InterviewStack.io LogoInterviewStack.io

Cloud Security and Governance Questions

Covers securing cloud environments and establishing governance and cost control practices. Core technical areas include identity and access management with least privilege, role and policy design, encryption at rest and in transit, virtual private cloud and network segmentation, security groups and firewall rules, key management services, logging and centralized audit trails, monitoring and alerting, compliance frameworks and controls mapping for regulations such as GDPR and CCPA, data governance (classification, retention, access control), and secure design of data pipelines. Also includes cloud cost management and optimization techniques such as tagging and resource organization, budgeting and alerting, rightsizing and autoscaling, reserved and committed capacity, storage lifecycle policies and data tiering, cost-aware architecture patterns, and operational processes for balancing security, compliance, and cost.

HardTechnical
74 practiced
Your company acquires another company with its own cloud accounts and data stores. As the data engineer responsible for onboarding, describe the steps to assess security posture, transfer data safely into your environment, sanitize PII where required, and align identity and access controls with your governance model.
EasyTechnical
83 practiced
Design a simple retention policy for a data warehouse table that contains user session logs with the business rule: keep raw sessions for 90 days, aggregate monthly to analytics tables for 24 months, then archive or delete raw data. Describe steps in ETL, automation, and safety checks before deletion.
MediumTechnical
122 practiced
Explain how to implement envelope encryption in Apache Spark jobs when reading/writing encrypted objects to S3. Describe where to store data keys, how to request them securely from KMS, and how to avoid unnecessary KMS API throttling while maintaining security.
HardTechnical
132 practiced
Design and outline (pseudocode acceptable) a tool that scans IAM policies across an account for overly-permissive statements (for example, Action: '*', Resource: '*') and scores policies by risk. The tool should produce a prioritized remediation list including least-privilege suggestions.
EasyTechnical
81 practiced
What is a Key Management Service (KMS) and how does it integrate with cloud object storage and databases? Explain the difference between provider-managed keys and customer-managed keys, and outline the operational steps you'd take to rotate and revoke keys with minimal downtime for a production data warehouse.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Governance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.