KPMG

Multinational professional services network, and one of the Big Four accounting organizations.

4 Rounds ~21 Days Medium

Start Mock Interview

The Interview Loop

Recruiter Screen (30 min)

Standard fit check, behavioral questions, and resume overview.

Technical Loop (3-4 Rounds)

Deep dive into domain knowledge, coding, and system design.

Interview Question Bank

All Roles Backend Engineer 1 Cloud Engineer 2 DevOps Engineer 4 Frontend Engineer 1 Full Stack Engineer 3 Machine Learning Engineer 1

All Topics System Design 48 Algorithms 41 Culture Fit 29 SQL 23 Machine Learning 21 Leadership 15 Security 12 DevOps 11

Backend Engineer • Technical • hard

How do you implement secure authentication and authorization in a Spring Boot or .NET Core application handling sensitive financial data?

#OAuth2 #JWT #Spring Security #Identity Access Management

Practice

Cloud Engineer • Technical • medium

How do you handle secrets management in a CI/CD pipeline and within the cloud environment (e.g., Azure Key Vault, HashiCorp Vault)?

#Secrets Management #CI/CD #Azure Key Vault

Practice

Cloud Engineer • Technical • medium

Explain the concept of least privilege in IAM. How do you audit and enforce it in a large AWS environment?

#IAM #Security #AWS IAM Access Analyzer

Practice

DevOps Engineer • Technical • easy

What are the differences between AWS IAM Roles and IAM Policies?

#AWS #IAM

Practice

DevOps Engineer • Technical • medium

How do you configure cross-account access in AWS using IAM roles?

#AWS #IAM #Architecture

Practice

DevOps Engineer • Technical • medium

How do you handle secrets management in a CI/CD pipeline to ensure credentials are never exposed in logs or source control?

#Secrets Management #CI/CD #DevSecOps

Practice

DevOps Engineer • Technical • medium

How do you implement Role-Based Access Control (RBAC) in Kubernetes?

#Kubernetes #RBAC #IAM

Practice

Frontend Engineer • Technical • hard

Security is critical at KPMG. How do you securely store JWT tokens on the client side, and what are the specific mechanisms to prevent XSS and CSRF attacks?

#OWASP #XSS #CSRF #Authentication

Practice

Full Stack Engineer • Technical • easy

How do you prevent SQL Injection and Cross-Site Scripting (XSS) in a full-stack web application?

#Web Security #OWASP #Input Validation

Practice

Full Stack Engineer • Technical • medium

How do you secure a REST API that handles sensitive Personally Identifiable Information (PII)?

#API Design #Authentication #Authorization #Data Protection

Practice

Full Stack Engineer • Technical • easy

What is a JWT (JSON Web Token), and how does it prevent tampering of authentication data?

#Authentication #Cryptography #Web Security

Practice

Machine Learning Engineer • System Design • hard

Explain how you would secure sensitive Personally Identifiable Information (PII) data within an ML training pipeline.

#Data Privacy #Security #Compliance

Practice

Difficulty Radar

Based on recent AI-sourced data.

Meet Your Interviewers

The "Standard" Interviewer

Senior Engineer

Focuses on core competencies, system constraints, and clear communication.

Simulate

Unwritten Rules

Think Out Loud

Always explain your thought process before writing code or drawing architecture.

Practice Now