InterviewStack.io LogoInterviewStack.io

Cloud Security and Compliance Questions

Focuses on designing, implementing, testing, and validating secure cloud environments across providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Topics include Identity and Access Management, network security and segmentation, encryption strategies for data at rest and data in transit, secrets management, secure multi tenant design patterns, compliance frameworks and controls, common cloud misconfigurations, cloud native attack vectors, and approaches to penetration testing and security validation for cloud infrastructure and managed services. Candidates should be able to reason about secure architecture decisions, threat models, detection and response strategies, and how compliance requirements affect cloud design.

EasyTechnical
49 practiced
Describe secure multi-tenant design patterns for a SaaS product hosted in the cloud. Compare: (1) shared application and shared database with tenant IDs (row-level isolation), (2) shared application with separate databases per tenant, and (3) separate cloud accounts/projects per tenant. For each pattern, discuss security isolation, cost, operational complexity, patching, and regulatory implications.
HardSystem Design
52 practiced
Design a secure service mesh architecture for a microservices platform spanning multiple teams and clusters. Requirements: mutual TLS between services, automated certificate issuance and rotation, RBAC for policy changes, integration with a central PKI/KMS, observability (tracing/metrics), and enforcement of egress policies. Explain trade-offs, failure modes, and how to roll it out incrementally.
MediumTechnical
46 practiced
Case study: Map SOC 2 Common Criteria related to logical access controls and change management to concrete cloud controls in AWS and GCP. For each mapped control propose a technical implementation (services and configurations) and an automated evidence collection approach you would present to an auditor.
EasyTechnical
48 practiced
Design a centralized logging and auditing architecture to meet enterprise compliance needs. Identify log sources (provider control plane logs, VPC/flow logs, container logs, application logs), transport and secure storage (retention, immutability/tamper-evidence), indexing and search, and role-based access to logs. Explain how this design supports forensic investigations and auditor evidence collection.
EasyTechnical
50 practiced
Compare approaches to encrypting data at rest and data in transit in cloud environments. Cover TLS/HTTPS for transport, server-side vs client-side encryption, envelope encryption, and cloud-managed keys versus customer-managed keys (CMKs). Describe trade-offs for confidentiality, performance, operational complexity, and meeting regulatory requirements.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Compliance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.