Security and Compliance Fundamentals Questions

Comprehensive knowledge of foundational security principles, organizational practices, and compliance awareness that apply across engineering and operational domains. Candidates should understand authentication and authorization mechanisms, identity and access management including role based access control, the principle of least privilege, separation of duties, need to know patterns, and secure configuration hygiene. Technical controls such as encryption at rest and in transit, network security and segmentation, access controls, and audit logging should be understood along with how they map to compliance requirements and organizational policies. The topic includes basic incident response and reporting processes, threat awareness and threat modeling concepts, logging and monitoring fundamentals, and approaches to system hardening and secure deployment. It also covers policy foundations including what makes a strong security policy, introductory privacy and data protection concepts such as the General Data Protection Regulation and the California Consumer Privacy Act, data retention and deletion practices, and common compliance frameworks and regulations such as the Health Insurance Portability and Accountability Act, the Payment Card Industry Data Security Standard, and the Sarbanes Oxley Act. Candidates should be able to reason about tradeoffs between security and usability, explain how security choices interact with product design and user experience, and describe pragmatic ways to implement controls in engineering and operational workflows.