Databricks Certified Data Engineer - Professional

Get started today

Ultimate access to all questions.

Explanation:

Explanation

Organizing data into separate databases (schemas) based on quality tiers is the standard best practice for implementing a secure Medallion architecture in Databricks.

Key reasons include:

Granular Access Control: By using separate schemas, administrators can apply the Principle of Least Privilege. For example, Data Engineers can be granted OWNERSHIP or ALL PRIVILEGES on the Bronze schema, while Data Analysts are only granted SELECT privileges on the Gold schema. This effectively isolates PII based on the user's role.
Physical Isolation: Managed tables in different schemas can be mapped to different storage credentials or external locations. This allows Bronze data to reside in a more restricted storage zone compared to Gold data.
Scalability and Governance: In Unity Catalog, the schema is a primary unit of governance. Grouping by tier allows for easier auditing, lineage tracking, and metadata management.

Why other options are incorrect:

Consolidating into one database creates a security nightmare; permissions granted at the database level would apply to all tables, making it difficult to restrict access to sensitive raw or pseudonymized data.
The default database and DBFS root are not secure environments. The DBFS root is generally accessible to all users in a workspace, which is unsuitable for production PII data.
Databases are NOT just logical constructs without impact; they are fundamental to the security hierarchy in Unity Catalog and directly influence how ACLs are inherited and how data is discovered via INFORMATION_SCHEMA or the Data Explorer.

Explanation:

Explanation

Organizing data into separate databases (schemas) based on quality tiers is the standard best practice for implementing a secure Medallion architecture in Databricks.

Key reasons include:

Granular Access Control: By using separate schemas, administrators can apply the Principle of Least Privilege. For example, Data Engineers can be granted OWNERSHIP or ALL PRIVILEGES on the Bronze schema, while Data Analysts are only granted SELECT privileges on the Gold schema. This effectively isolates PII based on the user's role.
Physical Isolation: Managed tables in different schemas can be mapped to different storage credentials or external locations. This allows Bronze data to reside in a more restricted storage zone compared to Gold data.
Scalability and Governance: In Unity Catalog, the schema is a primary unit of governance. Grouping by tier allows for easier auditing, lineage tracking, and metadata management.

Why other options are incorrect:

Consolidating into one database creates a security nightmare; permissions granted at the database level would apply to all tables, making it difficult to restrict access to sensitive raw or pseudonymized data.
The default database and DBFS root are not secure environments. The DBFS root is generally accessible to all users in a workspace, which is unsuitable for production PII data.
Databases are NOT just logical constructs without impact; they are fundamental to the security hierarchy in Unity Catalog and directly influence how ACLs are inherited and how data is discovered via INFORMATION_SCHEMA or the Data Explorer.

Comments (0)

No comments yet.

A data engineering team is migrating an enterprise system comprising thousands of tables and views into a Databricks Lakehouse architecture. The migration utilizes a Medallion architecture with the following access requirements:

Bronze tables: Managed by data engineering for raw production ingestion.

Silver tables: Utilized for data engineering and machine learning; contains pseudonymized PII.

Gold tables: Utilized for business intelligence and reporting; contains fully anonymized PII.

Which strategy aligns with Databricks best practices to minimize security risks while ensuring effective cross-team collaboration?

Real Exam

Last updated: January 6, 2026 at 15:39

Consolidate all production tables into a single database to simplify discovery and provide a unified view for all organization members.

0.0%

Utilize the default Databricks database for all managed tables, as storing data in the DBFS root provides inherent security advantages.

0.0%

Organize tables into separate databases or schemas based on their quality tiers (Bronze, Silver, Gold) to facilitate granular Access Control List (ACL) management and physical storage isolation.