Photo by Nathy dog on Unsplash

Top 50 interview questions — Security

This article touches upon common questions asked in cloud interviews and it can be used by beginners and experienced developers, architects and solution designers to build their skills and clarify concepts. Questions below takes concepts first and then applications. Do let me know if you have any feedback and I will be happy to improve and revise this article.

Remember this saying “Security is the most important concern, its the 1st class citizen.”

• What do you mean by application and infrastructure security?
• What is authentication?
• What is authorization?
• What are the key differences between authentication and authorization?
• What is Identity Management?
• What is an Identity Management Providers? Provide some examples?
• What is federation and when it should be used?
• What is OAuth, OAuth 2.0, SAML?
• What are different Types of OAuth Flows? What is the difference between normal OAuth Flow and Implicit Flow? What is a Client Credentials Flows?
• Where and how different types of OAuth flows used — implicit, explicit? Give Examples and Use-cases?
• What is a Resource Server, Resource Owner, Client, Authorization Server, Confidential and Public Clients?
• What are different types of Query String Parameters?
• What is Encryption? How is it different from Encoding(they have bog differences)
• What are different types of Encryption techniques?
• How can I encrypt data at rest and data on the move?
• What are the key standards in application, infrastructure and network security?
• What is transport security?
• What are different security protocols like SSL, TLS, etc? Which one is latest standard which cloud native components/applications should follow?
• What is Azure Vault? How it can be used to secure cloud native apps?
• How can you do OAuth with Azure AD?
• What are the key differences between IAM and PAM? How is it handles in Azure public cloud offering?
• What do you mean by Claims? How can you evaluate user claims?
• What are the key application security concerns?
• How do you ensure applications secret security in a cloud environment like AWS, Azure or GCP?
• How can you ensure security while applications interact with each other?
• How can you secure your application data? We are looking at all aspects — storage, transmission and usage?
• What are the services which can be used to secure API endpoints?
• How can you ensure DDoS attacks on your API’s hosted in Azure public cloud?
• How can you manage your key application secret keys in Azure based cloud hosting?
• How can you ensure that web app security in Azure based public cloud hosting?’
• What do you mean by Threat Modelling?
• What threat management services are offered on Azure cloud platform?