InterviewStack.io LogoInterviewStack.io

Cloud Security and Compliance Questions

Focuses on designing, implementing, testing, and validating secure cloud environments across providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Topics include Identity and Access Management, network security and segmentation, encryption strategies for data at rest and data in transit, secrets management, secure multi tenant design patterns, compliance frameworks and controls, common cloud misconfigurations, cloud native attack vectors, and approaches to penetration testing and security validation for cloud infrastructure and managed services. Candidates should be able to reason about secure architecture decisions, threat models, detection and response strategies, and how compliance requirements affect cloud design.

EasyTechnical
53 practiced
Explain the shared responsibility model for cloud security. For AWS, Azure, or GCP outline which security controls are typically the cloud provider's responsibility versus the customer's responsibility across compute, networking, storage, data, and operational security. Provide examples of common misaligned expectations that lead to security gaps during migrations.
HardTechnical
46 practiced
Serverless functions often rely on third-party libraries and CI/CD pipelines. Describe a comprehensive approach to secure the serverless supply chain: dependency vetting and SBOMs, artifact signing and attestation, private registries with immutability, CI runner hardening, vulnerability scanning, and runtime protections that validate provenance before execution.
HardSystem Design
52 practiced
Design an architecture to centralize and store immutable audit logs from AWS, Azure, and GCP into a single, tamper-evident store for compliance. Address log ingestion (cross-account or tenant), schema normalization, indexing/search, integrity verification (signing, checksums), immutable/WORM storage (e.g., S3 Object Lock), access controls, encryption, retention policies, and cost optimization for long-term retention.
EasyTechnical
54 practiced
Outline a concise incident response runbook for a cloud security incident involving suspected credential compromise (user or machine). Include immediate containment steps, evidence collection (logs, instance snapshots), communication steps (stakeholders and providers), short-term remediation (rotate keys, revoke tokens), and post-incident actions such as root cause analysis and remediation verification.
EasyTechnical
55 practiced
Explain the principle of least privilege in cloud environments. Provide three practical steps a Cloud Engineer should take to implement least privilege for both human users and machine identities (service roles). Include examples of tools or automation (e.g., IAM Access Analyzer, permission boundaries, role templates) that help maintain least privilege over time.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Compliance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.