration using CLI so the PC
can access to the other hosts and internet.
Answer :

7. What is a Container? Please explain it.

Answer :
Container is a type of software that packages and isolates applications virtually to
facilitate software deployment. The Container package includes everything needed to
run the application: code, runtime, system tools, system libraries, and settings.

8. Explain the architecture of Docker!

Answer :
Mirror Docker (Image) = Docker template image for creating a container.
 Docker container (Container) = Is a container or a set of applications running
independently.
Docker client (Client) = Docker client via the command line or other tools that use the
Docker API (https://docs.docker.com/reference/api/docker_remote_api daemon
communication process) and this Docker.
Docker host (Host) = A physical or virtual machine to implement the Docker daemon and
containers.
Docker Warehouse (Registry) = Docker repository is used to store mirrors, it can be
understood as a repository code control code.
Docker Machine = Docker Machine is a command line tool to simplify the installation,
installation of Docker on the right platform through a simple command line

9. How do you run multiple containers using a single service?

Answer :
I think we can do it in docker. We can create and install more containers and using
single service docker to running all containers and we can use kubernetes.

10. What are the cloud platforms that support Docker?

Answer :
Microsoft Azure, Google Cloud, AWS

11. What is Kubernetes?

Answer :
Kubernetes is an open source platform for managing container pools in a server cluster.

12. Deploy Ghost CMS, Nginx, and Postgre with docker-compose. When creating
deployment script please make sure criteria like below:
a. This deployment will be deployed on top of VM with OS Ubuntu 16.04 and have
dedicated internal and external IP.
b. Docker, docker-compose, OS and VM already deployed. You only need to
prepare the deployment script.
c. Deployment plan, You can create docker-compose.yaml.
d. Multi environment. Like dev, staging, and production.
e. Backup, everyone wants their data safe. You can schedule tasks to auto backup
or dump DB. Backup files can be saved at the local VM, just a different folder
from the postgre working directory.
f. Monitoring, make sure everything is normal and we can trace back if something
goes wrong. You can create a schedule checking script. You can use a script to
monitor things like CPU, RAM, and DISK, if the value exceeds the threshold then
send Alert.
g. Alerting, make sure if something happens we can be notified even if we are
sleeping. You can create a schedule checking script and if something happens it
can request API or something.
 h. Automation, one command to run it all. Every action must be automated,
Consider using bash-script or python. We don’t want manual human intervention.
i. Everything must be committed into the Github repository in private.

13. Please list minimum 3 network monitoring tools!

Answer :
- PRTG
- The Dude
- Observium

14. What are the advantages of Docker over virtual machines?

Answer :
Virtual Machine = heavy, Limited performance on VM configuration, Virtualization at
hardware level, Start-up time in minutes
Docker = light, Maximum performance depends on physical hardware, Virtualization at
OS level, Start-up time in seconds

15. Our AI analytic server is deployed as a microservice. The server is able to handle up-to
1000 requests per second. However, there will be an un-ordinary event coming up and
the amount of requests is exploding up-to 10k requests per second for a few seconds
from a loyal customer. How would you solve this problem without adding more
hardware?
Answer :
Mybe we can create microservice queue algorithm in deployment

16. How do you deploy an AI models in a mobile device? Please mention and explain all the
possible methods.

17. What is the advantageous and disadvantageous deploying Ai model directly on mobile
devices?

18. Say we want to develop an AI analytic mobile application(IOS/Android), for e.g taking
snapshot photos of pets, and tell what species it is. Now, for this AI analytic, we have
developed an AI deep learning model for this particular application. This model of course
requires computation and storage size and can be ported to the mobile device as
well(with some tradeoff in term of performance)

If you are given a task to design end to end system architecture for this application,
ranging from the backend applications, infrastructures, network protocol
communications, and finally the mobile application, how do you approach this? we would
like to see architecture diagrams, components, where you will store the
model(backend/frontend with supporting reasoning), communication methods, and stack
choices(please support the reasons)