InterviewStack.io LogoInterviewStack.io

Cloud Security Fundamentals Questions

Core security principles and operational practices for cloud computing environments. Topics include the shared responsibility model and delineation of provider and customer responsibilities, identity and access management basics and least privilege, secure configuration and common cloud misconfigurations, data protection including encryption at rest and encryption in transit, key and secrets management basics, network security and segmentation, secure API design, audit logging, monitoring and alerting, cloud security posture management and automated misconfiguration detection, incident response and forensic readiness in cloud environments, governance, compliance and data residency considerations, strategies to reduce blast radius and prevent privilege escalation, and common cloud specific threats and mitigations. Candidates should be able to discuss trade offs, how to apply controls across major cloud providers, detection and mitigation strategies, and practical examples of securing cloud workloads.

MediumTechnical
110 practiced
You receive a SIEM alert indicating unusual API token usage from an IAM user outside their normal geolocation and time zone. Describe the triage steps you would take: what logs and data sources to collect (management plane, host, network), how to determine the scope of compromise, containment actions, evidence preservation steps, and stakeholder communication. Be concrete about cloud-native artifacts to capture.
MediumTechnical
52 practiced
Describe a comprehensive hardening checklist for container workloads running in a managed Kubernetes service (EKS/GKE), including build-time controls (image provenance and scanning), runtime controls (admission controllers, PodSecurity admission, runtime detection), network policies, node hardening, secrets handling, and integration with cloud IAM and logging. Provide concrete enforcement points in the CI/CD pipeline and at runtime.
MediumSystem Design
74 practiced
Design a secure CI/CD pipeline for cloud deployments that prevents secrets leakage and ensures only verified artifacts are promoted to production. Cover how to store and inject secrets securely, use ephemeral runners or OIDC tokens, sign and verify artifacts, integrate SCA and SAST scanners, run approval gates, and restrict deployment permissions through least privilege.
EasyTechnical
65 practiced
Compare managed secrets services (AWS Secrets Manager, Azure Key Vault, GCP Secret Manager) and open-source solutions (HashiCorp Vault). For each, discuss typical use-cases, rotation strategies, access control models, integration with workloads (e.g., IAM or service identity), and trade-offs in operational complexity and cost. When is KMS sufficient versus requiring a full secrets manager?
HardTechnical
75 practiced
Design detection and prevention controls to stop privilege escalation and lateral movement inside cloud accounts. Include identity hardening (no wildcards, permission boundaries, managed policy reviews), monitoring (detect iam:CreatePolicy, PassRole, unusual role assumption), network controls (micro-segmentation, private endpoints), and runtime detection (behavioral baselining). Explain how to surface high-risk activities and how you'd automate containment actions without breaking legitimate workflows.

Unlock Full Question Bank

Get access to hundreds of Cloud Security Fundamentals interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.