Cloud Security Engineer Interview Questions

The definitive database for Cloud Security Professionals, covering Cloud Fundamentals, AWS/Azure/GCP Security, IAM, Network Security, Container Security (Kubernetes), and Incident Response.

Total Questions:580
Difficulty Levels:
BeginnerIntermediateAdvanced
0%

Overall Progress

0/580

1.What is Cloud Security and why is it important?

2.What is the Shared Responsibility Model in cloud security?

3.What is the difference between IaaS, PaaS, and SaaS security responsibilities?

4.What are the main cloud security challenges?

5.What is the CIA Triad in cloud security?

6.What is Defense in Depth strategy?

7.What is the principle of Least Privilege (PoLP)?

8.What is Zero Trust Architecture?

9.What is the difference between on-premise and cloud security?

10.What are the OWASP Cloud Top 10 risks?

11.What is Cloud Security Posture Management (CSPM)?

12.What is Cloud Workload Protection Platform (CWPP)?

13.What is Cloud Access Security Broker (CASB)?

14.What is the difference between CSPM and CWPP?

15.What is multi-cloud security strategy?

16.What is hybrid cloud security?

17.What is shadow IT and how do you detect it?

18.What is cloud security compliance?

19.What are major compliance frameworks (SOC 2, ISO 27001, PCI-DSS)?

20.What is GDPR and its impact on cloud security?

21.What is HIPAA compliance in cloud?

22.What is data residency and sovereignty?

23.What is cloud security audit?

24.What is penetration testing in cloud environments?

25.What is vulnerability management in cloud?

26.What is cloud incident response?

27.What is disaster recovery in cloud?

28.What is business continuity planning for cloud?

29.What is cloud backup strategy?

30.What is immutable infrastructure?

31.What is AWS Identity and Access Management (IAM)?

32.What are IAM users, groups, and roles?

33.What is the difference between IAM user and IAM role?

34.What is IAM policy and its structure?

35.What is the difference between inline and managed policies?

36.What is AWS managed policy vs customer managed policy?

37.What is IAM policy evaluation logic?

38.What is explicit deny vs implicit deny?

39.What is IAM permission boundary?

40.What is service control policy (SCP) in AWS Organizations?

41.What is the difference between IAM policy and SCP?

42.What is cross-account access in AWS?

43.What is assume role in AWS?

44.What is IAM Access Analyzer?

45.What is AWS Security Token Service (STS)?

46.What is temporary security credentials?

47.What is MFA (Multi-Factor Authentication) in AWS?

48.What is IAM credential report?

49.What is AWS Secrets Manager?

50.What is AWS Systems Manager Parameter Store?

51.What is the difference between Secrets Manager and Parameter Store?

52.What is AWS Key Management Service (KMS)?

53.What is Customer Master Key (CMK)?

54.What is the difference between AWS managed and customer managed keys?

55.What is envelope encryption in AWS?

56.What is KMS key rotation?

57.What is AWS CloudHSM?

58.What is the difference between KMS and CloudHSM?

59.What is AWS Certificate Manager (ACM)?

60.What is AWS Security Hub?

61.What is AWS GuardDuty?

62.What is AWS Macie?

63.What is AWS Inspector?

64.What is the difference between GuardDuty and Inspector?

65.What is AWS Detective?

66.What is AWS Config?

67.What is AWS Config Rules?

68.What is AWS CloudTrail?

69.What is CloudTrail event history vs trail?

70.What is CloudTrail Insights?

71.What is VPC (Virtual Private Cloud)?

72.What is subnet (public vs private)?

73.What is Internet Gateway vs NAT Gateway?

74.What is Security Group in AWS?

75.What is Network ACL (NACL)?

76.What is the difference between Security Group and NACL?

77.What is VPC Flow Logs?

78.What is VPC Peering?

79.What is AWS Transit Gateway?

80.What is AWS PrivateLink?

81.What is VPC Endpoint?

82.What is the difference between Gateway Endpoint and Interface Endpoint?

83.What is AWS WAF (Web Application Firewall)?

84.What is AWS Shield (Standard vs Advanced)?

85.What is DDoS attack and how does Shield protect?

86.What is AWS Firewall Manager?

87.What is AWS Network Firewall?

88.What is S3 bucket security?

89.What is S3 encryption at rest?

90.What is S3 bucket policy vs IAM policy?

91.What is S3 bucket ACL?

92.What is S3 Block Public Access?

93.What is S3 encryption (SSE-S3, SSE-KMS, SSE-C)?

94.What is S3 versioning for security?

95.What is S3 MFA Delete?

96.What is S3 Object Lock?

97.What is S3 Access Points?

98.What is S3 bucket logging?

99.What is CloudFront security?

100.What is Origin Access Identity (OAI)?

101.What is AWS Lambda security best practices?

102.What is Lambda execution role?

103.What is Lambda resource-based policy?

104.What is Lambda environment variable encryption?

105.What is ECS/EKS security?

106.What is ECR image scanning?

107.What is Kubernetes RBAC in EKS?

108.What is pod security policy?

109.What is RDS security?

110.What is RDS encryption at rest?

111.What is RDS encryption in transit?

112.What is RDS IAM authentication?

113.What is RDS automated backups encryption?

114.What is DynamoDB encryption?

115.What is DynamoDB fine-grained access control?

116.What is AWS Cognito for authentication?

117.What is Cognito User Pool vs Identity Pool?

118.What is AWS Single Sign-On (SSO)?

119.What is AWS Directory Service?

120.What is AWS Resource Access Manager (RAM)?

121.What is AWS Control Tower?

122.What is AWS Landing Zone?

123.What is AWS Well-Architected Framework security pillar?

124.What is AWS Trusted Advisor security checks?

125.What is AWS Audit Manager?

126.What is AWS Artifact for compliance?

127.What is VPC Traffic Mirroring?

128.What is AWS Systems Manager Session Manager?

129.What is bastion host vs Session Manager?

130.What is IMDSv2 (Instance Metadata Service v2)?

131.What is Azure Active Directory (Azure AD)?

132.What is the difference between Azure AD and on-premise AD?

133.What is Azure AD tenant?

134.What is Azure AD user vs service principal vs managed identity?

135.What is Azure RBAC (Role-Based Access Control)?

136.What is the difference between Azure RBAC and Azure AD roles?

137.What is custom role in Azure?

138.What is Azure AD Conditional Access?

139.What is Azure AD Identity Protection?

140.What is Azure AD Privileged Identity Management (PIM)?

141.What is just-in-time (JIT) access in Azure?

142.What is Azure MFA (Multi-Factor Authentication)?

143.What is Azure AD B2B vs B2C?

144.What is Azure Key Vault?

145.What is Key Vault secrets, keys, and certificates?

146.What is Key Vault access policies vs RBAC?

147.What is Azure Managed Identity?

148.What is system-assigned vs user-assigned managed identity?

149.What is Azure Storage security?

150.What is Azure Storage Account access keys?

151.What is Shared Access Signature (SAS)?

152.What is service SAS vs account SAS vs user delegation SAS?

153.What is Azure Storage encryption?

154.What is customer-managed keys (CMK) in Azure?

155.What is Azure Storage Firewall?

156.What is Azure Private Endpoint?

157.What is Azure Virtual Network (VNet)?

158.What is Network Security Group (NSG)?

159.What is Application Security Group (ASG)?

160.What is Azure Firewall?

161.What is Azure Web Application Firewall (WAF)?

162.What is Azure DDoS Protection?

163.What is Azure Bastion?

164.What is Azure VPN Gateway?

165.What is Azure ExpressRoute?

166.What is VNet peering?

167.What is Service Endpoint vs Private Endpoint?

168.What is Azure Security Center (Defender for Cloud)?

169.What is Microsoft Defender for Cloud?

170.What is Defender for Cloud security posture management?

171.What is Defender for Cloud workload protection?

172.What is secure score in Defender for Cloud?

173.What is Azure Sentinel?

174.What is SIEM vs SOAR?

175.What is Azure Monitor and Log Analytics?

176.What is Azure Policy?

177.What is Azure Blueprint?

178.What is Azure Compliance Manager?

179.What is Azure Information Protection (AIP)?

180.What is data classification in Azure?

181.What is Google Cloud IAM?

182.What is GCP identity (user, service account, group)?

183.What is GCP role (primitive, predefined, custom)?

184.What is the difference between primitive and predefined roles?

185.What is IAM policy in GCP?

186.What is IAM conditions?

187.What is service account in GCP?

188.What is service account keys vs impersonation?

189.What is workload identity in GKE?

190.What is Google Cloud Identity?

191.What is Context-Aware Access?

192.What is Cloud KMS (Key Management Service)?

193.What is Cloud HSM in GCP?

194.What is Secret Manager in GCP?

195.What is VPC in GCP?

196.What is GCP Firewall Rules?

197.What is VPC Service Controls?

198.What is Private Google Access?

199.What is Cloud NAT?

200.What is Cloud VPN vs Cloud Interconnect?

201.What is Cloud Armor (DDoS and WAF)?

202.What is Cloud CDN security?

203.What is Identity-Aware Proxy (IAP)?

204.What is Binary Authorization?

205.What is Container Analysis?

206.What is GKE security best practices?

207.What is Shielded GKE Nodes?

208.What is Cloud Security Command Center (SCC)?

209.What is Security Health Analytics?

210.What is Event Threat Detection?

211.What is Web Security Scanner?

212.What is Cloud DLP (Data Loss Prevention)?

213.What is Cloud Logging (formerly Stackdriver)?

214.What is Cloud Audit Logs?

215.What is Access Transparency?

216.What is Identity and Access Management (IAM)?

217.What is authentication vs authorization?

218.What is Single Sign-On (SSO)?

219.What is SAML (Security Assertion Markup Language)?

220.What is OAuth 2.0?

221.What is OpenID Connect (OIDC)?

222.What is the difference between OAuth and OIDC?

223.What is JWT (JSON Web Token)?

224.What is federated identity?

225.What is identity provider (IdP)?

226.What is multi-factor authentication (MFA)?

227.What are MFA methods (SMS, authenticator app, hardware token)?

228.What is passwordless authentication?

229.What is certificate-based authentication?

230.What is role-based access control (RBAC)?

231.What is attribute-based access control (ABAC)?

232.What is policy-based access control (PBAC)?

233.What is privileged access management (PAM)?

234.What is credential rotation?

235.What is access review and certification?

236.What is orphaned account detection?

237.What is service account management?

238.What is API key management?

239.What is secrets management?

240.What is HashiCorp Vault?

241.What is CyberArk for PAM?

242.What is Okta for identity management?

243.What is Azure AD vs Okta?

244.What is network segmentation?

245.What is micro-segmentation?

246.What is East-West vs North-South traffic?

247.What is subnet isolation?

248.What is VLAN in cloud context?

249.What is firewall in cloud?

250.What is stateful vs stateless firewall?

251.What is next-generation firewall (NGFW)?

252.What is intrusion detection system (IDS)?

253.What is intrusion prevention system (IPS)?

254.What is the difference between IDS and IPS?

255.What is network-based IDS (NIDS) vs host-based IDS (HIDS)?

256.What is Snort IDS?

257.What is Suricata IDS?

258.What is web application firewall (WAF)?

259.What is ModSecurity?

260.What is OWASP Core Rule Set (CRS)?

261.What is DDoS attack and types?

262.What is volumetric attack?

263.What is protocol attack?

264.What is application layer attack?

265.What is rate limiting?

266.What is geo-blocking?

267.What is IP whitelisting vs blacklisting?

268.What is CDN security?

269.What is DNS security?

270.What is DNSSEC?

271.What is DNS over HTTPS (DoH)?

272.What is DNS tunneling attack?

273.What is VPN (Virtual Private Network)?

274.What is site-to-site VPN vs client VPN?

275.What is IPsec VPN?

276.What is SSL/TLS VPN?

277.What is WireGuard VPN?

278.What is VPN split tunneling?

279.What is SD-WAN security?

280.What is network traffic analysis (NTA)?

281.What is packet capture and analysis?

282.What is Wireshark?

283.What is tcpdump?

284.What is NetFlow vs sFlow?

285.What is network anomaly detection?

286.What is lateral movement detection?

287.What is command and control (C2) detection?

288.What is network access control (NAC)?

289.What is 802.1X authentication?

290.What is port security?

291.What is MAC address filtering?

292.What is ARP spoofing and prevention?

293.What is VLAN hopping attack?

294.What is data at rest encryption?

295.What is data in transit encryption?

296.What is data in use encryption?

297.What is symmetric encryption vs asymmetric encryption?

298.What is AES encryption?

299.What is RSA encryption?

300.What is encryption key size (128-bit, 256-bit)?

301.What is encryption algorithm (AES-128, AES-256)?

302.What is TLS/SSL protocol?

303.What is TLS 1.2 vs TLS 1.3?

304.What is SSL/TLS certificate?

305.What is public key infrastructure (PKI)?

306.What is certificate authority (CA)?

307.What is self-signed certificate vs CA-signed certificate?

308.What is certificate chain of trust?

309.What is certificate revocation (CRL, OCSP)?

310.What is certificate pinning?

311.What is perfect forward secrecy (PFS)?

312.What is hashing vs encryption?

313.What is SHA-256, SHA-384, SHA-512?

314.What is MD5 and why is it insecure?

315.What is salted hash?

316.What is HMAC (Hash-based Message Authentication Code)?

317.What is digital signature?

318.What is code signing certificate?

319.What is tokenization?

320.What is data masking?

321.What is data anonymization vs pseudonymization?

322.What is PII (Personally Identifiable Information)?

323.What is PHI (Protected Health Information)?

324.What is PCI-DSS data protection requirements?

325.What is key management lifecycle?

326.What is key generation?

327.What is key storage security?

328.What is key rotation?

329.What is key destruction?

330.What is bring your own key (BYOK)?

331.What is hold your own key (HYOK)?

332.What is customer-managed encryption key (CMEK)?

333.What is envelope encryption?

334.What is database encryption (TDE)?

335.What is column-level encryption?

336.What is field-level encryption?

337.What is application-level encryption?

338.What is end-to-end encryption?

339.What is email encryption (S/MIME, PGP)?

340.What is full disk encryption?

341.What is file-level encryption?

342.What is encrypted backup?

343.What is secure key exchange (Diffie-Hellman)?

344.What is container security?

345.What is Docker security best practices?

346.What is container image scanning?

347.What is vulnerability scanning for containers?

348.What is Trivy for container scanning?

349.What is Clair for image scanning?

350.What is Anchore for container security?

351.What is base image security?

352.What is minimal base image (distroless, Alpine)?

353.What is container registry security?

354.What is private container registry?

355.What is container image signing?

356.What is Docker Content Trust?

357.What is container runtime security?

358.What is container isolation?

359.What is container escape attack?

360.What is privileged container risk?

361.What is container capabilities?

362.What is seccomp profile?

363.What is AppArmor for containers?

364.What is SELinux for containers?

365.What is Kubernetes security architecture?

366.What is Kubernetes RBAC?

367.What is Kubernetes service account?

368.What is Kubernetes namespace isolation?

369.What is Kubernetes network policy?

370.What is pod security policy (PSP)?

371.What is pod security standards (baseline, restricted)?

372.What is pod security admission controller?

373.What is Kubernetes secrets management?

374.What is external secrets operator?

375.What is Kubernetes API server security?

376.What is admission controller in Kubernetes?

377.What is validating admission webhook?

378.What is mutating admission webhook?

379.What is OPA (Open Policy Agent) Gatekeeper?

380.What is Kyverno for Kubernetes?

381.What is Falco for runtime security?

382.What is Kubernetes audit logging?

383.What is Kubernetes security scanning?

384.What is kube-bench for CIS benchmarks?

385.What is kube-hunter for penetration testing?

386.What is service mesh security?

387.What is Istio security features?

388.What is mutual TLS (mTLS) in service mesh?

389.What is Linkerd security?

390.What is ingress controller security?

391.What is egress filtering in Kubernetes?

392.What is Kubernetes threat modeling?

393.What is supply chain security for Kubernetes?

394.What is Security Information and Event Management (SIEM)?

395.What is Security Orchestration, Automation and Response (SOAR)?

396.What is the difference between SIEM and SOAR?

397.What is log aggregation?

398.What is log correlation?

399.What is security event monitoring?

400.What is threat intelligence?

401.What is indicators of compromise (IOC)?

402.What is threat hunting?

403.What is user and entity behavior analytics (UEBA)?

404.What is anomaly detection?

405.What is baseline security monitoring?

406.What is security alerting?

407.What is alert fatigue and how to reduce it?

408.What is alert tuning?

409.What is false positive vs false negative?

410.What is security incident?

411.What is security event vs incident?

412.What is incident severity classification?

413.What is incident response plan (IRP)?

414.What is incident response lifecycle (NIST framework)?

415.What is preparation phase in incident response?

416.What is detection and analysis phase?

417.What is containment phase?

418.What is eradication phase?

419.What is recovery phase?

420.What is post-incident activity (lessons learned)?

421.What is incident response team roles?

422.What is security playbook?

423.What is runbook for security incidents?

424.What is security incident communication plan?

425.What is breach notification requirements?

426.What is forensics investigation?

427.What is chain of custody?

428.What is evidence preservation?

429.What is memory forensics?

430.What is disk forensics?

431.What is network forensics?

432.What is cloud forensics challenges?

433.What is malware analysis?

434.What is static analysis vs dynamic analysis?

435.What is sandbox for malware analysis?

436.What is reverse engineering?

437.What is threat intelligence platforms (TIP)?

438.What is MITRE ATT&CK framework?

439.What is kill chain model?

440.What is diamond model of intrusion analysis?

441.What is security compliance?

442.What is compliance framework?

443.What is SOC 2 Type I vs Type II?

444.What is ISO 27001 certification?

445.What is NIST Cybersecurity Framework (CSF)?

446.What is CIS Controls?

447.What is PCI-DSS compliance requirements?

448.What is HIPAA Security Rule?

449.What is GDPR data protection requirements?

450.What is CCPA (California Consumer Privacy Act)?

451.What is FedRAMP for government cloud?

452.What is FISMA compliance?

453.What is compliance as code?

454.What is policy as code?

455.What is security baseline?

456.What is CIS benchmarks for cloud?

457.What is hardening guidelines?

458.What is configuration management database (CMDB)?

459.What is asset inventory?

460.What is vulnerability management program?

461.What is patch management?

462.What is vulnerability scanning?

463.What is penetration testing vs vulnerability assessment?

464.What is red team vs blue team?

465.What is purple team?

466.What is DevSecOps?

467.What is shift-left security?

468.What is security in CI/CD pipeline?

469.What is SAST (Static Application Security Testing)?

470.What is DAST (Dynamic Application Security Testing)?

471.What is SCA (Software Composition Analysis)?

472.What is dependency scanning?

473.What is license compliance scanning?

474.What is infrastructure as code (IaC) security?

475.What is Terraform security scanning?

476.What is CloudFormation security?

477.What is security testing automation?

478.What is threat modeling?

479.What is STRIDE threat model?

480.What is risk assessment?

481.What is risk register?

482.What is risk mitigation strategies?

483.How would you secure a multi-tier web application in AWS?

484.How do you implement least privilege access for 1000+ users?

485.Design a secure CI/CD pipeline for containerized applications

486.How would you detect and respond to a data breach in cloud?

487.How do you secure microservices communication?

488.Design disaster recovery plan for mission-critical cloud workloads

489.How would you implement zero trust network in cloud?

490.How do you secure serverless applications (Lambda)?

491.Design encryption strategy for sensitive data in cloud

492.How would you handle a ransomware attack in cloud environment?

493.How do you secure API Gateway endpoints?

494.Design network architecture for PCI-DSS compliance

495.How would you implement security monitoring for Kubernetes cluster?

496.How do you secure data transfer between on-premise and cloud?

497.Design identity federation for multi-cloud environment

498.How would you investigate suspicious IAM activity?

499.How do you implement automated security compliance checks?

500.Design backup and recovery strategy with encryption

501.How would you secure IoT devices connecting to cloud?

502.How do you implement security for big data analytics in cloud?

503.Design incident response plan for cloud infrastructure

504.How would you prevent privilege escalation attacks?

505.How do you secure machine learning models and data?

506.Design security architecture for SaaS application

507.How would you implement container security at scale?

508.How do you handle secrets rotation in production?

509.Design multi-region disaster recovery with security

510.How would you secure GraphQL APIs?

511.How does Netflix secure its AWS infrastructure?

512.Design security architecture for video streaming platform on AWS

513.How would you implement AWS Security Hub for enterprise?

514.Explain Amazon's approach to cloud security

515.How does Airbnb secure customer data in AWS?

516.Design GuardDuty deployment for multi-account organization

517.How would you implement AWS Control Tower for security?

518.Explain Capital One cloud security breach - lessons learned

519.How does Lyft implement zero trust on AWS?

520.Design automated compliance monitoring using AWS Config

521.How does Microsoft secure Azure infrastructure itself?

522.Design security for Azure Kubernetes Service (AKS) at scale

523.How would you implement Azure Sentinel for SOC?

524.Explain Xbox Live security architecture on Azure

525.How does Walmart secure retail applications on Azure?

526.Design Defender for Cloud deployment for enterprise

527.How would you implement Azure Arc for hybrid security?

528.Explain BMW's approach to Azure security for connected cars

529.How does KPMG implement compliance monitoring on Azure?

530.Design multi-region security architecture on Azure

531.How does Google secure its own cloud infrastructure?

532.Design security for Google Kubernetes Engine (GKE) workloads

533.How would you implement VPC Service Controls for data protection?

534.Explain Spotify's security architecture on GCP

535.How does Twitter secure tweet data on GCP?

536.Design Security Command Center implementation

537.How would you implement Binary Authorization for containers?

538.Explain Snap's approach to GCP security

539.How does Target secure e-commerce on GCP?

540.Design zero trust implementation using BeyondCorp

541.How does IBM secure multi-cloud deployments?

542.Design security architecture spanning AWS, Azure, and GCP

543.How would you implement unified identity across clouds?

544.Explain Siemens' approach to industrial IoT cloud security

545.How does Accenture manage client cloud security?

546.Design CASB implementation for multi-cloud

547.How would you implement consistent security policies across clouds?

548.Explain Deutsche Bank's cloud security governance

549.How does Cisco secure SD-WAN for cloud connectivity?

550.Design cloud security operations center (CloudSOC)

551.What is the importance of 'Root' user security?

552.What is a 'Break-glass' account?

553.What is the difference between encryption and tokenization?

554.Explain 'Serverless' security risks

555.What is 'Config Drift' and how to stop it?

556.How do you secure a 'S3-based' Data Lake?

557.What is 'Blast Radius' in cloud security?

558.How do you handle 'Security vs. Agility'?

559.What is 'Attestation' in container security?

560.What are 'Sticky Sessions' and security implications?

561.What is 'Golden Image' strategy?

562.Explain 'Secret Zero' problem

563.What is 'Dynamic Secrets'?

564.How do you secure 'CI/CD' runners?

565.What is 'WAF-on-the-Edge'?

566.Explain 'Side-channel' attacks in cloud

567.What is 'Data Sovereignty'?

568.What is 'Crypto-shredding'?

569.How to secure 'Websockets'?

570.What is 'Cold vs Warm' backups for security?

571.How do you secure 'Lambda-to-Database' access?

572.Explain 'OIDC' for CI/CD authentication

573.What is 'IAM Social Engineering'?

574.What is 'Privileged Session Management' (PSM)?

575.Explain 'WAF False Positives'

576.What is 'Security-as-a-Service'?

577.How to secure 'API Webhooks'?

578.Explain 'DNS-layer' security

579.What is 'JIT' for Cloud VMs?

580.What is the role of a Cloud Security Engineer in 2026?