InterviewStack.io LogoInterviewStack.io

Confidentiality Integrity and Availability Questions

Foundational information security framework that focuses on three core goals: confidentiality, integrity, and availability. Confidentiality is about protecting information from unauthorized access and disclosure and includes real world examples such as data leaks, unauthorized access to sensitive records, and privacy violations. Typical controls for confidentiality include encryption for data at rest and in transit, strong authentication and authorization, access control policies, key management, data classification, and least privilege. Integrity is about ensuring information remains accurate and unaltered by unauthorized actors and covers incidents such as data tampering, unauthorized edits, and corruption. Controls for integrity include cryptographic hashes and digital signatures, checksums, tamper detection, versioning and immutability, input validation, audit logging, and integrity verification processes. Availability is about ensuring systems and data are accessible and functioning when needed and covers incidents such as denial of service attacks, infrastructure failures, and capacity exhaustion. Controls for availability include redundancy, replication, load balancing, autoscaling, caching, content delivery networks, failover and disaster recovery planning, backups, maintenance windows, monitoring, and incident response. Candidates should be able to explain these pillars, give concrete examples of breaches and mitigations, describe how to choose and implement technical controls, and reason about trade offs between goals for different systems and business contexts. Assessment often covers threat modeling and risk assessment to prioritize controls, mapping security requirements to service level objectives and service level agreements, defining recovery time objective and recovery point objective, designing for resilience, and communicating security trade offs to stakeholders. Familiarity with security design patterns such as defense in depth, principle of least privilege, secure by design, and zero trust models is useful when applying these principles in architecture and operations.

MediumTechnical
0 practiced
Design a CI/CD workflow that ensures container image integrity: include signing images, generating and storing SBOMs, verifying signatures at deploy time, vulnerability scanning, and runtime enforcement via admission controllers or image policy webhooks. Explain trade-offs and typical failure modes.
MediumTechnical
0 practiced
You are evaluating a third-party SaaS vendor to store customer PII. List the technical evidence, tests, and contractual clauses you would request to satisfy confidentiality, integrity, and availability requirements. Include items such as pen test reports, architecture diagrams, encryption attestations, incident notification windows, and SLA terms.
MediumTechnical
0 practiced
How would you design tamper-evident audit logging for a distributed platform so investigators can verify log integrity? Consider chained hashes, append-only storage, signed manifests, offsite replication, indexing for search, encryption, and access controls. Discuss the performance and storage trade-offs.
HardTechnical
0 practiced
Your organization requires tamper-proof audit trails for regulatory compliance in a write-heavy microservices environment. Propose an architecture that uses append-only storage, chained hashes, signed manifests, and out-of-band verification to prove log integrity. Discuss indexing for queryability, retention strategy, cost controls, and how to demonstrate non-repudiation to auditors.
MediumTechnical
0 practiced
Write a Python script that recursively computes SHA-256 checksums for each file in a directory and writes a manifest file with lines formatted as: <timestamp>,<filepath>,<filesize>,<sha256>. Also describe how you would integrate this script into a CI pipeline to detect unauthorized changes to build or deployment artifacts.

Unlock Full Question Bank

Get access to hundreds of Confidentiality Integrity and Availability interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.