Skip to content

Interview Questions

Domain-wise interview questions with collapsible answers - click a question to reveal what a strong answer covers, then close it and try answering out loud before checking yourself. Use these to self-test after working through the matching Study Plan, not as a substitute for it.

How to Use This Section

  1. Pick a domain you're interviewing for (or currently studying)
  2. Read the question, don't peek - try to answer it yourself first
  3. Expand to check - compare your answer against what's listed
  4. Note the gaps - anything you couldn't answer becomes your next study topic
  5. Go deeper - each page links back to the relevant guide on this site for the topics you're shaky on

Available Domains

Domain Focus
Application Security Secure coding, secure code review, threat modeling, SDLC, spot-the-bug code snippets
AWS Security IAM policies, GuardDuty/CloudTrail, IMDSv2/SSRF, KMS, design scenarios
Common Security Behavioral/scenario questions and cross-domain fundamentals that apply to any security role
AI Security AI/ML attack taxonomy, prompt injection, model extraction, governance and risk (grounded in this site's AI Security section)
GRC Governance vs. risk vs. compliance, ISO 27001, NIST CSF/RMF, privacy fundamentals (grounded in this site's GRC section)
API Security BOLA/IDOR, broken auth, mass assignment, rate limiting, SSRF, shadow APIs, GraphQL risks
Container Security Image hardening, image scanning, Kubernetes RBAC, network policies, Pod Security Standards, secrets
DevSecOps Shift-left, SAST/SCA/DAST in a pipeline, gating merges, policy-as-code, vulnerability prioritization
Network Security Defense in depth, segmentation, firewalls, IDS/IPS, zero trust vs. perimeter, ARP/DNS/MITM attacks
GCP Security Shared responsibility, Cloud IAM, Security Command Center, Cloud KMS, VPC Service Controls, AWS comparison
Web Security OWASP Top 10 2021 deep dives, CORS, cookie security flags, CSRF defenses, CSP
SOC SIEM fundamentals, alert triage, incident response lifecycle, detection use cases

All seven of these are grounded directly in this site's own docs (the upstream repo is empty/thin for them) - see each page's intro for its source pages.

More Domains, Coming Soon

The remaining gap is domains where neither this site nor the upstream repo has enough real content yet to ground good questions in. As either side fills in, they'll be added here in the same collapsible format - see jassics/security-interview-questions for the canonical, evolving source.

Scenario-Based Deep Dives (GitHub Only)

These are long-form scenario interviews rather than simple Q&A, so they're linked directly rather than converted:

Stay current

This site mirrors a snapshot of security-interview-questions - the GitHub repo is the canonical, most up-to-date source and gets new questions first.