Interview › Security & DevSecOps
What is TLS, and what happens during a TLS handshake at a high level? [Advanced]
Answer
TLS secures network communication by authenticating the server, negotiating encryption parameters, deriving shared session keys, and encrypting application data. At a high level, the client validates the certificate chain, both sides agree on cryptographic parameters, and then use symmetric keys for the session.
Technical explanation
The server certificate proves the service identity if it chains to a trusted CA and matches the hostname.
Modern TLS uses ephemeral key exchange to provide forward secrecy.
After the handshake, application data is encrypted and integrity-protected against eavesdropping and tampering.
Hands-on example
Hands-on: run openssl s_client -connect api.example.com:443 -servername api.example.com to inspect the certificate chain, protocol, cipher, expiry, and hostname. In production, alert before certificate expiry and disable old protocols/ciphers.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]