Infrastructure Security and Compliance Questions

Designing, implementing, and operating security and compliance controls for infrastructure and delivery pipelines at scale. Topics include identity and access management, authentication and authorization patterns, role based access control and least privilege, secrets management and rotation, encryption for data at rest and in transit, network segmentation and microsegmentation, zero trust architecture, audit logging and retention, vulnerability scanning and patch and remediation workflows, endpoint protection, threat detection and monitoring, threat modeling and risk assessment, incident detection and response planning and runbooks, software supply chain security including artifact signing and dependency scanning and provenance, policy as code and automated security gates in continuous integration and continuous delivery pipelines, automated testing and validation of controls, and the trade offs between security controls and developer velocity. Also covers embedding and operationalizing compliance requirements from common regulatory frameworks and standards such as the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, Service Organization Controls two, the Payment Card Industry Data Security Standard, and International Organization for Standardization two seven zero zero one, and how those requirements influence architecture, controls, automation, monitoring, and auditability as systems scale globally.

MediumTechnical

65 practiced

Discuss practical tradeoffs between strong security controls and developer velocity. Provide concrete patterns SRE teams can adopt to enforce security without blocking developers, such as progressive enforcement, developer self service patterns, policy as code with advisory modes, and security champion programs.

EasyTechnical

53 practiced

Explain core secrets management patterns used by SRE teams. Compare using a secrets manager service, environment variables, and mounted files. Describe rotation strategies, access controls, auditability, and how to avoid common mistakes such as committing secrets to source control or leaking them in logs.

HardSystem Design

75 practiced

Design a SIEM and SOAR based detection and response platform aimed at detecting advanced persistent threats across cloud services and endpoints. Detail required telemetry sources, correlation strategies, detection models, playbook design, safe automated containment actions, and metrics for program health such as mean time to detect and mean time to respond.

HardSystem Design

64 practiced

Design a secure secrets distribution mechanism for ephemeral containers and serverless functions that balances low latency, strong security, and operational simplicity. Include authentication and authorization model, caching and TTL decisions, revocation strategy, and a threat model for a compromised host scenario.

HardTechnical

53 practiced

Design an end to end plan to defend the build and release pipeline against supply chain attacks. Include reproducible builds, SBOM generation, artifact signing and transparency, build farm isolation, credential hygiene, and how to detect and respond to a compromised dependency or malicious commit.

Unlock Full Question Bank

Get access to hundreds of Infrastructure Security and Compliance interview questions and detailed answers.

Join thousands of developers preparing for their dream job.