Answer-first summary for fast verification
Answer: In environments where interactive code is executed, production data should be accessible via read-only permissions; isolating databases or catalogs for each environment further reduces operational risk.
### Best Practices for Environment Isolation and Data Security **Correct Answer: A** * **Principle of Least Privilege:** In development and testing environments, users often have elevated permissions (such as administrative rights or the ability to run arbitrary code). Granting these users write access to production data creates a significant risk of accidental or malicious data modification. Restricting access to **read-only** ensures data integrity. * **Environment Isolation:** Best practices involve using separate catalogs or databases for each stage (Dev, Test, Prod). This ensures that schema changes or experiments in development do not impact production systems. * **Safe Testing:** For realistic testing, it is recommended to use **Delta Sharing** or **read-only clones** of production data. This provides the necessary scale and complexity without exposing the production write path. **Why the other options are incorrect:** * **B (Delta Time Travel):** While time travel allows for recovery, it is not a security or access control mechanism. It does not prevent unauthorized access to sensitive data or the operational overhead of managing accidental deletions. * **C (Unified Workspace):** Mixing environments in a single workspace makes it nearly impossible to enforce strict governance and increases the 'blast radius' of a single configuration error. * **D (Credential Passthrough):** While passthrough verifies identity, if a user has administrative rights on a cluster or storage account, they effectively have the power to delete or modify the mounted data regardless of the mounting method.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A data engineering team is establishing development, testing, and production environments for a new data pipeline. To ensure high-quality testing, they want to use data that closely mirrors production. A junior engineer suggests mounting production storage directly to the development and testing environments, where users currently have administrative privileges. Which of the following statements represents the best practice for handling this scenario?
A
In environments where interactive code is executed, production data should be accessible via read-only permissions; isolating databases or catalogs for each environment further reduces operational risk.
B
Utilizing Delta Lake's versioning and time travel features ensures that production data cannot be permanently lost, making it safe to mount production data in development environments.
C
All code and data for development, testing, and production should be hosted in a single, unified workspace to reduce administrative complexity and streamline the CI/CD process.
D
As long as credential passthrough is enabled, mounting production data in a development environment is safe because Databricks will verify the end-user's identity for every access request.