Code Room
On-callHardoc-g597
Subject Security ddos volumetricLevel Senior–Staff~40 minCommon in Security interviewsIndustries Technology, Telecom

Question

Pager fires: edge ingress bandwidth jumps from a steady 4 Gbps to 90 Gbps in under two minutes, and p99 latency for legitimate users goes from 80ms to timeouts. Your CDN dashboard shows the bulk of traffic is UDP reflection (DNS and NTP source ports) aimed at a single /32 origin IP, plus a smaller layer-7 flood of GET requests to an expensive search endpoint. The attack started 6 minutes ago; no deploy, no marketing event. You're the on-call SRE for edge infra. Triage and mitigate.

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.