Databricks Certified Data Engineer Professional — Question 194

The data engineering team is migrating an enterprise system with thousands of tables and views into the Lakehouse. They plan to implement the target architecture using a series of bronze, silver, and gold tables. Bronze tables will almost exclusively be used by production data engineering workloads, while silver tables will be used to support both data engineering and machine learning workloads. Gold tables will largely serve business intelligence and reporting purposes. While personal identifying information (PII) exists in all tiers of data, pseudonymization and anonymization rules are in place for all data at the silver and gold levels.

The organization is interested in reducing security concerns while maximizing the ability to collaborate across diverse teams.

Which statement exemplifies best practices for implementing this system?

Answer options

• A. Isolating tables in separate databases based on data quality tiers allows for easy permissions management through database ACLs and allows physical separation of default storage locations for managed tables.
• B. Because databases on Databricks are merely a logical construct, choices around database organization do not impact security or discoverability in the Lakehouse.
• C. Storing all production tables in a single database provides a unified view of all data assets available throughout the Lakehouse, simplifying discoverability by granting all users view privileges on this database.
• D. Working in the default Databricks database provides the greatest security when working with managed tables, as these will be created in the DBFS root.

Correct answer: A

Explanation

Option A is correct because isolating tables in separate databases based on data quality tiers enhances permissions management and provides physical separation for data storage, which improves security. Option B is incorrect since database organization does affect security and discoverability. Option C simplifies discoverability but compromises security by granting all users view privileges on a single database. Option D incorrectly suggests that using the default database offers the greatest security, as it does not address the need for separation based on data sensitivity.