Databricks Exam Databricks-Certified-Professional-Data-Engineer Topic 2 Question 23 Discussion

Actual exam question for Databricks's Databricks Certified Data Engineer Professional exam

Question #: 23
Topic #: 2

[All Databricks Certified Data Engineer Professional Questions]

The data engineer team has been tasked with configured connections to an external database that does not have a supported native connector with Databricks. The external database already has data security configured by group membership. These groups map directly to user group already created in Databricks that represent various teams within the company.

A new login credential has been created for each group in the external database. The Databricks Utilities Secrets module will be used to make these credentials available to Databricks users.

Assuming that all the credentials are configured correctly on the external database and group membership is properly configured on Databricks, which statement describes how teams can be granted the minimum necessary access to using these credentials?

A''Read'' permissions should be set on a secret key mapped to those credentials that will be used by a given team.

BNo additional configuration is necessary as long as all users are configured as administrators in the workspace where secrets have been added.

C''Read'' permissions should be set on a secret scope containing only those credentials that will be used by a given team.

D''Manage'' permission should be set on a secret scope containing only those credentials that will be used by a given team.

Show Suggested Answer

Suggested Answer: C

In Databricks, using the Secrets module allows for secure management of sensitive information such as database credentials. Granting 'Read' permissions on a secret key that maps to database credentials for a specific team ensures that only members of that team can access these credentials. This approach aligns with the principle of least privilege, granting users the minimum level of access required to perform their jobs, thus enhancing security.

Databricks Documentation on Secret Management: Secrets

by Quiana at Sep 17, 2024, 01:32 PM

Limited Time Offer

25%

Off

Get Premium Databricks-Certified-Professional-Data-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lang

11 days ago

I'm not sure, but I think option D could also work. Giving 'Manage' permission on a secret scope might provide more control over the credentials.

upvoted 0 times

...

Tori

12 days ago

Haha, option D is hilarious! 'Manage' permission? That's overkill. C is the way to go, keep it simple and secure.

upvoted 0 times

...

Malcolm

13 days ago

Option B seems too broad. Giving all users admin access to the secrets would be a security risk. I'd go with option C.

upvoted 0 times

...

Glory

14 days ago

I think option C is the correct answer. Setting 'Read' permissions on a secret scope containing only the relevant credentials ensures that each team has the minimum necessary access.

upvoted 0 times

Darci

2 days ago

I agree, option C seems like the best choice. It ensures that each team only has access to the credentials they need.

upvoted 0 times

...

Keena

17 days ago

I agree with Luann. Option C ensures that only the necessary credentials are accessible to the team without granting unnecessary permissions.

upvoted 0 times

...

Luann

26 days ago

I think option C is the correct answer. Setting 'Read' permissions on a secret scope containing only those credentials makes sense.

upvoted 0 times

...