On-Call Responsibilities and Communication Questions
Comprehensive coverage of On-Call Responsibilities and Communication concepts, principles, and practical applications for technical interviews. This includes fundamental concepts, real-world scenarios, and problem-solving techniques.
HardSystem Design
46 practiced
Create a game-day plan to simulate incidents that test on-call communication and decision-making across four teams and three time zones. Include scenario templates, observers and scoring criteria, communication channel failover tests, tooling mock failures, measurable objectives, and a debrief plan to convert findings into action items.
Sample Answer
Requirements & constraints:- Four teams (frontend, backend, platform/SRE, DB), distributed across three time zones; exercise duration 3–4 hours.- Objectives: validate on-call communication, decision-making, escalation, tooling resilience, and cross-team coordination under realistic pressure.- Safety: run in staging; non-destructive; clear abort/kill switches.High-level design:- Central “Game Control” (GC) orchestrates scenario timelines, injects alerts, simulates tooling failures, and records all communications. Use prerecorded telemetry + synthetic alerts to keep reproducibility.- Observers per team + neutral chief observer who scores and runs debrief.- Communication channels: primary Slack workspace, backup SMS/voice group, and incident bridge (VoIP). GC can selectively fail channels.Scenario templates (3 examples):1) Cascading Load Spike → backend autoscaler fails to start new pods; DB connections saturate. - Trigger: spike in synthetic traffic, failing HPA API calls, queued DB timeouts. - Expected actions: page on-call, open incident channel, roll back deploy or scale manually, implement connection pooling fix or circuit breaker.2) Deployment with Bad Migration → backend deploy succeeds, DB schema change causes errors. - Trigger: error-rate alert, slow queries, migration lock simulated. - Expected: quick rollback, coordinate DB+app owners, decide maintenance window.3) Monitoring Blindspot + Pager Flood → metrics ingestion fail; alerts flood. - Trigger: mock Prometheus exporter outage + false-positive alerts. - Expected: recognize monitoring failure, suppress noise, use alternative health checks.Observers & roles:- Team observer: notes timeliness, clarity, escalation, runbook adherence, technical decisions.- Cross-team observer: tracks handoffs and conflict resolution.- Chief observer: aggregates scores and enforces safety abort.Scoring criteria (quantitative + qualitative):- Time to acknowledge (TTA) target: <2 min (weight 15%)- Time to incident commander (TIC) assigned: <10 min (15%)- Decision quality: correct mitigation chosen (20%)- Communication clarity: presence of incident channel, explicit ownership, clear next steps (20%)- Runbook use: followed and documented (10%)- Coordination: successful handoff and cross-team action within SLA (20%)Scoring: numeric 0–5 per criterion; pass threshold 70%.Communication channel failover tests:- Stepwise failure: disable Slack for 5 min → requires escalation to SMS/voice. Then disable VoIP → force use of in-person or a pre-agreed emergency channel.- Validate: teams have updated phone rosters and know escalation tree.Tooling mock failures:- Simulate Prometheus ingestion pause, Grafana read-only, CI pipeline queue stall, HPA API 500s, DB read-replicas lag.- Provide synthetic logs and alternative telemetry endpoints to force manual validation.Measurable objectives & success metrics:- Median TTA, TIC, time to mitigation, time to full recovery (TTR).- Number of missed escalations.- False-positive suppression time.- Runbook coverage gaps identified (# missing/obsolete runbooks).- Confidence survey pre/post exercise (qualitative readiness delta).Debrief & action plan:- Immediate 30-min hotwash: observers report top 3 findings; produce raw timeline and key decision points.- 48-hour tactical follow-up: convert findings into JIRA tasks with owners and due dates: runbook updates, phone roster maintenance, paging policy changes, automation to avoid manual scaling, monitoring failover implementation.- 2-week operational review: track metrics (TTA, TTR) against baselines; verify fixes in next game-day.- Lessons learned: publish a one-page incident narrative, update on-call training and include scenario re-runs for low-scoring teams.Safety & repeatability:- Use feature flags and staging-only keys; simulate DB locks via mock endpoints.- Store scenarios and evaluation rubrics in a repo for replay and continuous improvement.
HardTechnical
62 practiced
You maintain a runbook automation engine that can execute remediation playbooks automatically. Define a safe automated remediation policy that balances reducing MTTR with avoiding cascading failures. Include criteria for which playbooks may run without human approval, circuit-breaker rules, required observability, testing requirements, and rollback controls.
Sample Answer
Policy goal: safely reduce MTTR via automated runbooks while preventing cascading failures and unsafe changes.Scope & principles- Only low-risk, idempotent, well-observed actions may run without human approval.- Fail-fast, reversible, and observable automation only.- Every automated action must be auditable, tested, and bounded in blast radius.Criteria for fully automated playbooks (no human approval)- Action is read-only or non-destructive (e.g., cache clear, config reload, restart single non-critical process).- Playbook is idempotent and safe to run multiple times.- Target scope limited (single instance or single pod) and labeled as non-production-critical.- Proven in staging and runbook test harness with >= 10,000 simulated runs and no regressions in last 30 days.- Metrics & traces exist for pre/post verification (health checks, SLOs, key error rates).- Risk score below threshold computed from service criticality, traffic, and dependency graph.Circuit-breaker rules- Rate limit executions per playbook and per service (e.g., max 3 automated runs per 10 minutes).- Global automation kill-switch: if overall error budget exceeds X% or incident surge detected, disable automated remediation.- Dependency-aware block: if downstream service shows increased error rate > Y%, block cross-service corrective actions.- Execution failure threshold: if N consecutive automated attempts fail, mark for human review and stop automation.Required observability & safety checks- Pre-condition checks: confirm anomaly signature matches known remediation trigger.- Post-conditions: automated verification within configurable window; if verification fails, trigger rollback and page on-call.- Full logging, immutable audit trail, and correlation id for each run.- Telemetry: metric deltas, traces, and runbook run time reported to monitoring and incident system.Testing & validation- Unit tests + integration tests run in CI on each playbook change.- Staging/chaos validation: nightly runs under fault-injection and load scenarios.- Canary automation: first run on a canary target with verification before wider scope.Rollback & human-in-the-loop- All changes must be reversible via a deterministic rollback playbook that runs automatically on failed verification.- Critical or non-idempotent actions require human approval (2-person signoff or on-call ACK) and a dry-run preview.- If rollback fails, escalate immediately to on-call with all logs and an automated diagnostics bundle.Governance & lifecycle- Maintain a registry with playbook metadata: risk score, test results, owners, last run, failure rate.- Quarterly review of automated set; require re-certification after architecture changes.- Post-incident review required for any automation-caused outage; suspend offending automation until remediated.This policy balances speed and safety by limiting scope, enforcing verification and rollback, applying rate/circuit-breakers, and requiring rigorous testing and governance.
HardTechnical
61 practiced
Compare and contrast three on-call escalation models: primary-secondary single primary, follow-the-sun regional primaries, and small on-call pods. For each model analyze operational complexity, knowledge distribution, handoff overhead, on-call experience, and failure modes for an organization operating 24/7.
Sample Answer
I'll compare the three on-call escalation models against the requested dimensions for a 24/7 SRE org.Primary-secondary (single primary)- Operational complexity: Low to moderate — simple rotate for primary, one documented escalation path to secondary. Tools and runbooks straightforward.- Knowledge distribution: Skewed — primary holds most tribal knowledge; secondary may be shallow unless deliberate cross-training occurs.- Handoff overhead: Low daily; but higher risk during long absences because secondary must ramp quickly.- On-call experience: Primary gets high cognitive load and fatigue; secondary sees less frequent pressure but can be thrown into high-stress surprises.- Failure modes: Single point of cognitive failure (burnout), skill gap on secondary, prolonged incidents when primary unavailable.Follow-the-sun (regional primaries)- Operational complexity: High — multiple regional rotations, synchronized tooling, consistent runbooks, time-zone-aware alerting and follow-up.- Knowledge distribution: Better geographically but can be uneven across regions; requires strong documentation and overlap periods for knowledge transfer.- Handoff overhead: Moderate — handoffs happen every shift boundary and between regions; needs structured shift notes and overlap windows to avoid information loss.- On-call experience: More predictable shifts and recovery time; cultural/work-hour alignment improves morale.- Failure modes: Cross-region inconsistency, delayed long-term work continuity, coordination overhead for incidents spanning multiple time zones.Small on-call pods- Operational complexity: Moderate — pods are autonomous groups owning specific services; requires clear ownership boundaries and shared tooling.- Knowledge distribution: High within pods (T-shaped skills), good redundancy; risk if pods silo knowledge from each other.- Handoff overhead: Low within pod (any member can pick up), but inter-pod handoffs for cross-service incidents require coordination.- On-call experience: Balanced load and shared responsibility reduce burnout; faster context switching when pager fires.- Failure modes: Pod-level capacity shortages during major incidents, uneven pod maturity, and potential coordination friction for system-wide incidents.Trade-offs / recommendation:- For small orgs: primary-secondary is simplest but prioritize cross-training and secondary readiness.- For global scale: follow-the-sun reduces local fatigue but invest heavily in runbooks, common tooling, and overlap windows.- For microservice-heavy orgs: pods scale well—define clear ownership, cross-pod runbooks and incident leaders for multi-pod incidents.Key mitigations across models: robust runbooks, automated context in alerts, mandatory overlap/handover notes, frequent game days for cross-training, and capacity policies to prevent burnout.
EasyTechnical
47 practiced
Describe an effective checklist for handover between on-call shifts that ensures critical context is passed, including active incidents, recent deployments, flaky alerts, outstanding action items, emergency contacts, and any ongoing mitigations. Provide at least eight checklist items and explain why each is important.
Sample Answer
1) Active incidents summary — include incident IDs, current severity, timeline, next expected touchpoint. Why: Quickly orients the incoming engineer to priorities and prevents duplicate actions.2) Recent deployments and rollbacks — list services, versions, deployment times, and suspected risky changes. Why: Helps correlate recent changes with new failures and informs rollback decisions.3) Flaky or noisy alerts — note alerts firing frequently, known false positives, or threshold adjustments. Why: Reduces alert fatigue and prevents chasing known noise during critical windows.4) Outstanding action items / tickets — owner, due date, and context for any follow-ups (patches, config changes). Why: Ensures continuity of work and accountability; prevents tasks from being dropped.5) Current mitigations and workarounds — what’s in place (traffic-shaping, feature flags, temporary patches) and expiration. Why: Incoming on-call must know what to preserve, remove, or escalate to avoid regressions.6) System health snapshot & key metrics — CPU/memory, error rates, latency, SLO burn rate, and where dashboards live. Why: Provides a baseline to detect regressions and prioritize investigation.7) Runbook links & recent runbook changes — direct links to procedures and any deviations taken during the shift. Why: Speeds troubleshooting and highlights known gaps in documentation.8) Emergency contacts & escalation path — pager rotation, team leads, cross-team owners, and vendor contacts with preferred channels. Why: Enables timely escalation when the incident exceeds on-call authority.9) Postmortem / learning notes from shift — brief notes on what worked, gaps, and suggestions for the next shift. Why: Promotes continuous improvement and reduces repeat mistakes.10) Admin access & environment notes — credentials, maintenance windows, and any restricted environments. Why: Prevents accidental actions in production and clarifies allowable interventions.Include this checklist in a shared handover template (Slack/incident tool) and require an explicit acknowledgment from the incoming on-call to confirm receipt.
HardTechnical
48 practiced
As an SRE manager, SLOs are being violated frequently and product teams resist investing in reliability work because they fear slowing feature development. Prepare a persuasive plan you would present to product leadership and engineering teams, including what data to collect, short experiments to prove value, how to use error budgets as a lever, and incentives to align priorities.
Sample Answer
Situation: SLOs are frequently violated and product teams resist reliability work because they believe it delays feature delivery.Plan (objective-driven, 90-day phased program)1) Data to collect (week 0–2)- Service-level indicators (latency p50/p95/p99, error rate, availability) broken down by customer-impacting endpoints, region, deploys, and release.- Error budget burn rate per service, deploy, and daily rolling window.- Incident cost metrics: MTTR, customer minutes impacted, support tickets, churn/backlog impact, and feature rework time.- Developer cycle metrics: lead time, PR size, and time-to-merge to quantify perceived trade-offs.2) Short experiments to prove value (weeks 2–6)- Run a controlled “reliability sprint” on one high-impact service: dedicate 20% of team time for 2 weeks to targeted fixes (observability, flaky tests, deployment rollbacks). Measure error budget recovery, MTTR, and downstream sprint velocity in the next sprint.- Small blast-radius fault-injection on non-prod to identify weaknesses; fix top 3 findings and measure reduction in production incidents.- A/B release policy: one cohort uses stricter rollout + canary + automated rollback; compare incidents and customer impact.3) Using error budgets as a lever- Treat error budget as common currency. If burn rate > threshold (e.g., 2x planned), pause non-critical feature launches for that service until budget stabilizes.- Publish real-time error-budget dashboard to product owners and engineering leads; make decisions data-driven, not opinion-driven.- Define clear exception process: documented mitigation plan and executive sign-off for critical launches that exceed budget.4) Incentives & alignment- Shared SLO ownership: include SLO health as a quarterly objective for product and engineering leads (not just SRE).- “Reliability credit” system: teams earn credits for reducing incidents/MTTR which can be redeemed for feature sprint leeway or funding for team tooling.- Recognition and rewards: public wins, bonus points in performance reviews for demonstrable reliability improvements.- Embed small reliability work into sprint definitions (definition of done includes observability and rollback plan).- Offer hard guardrails for customer-impacting metrics and soft guardrails for developer workflow; keep focus on outcomes (customer minutes saved) over activity.Outcomes expected (90 days)- Measurable reduction in high-severity incidents, improved MTTR, slower error-budget burn, and no net loss of feature throughput (or improved throughput long-term due to less firefighting). This approach changes incentives, makes reliability choices reversible and measurable, and aligns product leadership by showing short experiments with concrete ROI.
Unlock Full Question Bank
Get access to hundreds of On-Call Responsibilities and Communication interview questions and detailed answers.
Sign in to ContinueJoin thousands of developers preparing for their dream job.