Deviating from this post's original question about staying current, an example I can provide --- from a friend who attended an interview for an IT Security post --- is 'How would you go about securing an HR system to be implemented at multiple international locations?'

His answer to the interviewer was general steps: 'Ensure that portal connections are properly secured with SSL, accounts are properly managed, stored data is secured, & the application & site are properly tested.'

My response would have been: Before addressing the system's security, I'd want to gather information on the proposed implementation --- including what the system will use, what it will cater to, and where it's going to be deployed --- based on which I can determine the adequate security required, and how to implement this.

I can't be sure how an interviewer would perceive my reply --- either he'll agree that assessing a system is an important prerequisite to securing it & will offer some more info; else he'll assume I'm evading him 'coz I can't think of an answer.

The expectations and attitude of an interviewer / prospective employer play a big role in the outcome, alas we have to work with whatever we can glean about them, without having to rely on a psychological evaluation.