Security Engineering
Compliance & Governance
9 practice questions. Free questions open a full answer guide; the rest unlock with Pro.
- You're building a feature that collects and stores users' personal data. What does GDPR require you to think about as the engineer, beyond just 'we have a privacy policy'?
- A customer is asking whether we're SOC 2 compliant and another wants ISO 27001 — what's the difference, and how do you avoid duplicating the work?Go Pro
- A compliance framework hands you a set of controls that don't map cleanly to how your engineering org actually works. How do you implement them without becoming the team that just says no?Go Pro
- A customer asks whether your product is SOC 2 compliant. What does that actually mean, and how does it differ from something like ISO 27001?Go Pro
- Your security team is drowning in spreadsheets gathering evidence for audits every cycle. How would you move toward continuous, automated compliance instead?Go Pro
- You operate a multi-region platform and several customers are now subject to data-residency rules requiring their data to stay in a specific country. How do you reason about meeting that without re-architecting around every jurisdiction one-off?Go Pro
- Why does it matter that your audit logs are immutable, and what would you put in place to make them trustworthy for an investigation or audit?Go Pro
- When a company is preparing for a security audit, what kind of evidence do auditors look for, and how does day-to-day engineering work produce it?Go Pro
- An auditor used to accept a point-in-time screenshot as evidence a control was in place. That no longer flies. How do you build compliance so evidence is continuous and trustworthy?Go Pro
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.