InterviewStack.io LogoInterviewStack.io

Attack Vectors and Threat Landscape Questions

Comprehensive knowledge of cyberattack types, common attack vectors, and the evolving threat landscape across human, application, network, and supply chain layers. Candidates should be able to explain how each attack class operates, typical entry points and vulnerable assets, and real world examples. Core topics include phishing and social engineering; malware families such as ransomware and rootkits; denial of service and distributed denial of service attacks; man in the middle attacks; injection attacks including structured query language injection; cross site scripting; cross site request forgery; broken authentication and session management; insecure direct object references and other entries from the Open Web Application Security Project Top Ten; privilege escalation; brute force attacks; zero day exploits; insider threats; insecure configuration; insecure deserialization; and supply chain attacks. For each class candidates should cover indicators of compromise and detection signals, logging and monitoring strategies, behavioral analysis and anomaly detection methods, and threat hunting approaches. Candidates should also discuss prevention and mitigation controls such as secure coding practices, input validation and parameterized queries, output encoding and content security policy, secure authentication and session management, access controls and network segmentation, rate limiting and traffic filtering, secure configuration and patch management, backup and recovery, and supply chain risk management. They should be able to map these controls to incident response activities including containment, eradication, recovery, and post incident remediation, and demonstrate how to use threat modeling to prioritize defenses based on asset criticality and likely attack paths. Finally, candidates should be prepared to describe trends in the threat landscape, high profile breaches and lessons learned, the difference between active and passive attacks, and how threats and defensive priorities vary by industry and organizational scale.

EasyTechnical
39 practiced
Define insider threats and classify them (malicious, negligent, compromised). For each class, describe behavioral indicators, types of telemetry you would prioritize for detection (e.g., DLP, access logs, UEBA), and one policy or technical control to reduce risk.
EasyTechnical
35 practiced
Explain phishing and social engineering attacks in a corporate environment. Describe common entry points (email, SMS, phone, compromised websites), typical vulnerable assets and user behaviors, real-world examples (e.g., Business Email Compromise), indicators of compromise (IOCs), logging and detection signals you would expect to see, and at least three monitoring or mitigation controls you would deploy to reduce risk.
MediumTechnical
64 practiced
Map controls to incident response phases for a ransomware infection. For each phase—identification, containment, eradication, and recovery—list specific technical and operational controls (e.g., EDR playbooks, network isolation scripts, backups) and describe how those controls change during active incident handling.
MediumTechnical
43 practiced
A user submits an unknown binary found running on an endpoint. Outline a step-by-step malware analysis workflow you would perform: immediate containment, static analysis steps, sandboxing/dynamic analysis, network analysis, intelligence enrichment, and final remediation recommendations.
MediumTechnical
33 practiced
A web application is reported to have 'broken authentication' issues. Propose a design for secure authentication and session management: include password policies, MFA placement, session lifetime and renewal, cookie flags, token revocation, and monitoring for anomalous session activity.

Unlock Full Question Bank

Get access to hundreds of Attack Vectors and Threat Landscape interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.