InterviewStack.io LogoInterviewStack.io

Incident Response and Runbook Design Questions

Covers the design and operation of incident response programs and the creation and maintenance of actionable runbooks and playbooks for production systems. Candidates should be able to explain the incident lifecycle from detection and classification through investigation, escalation, remediation, and post incident analysis. Topics include severity definitions and assessment, escalation procedures, team roles and responsibilities, communication protocols during incidents, on call rotations, alert triage, and coordination across teams during outages. Also includes designing automated remediation steps where appropriate, integrating runbooks with monitoring and alerting systems, maintaining playbooks for common failure modes such as malware, data exfiltration, denial of service, and account compromise, and conducting blameless post incident reviews and continuous improvement. Candidates should be able to discuss metrics for measuring response effectiveness such as mean time to detect, mean time to repair, and response success rate, and describe approaches to improve those metrics over time.

HardSystem Design
64 practiced
You need to design an orchestration engine for automated remediation that supports idempotent steps, concurrent executions across regions, persistent execution state, and safe rollbacks. Provide component architecture, data model for step state, and how you would ensure at-most-once or exactly-once semantics for remediation steps.
MediumTechnical
63 practiced
Given an incidents table with schema incidents(incident_id, service, detected_at, acknowledged_at, resolved_at), write a SQL query to compute MTTA and MTTR per service for the last 90 days. Mention assumptions you make about null resolved_at rows and daylight savings/timezones.
MediumTechnical
58 practiced
Write a runbook for suspected account compromise of a privileged service account used by multiple microservices. Steps should include immediate containment, secret rotation, session invalidation, dependency mitigation, communication, and validation tests to verify the compromise has been resolved.
HardSystem Design
74 practiced
At scale, you need to generate runbooks programmatically from service metadata and templates. Propose a runbook-as-code pipeline that validates, lints, and publishes runbooks to an internal runbook service. Explain how you would handle secrets, test the runbooks, and rollback a bad runbook change.
HardTechnical
76 practiced
Hard coding problem: Implement a function in Python that given a sequence of incident events (detected, acknowledged, action_started, action_completed, resolved) computes MTTA and MTTR per incident and flags incidents where automation was started before acknowledgment. Input is a list of (incident_id, event_type, timestamp). Provide code and explain complexity.

Unlock Full Question Bank

Get access to hundreds of Incident Response and Runbook Design interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.