Prev Next

Database / Azure Cosmos DB interview questions

How does Cosmos DB handle security and access control?

Cosmos DB provides multiple layers of security: network isolation, authentication, and fine-grained authorization.

Network-level security: By default, Cosmos DB accounts accept connections from all networks. You can restrict access using:

  • IP firewall rules — Allowlist specific IP addresses or ranges
  • Virtual Network (VNet) service endpoints — Restrict to specific Azure VNet subnets
  • Private Endpoints — Use Azure Private Link to expose Cosmos DB on a private IP inside your VNet, blocking all public internet access

Authentication: Two models are available:

  • Primary/secondary account keys — 512-bit HMAC keys that grant full read-write or read-only access to the entire account. Simpler but less granular. Avoid hardcoding in application code; store in Key Vault.
  • Azure Active Directory (AAD) RBAC — Assign built-in or custom roles to AAD identities (users, service principals, managed identities). Preferred for production because keys can be rotated independently, access is granular per container, and there is a full audit trail in Azure Monitor.

Built-in AAD roles:

  • Cosmos DB Built-in Data Reader — Read-only access to data
  • Cosmos DB Built-in Data Contributor — Read-write access to data

Custom roles can be defined with granular permissions at the container level using the Azure RBAC JSON definition.

Encryption: All data is encrypted at rest using AES-256 by default (Microsoft-managed keys). Customer-managed keys (CMK) via Azure Key Vault are supported for compliance scenarios. All data in transit is encrypted with TLS 1.2+.

Managed Identities: The recommended pattern for applications running in Azure (VMs, App Service, Functions) is to use a system-assigned or user-assigned managed identity assigned the Cosmos DB RBAC role — no key management required.

What is the recommended authentication approach for an Azure App Service application connecting to Cosmos DB in production?
What Azure networking feature exposes Cosmos DB on a private IP inside your VNet, completely blocking public internet access?

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is Azure Cosmos DB and what problems does it solve? What are the different APIs available in Azure Cosmos DB? What is a partition key in Azure Cosmos DB and why is choosing it correctly so important? What are Request Units (RU/s) in Azure Cosmos DB? What are the five consistency levels in Azure Cosmos DB? How does global distribution work in Azure Cosmos DB? What is the Cosmos DB Change Feed and what are its main use cases? What is provisioned throughput vs autoscale vs serverless in Cosmos DB? How does indexing work in Azure Cosmos DB? What is Time to Live (TTL) in Cosmos DB and how do you configure it? What is a stored procedure in Cosmos DB and what are its limitations? What is the difference between a point read and a query in Cosmos DB? What is the Cosmos DB NoSQL query language and how does it differ from standard SQL? What is the Cosmos DB transactional batch API? What is Cosmos DB Integrated Cache and how does it reduce RU consumption? How does optimistic concurrency work in Azure Cosmos DB? What is hierarchical partition keys in Cosmos DB and when do you use it? What is the Cosmos DB Bulk Executor and how do you use bulk operations in the SDK? What are Cosmos DB triggers and user-defined functions (UDFs)? How does Cosmos DB handle conflicts in multi-region write (multi-master) setups? What is the Cosmos DB Emulator and how is it used in development? What is Cosmos DB for MongoDB API and what version compatibility does it provide? What is the Cosmos DB analytical store and Azure Synapse Link? What are Cosmos DB materialized views and how do they differ from containers? How does Cosmos DB pricing work and what are the key cost drivers? What is the Cosmos DB Gremlin API and what is it optimized for? How does Cosmos DB backup and restore work? What is the Cosmos DB Patch API and how does it differ from Replace? What is the Cosmos DB Cassandra API and how does CQL map to Cosmos DB concepts? How do you model one-to-many relationships in Cosmos DB? What is the Cosmos DB free tier and what does it include? What is the Cosmos DB SDK and what are the key client configuration options? What is the Cosmos DB Table API and when would you migrate from Azure Table Storage to it? How does Cosmos DB handle security and access control?
Show more question and Answers...

MuleESB

Comments & Discussions

Interviews Questions

About Javapedia.net

Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples.

This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.

contact: javatutorials2016[at]gmail[dot]com

Kindly consider donating for maintaining this website. Thanks.

Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

DMCA.com Protection Status