InterviewStack.io LogoInterviewStack.io

Encryption and Secure Connectivity Questions

Addresses network security and secure communication methods used to protect data in transit and to connect systems safely. Topics include VPN architectures and use cases such as site to site and remote access, zero trust network access, and software defined wide area networking. Candidates should understand core encryption protocols and transports including TLS and SSL, IPsec concepts and modes, WireGuard basics, mutual TLS, key management and certificate authorities, and certificate lifecycle. Also cover encryption at rest versus in transit, performance and latency trade offs, when to use VPNs versus application layer security, and operational considerations such as throughput, monitoring, and maintenance of secure tunnels.

EasyTechnical
46 practiced
As a network engineer, explain the TLS handshake process between a client and a server in detail. Include the sequence of messages (ClientHello, ServerHello, Certificate, key exchange, Finished), how the certificate chain and hostname validation are performed, and how the symmetric session keys are derived. Also describe how TLS 1.3 changes or simplifies the handshake compared to TLS 1.2.
HardTechnical
52 practiced
Given a PCAP containing TLS sessions and access to the server's private RSA key or exported session keys, write a Python program that decrypts the TLS records and extracts plaintext HTTP requests/responses. Use libraries such as pyshark, scapy, or cryptography and explain necessary steps. Also discuss legal and ethical considerations when decrypting captured traffic in production environments.
HardTechnical
47 practiced
Analyze the implications of using WireGuard for mobile clients that frequently roam across networks and NATs. Discuss handshake behavior, persistent keepalives vs on-demand, endpoint updates after NAT changes, rekeying frequency, effects on battery life, latency, and practical mitigations to improve reliability on mobile devices.
EasyTechnical
76 practiced
Compare encryption at rest and encryption in transit. For a typical enterprise architecture (databases, backups, inter-data-center links, client-server connections), provide examples of where each is applied, what threats they mitigate (e.g., eavesdropping, physical theft, insider access), and common implementation choices and trade-offs.
EasyTechnical
58 practiced
Describe the role of a Certificate Authority (CA) in a PKI. Explain the differences and purposes of root CA, intermediate CA, and issuing CA and why intermediate CAs are commonly used in production systems.

Unlock Full Question Bank

Get access to hundreds of Encryption and Secure Connectivity interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.