Interview › Security & DevSecOps
What is Wiz, and what category of tool is it (CSPM/CNAPP)? [Basic]
Answer
Wiz is a cloud security platform in the CNAPP category, with strong CSPM, vulnerability, cloud workload, identity, data, Kubernetes, and exposure-risk capabilities. It helps teams understand cloud risk by connecting findings across assets, identities, network exposure, and sensitive data.
Technical explanation
CSPM focuses on cloud posture and misconfiguration risk, while CNAPP combines posture, workload, identity, vulnerability, and runtime/contextual risk views.
Wiz is known for agentless cloud scanning and contextual prioritization through graph-based relationships.
In a DevSecOps process, findings should feed ownership, remediation tickets, pipeline policy, and exception workflows.
Hands-on example
Example: Wiz detects an internet-exposed VM with a critical CVE, access to a sensitive S3 bucket, and an overprivileged IAM role. That combined context is treated as a high-priority attack path, not just another vulnerability ticket.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]