InterviewStack.io LogoInterviewStack.io

Cloud Security and Governance Questions

Covers securing cloud environments and establishing governance and cost control practices. Core technical areas include identity and access management with least privilege, role and policy design, encryption at rest and in transit, virtual private cloud and network segmentation, security groups and firewall rules, key management services, logging and centralized audit trails, monitoring and alerting, compliance frameworks and controls mapping for regulations such as GDPR and CCPA, data governance (classification, retention, access control), and secure design of data pipelines. Also includes cloud cost management and optimization techniques such as tagging and resource organization, budgeting and alerting, rightsizing and autoscaling, reserved and committed capacity, storage lifecycle policies and data tiering, cost-aware architecture patterns, and operational processes for balancing security, compliance, and cost.

EasyTechnical
82 practiced
Compare encryption at rest and encryption in transit for cloud data stores and data pipelines. Explain common implementations (e.g., TLS for in-transit, SSE-S3, SSE-KMS, client-side encryption, envelope encryption) and give practical guidance for a data lake that stores raw PII and processed analytics tables.
MediumTechnical
77 practiced
Explain key rotation strategies for encryption keys used to protect databases and object storage. Discuss approaches for seamless rotation (e.g., using envelope encryption, multi-key access during rotation), and operational considerations for backups, re-encryption costs, and rollback.
MediumTechnical
88 practiced
You must restrict network egress for a managed data cluster but the cluster still needs to call KMS, a private artifact repository, and a managed metrics endpoint. Sketch a VPC/network design and describe how you’d allow only those destinations while preventing arbitrary internet access.
HardTechnical
98 practiced
A regulator requests data lineage and transformation proof for a PII field that appears in several downstream reports. Describe how you would instrument ETL jobs and metadata systems to capture lineage, generate a reproducible evidence package, and present it to the regulator.
EasyTechnical
73 practiced
Compare Role-Based Access Control (RBAC) vs Attribute-Based Access Control (ABAC) for governing access to datasets and operational resources in the cloud. Which would you choose for fine-grained data access and why? Provide an example policy attribute you might use.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Governance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.