Compliance Automation and Tooling Questions
Using technology to scale and continuously enforce compliance and privacy. Covers GRC platforms, compliance-as-code, continuous control monitoring, automated evidence collection, and integrating compliance and privacy checks into engineering pipelines. Focuses on how tooling reduces manual effort and enables continuous rather than point-in-time assurance.
MediumSystem Design
41 practiced
Design an approach to implement microsegmentation for namespaces and services in a Kubernetes cluster using NetworkPolicies and a CNI that supports egress controls. Explain default-deny patterns, label selectors and policy composition, how to test rules safely, and rollout strategies to avoid disruption.
MediumTechnical
33 practiced
Design a workflow for rotating database credentials automatically using HashiCorp Vault dynamic secrets for applications deployed via CI/CD and Kubernetes. Describe the auth method (e.g., Kubernetes auth), lease management, secret caching, renewal, key steps for rollout without downtime, and how to detect and recover from rotation failures.
MediumSystem Design
44 practiced
Design an IAM and RBAC model for an organization using AWS Organizations with 10 development teams and a central platform team. Explain recommended account structure, role assumption patterns, use of SSO and permission sets, how to enforce least privilege, and how to automate policy distribution and auditing across accounts.
MediumTechnical
39 practiced
Explain how Software Bill of Materials (SBOM) and provenance metadata improve software supply chain security. Describe practical tools and processes to generate, sign, store, and verify SBOMs and provenance across build, test, and deployment pipelines at scale.
MediumTechnical
35 practiced
Describe how you'd use Open Policy Agent (OPA) as a policy-as-code gate in a CI pipeline (for example GitHub Actions or Jenkins) to block builds if container images exceed a CVE severity threshold or if SBOM metadata is missing. Provide a high-level Rego policy example and explain integration points and evaluation timing.
Unlock Full Question Bank
Get access to hundreds of Compliance Automation and Tooling interview questions and detailed answers.
Sign in to ContinueJoin thousands of developers preparing for their dream job.