InterviewStack.io LogoInterviewStack.io

Cloud Security and Compliance Questions

Focuses on designing, implementing, testing, and validating secure cloud environments across providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Topics include Identity and Access Management, network security and segmentation, encryption strategies for data at rest and data in transit, secrets management, secure multi tenant design patterns, compliance frameworks and controls, common cloud misconfigurations, cloud native attack vectors, and approaches to penetration testing and security validation for cloud infrastructure and managed services. Candidates should be able to reason about secure architecture decisions, threat models, detection and response strategies, and how compliance requirements affect cloud design.

EasyTechnical
39 practiced
Describe a minimal but effective logging and monitoring strategy for cloud environments (AWS/GCP/Azure) that supports incident detection and compliance. Specify which logs to collect (control plane and data plane), retention and access controls, centralization approach (accounts/projects), and how you would protect logs from tampering.
HardTechnical
55 practiced
You are building detection rules to surface compromised identities and data exfiltration across cloud accounts. Propose a set of high-fidelity detection rules (lateral movement, privilege escalation, abnormal data transfers), list required telemetry and enrichment sources, and explain how you'd validate and iterate on these rules to reduce false positives while remaining effective against novel attack techniques.
MediumTechnical
50 practiced
Propose an automated pipeline that scans Terraform and CloudFormation changes during pull requests for security misconfigurations and blocks merges on high-risk findings. Include recommended tools, policy authorship/testing strategy, developer feedback loop, metrics to measure impact, and ways to reduce developer friction while enforcing security.
EasyTechnical
47 practiced
When threat modeling a new cloud deployment, what are the top cloud-native attack vectors you would consider (for example, metadata API access, SSRF leading to credentials, misconfigured IAM roles, public storage, insecure serverless event sources)? For each vector, give a brief exploit example and one or two high-impact mitigations.
EasyTechnical
47 practiced
Compare encryption-at-rest options across AWS (EBS, S3, RDS), GCP (Persistent Disk, Cloud Storage, Cloud SQL), and Azure (Managed Disks, Blob Storage, SQL Database). Explain default behavior, the difference between provider-managed keys and customer-managed keys (CMKs), BYOK considerations, and how you would enforce encryption-by-default across an organization.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Compliance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.