Interview › Security & DevSecOps
What is CSPM, and what does it protect against? [Basic]
Answer
CSPM stands for Cloud Security Posture Management. It continuously assesses cloud environments for risky configurations, policy violations, exposure, identity issues, missing logging, encryption gaps, and compliance drift.
Technical explanation
CSPM protects against preventable cloud mistakes such as public storage buckets, overly permissive security groups, disabled audit logging, and unencrypted resources.
It compares deployed cloud resources against benchmarks, organization policies, and compliance requirements.
CSPM is most effective when integrated with remediation workflows and IaC feedback, not only periodic reporting.
Hands-on example
Hands-on: configure CSPM across AWS accounts. Create policies for no public S3 buckets, CloudTrail enabled, EBS encryption enabled, and no 0.0.0.0/0 SSH exposure. Route violations to owning teams with severity based on exposure and data sensitivity.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]