Back to Question Bank
IntermediateBEHAVIORAL
Describe a time you introduced or improved security practices in a Next.js application (e.g., handling auth tokens, XSS, CSRF, or protecting API routes). What prompted the change and how did you ensure the team adopted it?
Next.js Developer
General

Sample Answer

At my last company, we had a Next.js dashboard where auth tokens were stored in localStorage and passed to API routes via headers. During a quick internal security review, I demonstrated how easy it was for an XSS to exfiltrate tokens. That was the catalyst to tighten things up. I proposed moving to HttpOnly, secure cookies managed by NextAuth and enforcing server-side session checks in getServerSideProps and API routes. I also added a default Content Security Policy via next-safe and locked down allowed origins. We created a short 30-minute security walkthrough for the frontend team, plus code snippets in our internal docs showing the “new way” to access user state. Within one sprint, we migrated 90% of flows, eliminated token access from the client, and passed an external pen test with zero high-severity findings.

Keywords

Identified concrete risk with tokens in localStorage and XSS exposureMoved to HttpOnly cookies and server-side session validation in Next.jsImplemented CSP and documented secure patterns for the teamMeasured impact via migration coverage and pen test results
Related Questions

Walk me through a recent multi-channel digital marketing campaign you managed end-to-end. How did you set objectives, choose channels, allocate budget, and measure success?

IntermediateBEHAVIORAL

On your resume you mention working on a cross-functional project (e.g., involving multiple teams or stakeholders). Describe a situation from that project where priorities conflicted—how did you navigate the trade-offs and what was the final outcome?

IntermediateSITUATIONAL

In your civil engineering studies, what specific design coursework or project work did you complete related to irrigation channels or canals (e.g., design of lined/unlined canals, distributaries, minors)? Describe one such design in detail, including how you determined discharge, permissible velocity, section dimensions, and lining choice for Gujarat-type soil and climate conditions.

IntermediateTECHNICAL

Based on your hydrology and irrigation engineering background, explain how you would estimate the irrigation water requirement for a kharif crop in a semi-arid region of Gujarat. Walk me through each step: from reference evapotranspiration estimation, crop coefficient selection, effective rainfall calculation, to arriving at canal discharge for a given command area.

IntermediateTECHNICAL

Can you explain how you would tailor your sales approach for selling medical products in the telecommunications industry?

IntermediateSales Strategy
View more questions