Infrastructure Security and Compliance Questions

Designing, implementing, and operating security and compliance controls for infrastructure and delivery pipelines at scale. Topics include identity and access management, authentication and authorization patterns, role based access control and least privilege, secrets management and rotation, encryption for data at rest and in transit, network segmentation and microsegmentation, zero trust architecture, audit logging and retention, vulnerability scanning and patch and remediation workflows, endpoint protection, threat detection and monitoring, threat modeling and risk assessment, incident detection and response planning and runbooks, software supply chain security including artifact signing and dependency scanning and provenance, policy as code and automated security gates in continuous integration and continuous delivery pipelines, automated testing and validation of controls, and the trade offs between security controls and developer velocity. Also covers embedding and operationalizing compliance requirements from common regulatory frameworks and standards such as the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, Service Organization Controls two, the Payment Card Industry Data Security Standard, and International Organization for Standardization two seven zero zero one, and how those requirements influence architecture, controls, automation, monitoring, and auditability as systems scale globally.

MediumSystem Design

0 practiced

Design a scalable secrets rotation strategy for a microservices platform using HashiCorp Vault backed by a cloud KMS. Describe how services authenticate to Vault, how rotation is triggered or scheduled, safe rollout patterns to avoid downtime, and how you would audit and alert on rotation failures.

HardSystem Design

0 practiced

Propose an implementation for policy as code that enforces constraints both in CI CD gates and at runtime with minimal developer friction. Discuss policy evaluation timing, caching of decisions, exception processes, observable metrics, and SLAs for policy evaluation latency and reliability.

EasyTechnical

0 practiced

Describe the purpose and typical components of a vulnerability scanning program for infrastructure. Include types of scanners, scanning cadence, authenticated versus unauthenticated scans, handling false positives, and how scan results should feed into patch and remediation workflows.

HardTechnical

0 practiced

A CI runner token used by your pipeline is compromised and there are signs malicious commits may have been introduced. Walk through containment steps, evidence collection, immediate mitigation to stop malicious deployments, long term remediation, communication with stakeholders, and controls you would add to prevent recurrence.

MediumSystem Design

0 practiced

Design network segmentation for a multi tenant Kubernetes cluster so that tenant workloads are isolated, the control plane remains protected, and platform services are reachable but constrained. Discuss choices between namespaces and network policies, separate clusters, a service mesh, and the operational tradeoffs of each option.

Unlock Full Question Bank

Get access to hundreds of Infrastructure Security and Compliance interview questions and detailed answers.

Join thousands of developers preparing for their dream job.