The data engineering team has been tasked with configuring connections to an external dat…

Question

The data engineering team has been tasked with configuring connections to an external database that does not have a supported native connector with Databricks. The external database already has data security configured by group membership. These groups map directly to user groups already created in Databricks that represent various teams within the company. A new login credential has been created for each group in the external database. The Databricks Utilities Secrets module will be used to make these credentials available to Databricks users. Assuming that all the credentials are configured correctly on the external database and group membership is properly configured on Databricks, which statement describes how teams can be granted the minimum necessary access to using these credentials?

Accepted Answer

Correct answer: C. C. "Read" permissions should be set on a secret scope containing only those credentials that will be used by a given team. — Option C is correct because granting 'Read' permissions on a secret scope that contains only the credentials needed by a specific team ensures that they have the minimum necessary access without exposing other credentials. Options A and D provide 'Manage' permissions, which are too broad and could allow teams to modify or delete secrets, violating the principle of least privilege. Option B, while granting 'Read' permissions, does not limit access to a specific scope, which could expose unnecessary credentials to the team.

Databricks Certified Data Engineer Professional — Question 75

Answer options

Correct answer: C

Explanation