Code Room
On-callMediumoc-g201
Subject Clock skewLevel Mid–Senior~30 minCommon in Reliability & on-call interviewsIndustries Technology, Software development

Question

Starting 09:30, ~4% of logins fail with 'token used before issued (iat)' or 'token expired'. Dashboards: failures are concentrated on one Kubernetes node pool; the affected pods all run on hosts that came up after an autoscaler scale-out at 09:25; chrony/NTP metric shows those hosts ~45s ahead of the rest of the fleet; auth success rate elsewhere is normal. A new VM image was rolled into the autoscaling group yesterday. How do you triage and mitigate?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.