Secrets and Sensitive Data Management Questions

Covers the practices, tools, and operational processes for securely storing, accessing, rotating, and protecting secrets and other sensitive data used by applications and infrastructure. Candidates should know centralized secret vaults such as HashiCorp Vault, Amazon Web Services Secrets Manager, Microsoft Azure Key Vault, and Google Secret Manager; strategies for automated and manual credential rotation including emergency rotation procedures; integration with continuous integration and continuous deployment pipelines and infrastructure as code; techniques to prevent secret leakage into source code repositories, logs, and monitoring systems; encryption of secrets at rest and in transit; application of least privilege and identity and access management roles for secret access; use of short lived and ephemeral credentials and service accounts as alternatives to long lived static credentials; audit logging, monitoring, and alerting for secret access and misuse; secret scanning, secure secret referencing patterns in code and templates, and operational plans for rotating credentials without downtime.