Threat Modeling and Secure System Design Questions
Applying threat modeling and structured problem solving to secure system design. Candidates should be able to decompose complex security challenges by identifying business context, critical assets, threat actors, attack surfaces, and compliance requirements. Topics include threat modeling methodologies, attacker capability and motivation analysis, risk assessment and prioritization, selection of mitigations and compensating controls, and evaluation of trade offs among security, usability, cost, and performance. Candidates should also be able to produce implementation and monitoring plans that address scalability and maintainability and to clearly explain and justify design choices and residual risk to stakeholders.
EasyTechnical
0 practiced
Describe the role of logging and monitoring within a threat model. For a mid-sized web service, list essential events to collect, suggested retention for security logs, and how logs map to detection, investigation, and compliance requirements. Discuss trade-offs between verbosity, storage cost, and detection capability.
MediumTechnical
0 practiced
Construct an attacker capability and motivation matrix for ransomware threats against a healthcare provider. Include capability levels (script-kiddie to organized criminal groups), likely motivations, tooling/resources, and probable attack vectors. Based on the matrix recommend prioritized mitigations for prevention, detection, and recovery tailored to healthcare constraints.
HardSystem Design
0 practiced
Design authentication and authorization flows for a zero-trust architecture across users, services, and devices. Include certificate or token issuance, mutual TLS vs token-based approaches, short-lived credentials, Policy Decision Point (PDP) and Policy Enforcement Point (PEP) placements, and discuss latency vs security trade-offs. Justify when you'd choose mTLS over token-based solutions and vice versa.
MediumSystem Design
0 practiced
Design a high-level threat model for a multi-tenant SaaS project-management platform supporting 100,000 customers. Requirements: tenant isolation, third-party integrations, GDPR-style data residency options, API-first design, and SSO identity. Provide DFD-level components, likely threat actors, high-risk scenarios (cross-tenant leakage, lateral compromise), and recommended controls prioritized for an MVP versus longer-term improvements.
HardTechnical
0 practiced
Create a migration plan to move security controls from a monolithic application to a new microservices architecture. Address authentication, authorization, secrets management, logging/observability, rate-limiting, and how to preserve consistent security posture during an incremental migration (hybrid deployments). Include rollback strategies and metrics for security regression detection.
Unlock Full Question Bank
Get access to hundreds of Threat Modeling and Secure System Design interview questions and detailed answers.
