System Design
Security at Scale
6 practice questions. Free questions open a full answer guide; the rest unlock with Pro.
- We're exposing a public API to the internet and expect both legitimate heavy users and malicious traffic. How would you protect it from abuse and attacks at scale without degrading service for real users?
- Design security for an internal platform with hundreds of microservices calling each other across clusters and clouds. Walk me through how you'd handle service-to-service authentication, secrets, and the blast radius when one service is compromised.Go Pro
- You have dozens of microservices that call each other and need to authenticate and authorize those service-to-service calls, plus manage the database passwords and API keys they use. How do you design this so a single leaked credential isn't a catastrophe?Go Pro
- In a microservices system, how would you secure service-to-service communication so that a compromised or rogue service can't freely call everything else inside the network?Go Pro
- Your public API is getting hit by a layer-7 traffic flood and credential-stuffing bots, and the abusive traffic is starting to degrade service for real users. How do you design defenses that absorb this at scale without blocking legitimate traffic?Go Pro
- Your platform handles personal and payment data and operates in multiple regions with different privacy regimes. How would you design where data lives, who can access it, and how it's protected, so the system is compliant and secure by design rather than bolted on later?Go Pro
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.