Walk me through the cloud shared responsibility model and give an example of a security failure that falls on the customer, not the provider.

technical-conceptual · Mid level · cloud-devops-security

What the interviewer is really asking

Assess whether the candidate understands where the provider/customer security boundary sits, how it shifts across IaaS/PaaS/SaaS, and can name a concrete customer-side failure rather than assuming the cloud is secure by default.

What to say

What to avoid

Example answers

Strong: On an audit I found an S3 bucket holding customer exports with public-read enabled and no default encryption — squarely a customer failure, since AWS secures the storage service but bucket policy and encryption are ours. I enabled account-level Block Public Access, turned on default SSE-KMS, and added an SCP so no one could re-open public access org-wide, then used Config rules to alert on any bucket drift. AWS's compliance certifications never covered our misconfiguration.

Weak: The cloud provider handles security, so as long as we're on AWS our data is protected.

Want questions matched to your role? Paste a job title, job description, or CV and get a personalized set, or go Pro to unlock the full bank.