Internal Controls Design and Effectiveness Testing Questions
Designing security and compliance controls and evaluating whether they operate effectively. Covers control objectives, preventive vs detective vs corrective controls, control mapping to risks and frameworks, design-effectiveness vs operating-effectiveness testing, and corrective and preventive action when a control fails. The 'do the controls actually work' discipline.
EasyTechnical
106 practiced
Explain the differences between preventive, detective, and corrective security controls. For each control type provide two concrete examples that apply to a cloud-native environment (IaaS/PaaS/SaaS). Describe how these control types should be combined to reduce risk in an application deployment lifecycle.
HardTechnical
108 practiced
Propose an architecture and algorithm to enable encrypted, searchable logs for a SIEM so analysts can run queries without exposing plaintext to operators. Discuss searchable encryption approaches (deterministic, order-preserving, searchable symmetric encryption), indexing strategy, threat model, performance trade-offs, and key distribution/rotation concerns.
MediumTechnical
93 practiced
Design a SOAR playbook for automated containment and initial response when an endpoint is flagged by EDR with ransomware-like indicators (rapid file modifications, suspicious child processes, persistence changes). Include safe automation steps, which actions require human-in-the-loop approval, evidence collection steps, rollback strategies, and methods to avoid unnecessary collateral damage.
EasyTechnical
96 practiced
In Python, write a function verify_jwt(token: str, public_key_pem: str) -> dict that verifies an RS256 JWT signature, checks the exp and nbf claims, and returns the decoded claims. Raise an exception for invalid signatures, expired tokens, or invalid issuer. You may use PyJWT or describe equivalent steps if libraries are unavailable.
MediumTechnical
72 practiced
Review the following simplified web handler code and identify all security control gaps and specific remediations. Code (Python Flask-like):Explain vulnerabilities, how to remediate, and what controls you'd add at design and runtime to prevent similar issues.
python
def handle_request(req):
username = req.args.get('username')
query = 'SELECT * FROM users WHERE name = ' + username
results = db.execute(query)
return '<div>User: ' + results[0]['name'] + '</div>'Unlock Full Question Bank
Get access to hundreds of Internal Controls Design and Effectiveness Testing interview questions and detailed answers.
Sign in to ContinueJoin thousands of developers preparing for their dream job.