InterviewStack.io LogoInterviewStack.io

Incident Classification and Severity Questions

Focuses on structured approaches to classifying incidents and assigning severity levels to drive appropriate response, escalation, and communication. Covers defining severity criteria based on customer impact, affected services, scope of impact, and regulatory concerns, mapping severity to response playbooks and on call rotations, establishing escalation paths and communication cadences, defining service level objectives and response time targets, coordinating cross functional responders, and creating runbooks and automated tooling to enforce the framework. Also includes governance topics such as reviewing and refining severity definitions from post incident analyses, training responders on the framework, and adjusting thresholds to reduce false positives and ensure consistent prioritization.

MediumTechnical
37 practiced
Describe how you would map incident severities to SLO error budget policy actions. Provide concrete policy examples such as: if error budget burn > 50% in 24 hours then pause non-essential deploys and trigger an on-call incident review (Sev-1); if error budget burn between 20-50% then increase monitoring and require pre-merge checks (Sev-2). Explain how these mappings help balance velocity and safety.
MediumSystem Design
52 practiced
Design a severity classification rubric for a microservices-based e-commerce platform handling approximately 100M requests/day. Define four severity levels and, for each level, supply measurable criteria: 5xx error rate threshold, p99 latency threshold, percent of total revenue affected, number of orders failing per minute, and an example business impact. Explain how you would validate and iterate on these thresholds after launch.
HardSystem Design
31 practiced
Design an SLA-driven automatic mitigation system where the declaration of a Sev-0 triggers pre-approved mitigations (traffic-shift, circuit-breakers, emergency throttles) automatically unless a human veto is issued within 2 minutes. Address safety and authorization (who can pre-approve mitigations), audit and rollback, testing and canarying, and failure modes (partial mitigation, mitigation causing new failures).
MediumTechnical
51 practiced
You notice a recurring pattern where brief traffic spikes from noisy clients cause Sev-1 alerts. Outline a plan to reduce these false positives while ensuring real incidents are still reliably surfaced. Include immediate mitigations (cooldowns, client throttling), metric smoothing or aggregation, topology-aware alerting (per-customer vs global), and longer-term architectural changes to reduce blast radius.
MediumSystem Design
30 practiced
Design an automated runbook execution flow for a common Sev-2 incident: worker queue backlog leading to processing delays. Describe: trigger conditions, pre-execution safety checks (idempotence, approvals), automated remediation steps (scale workers, retry policies), verification steps, rollback hooks, and human-in-the-loop decision points. Show how to abort automation safely if post-checks fail.

Unlock Full Question Bank

Get access to hundreds of Incident Classification and Severity interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.