Tips:

. I strongly suggest you read it, especially the leadership principles and the STAR
format for formulating responses
There is a video of Jeff Bezos explaining the leadership principles in depth and
watching that really helped me prepare my STAR responses.

system design
--DNS
--URL LIFECYCLE
--IP AND MAC
security technology
risk assessmnet methodologies, policies and process

If you had to remove the "connected corp domain network" from your current
environment, how would you go about it?

what encryption type ssh uses

ssh connection process between two hosts(in depth about the type of hashes and
encryption)
how do you troubleshoot intermittent internet connection

What happens backend when you type www.google.com

Explain the Linux boot process.
Explain the permissions on files and directories.
Explain the OSI layers, be prepared to provide examples.
How to set a list?
What is the difference between an integer and a string?
What is the difference between a for and a while loop?
What happens when you enter amazon.com on a browser? Explain what goes through the
OSI layer.
Mac IOS questions.
Describe Three-tier architecture:

How would you replace duplicate values in an unsorted array?

Explain, in detail, how the process of password caching works when an Amazon
employee logs into their work computer at work, and subsequently goes home and logs
into their work account from an Amazon provisioned laptop or other trusted device.
How is pad lock icon in browser generated? How does DNS works? Explain symmetric
and asymmetric encryption? Applications of symmetric and asymmetric encryption?
Name some cryptographic algorithms? What is SQL Injection? What is CSRF? What is
Private Forward Secrecy? How would you detect malicious activity in Amazon ELB? How
Amazon Guard Duty works? What is ciphersuite? Explain working of TLS? How is
ciphersuite exchanged in TLS?

How to intercept traffic between a victim and a webserver?

network protocols
code review questions
threat modelling
In depth scenario about how I might find evidence of malicious activity within the
AWS EBS service. Interviewer used almost the whole hour to dig in on this.
Can two files generate same checksum?

Windows
*Define DHCP and how it works.

Networking
*Define the OSI model and TCP/IP model; how many are in each?
*Define ping and the protocol used for ping.
*Define TCP and UDP; how they are different?

Ways to improve the efficiency of an SQL query

Various sql queries

What does the grep command do?

Easy stuff like what is Spanning Tree, what is a host file, what does DNS do, etc

Gave me a text file and asked me to process data from the file in some scripting
language

How would you write a function to check if a number is prime? What kind of tests
would you write for this function? Write a regular expression for a phone number.
(XXX-XXX-XXXX format)
What command would you use to find how much disk space a file is taking up?
Suppose you are managing a web site. The site's traffic is load-balanced between 10
machines. There is an attacker that is constantly visiting your site and scraping
sensitive data. How do you find the attacker?
How would you get just the second field of a .csv file?

How can we prevent cross-site tracing?

What is Cross-Site Scripting and how would you use it and how would you protect for
it?
Explain how you would build a web site that could secure communications between a
client and a server and allow an authorized user to read the communications
securely.

He asked a series of technical but generic business cases with accompanying

interrogation. What kind of security issues could you envision on an Amazon Web
Services-driven Pay-Per-View Set-Top Box? How would you protect the set-top box as
well as Amazon from those threats? How would you ensure non-repudiation? How would
you ensure integrity of the data? How would you ensure continuity of service?

How would you build out a system for a network-based log aggregator that takes
input from thousands of systems simultaneously? What would be your requirements?
What are the security vectors that could be exploited? How would you protect the
availability and integrity of the data? What would you use to secure the data? How
would you prevent forged data from being processed?

3P developer
· Knowledge of security technology, risk assessment methodologies, policies, and
processes
System Design
LP/LC - Amazon Leadership Principle

questions about SQL Injection and XSS (all of which I successfully answered), so
this item was only partially covered.

xplain the different types of XSS.” or “How do you prevent CSRF?

Do you have experience in writing REGEX?

what happens when you put google in a browser"

network protocols and security concepts

How do you change your DNS settings in Linux/Windows?

What are your first three steps when securing a Linux server?
Does TLS use symmetric or asymmetric encryption?
What’s the difference between symmetric and public-key cryptography?
Describe the process of a TLS session being set up when someone visits a secure
website.
What is Cross-Site Request Forgery?
How does one defend against CSRF?
What’s the difference between HTTP and HTML?
How does HTTP handle state?
What exactly is Cross Site Scripting, and how would you explain it to a 10-year-
old??
What’s the difference between a threat, vulnerability,and a risk?
Can you describe rainbow tables?
What is salting, and why is it used?

Have you ever experienced a project that failed?