InterviewStack.io LogoInterviewStack.io

Security Breaches and Lessons Questions

Study of real world security incidents, breach case studies, and historical failures in cryptography and system design. Topics include common attack chains and kill chain methodology, threat actor techniques such as lateral movement, privilege escalation, persistence, and data exfiltration, and supply chain and implementation weaknesses. Also covers famous cryptographic and protocol failures, for example weak randomness, algorithm collisions, padding oracle and memory safety exploits, and how they arose. Candidates should be able to explain root causes, detection and forensics approaches, incident response and mitigation strategies, lessons learned that changed best practices, and how to apply those lessons to secure design, threat modeling, testing, and operational controls.

MediumTechnical
67 practiced
Walk through how the SolarWinds supply-chain compromise maps to an ML platform that builds custom containers from third-party base images and runs them in production. Identify root causes and propose at least five specific hardening controls (technical, process, vendor policies) that would reduce the risk of a similar compromise.
MediumTechnical
60 practiced
Describe how padding-oracle and similar decryption-oracle vulnerabilities can be detected by analyzing application logs or network traces. What specific instrumentation and metrics would you add to a model serving API to detect attempted cryptographic attacks while avoiding leaking sensitive information in your logs?
EasyTechnical
66 practiced
What is a padding oracle attack? Explain the core vulnerability in simple terms, then describe how a padding oracle vulnerability could impact an ML system that encrypts model checkpoints for storage and transfer. Provide at least two mitigations and how you would verify they're effective.
MediumTechnical
62 practiced
Implement a Python utility verify_signature(model_path, signature_path, public_key_pem) that verifies an RSA/PKCS#7-style signature for a model artifact using the 'cryptography' library. Return True if valid, False if signature invalid; raise a descriptive exception for missing files or malformed keys. Include example usage and describe how you would integrate this check into CI.
MediumTechnical
66 practiced
A critical memory-safety bug is found in a widely used ML framework. Patching requires rebooting multiple GPU worker nodes (downtime). An in-cluster workaround can reduce exploitability but leaves the underlying bug. As the ML engineer responsible for production, describe the decision factors you would weigh, the communication plan to stakeholders, and the action plan you would recommend.

Unlock Full Question Bank

Get access to hundreds of Security Breaches and Lessons interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.