InterviewStack.io LogoInterviewStack.io

Cloud Security and Governance Questions

Covers securing cloud environments and establishing governance and cost control practices. Core technical areas include identity and access management with least privilege, role and policy design, encryption at rest and in transit, virtual private cloud and network segmentation, security groups and firewall rules, key management services, logging and centralized audit trails, monitoring and alerting, compliance frameworks and controls mapping for regulations such as GDPR and CCPA, data governance (classification, retention, access control), and secure design of data pipelines. Also includes cloud cost management and optimization techniques such as tagging and resource organization, budgeting and alerting, rightsizing and autoscaling, reserved and committed capacity, storage lifecycle policies and data tiering, cost-aware architecture patterns, and operational processes for balancing security, compliance, and cost.

HardTechnical
79 practiced
As a senior data engineer, how would you build a security-first culture in a data team? Describe concrete onboarding practices, code review checks, training, incentives, and the security metrics you would track to measure progress.
HardTechnical
139 practiced
An external compliance audit found gaps in periodic access reviews and missing evidence of least-privilege enforcement. Create a remediation plan that includes tools, processes, roles, timelines, and how you would provide evidence to auditors once remediation is complete.
HardTechnical
95 practiced
Deep dive: Compare data masking, tokenization, and encryption for protecting sensitive fields used in analytics. For each technique discuss reversibility, performance impact, suitability for joins/aggregations, and how you would implement them in an analytics pipeline.
HardSystem Design
97 practiced
Design a multi-region secure data platform to support regulated (HIPAA) workloads. Requirements: encrypted-at-rest and in-transit, cross-region replication with controlled key access, failover for region outage, audit trails for all access, and minimal RTO/RPO. Describe components, key management approach, and trade-offs.
MediumTechnical
90 practiced
Write a Python script (using boto3) that enumerates S3 buckets in an AWS account and detects buckets with public ACLs or bucket policies allowing public access. Output a JSON report with bucket name, issue type (ACL/policy/public-block-missing), and suggested remediation. Pseudocode or runnable code is acceptable.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Governance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.