Databricks Certified Data Engineer Associate Practice Questions: Data Governance and Security Domain

Correct Answer: A

Explanation: Unity Catalog in Databricks is designed to provide a centralized metadata repository for all data assets, enhancing data governance by enabling fine-grained access control and auditing capabilities. Option B is incorrect because Unity Catalog is not used for orchestrating data pipelines. Option C is incorrect as Unity Catalog does not manage machine learning model versioning. Option D is incorrect as it does not provide a platform for real-time data streaming.

Correct Answer: C

Explanation: Audit Logs in Databricks are used to track and audit user activities and access patterns, providing insights into who accessed what data and when. Option A is incorrect as Databricks Runtime is for running computations. Option B is incorrect because Cluster Policies are used to enforce resource configurations. Option D is incorrect as Notebook Widgets are for interactive data exploration.

Correct Answer: C

Explanation: Unity Catalog provides centralized governance for data and AI assets, including audit logging and monitoring access to data, which is essential for compliance with data governance policies. Option A, Cluster Policies, are used to manage cluster configurations. Option B, Delta Lake, is a storage layer that provides ACID transactions. Option D, Notebook Revision History, tracks changes to notebooks but is not related to auditing data access.

Correct Answer: C

Explanation: Implementing data masking and encryption is a best practice for ensuring data security, as it protects sensitive information by obfuscating data and securing it at rest and in transit. Using personal access tokens for all users (A) can lead to security risks if not managed properly. Granting cluster manager permissions to all users (B) can result in unnecessary access and potential misuse of resources. Disabling all audit logging (D) removes the ability to track and monitor access and changes, which is crucial for security.

Correct Answer: C

Explanation: Regularly rotating encryption keys is a best practice to enhance data security, as it limits the amount of data exposed if a key is compromised. Option A is incorrect because using a single key increases risk. Option B is incorrect because disabling encryption can expose data to unauthorized access. Option D is incorrect because storing keys with the data they encrypt can lead to security vulnerabilities.

Correct Answer: B

Explanation: Using Databricks Secrets to store sensitive data is a best practice because it provides a secure way to manage and access sensitive information without hardcoding it into notebooks. Hardcoding sensitive information (A) or storing it in plain text files (C) exposes it to unauthorized access. Sharing sensitive information via email (D) is insecure and not recommended.

Correct Answer: A

Explanation: Audit Logs (A) in Databricks provide a detailed record of user actions, helping organizations ensure compliance by tracking who accessed what data and when. Delta Lake (B) is a storage layer that brings reliability to data lakes but does not track access logs. Job Monitoring (C) provides insights into job performance, not compliance. Workspace Settings (D) are configurations for the Databricks environment, not specifically for logging access.

Correct Answer: B

Explanation: Table ACLs (Access Control Lists) in Unity Catalog allow you to manage permissions at the table level, enabling fine-grained access control. Cluster Policies (A) are used to define rules for cluster configurations. Workspace Permissions (C) manage access to the Databricks workspace itself, not individual tables. Secrets Management (D) is used for securely storing and accessing sensitive information like API keys and passwords, not for table access control.

Correct Answer: B

Explanation: The primary purpose of Access Control Lists (ACLs) in Databricks is to enforce security policies by restricting access to data and resources. ACLs help ensure that only authorized users have access to specific datasets or resources. Option A is incorrect because ACLs are not used for managing costs. Option C is incorrect as ACLs do not improve query performance. Option D is incorrect because ACLs are not related to deploying machine learning models.

Correct Answer: B

Explanation: The primary purpose of implementing RBAC is to enforce the principle of least privilege by ensuring that users have access only to the data and resources necessary for their job roles. This minimizes the risk of data breaches and unauthorized access. Option A is incorrect because RBAC is not related to resource deployment. Option C is incorrect as RBAC does not directly affect performance. Option D is incorrect because RBAC is not used for data replication.