InterviewStack.io LogoInterviewStack.io

System Hardening and Secure Configuration Questions

Covers host and operating system level security hardening, establishing and maintaining repeatable configuration baselines, and implementing secure endpoint configuration as part of a layered defense strategy. Candidates should understand reducing attack surface by disabling unnecessary services and features, configuring host based firewall rules, enforcing least privilege for file and directory permissions, and applying secure account and user management practices such as removing or disabling unnecessary user accounts and enforcing strong authentication and password policies. Include secure remote access practices such as key based Secure Shell authentication and secure transport protocols, certificate and key management, and encryption for data at rest and in transit. Cover platform specific controls including Security Enhanced Linux and AppArmor for Linux and Windows security baseline configurations and hardening guidance. Candidates should be familiar with using published security benchmarks such as Center for Internet Security benchmarks and vendor guidance, performing regular vulnerability scanning and remediation, patch and update management, audit logging and monitoring, and configuration management and automation. Also expect knowledge of policy as code and infrastructure as code for automated hardening and drift detection, documenting secure configuration and rollback procedures, continuous compliance reporting, and balancing operational needs with security to mitigate realistic threat scenarios.

EasyTechnical
78 practiced
For a small Linux web server, describe in detail how you would configure the host-based firewall to minimize attack surface while allowing HTTP/S traffic. Include default policies, specific rules (including stateful handling), logging, and how you would persist and test rules across reboots.
HardTechnical
40 practiced
You're migrating ad-hoc shell scripts that configure security settings into a policy-as-code framework (examples: OPA/Rego, Chef InSpec). Outline a migration plan covering inventorying scripts, decomposing policies, writing unit and integration tests for policies, CI/CD integration, deployment staging, rollback mechanisms, and how to preserve emergency operational flexibility.
HardTechnical
46 practiced
Compare SELinux and AppArmor in depth: kernel integration and LSM model, granularity of control, performance overhead, ease of authoring and testing policies, available tooling, and their suitability for containerized environments. Explain how you would debug complex denials and package policies for automated deployment.
HardTechnical
47 practiced
You discover a suspicious process running as root on multiple Linux servers that appear compromised. Provide a detailed investigation and containment plan: steps to collect volatile and persistent evidence, isolate affected hosts, determine point-of-entry and lateral movement, patch exploited vulnerabilities, and restore hardened systems from trusted images. Include coordination with security operations and legal where necessary.
EasyTechnical
37 practiced
Describe step-by-step how you would harden a freshly provisioned Linux server to a secure baseline. Include initial package updates, minimizing installed packages, user and SSH configuration, disabling unnecessary services, host firewall rules, logging and audit configuration, file permissions, and a plan to automate these steps for repeatability and rollback. Assume the server runs Ubuntu LTS and must align with CIS benchmarks.

Unlock Full Question Bank

Get access to hundreds of System Hardening and Secure Configuration interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.