If I asked this question I would want to hear the candidate answer it in a scientific well thought out manner. If they quickly said all the things they would change about their code without properly emphasizing their knowledge of profiling, and an understanding that premature optimization is a sin, then in my view they have failed the question.
Profiling the code is the first step. I would elaborate on how you would do this (for example what tools and approach you would use to prove that you have done it before). I would then add doing any steps like DB normalization is premature, until you have found your bottlenecks, and explain why. You should tune where the profiling leads you. Having made it clear you just don't start tuning without evidence, you could then add typical performance improvement areas. IO subsystems such as the database, file, network are typically prime candidates for performance problems. You could add some examples of how you could detect and improve each of these. An example of a database check that can help a lot is to ensure that your tables have the proper indexes.