InterviewStack.io LogoInterviewStack.io

Cloud Security and Compliance Questions

Focuses on designing, implementing, testing, and validating secure cloud environments across providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Topics include Identity and Access Management, network security and segmentation, encryption strategies for data at rest and data in transit, secrets management, secure multi tenant design patterns, compliance frameworks and controls, common cloud misconfigurations, cloud native attack vectors, and approaches to penetration testing and security validation for cloud infrastructure and managed services. Candidates should be able to reason about secure architecture decisions, threat models, detection and response strategies, and how compliance requirements affect cloud design.

EasyTechnical
43 practiced
Explain the role of cloud provider audit logs (AWS CloudTrail, Azure Activity Log, GCP Audit Logs) in security and penetration testing. Which events are essential to collect for detection and forensics (management plane, data plane, authentication), what retention would you recommend, and which logs should a penetration tester validate during an assessment?
HardTechnical
52 practiced
Perform threat modeling for a multi-region, active-active cloud application that uses cross-region replication for databases and object storage. Identify top threats introduced by replication and cross-region trust (for example: misconfigured replication permissions, key compromise, data-leak during transit), enumerate attack surfaces, and prioritize mitigations by impact and likelihood.
HardTechnical
42 practiced
Analyze side-channel risks in multi-tenant cloud environments such as CPU cache timing or speculative-execution attacks (e.g., Spectre/Meltdown style vectors) and noisy-neighbor leakage. How would you test for observable side-channel leakage in a cloud tenant, and what architectural and provider-level mitigations (e.g., dedicated hosts, confidential computing) would you recommend for high-security workloads?
EasyTechnical
52 practiced
List and explain three common multi-tenant isolation patterns used in cloud environments (for example: account-per-tenant, VPC-per-tenant, namespace-per-tenant). For each pattern describe the security trade-offs, operational overhead, and scenarios (including compliance) where you would choose one pattern over another.
EasyTechnical
73 practiced
You are reviewing an S3 bucket policy and must find security issues. Identify the problems in this policy and propose remediation steps (policy changes, bucket settings, monitoring):
json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
Explain what an attacker can do and list at least three concrete fixes and detection mechanisms.

Unlock Full Question Bank

Get access to hundreds of Cloud Security and Compliance interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.