12 Incident Management Questions to Crack your Interview

Hi Friends,

there are few question related to incident management……

please have a look……….


QUESTION 1: What is your understanding of incident management?

ANSWER 1: An Incident occurs when there is an interruption in the flow of service, or if the quality of the process has reduced. For example, (power cut scenario – finance company – server down). Incident management means restoring the flow of process as soon as possible by rectifying the issue caused due to the incident. It reduces the adverse impact on the business.


QUESTION 2: On what factors do you prioritize an Incident?

ANSWER 2: The priority of an Incident can be decided on answering the following questions:

  • Do we have a temporary or an alternate solution while fixing the actual issue?
  • Is this urgent or can it wait? If it can wait, then how long can it wait?
  • What else goes wrong if this is not fixed?
  • What is the financial impact, reputational impact, or SLA (Service Level Agreement) breach?


QUESTION 3: Explain – Priority = Impact + Urgency (Priority Matrix)

ANSWER 3: Impact is the level of loss, be it financial or on the business. Urgency is how quick the solution has to be provided. Priority is decided based both on Impact and Urgency.


QUESTION 4: What is an Emergency Change? How different is it from a Normal Change?

ANSWER 4: Emergency Change is something which has huge impact if not addressed immediately. It is dealt by ECAB (Emergency Change Advisory Board), with shorter time-scales and higher levels of urgency. ECAB does the impact assessment and decides whether to approve or to reject the change request.


QUESTION 5: Describe the different phases involved in the Incident Management Process.

ANSWER 5: In the different phases, one needs to:

  • Mitigate risk: Incident management guides you to identify the chances, potential risks, or threats that may cause interruption to a process and thereby mitigate the occurrence of any such incident by planning the pre and post actions, to face the
  • Prepare: Preparing is nothing but planning. Remember – Prevention is always better than cure. Hence, planning is a part of this phase where the incident professional plans the actions that need to be performed for an incident. This is termed as IMP – Incident Management Plan. This IMP leads you with step by step procedures.
  • Respond: One needs to respond to an incident on priority. This is to mitigate the risk occurred and also to reduce further damage. This may also be done by IMRT (Incident Management Response Team).
  • Resolve: The incident team or individual should assess the damage caused and take the responsibility of informing all the members involved in the process about the status of the incident.
  • Recover: In the recovery phase, the Business Continuity Plans (BCP) are implemented and teams or persons connected in testing this plan / phase are well prepared to perform the action. This may include teams like HR, IT desk, operations, server team, BCP team, and so on.
  • Resume: In this phase, incident professionals need to analyze the outcome of the BCP so conducted, whether it has a positive or negative response. Post the analysis, they need to make necessary changes depending on the response, and implement the plan that confirms the BCP plan.


QUESTION 6: How do you engage Problem Management while handling incidents?

ANSWER 6: As soon as an Incident is identified as a problem ticket, the problem management team comes into the picture to check the previous and related incidents, and then do a root cause analysis so as to find the reason for the recurring incident. The incident management team provides, the required incident details to the problem manager, and also coordinates with the end user in times of need.


QUESTION 7: What type of Incident Management reports did you or your team have?

ANSWER 7: The types are:

  • Average handling time for transactions
  • Average response times based on priority of the incident
  • Average resolution times based on the priority of the incident


QUESTION 8: What are the escalation methods that are used in Incident management?

ANSWER 8: There are two types of methods used: the Functional method and the Hierarchical method.

Functional escalation means forwarding or assigning a particular incident from one department to another for resolution.

Hierarchical escalation is done when we don’t get the proper and timely response from the support teams. We escalate it to the senior management above the support team members.

QUESTION 9: Why does an Incident manager need to be aware of new developments and technical changes?

ANSWER 9: An Incident Professional needs to update his knowledge and be aware of the new developments and technical changes because it helps him or her to find upgraded resolutions that may trigger in future.


QUESTION 10: What are the daily responsibilities of an Incident Manger?

ANSWER 10: An Incident Manager is responsible of the following activities:

  • Ensuring that the incident backlogs are cleared at the earliest as per the SLAs (Service Level Agreements) and OLAs (Operational Level Agreements)
  • Ensuring that the tickets are routed to the correct support group so that the response and resolution times are not affected.
  • Following the Incident Management Process (as designed)
  • Holding periodical meetings with the stakeholders and other departments involved, to share the new guidelines if any
  • Updating oneself with the new procedures and developments
  • Utilizing the knowledge effectively and keep updating it


QUESTION 11: How different is Major Management Process from Incident Management Process?

ANSWER 11: There is some similarity in the two processes. In both the cases, we aim to get the incident resolved at the earliest so as to reduce adverse impact on the business. But there is a slight difference in their approaches. Major incident management is a critical process where the timelines are shorter and urgency levels are higher. The way your team wants to deal with it may depend on your organization structure. Usually someone specific is assigned to take care of that particular major incident – right from the identification of the major incident, bringing in the support team members on to a conference call or a group chat till resolving the incident.


QUESTION 12: How is a Major Incident Management bridge call handled?

ANSWER 12: A Major Incident Management bridge call is handled by:

  1. Inviting all the stakeholders on to the call
  2. Inviting them about the criticality
  3. Identifying the appropriate resolver group (in case there are multiple groups related to the incident)
  4. Letting the resolver group acknowledge and take ownership of the incident
  5. Coordinating with the stakeholders in order to keep them posted about the progress
  6. Using Functional or Hierarchical Escalation according to the requirement
  7. Sending timely updates to all stakeholders


Hands On


LS -unix


       ls - list directory contents


       ls [OPTION]... [FILE]...


       List  information  about  the FILEs (the current directory by default).
       Sort entries alphabetically if none of -cftuSUX nor --sort.

       Mandatory arguments to long options are  mandatory  for  short  options

       -a, --all
              do not hide entries starting with .

       -A, --almost-all
              do not list implied . and ..

              print the author of each file

       -b, --escape
              print octal escapes for nongraphic characters

              use SIZE-byte blocks

       -B, --ignore-backups
              do not list implied entries ending with ~

       -c     with -lt: sort by, and show, ctime (time of last modification of
              file status information) with -l: show ctime and  sort  by  name
              otherwise: sort by ctime

       -C     list entries by columns

              control  whether  color is used to distinguish file types.  WHEN
              may be ‘never’, ‘always’, or ‘auto’

       -d, --directory
              list directory entries instead of contents, and do not  derefer-
              ence symbolic links

       -D, --dired
              generate output designed for Emacs’ dired mode

       -f     do not sort, enable -aU, disable -lst

       -F, --classify
              append indicator (one of */=@|) to entries

              across  -x, commas -m, horizontal -x, long -l, single-column -1,
              verbose -l, vertical -C

              like -l --time-style=full-iso

       -g     like -l, but do not list owner

       -G, --no-group
              inhibit display of group information

       -h, --human-readable
              print sizes in human readable format (e.g., 1K 234M 2G)

       --si   likewise, but use powers of 1000 not 1024

       -H, --dereference-command-line
              follow symbolic links listed on the command line

              follow each command line symbolic link

              that points to a directory

       --indicator-style=WORD append indicator with style WORD to entry names:
              none (default), classify (-F), file-type (-p)

       -i, --inode
              print index number of each file

       -I, --ignore=PATTERN
              do not list implied entries matching shell PATTERN

       -k     like --block-size=1K

       -l     use a long listing format

       -L, --dereference
              when showing file information for a symbolic link, show informa-
              tion  for  the file the link references rather than for the link

       -m     fill width with a comma separated list of entries

       -n, --numeric-uid-gid
              like -l, but list numeric UIDs and GIDs

       -N, --literal
              print raw entry names (don’t treat e.g. control characters  spe-

       -o     like -l, but do not list group information

       -p, --file-type
              append indicator (one of /=@|) to entries

       -q, --hide-control-chars
              print ? instead of non graphic characters

              show  non  graphic  characters  as-is (default unless program is
              ‘ls’ and output is a terminal)

       -Q, --quote-name
              enclose entry names in double quotes

              use quoting style WORD for entry names: literal, locale,  shell,
              shell-always, c, escape

       -r, --reverse
              reverse order while sorting

       -R, --recursive
              list subdirectories recursively

       -s, --size
              print size of each file, in blocks

       -S     sort by file size

              extension -X, none -U, size -S, time -t, version -v

              status -c, time -t, atime -u, access -u, use -u

              show  time  as WORD instead of modification time: atime, access,
              use, ctime  or  status;  use  specified  time  as  sort  key  if

              show  times  using style STYLE: full-iso, long-iso, iso, locale,

              FORMAT is interpreted like ‘date’;  if  FORMAT  is  FORMAT1<new-
              line>FORMAT2, FORMAT1 applies to non-recent files and FORMAT2 to
              recent files; if STYLE is prefixed with  ‘posix-’,  STYLE  takes
              effect only outside the POSIX locale

       -t     sort by modification time

       -T, --tabsize=COLS
              assume tab stops at each COLS instead of 8

       -u     with  -lt:  sort  by, and show, access time with -l: show access
              time and sort by name otherwise: sort by access time

       -U     do not sort; list entries in directory order

       -v     sort by version

       -w, --width=COLS
              assume screen width instead of current value

       -x     list entries by lines instead of by columns

       -X     sort alphabetically by entry extension

       -1     list one file per line

       SELinux options:

              Display security context.   Enable -l. Lines  will  probably  be
              too wide for most displays.

       -Z, --context
              Display  security context so it fits on most displays.  Displays
              only mode, user, group, security context and file name.

              Display only security context and file name.

       --help display this help and exit

              output version information and exit

       SIZE may be (or may be an integer optionally followed by) one  of  fol-
       lowing: kB 1000, K 1024, MB 1000*1000, M 1024*1024, and so on for G, T,
       P, E, Z, Y.

       By default, color is not used to distinguish types of files.   That  is
       equivalent to using --color=none.  Using the --color option without the
       optional WHEN argument is equivalent  to  using  --color=always.   With
       --color=auto,  color  codes  are output only if standard output is con-
       nected to a terminal (tty).

Unix Interview Question

A list of top frequently asked Unix interview questions and answers are given below.

1) What is Unix?

UNIX is a portable operating system that is designed for efficient multi-tasking and multi-user functions. Since it is a portable operating system, it can run on different hardware platforms.

It is written in C language.

2) What is a UNIX shell?

The UNIX shell is a program which is used as an interface between the user and the UNIX operating system. It is not a part of the kernel but it can communicate directly with the server.

3) What is filter?

A filter is a program that takes input from standard inputs and performs some operation on that input to produce a result as standard output.

4) What are the devices represented in UNIX?

All devices in UNIX are represented by special files that are located in /dev directory.

5) Is there any method to erase all files in the current directory, along with its all sub-directories, by using only one command?

Yes, you should use “rm-r*” command for this purpose.

Here the “rm” command is used for deleting files, the ?r option will erase directories and sub directories with their internal files and * is used for selecting all entries.

6) What is necessary before you can run a shell script from the command line prompt?

You must make the shell script executable by using the UNIX “chmod” command.

7) How to terminate a shell script if statement?

A shell script if statement can be terminated by using “fi”.

8) Write down some common shells with their indicators?

  • sh – Bourne shell
  • csh – C SHell
  • bash – Bourne Again Shell
  • tcsh – enhanced C Shell
  • zsh – Z SHell
  • ksh – Korn SHell

9) What are the main features of Korn Shell?

  • Arrays
  • Job control
  • Command Aliasing
  • String manipulation ability
  • Built-in integer arithmetic

10) What is the difference between cat and more command?

The cat command is used to display the file contents. If the file is large and you have to scroll off the screen before you view it so command more is like a pager which displays the screen page by page.

11) Which command is used to restrict incoming messages?

The “mesg” command is used to restrict incoming messages.

12) Which command is used to kill the last background job?

The “kill $!” Command is used to kill the last background job.

13) Which data structure is used to maintain the file identification?

The “inode” data structure is used to maintain the file identification. Each file has a separate inode and a unique inode number.

14) What is pipe?

A pipe is a two or more commands separated by pipe “I” character. It is used to tell the shell to arrange for output of the preceding command.

15) What are the links and symbolic links in a UNIX file system?

A link is a second name for a file. Links are used to assign more than one name to a file, but cannot be used to assign a directory more than one name or link file names on different computers.

Symbolic links are the files that only contain the name of another file. The operations on the symbolic link are directed to the file pointed by it. Both the limitations of links are eliminated in symbolic links.

Linux touch command

touch command is a way to create empty files (there are some other mehtods also). You can update the modification and access time of each file with the help of touch command.


  1. touch <filename>

touch Options

Option Function
touch -a To change file access and modification time.
touch -m It is used to only modify time of a file.
touch -r To update time of one file with reference to the other file.
touch -t To create a file by specifying the time.
touch -c It does’t create n empty file.

Linux file command

file command is used to determine the file type. It does not care about the extension used for file. It simply uses file command and tell us the file type. It has several options.


  1. file <filename>

Linux File Command Options

Option Function
file -s Used for special files.
file * Used to list types of all the files.
file /directory name/* Used to list types of all the files from mentioned directory.
file [range]* It will list out all the files starting from the alphabet present within the given range.

Linux Files

In Linux system, everything is a file and if it is not a file, it is a process. A file doesn’t include only text files, images and compiled programs but also include partitions, hardware device drivers and directories. Linux consider everything as as file.


Types of Files:

  1. Regular files (-): It contain programs, executable files and text files.
  2. Directory files (d): It is shown in blue color. It contain list of files.
  3. Special files
    • Block file (b)
    • Character device file (c)
    • Named pipe file (p)
    • Symbolic link file (l)
    • Socket file (s)

Linux File Commands

Command Description
file Determines file type.
touch Used to create a file.
rm To remove a file.
cp To copy a file.
mv To rename or to move a file.
rename To rename file.

Linux rmdir Command

This command is used to delete a directory. But will not be able to delete a directory including a sub-directory. It means, a directory has to be empty to be deleted.


  1. rmdir <dirname>

rmdir -p

This command will delete a directory including its sub-directories all at once. In below picture, all sub-directories have been deleted with ‘rmdir -p’ command.

Linux mkdir | Linux Create Directory

Now let’s learn how to create your own directory with the help of command prompt.

The mkdir stands for ‘make directory’. With the help of mkdir command, you can create a new directory wherever you want in your system. Just type “mkdir <dir name> , in place of <dir name> type the name of new directory, you want to create and then press enter.


  1. mkdir <dirname>

Mkdir Options

Options Description
mkdir -p, -parents Add directory including its sub directory.
mkdir -v, -verbose Print a message for each created directory.
mkdir -m -mode=MODE Set access privilege.

Linux cd Command

The “cd” stands for ‘change directory’ and this command is used to change the current directory i.e; the directory in which the user is currently working.


  1. cd <dirname>

cd Options

option Description
cd ~ Brings you to your home directory.
cd – Brings you to your previous directory of the current directory.
cd .. Brings you to the parent directory of current directory.
cd / It takes you to the entire system’s root directory.
cd ../ ../dir1/dir2 It will take you two directories up then move to dir1 and then finally to dir2.