Security and Data Privacy Questions

Covers design and operational practices for protecting systems and user data. Candidates should be able to explain authentication and authorization models including token based approaches and role based access control, encryption at rest and encryption in transit, key management and secrets rotation, secure application programming interface design and input validation, audit logging and security monitoring, data governance and privacy controls, compliance with data protection regulations such as General Data Protection Regulation and California Consumer Privacy Act, data minimization and anonymization techniques, threat modeling and vulnerability management, incident response and breach notification procedures, and trade offs between security, performance and developer productivity.