Database Security and Access Control Questions

Comprehensive knowledge of techniques and controls for securing databases, with an emphasis on authentication, authorization, and the principle of least privilege. Candidates should be able to design and implement role based access control models and permission schemes that operate at database, schema, table, column, and row levels, including role hierarchies, inheritance, and separation of duties. Expect practical skills in user lifecycle management such as creating and disabling accounts, removing default users, enforcing password policies, and integrating with identity providers and multi factor authentication. Secure credential handling should cover secret storage, rotation strategies, ephemeral credentials, and integration with key management or secret management services. Encryption topics include encryption at rest, encryption in transit using transport layer security, column level and field level encryption, transparent data encryption, and key lifecycle management. Data protection and privacy controls include data masking, anonymization, tokenization, and selective redaction. Auditing and monitoring capabilities should cover audit logging, change tracking, privileged access monitoring, alerting, and forensic readiness. Candidates should also be able to reason about design trade offs when minimizing privileges while preserving application functionality, and understand operational practices for hardening, patching, compliance, and incident response related to database access controls.