Databricks Certified Data Engineer - Professional

Get started today

Ultimate access to all questions.

Explanation:

Utilizing a cloud-based key management service (KMS) that supports automatic key rotation is the most efficient and secure option for implementing an advanced encryption key management system in a lakehouse architecture dealing with highly sensitive data. Here‘s why:

Automatic Key Rotation: Ensures encryption keys are regularly changed without manual intervention, reducing the risk of key compromise.
Seamless Integration: Allows key rotation without service interruption, ensuring continuous data access and operations.
Scalability and Flexibility: Cloud-based KMS solutions can easily manage encryption keys for large volumes of data.
Security: Offers robust features like encryption at rest and in transit, access controls, and audit trails.
Cost-Effectiveness: Eliminates the need for on-premises hardware and manual processes, reducing costs and complexity.

This approach is the most efficient and secure for managing encryption keys in a lakehouse architecture with highly sensitive data.

Explanation:

Automatic Key Rotation: Ensures encryption keys are regularly changed without manual intervention, reducing the risk of key compromise.
Seamless Integration: Allows key rotation without service interruption, ensuring continuous data access and operations.
Scalability and Flexibility: Cloud-based KMS solutions can easily manage encryption keys for large volumes of data.
Security: Offers robust features like encryption at rest and in transit, access controls, and audit trails.
Cost-Effectiveness: Eliminates the need for on-premises hardware and manual processes, reducing costs and complexity.

This approach is the most efficient and secure for managing encryption keys in a lakehouse architecture with highly sensitive data.

Comments (0)

No comments yet.

In a lakehouse architecture handling highly sensitive data, what is the best approach to implement an advanced encryption key management system that allows for periodic key rotation without disrupting services?

Real Exam

Last updated: December 6, 2025 at 14:03

Develop a custom key rotation application that uses dual keys temporarily during the rotation period for both old and new data access.

1.6%

Store all encryption keys in a secure on-premises hardware security module (HSM), manually updating lakehouse configurations during rotation periods.

3.2%

Utilize a cloud-based key management service (KMS) that supports automatic key rotation and seamless integration with the lakehouse storage layer.

93.5%

Implement a manual process where new keys are generated and applied to data at rest during scheduled maintenance windows.

1.6%