πŸŽ‰ 75% of content is free forever β€” Unlock Premium from $10/mo β†’
CW
Search courses…
πŸ’Ό Servicesℹ️ Aboutβœ‰οΈ ContactView Pricing Plansfrom $10

Security & Compliance Interview Q&A

Azure Data EngineeringSecurity & Compliance⭐ Premium

Advertisement

Security & Compliance Interview Q&A

25 interview questions on Azure data security, compliance, and access control

Question 1: What is the difference between Microsoft-managed and Customer-managed keys?

Answer: Microsoft-managed: Fully managed by Azure (simpler). Customer-managed: Stored in Key Vault, controlled by customer (more control, compliance). Use CMK for regulated industries.

Question 2: How do you implement zero-trust security?

Answer: 1) Private Endpoints, 2) Managed Identities, 3) RBAC with least privilege, 4) Network segmentation, 5) Encryption at rest/transit, 6) Continuous monitoring.

Question 3: What is the benefit of Managed Identities?

Answer: No credential management, automatic rotation, Azure AD integration, granular RBAC. Always prefer over storage keys or connection strings.

Question 4: How do you implement data encryption at rest?

Answer: Use Microsoft-managed keys (default) or Customer-managed keys (CMK) in Key Vault. Enable encryption for all storage accounts and databases.

Question 5: What is the purpose of Key Vault?

Answer: Secure storage for secrets, keys, and certificates. Integrate with Azure services for credential management. Enable audit logging and access control.

Question 6: How do you implement RBAC for data services?

Answer: Assign roles at appropriate scope (subscription, resource group, resource). Use built-in roles or custom roles. Prefer RBAC over access policies.

Question 7: What is the benefit of Private Endpoints?

Answer: Private IP address in VNet, no public exposure, full NSG control, DNS resolution via Private DNS Zones. Essential for enterprise security.

Question 8: How do you handle GDPR compliance?

Answer: Classify PII with Purview, implement DSAR (Data Subject Access Requests), enable right to erasure, track consent, and maintain audit logs.

Question 9: What is the benefit of sensitivity labels?

Answer: Classify data by sensitivity (Public, Internal, Confidential). Trigger protection policies (encryption, access controls). Auto-labeling with Purview.

Question 10: How do you audit data access?

Answer: Enable diagnostic settings, send to Log Analytics, create KQL queries, implement alerts, and maintain logs for required retention periods.

Question 11: What is the difference between encryption at rest and in transit?

Answer: At rest: Data encrypted when stored (AES-256). In transit: Data encrypted during transfer (TLS 1.2). Both required for compliance.

Question 12: How do you implement HIPAA compliance?

Answer: Encrypt PHI with CMK, implement access controls, enable audit logging, maintain BAA with Azure, and implement data retention policies.

Question 13: What is the benefit of Azure Defender for Storage?

Answer: Detects sensitive data exposure, anomalous access, and malware. Provides recommendations and alerts for security issues.

Question 14: How do you handle data retention policies?

Answer: Use lifecycle management for storage, configure retention periods in databases, implement Purview retention labels, and automate cleanup.

Question 15: What is the difference between authentication and authorization?

Answer: Authentication: Verify identity (Azure AD). Authorization: Grant permissions (RBAC). Both required for secure access.

Question 16: How do you implement MFA for data engineering?

Answer: Configure Azure AD MFA, Conditional Access policies, and Privileged Identity Management for admin access.

Question 17: What is the benefit of network security groups?

Answer: Filter traffic at subnet/NIC level, implement micro-segmentation, and enforce network policies for data engineering workloads.

Question 18: How do you handle secret rotation?

Answer: Use Azure Functions with timer triggers, Key Vault integration, and automated updates to linked services and connection strings.

Question 19: What is the benefit of Purview for compliance?

Answer: Automated data discovery, classification, lineage tracking, and compliance reporting for GDPR, HIPAA, SOC2, and FedRAMP.

Question 20: How do you implement row-level security?

Answer: Use Synapse SQL row-level security, Cosmos DB partition-level access, or application-level filtering based on user identity.

Question 21: What is the difference between soft delete and purge protection?

Answer: Soft delete: Allows recovery of deleted items. Purge protection: Prevents permanent deletion within retention period. Both recommended for Key Vault.

Question 22: How do you handle cross-tenant security?

Answer: Use Azure AD B2B, guest accounts, and conditional access policies. Implement least-privilege access for external users.

Question 23: What is the benefit of Azure Sentinel for data security?

Answer: SIEM capabilities, threat detection, incident response, and advanced analytics for security monitoring.

Question 24: How do you implement data masking?

Answer: Use dynamic data masking in Synapse SQL, column-level security, and Purview sensitivity labels for data protection.

Question 25: What is the future of data security?

Answer: Confidential computing, AI-powered threat detection, zero-trust architectures, and enhanced compliance automation.

Advertisement