System Design

Security at Scale

6 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • We're exposing a public API to the internet and expect both legitimate heavy users and malicious traffic. How would you protect it from abuse and attacks at scale without degrading service for real users? Mid level
  • Design security for an internal platform with hundreds of microservices calling each other across clusters and clouds. Walk me through how you'd handle service-to-service authentication, secrets, and the blast radius when one service is compromised.Go Pro Staff-principal level
  • You have dozens of microservices that call each other and need to authenticate and authorize those service-to-service calls, plus manage the database passwords and API keys they use. How do you design this so a single leaked credential isn't a catastrophe?Go Pro Senior level
  • In a microservices system, how would you secure service-to-service communication so that a compromised or rogue service can't freely call everything else inside the network?Go Pro Mid level
  • Your public API is getting hit by a layer-7 traffic flood and credential-stuffing bots, and the abusive traffic is starting to degrade service for real users. How do you design defenses that absorb this at scale without blocking legitimate traffic?Go Pro Senior level
  • Your platform handles personal and payment data and operates in multiple regions with different privacy regimes. How would you design where data lives, who can access it, and how it's protected, so the system is compliant and secure by design rather than bolted on later?Go Pro Staff-principal level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.