InterviewStack.io LogoInterviewStack.io

Cloud Security and Governance Questions

Covers securing cloud environments and establishing governance and cost control practices. Core technical areas include identity and access management with least privilege, role and policy design, encryption at rest and in transit, virtual private cloud and network segmentation, security groups and firewall rules, key management services, logging and centralized audit trails, monitoring and alerting, compliance frameworks and controls mapping for regulations such as GDPR and CCPA, data governance (classification, retention, access control), and secure design of data pipelines. Also includes cloud cost management and optimization techniques such as tagging and resource organization, budgeting and alerting, rightsizing and autoscaling, reserved and committed capacity, storage lifecycle policies and data tiering, cost-aware architecture patterns, and operational processes for balancing security, compliance, and cost.

HardTechnical
0 practiced
Data exfiltration was detected originating from external stages in a cloud data warehouse. Describe the immediate containment actions, forensic data you would collect (logs, query history, network artifacts), and long-term architectural controls to mitigate future exfiltration via external stages or connectors.
MediumTechnical
0 practiced
Explain the roles of logging, monitoring, and alerting in cloud security. Provide examples of logs important for security analysis (e.g., object access logs, data warehouse query logs, IAM API logs) and how you would configure alerts for high-fidelity security events versus noisy operational alerts.
MediumTechnical
0 practiced
Write a Python script (using boto3) that enumerates S3 buckets in an AWS account and detects buckets with public ACLs or bucket policies allowing public access. Output a JSON report with bucket name, issue type (ACL/policy/public-block-missing), and suggested remediation. Pseudocode or runnable code is acceptable.
HardTechnical
0 practiced
You must decide whether to use reserved instances, spot/interruptible instances, or serverless (managed) compute for three workload types: (A) nightly batch ETL, (B) interactive analytics for data scientists, (C) occasional large reprocessing jobs. Propose a cost-optimized mix and discuss security implications (e.g., spot interruptions exposing data on reused hosts).
HardTechnical
0 practiced
Your company acquires another company with its own cloud accounts and data stores. As the data engineer responsible for onboarding, describe the steps to assess security posture, transfer data safely into your environment, sanitize PII where required, and align identity and access controls with your governance model.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Governance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.