Interview › Security & DevSecOps
What is the Wiz Security Graph, and why is context important for prioritisation? [Basic]
Answer
The Wiz Security Graph is a contextual relationship model that connects cloud assets, identities, vulnerabilities, network exposure, secrets, Kubernetes objects, and data. Context matters because security teams need to know which finding creates a real attack path, not just which finding has the highest standalone score.
Technical explanation
A vulnerability on an isolated build host is not the same risk as the same vulnerability on an internet-exposed workload with access to sensitive data.
Graph relationships reveal combinations such as public exposure plus privilege plus data access.
This helps reduce noise and focus remediation on paths attackers can actually use.
Hands-on example
Example: graph analysis connects an exposed Kubernetes service to a pod running a vulnerable image, to a service account with secrets access, to a database with PII. That chain becomes a priority remediation even before lower-context critical CVEs.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]