InterviewStack.io LogoInterviewStack.io

Cloud Security and Compliance Questions

Focuses on designing, implementing, testing, and validating secure cloud environments across providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Topics include Identity and Access Management, network security and segmentation, encryption strategies for data at rest and data in transit, secrets management, secure multi tenant design patterns, compliance frameworks and controls, common cloud misconfigurations, cloud native attack vectors, and approaches to penetration testing and security validation for cloud infrastructure and managed services. Candidates should be able to reason about secure architecture decisions, threat models, detection and response strategies, and how compliance requirements affect cloud design.

MediumTechnical
48 practiced
Given a Kubernetes manifest and a requirement to block container images from unapproved registries, explain how you would implement a Gatekeeper/OPA constraint that denies deployments that reference images from public Docker Hub. Provide an example Rego or Constraint template snippet (Kubernetes YAML or Rego).
MediumTechnical
45 practiced
A periodic automated scan reports a publicly accessible S3 bucket that contains backups. Outline a response plan to triage, remediate, notify stakeholders, and verify. Include forensic steps and how to communicate risk and remediation to customers and leadership.
EasyTechnical
53 practiced
You're reviewing a Terraform module that provisions an AWS S3 bucket. The module currently leaves the bucket ACL and public access settings at defaults. Provide a corrected Terraform HCL snippet that blocks public access, disables ACLs, and enforces server-side encryption with a KMS key.
MediumTechnical
49 practiced
Describe design considerations for Bring-Your-Own-Key (BYOK) across AWS KMS, Google Cloud KMS, and Azure Key Vault. Cover key import/export limitations, key lifecycle management, rotation, backup/restore, access control, and compliance implications (auditing, separation of duties).
MediumTechnical
44 practiced
A prospect's legal/security team demands full source-code escrow before signing a SaaS contract. As a solutions architect, how would you evaluate this request, propose alternative technical assurances (e.g., attestations, escrow-lite, extended warranties, independent audits), and present those alternatives to satisfy the customer's risk appetite?

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Compliance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.