InterviewStack.io LogoInterviewStack.io

Cloud Networking and Security Questions

Design and operate isolated cloud networks and the controls that protect them. Core areas include Virtual Private Cloud design, subnetting and IP address planning, routing and route tables, internet gateways and network address translation, public and private subnet patterns, and multi region and multi account connectivity. Connectivity features include virtual private network tunnels, dedicated connectivity services, VPC peering, transit gateways, and service endpoints. Security and isolation topics include instance level security groups, subnet level network access control lists, bastion host and jump box patterns, firewall and third party appliances, segmentation and microsegmentation, identity and access management for network resources, and defense in depth. Data protections include encryption in transit and at rest, secrets management, and key management considerations. Also cover load balancing, high availability and scaling of network paths, performance tuning, monitoring and observability such as flow logs and packet capture, DNS and name resolution patterns, and common hybrid cloud and zero trust architectures. Be prepared to design a topology for a multi tier application, justify trade offs between security and accessibility, and propose operational controls and troubleshooting approaches.

HardTechnical
19 practiced
Design a Terraform-driven pattern to provision Transit Gateway attachments for multiple AWS accounts, automate route propagation from spoke VPCs to the Transit Gateway, and manage cross-account resource sharing securely. Explain module structure, remote state handling, use of AWS RAM for sharing, cross-account IAM roles for deployment, and strategies to avoid Transit Gateway route table explosion at scale.
HardTechnical
24 practiced
At an organization with thousands of VPCs, analyze scalability, security, operational complexity, and cost tradeoffs between VPC Peering, Transit Gateway, and PrivateLink for service connectivity. For each option discuss transitive routing support, route table limits, cross-account access patterns, isolation, and recommended migration approaches when growing from tens to thousands of VPCs.
EasyTechnical
18 practiced
Explain the differences between a managed NAT Gateway (or equivalent) and a self-managed NAT instance. Cover availability, automatic scaling, maintenance overhead, cost patterns, and situations where a NAT instance might still be preferred (e.g., custom filtering, logging).
MediumTechnical
21 practiced
How would you design IAM policies and operational controls to manage who can create or modify VPCs, route tables, security groups, and peering/transit attachments in a large organization? Discuss least privilege, separation of duties, automation via IaC, Service Control Policies (SCPs), permission boundaries, and auditing strategies.
EasyTechnical
24 practiced
Explain what a Virtual Private Cloud (VPC) is across AWS/Azure/GCP. Describe the core components — subnets, route tables, internet gateway (or equivalent), NAT, security groups, and network ACLs — and explain the differences between public and private subnets. Provide a simple example layout for a 3‑tier web application (web, app, db), indicating which tiers belong in public vs private subnets and why.

Unlock Full Question Bank

Get access to hundreds of Cloud Networking and Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.