Answer-first summary for fast verification
Answer: Implementing role-based access control (RBAC) with dynamic views to restrict data access based on user roles, coupled with regular audits of access patterns and logs to detect and address unauthorized access.
Option C is the most comprehensive and effective approach for ensuring data governance in a Databricks environment under the given constraints. RBAC with dynamic views ensures that users only access data pertinent to their roles, aligning with the principle of least privilege. Regular audits of access patterns and logs are crucial for detecting potential breaches or misuse, ensuring ongoing compliance with data protection regulations. This approach addresses the need for scalability and minimizes administrative overhead by automating access control and audit processes, unlike the other options which either lack necessary controls or impose impractical administrative burdens.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In the context of implementing data governance within a Databricks environment to ensure compliance with data protection regulations and proper data access control, consider the following scenario: Your organization is subject to strict data protection regulations and requires a scalable solution that minimizes administrative overhead while ensuring that sensitive data is only accessible to authorized personnel. Which of the following approaches BEST meets these requirements? Choose one option.
A
Providing full access to all datasets for all users and conducting semi-annual access reviews to adjust permissions as needed.
B
Creating a unified data view for all users with dynamic data masking applied to sensitive fields, without implementing role-based access controls.
C
Implementing role-based access control (RBAC) with dynamic views to restrict data access based on user roles, coupled with regular audits of access patterns and logs to detect and address unauthorized access.
D
Encrypting all sensitive data at rest and in transit, and distributing decryption keys to users based on their department, without implementing access controls or audits.