Threat Modeling and Secure System Design Questions

Applying threat modeling and structured problem solving to secure system design. Candidates should be able to decompose complex security challenges by identifying business context, critical assets, threat actors, attack surfaces, and compliance requirements. Topics include threat modeling methodologies, attacker capability and motivation analysis, risk assessment and prioritization, selection of mitigations and compensating controls, and evaluation of trade offs among security, usability, cost, and performance. Candidates should also be able to produce implementation and monitoring plans that address scalability and maintainability and to clearly explain and justify design choices and residual risk to stakeholders.

MediumTechnical

0 practiced

Design a tabletop exercise for an incident where a widely used third-party dependency is compromised (supply-chain attack). Define the exercise objectives, key participants, realistic timeline of events, injects for teams, decision points for containment and communication, success criteria, and follow-up actions to close gaps identified.

MediumTechnical

0 practiced

Evaluate performance, usability, and security trade-offs for encrypting a high-throughput transactional database both at rest and in transit. Compare options like full-disk encryption, database-level (per-table/per-row) encryption, per-tenant encryption, and TLS termination patterns for 50k transactions per second. Recommend an approach that balances throughput and data protection.

HardTechnical

0 practiced

Design an automated system that collects compliance evidence from CI/CD pipelines (configurations, test results, deployment manifests) and stores tamper-proof audit trails for regulators and auditors. Describe architecture, data flows, access controls, immutability options (e.g., signed artifacts, object lock), metadata linking (commit, build ID, deploy time), and how to scale the solution for 100+ microservices.

EasyTechnical

0 practiced

Explain the concept of residual risk in threat modeling. How should a Solutions Architect document residual risk, communicate it to stakeholders, and obtain formal acceptance or mitigation plans? Provide a short example where residual risk was accepted and justify the decision criteria (cost, feasibility, detection compensations).

MediumTechnical

0 practiced

You are architecting a payment processing service that must meet PCI DSS controls. Describe how you would incorporate PCI requirements into threat modeling: identify PCI-specific assets and decisions that reduce scope (tokenization, network segmentation), map controls to threats, and explain how to document and collect evidence to support auditor review while keeping the architecture maintainable.

Unlock Full Question Bank

Get access to hundreds of Threat Modeling and Secure System Design interview questions and detailed answers.

Join thousands of developers preparing for their dream job.