New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Databricks Certified Data Engineer Professional Exam - Topic 2 Question 23 Discussion

Actual exam question for Databricks's Databricks Certified Data Engineer Professional exam
Question #: 23
Topic #: 2
[All Databricks Certified Data Engineer Professional Questions]

The data engineer team has been tasked with configured connections to an external database that does not have a supported native connector with Databricks. The external database already has data security configured by group membership. These groups map directly to user group already created in Databricks that represent various teams within the company.

A new login credential has been created for each group in the external database. The Databricks Utilities Secrets module will be used to make these credentials available to Databricks users.

Assuming that all the credentials are configured correctly on the external database and group membership is properly configured on Databricks, which statement describes how teams can be granted the minimum necessary access to using these credentials?

Show Suggested Answer Hide Answer
Suggested Answer: C

In Databricks, using the Secrets module allows for secure management of sensitive information such as database credentials. Granting 'Read' permissions on a secret key that maps to database credentials for a specific team ensures that only members of that team can access these credentials. This approach aligns with the principle of least privilege, granting users the minimum level of access required to perform their jobs, thus enhancing security.


Databricks Documentation on Secret Management: Secrets

by Quiana at Sep 17, 2024, 01:32 PM

Limited Time Offer

25%

Off

Get Premium Databricks Certified Data Engineer Professional Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cordie
3 months ago
C makes sense, we need to limit access properly.
upvoted 0 times
...
Roxane
3 months ago
I’m surprised there’s no mention of auditing access!
upvoted 0 times
...
Edelmira
3 months ago
Wait, are we really giving admin rights to everyone?
upvoted 0 times
...
Lynelle
4 months ago
I disagree, I think A is the better choice.
upvoted 0 times
...
Sharen
4 months ago
Option C sounds right, secret scope is key!
upvoted 0 times
...
Lisbeth
4 months ago
I’m a bit confused about option B; I don't think just being an admin is enough to ensure minimum necessary access, right? That seems too broad.
upvoted 0 times
...
Glendora
4 months ago
I feel like option C makes sense because it talks about setting permissions on a secret scope specifically for a team, which aligns with the principle of least privilege.
upvoted 0 times
...
Ngoc
4 months ago
I think we practiced a similar question where we had to decide between read and manage permissions, but I can't recall which one was the best for limiting access.
upvoted 0 times
...
Ma
5 months ago
I remember we discussed the importance of setting the right permissions for secrets in Databricks, but I'm not sure if it should be on a secret key or a secret scope.
upvoted 0 times
...
Phuong
5 months ago
Hmm, I'm not sure about option B. Giving all users admin access in the workspace seems like overkill and a potential security risk. I think the more granular approach of C or A is the way to go.
upvoted 0 times
...
Weldon
5 months ago
I'm pretty confident that option C is the right answer. Granting read access to a targeted secret scope seems like the most secure and least permissive way to handle this scenario.
upvoted 0 times
...
Lenna
5 months ago
I'm a bit confused. Wouldn't option A work as well, since we're just granting read access to the specific secret keys? Or is there a difference between that and the secret scope approach?
upvoted 0 times
...
Virgie
5 months ago
Okay, let's see. The key here is that the teams need the minimum necessary access to the credentials. I think option C is the way to go - setting read permissions on a secret scope with just the relevant credentials.
upvoted 0 times
...
Trinidad
5 months ago
Hmm, this seems like a tricky one. I'll need to carefully read through the details to make sure I understand the requirements.
upvoted 0 times
...
Earleen
5 months ago
Okay, let's see here. The key is to use the stream() method on the items list, then filter for items where the count variable is less than 0. I think option B, using findAny(), is the way to go here.
upvoted 0 times
...
Belen
1 year ago
Option A is too narrow. You'd have to create a separate secret key for each team, which could get messy. C covers it nicely.
upvoted 0 times
...
Jesusa
1 year ago
Haha, option D is hilarious! 'Manage' permission? That's overkill. C is the way to go, keep it simple and secure.
upvoted 0 times
...
Staci
1 year ago
Option B seems too broad. Giving all users admin access to the secrets would be a security risk. I'd go with option C.
upvoted 0 times
...
Lai
1 year ago
I think option C is the correct answer. Setting 'Read' permissions on a secret scope containing only the relevant credentials ensures that each team has the minimum necessary access.
upvoted 0 times
Shizue
1 year ago
It's important to grant the minimum necessary access to ensure security.
upvoted 0 times
...
Luis
1 year ago
That way each team only has access to the credentials they need.
upvoted 0 times
...
Bettina
1 year ago
Yeah, setting 'Read' permissions on a secret scope makes sense.
upvoted 0 times
...
Cordell
1 year ago
I agree, option C seems like the best choice.
upvoted 0 times
...
...
Ruby
1 year ago
Option A is too narrow. You'd have to create a separate secret key for each team, which could get messy. C covers it nicely.
upvoted 0 times
Stephaine
1 year ago
It definitely simplifies the process and keeps everything more manageable.
upvoted 0 times
...
Brice
1 year ago
Yeah, setting 'Read' permissions on a secret scope for each team is more organized than creating separate secret keys.
upvoted 0 times
...
Julian
1 year ago
I agree, option C seems like the best approach to grant access to the teams.
upvoted 0 times
...
...
Lang
1 year ago
I'm not sure, but I think option D could also work. Giving 'Manage' permission on a secret scope might provide more control over the credentials.
upvoted 0 times
...
Tori
1 year ago
Haha, option D is hilarious! 'Manage' permission? That's overkill. C is the way to go, keep it simple and secure.
upvoted 0 times
Rodrigo
1 year ago
Keeping it simple with option C is the best way to ensure security and access control.
upvoted 0 times
...
Chantell
1 year ago
Exactly, it's important to only give teams access to what they need, no need for 'Manage' permissions.
upvoted 0 times
...
Cassi
1 year ago
Yeah, setting 'Read' permissions on a secret scope makes more sense for granting access to the credentials.
upvoted 0 times
...
Honey
1 year ago
I agree, option D does seem like overkill. C is definitely the simpler and more secure choice.
upvoted 0 times
...
...
Malcolm
1 year ago
Option B seems too broad. Giving all users admin access to the secrets would be a security risk. I'd go with option C.
upvoted 0 times
...
Glory
1 year ago
I think option C is the correct answer. Setting 'Read' permissions on a secret scope containing only the relevant credentials ensures that each team has the minimum necessary access.
upvoted 0 times
Chu
1 year ago
I'm not sure, but option A doesn't seem right. 'Read' permissions on a secret key might not be enough to control access for each team.
upvoted 0 times
...
Lelia
1 year ago
I think option D could also work, as long as the teams have 'Manage' permissions on the secret scope containing their credentials.
upvoted 0 times
...
Darci
1 year ago
I agree, option C seems like the best choice. It ensures that each team only has access to the credentials they need.
upvoted 0 times
...
...
Keena
1 year ago
I agree with Luann. Option C ensures that only the necessary credentials are accessible to the team without granting unnecessary permissions.
upvoted 0 times
...
Luann
1 year ago
I think option C is the correct answer. Setting 'Read' permissions on a secret scope containing only those credentials makes sense.
upvoted 0 times
...

Save Cancel