Security
All interview questions related to Security
What is the difference between SSL and TLS, and why is TLS preferred today?
Why are SSH key pairs generally preferred over passwords for server access?
What are best practices for managing secrets (API keys, tokens) in CI/CD pipelines?
Explain the meaning of rwx for user, group, and others, and how chmod/chown modify permissions.
What is the cloud shared responsibility model and how do responsibilities differ between IaaS and SaaS?
What is the difference between a ConfigMap and a Secret in Kubernetes, and when do you use each?
Briefly describe the TLS handshake steps and how the client verifies the server.
What is API rate limiting, why is it important, and how is it commonly implemented?
Compare OAuth2 and SAML for authentication and authorization scenarios.
Explain your approach for designing secure IAM policies following least-privilege principles. How would you audit and enforce them in production?
Explain how you would secure a CI/CD pipeline to protect against supply chain attacks and credential leaks.
How would you secure container runtimes (e.g., Docker, containerd) in production environments?
How would you design a secure and scalable multi-tenant SaaS application?
How would you securely store and access application secrets in a cloud-native environment?
Design a secure multi-tenant Kubernetes setup. How do you isolate workloads and enforce policy across namespaces?
Explain how you would design application-layer encryption using a cloud KMS and envelope encryption for sensitive data.
How do you design outbound (egress) controls for workloads in private subnets without public IPs while maintaining least privilege?
Describe how you would leverage eBPF for deep observability and runtime security in production Linux systems.
Describe how you would implement rate limiting in a large-scale API to protect against abuse while ensuring fairness.
Design a globally available URL shortener like TinyURL/Bitly. Cover API design, key generation, storage, redirects, analytics, abuse prevention, and scalability.
Design a secure cloud file storage and sync service with versioning, sharing, offline sync, and deduplication.
Design a video streaming platform supporting uploads, transcoding, adaptive bitrate streaming (ABR), DRM, and global delivery.
Design a payment gateway supporting multiple processors, 3-D Secure, refunds, settlements, and PCI concerns.
Design a low-latency feature flag platform with targeting rules, audit logs, and mobile/edge delivery.
Design a federated GraphQL gateway that composes multiple subgraphs, with caching, authorization, and schema evolution.
Design a judge/sandbox to safely compile and run untrusted code in multiple languages with resource limits and scaling.
Design a SaaS platform with tenant isolation, noisy-neighbor controls, per-tenant config, and usage-based billing.
Design a multi-tenant API gateway that handles routing, auth, rate limiting, request/response transformations, canarying, and observability across regions.
Design a platform to ingest telemetry from millions of devices with intermittent connectivity, command/control, and fleet management.
Design a system for storing secrets and managing encryption keys with rotation, auditing, and fine-grained access control.
Design a blockchain ledger for financial transactions with consensus, immutability, and efficient query capabilities.
Design a global CDN for static and dynamic content delivery, cache invalidation, SSL termination, and DDoS protection.
Design a HIPAA-compliant healthcare records platform with fine-grained access control, audit logs, and interoperability (HL7/FHIR).
Design a fraud detection system for online payments with real-time scoring, feature pipelines, and explainability.
Design a scalable video conferencing service like Zoom with low latency, adaptive quality, and security.
Design a multiplayer online gaming platform with matchmaking, anti-cheat, and real-time state sync.
Your production website is suddenly showing SSL errors for users. How do you troubleshoot and fix this?
Clients intermittently receive 401 Unauthorized even with valid JWTs. Walk through diagnosing and fixing the issue.
After a certificate rotation, services in the mesh begin failing with 503s. How do you diagnose and restore traffic?
After tightening TLS settings, some clients fail during handshake. How do you triage and restore compatibility without weakening security?
Your DNS servers are overloaded with suspicious traffic patterns resembling amplification. How do you detect, mitigate, and protect?
Tell me about a time you were involved in a security incident. How did you contain, communicate, and coordinate?