Covers operational handling of production outages and service incidents across the full lifecycle from preparation through detection, triage, containment, mitigation, recovery, and post incident review. Interviewers assess monitoring and observability signals, alerting thresholds and on call rotation, severity classification and escalation paths, incident command and coordination, runbooks and playbooks, immediate containment and mitigation techniques to minimize customer impact, restoration and recovery procedures, and evidence capture when relevant. Candidates should be able to describe root cause analysis practices, blameless post incident reviews, tracking remediation and follow up actions, driving cross functional ownership of fixes, and how incident learnings feed into long term reliability improvements and tooling or automation. Senior level expectations include organizing incident response teams for production reliability, defining severity levels and escalation policies, balancing rapid decisions with risk management, and continuously improving processes, runbooks, and instrumentation.
HardSystem Design
61 practiced
Design a disaster recovery (DR) strategy for critical data pipelines that defines RTO and RPO targets, backup and replication mechanisms (cross-region), failover steps, runbook requirements, and a failover testing cadence. Quantify cost vs RTO/RPO trade-offs and propose monitoring to detect region-wide degradations that should trigger DR procedures.
HardSystem Design
70 practiced
Design an automated incident evidence-capture pipeline that, on trigger, atomically snapshots: relevant configuration files, consumer offsets, controller metadata, a 30-minute window of metrics, and associated logs; then stores them to immutable, access-controlled storage. Address encryption, retention policy, indexability for search, and cost trade-offs.
MediumSystem Design
55 practiced
Design an incident management dashboard for data engineering that displays active incidents, severity, impacted pipelines/datasets, SLO burn rates, recent alerts, on-call assignments, and quick links to runbooks. Describe the data sources, data model for incidents and SLOs, key components, and scaling considerations for 1,000 engineers and 10,000 pipelines.
MediumTechnical
56 practiced
An hourly ETL failed mid-run leaving partially written partitions for several recent hours. Downstream consumers expect stable reads. Describe a safe recovery sequence: how to identify affected partitions, snapshot state, safely delete or mark partial partitions, re-run ingestion, and validate. Mention SQL patterns or transactions to preserve atomicity where available.
HardTechnical
53 practiced
After an emergency multi-region failover, a streaming pipeline is emitting duplicate messages to downstream systems. Design an investigation plan to determine whether duplicates are caused by producer retries, cross-region replication semantics, or consumer reprocessing, and propose concrete remediation steps to restore correctness while avoiding data loss.
Unlock Full Question Bank
Get access to hundreds of Incident Management and Response interview questions and detailed answers.
