InterviewStack.io LogoInterviewStack.io

Infrastructure Security and Access Control Questions

Design and implementation of security controls within infrastructure and access management. Topics include network segmentation and isolation, security groups and network access control lists, identity and access management policies and least privilege principles, encryption at rest and in transit, secrets management and key management practices, audit logging and monitoring, secure remote access patterns such as bastion hosts and virtual private networks, session recording and privileged access governance, threat modeling for infrastructure components, and trade offs for compliance and operational complexity.

HardTechnical
45 practiced
Design a solution for provisioning secrets to ephemeral containers in Kubernetes such that secrets are least-privilege, auto-rotated, and not persisted on disk in plaintext. Include the roles of Kubernetes ServiceAccounts, an external vault (e.g., Vault/Azure Key Vault), the CSI Secrets Store driver, and any admission controls.
MediumTechnical
39 practiced
Design an automated access review and recertification process for user and service accounts in a hybrid environment. Include data sources, frequency, notifications, approver workflow, and how to handle stale or orphaned accounts.
EasyTechnical
52 practiced
Explain symmetric versus asymmetric encryption and give two practical infrastructure use-cases for each (for example: disk encryption, TLS, signing). Also mention performance and operational considerations that influence the choice.
EasyTechnical
74 practiced
What is multi-factor authentication (MFA), and which MFA patterns are recommended for system administrators accessing critical infrastructure? Discuss hardware tokens, TOTP, push-based methods, and integration points like SSO and PAM.
MediumTechnical
55 practiced
Write a Python script that rotates a simple API credential stored in HashiCorp Vault. Script requirements: authenticate to Vault using a token, fetch secret at path 'secret/data/app/api', generate a new credential value, write it back, and print a change summary. Outline error handling and idempotency expectations. (You do not need to implement the random generator; show function signatures and API calls.)

Unlock Full Question Bank

Get access to hundreds of Infrastructure Security and Access Control interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.