InterviewStack.io LogoInterviewStack.io

Cloud Networking and Security Questions

Design and operate isolated cloud networks and the controls that protect them. Core areas include Virtual Private Cloud design, subnetting and IP address planning, routing and route tables, internet gateways and network address translation, public and private subnet patterns, and multi region and multi account connectivity. Connectivity features include virtual private network tunnels, dedicated connectivity services, VPC peering, transit gateways, and service endpoints. Security and isolation topics include instance level security groups, subnet level network access control lists, bastion host and jump box patterns, firewall and third party appliances, segmentation and microsegmentation, identity and access management for network resources, and defense in depth. Data protections include encryption in transit and at rest, secrets management, and key management considerations. Also cover load balancing, high availability and scaling of network paths, performance tuning, monitoring and observability such as flow logs and packet capture, DNS and name resolution patterns, and common hybrid cloud and zero trust architectures. Be prepared to design a topology for a multi tier application, justify trade offs between security and accessibility, and propose operational controls and troubleshooting approaches.

HardTechnical
18 practiced
Your NAT Gateway costs have grown dramatically due to large volumes of container image pulls and OS updates across many accounts. Propose a combination of architecture and operational changes to reduce NAT and egress costs while maintaining security isolation and reliability for development and production workloads.
HardSystem Design
17 practiced
Design a network observability system that provides packet-level traceability for security investigations while preventing storage of PII in logs and remaining GDPR-compliant. Cover data collection, redaction/anonymization strategies, tiered retention, access controls and just-in-time access to raw captures, and audit mechanisms for any access to sensitive captures.
EasyTechnical
20 practiced
Explain how route tables work inside a VPC: how route tables are associated to subnets, the concept of local routes, longest-prefix-match (route precedence), propagating routes from virtual gateways (BGP), and how you would handle overlapping routes or conflicting routes when connecting to multiple external networks.
MediumTechnical
19 practiced
Compare Network Load Balancer (NLB), Application Load Balancer (ALB), and Gateway Load Balancer (GWLB). Discuss which OSI layer each operates at, TLS termination options, integration with WAF or appliances, support for sticky sessions or WebSockets, and typical use-cases for each in cloud architectures.
EasyTechnical
17 practiced
Explain what a Virtual Private Cloud (VPC) is in the context of public clouds (for example, AWS/Azure/GCP). Describe the core components you expect when designing a VPC for a new application (subnets, route tables, internet/NAT gateways, security groups, NACLs, endpoints) and key design considerations (isolation, CIDR allocation, AZ placement, scalability).

Unlock Full Question Bank

Get access to hundreds of Cloud Networking and Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.