Sample report. Every candidate and score below is fictional, shown to illustrate what employers receive. Real reports are private, per-assessment secret links.
Cloud Security Engineer — S3 & IAM Hardening
s3-misconfiguration-audit · Created Jul 2, 2026
Preliminary scoring. Objective correctness is verified now; quality, speed, process, reflection, and integrity signals are being finalized and will appear here shortly.
| Candidate | Objectives | Correctness | Time | Reflection |
|---|---|---|---|---|
| Priya S. | 6 / 6 | 100% | 41 min | ✓ |
| Ananya K. | 5 / 6 | 83% | 52 min | ✓ |
| Rahul M. | 4 / 6 | 67% | 58 min | ✓ |
| Vikram T. | 2 / 6 | 33% | 60 min | — |
Candidates are ranked by verified performance on a real, isolated AWS environment — not a quiz. Each row links to a full per-candidate breakdown (shown below).
Inside a candidate's report
Priya S.
Preliminary scoring. Objective correctness is verified now; quality, speed, process, reflection, and integrity signals are being finalized and will appear here shortly.
Correctness6 / 6
100%
Objectives
- Public access blocked on all data buckets (account-level + per-bucket)✓ Passed
- Server-side encryption enforced (SSE-KMS) on the data bucket✓ Passed
- Bucket policy requires TLS (aws:SecureTransport) for all requests✓ Passed
- Over-broad s3:* on the pipeline IAM user replaced with least-privilege actions✓ Passed
- Access scoped to the specific bucket ARN (no Resource "*")✓ Passed
- Wildcard admin policy detached from the deployer role✓ Passed
Written reflection
The data bucket was public and unencrypted, and the pipeline user had s3:* on all resources. I blocked public access at the account and bucket level, enforced SSE-KMS, and added a TLS-only bucket policy. For IAM, I replaced the wildcard with the five actions the pipeline actually uses, scoped to the bucket ARN, and detached the admin policy so a leaked key can't escalate.
AI reflection scoring: finalizing.
Other dimensions
Solution qualityFinalizing
SpeedFinalizing
ProcessFinalizing
IntegrityFinalizing
This is what you get for every candidate.
Send a link, the candidate solves a real cloud security task in an isolated AWS account, and you get a verified, side-by-side report. No résumé guesswork.
Book a walkthrough