Databricks Certified Data Engineer - Professional

Get started today

Ultimate access to all questions.

Explanation:

Explanation

Option C is correct. Databricks employs a security feature known as secret redaction. Any value retrieved using dbutils.secrets.get() is automatically intercepted by the notebook's output buffer and replaced with the string [REDACTED]. This prevents sensitive credentials from being accidentally exposed in the notebook UI or logged in plain text.

Crucially, this redaction only affects the display of the value. The underlying code and the Spark JDBC driver still receive the actual, unredacted secret value. Therefore, the connection to the external database will succeed as long as the secret is valid.

Why the other options are incorrect:

Connection Failure: Redaction is a display-layer security measure and does not interfere with the actual string value used by the application logic or drivers.
Interactive Prompts: dbutils.secrets.get() is a programmatic API. It retrieves values from a backed secret scope (like Azure Key Vault or Databricks-backed scopes) and does not prompt the user for input.
Plain Text Exposure: To maintain security standards, Databricks does not allow secrets retrieved through the secrets utility to be printed in clear text in notebook cells.

Explanation:

Explanation

Why the other options are incorrect:

Connection Failure: Redaction is a display-layer security measure and does not interfere with the actual string value used by the application logic or drivers.
Interactive Prompts: dbutils.secrets.get() is a programmatic API. It retrieves values from a backed secret scope (like Azure Key Vault or Databricks-backed scopes) and does not prompt the user for input.
Plain Text Exposure: To maintain security standards, Databricks does not allow secrets retrieved through the secrets utility to be printed in clear text in notebook cells.

Comments (1)

46765 56754Jan 11, 2026 2:16 AM

The question does not state secrets are printed, so answer options are confusing

LeetQuiz .Jan 11, 2026 1:12 PM

Thanks for your comment. You're right. The question doesn't explicitly state to print or return the secret itself. However, the question is test the knowledge of secret management on Databricks. To avoid the confusion, we updated the question with a code snippet. Thanks for your feedback and it really helps us improve the quality of questions that's shared with other.

After configuring Databricks secrets to manage credentials for an external database, a data engineer executes a code snippet that retrieves a password via dbutils.secrets.get() to establish a JDBC connection. What will be the result of executing this code in a Databricks notebook?

password = dbutils.secrets.get(
    scope="jdbc-secrets",
    key="db-password"
)
jdbc_url = "jdbc:postgresql://host:5432/db"
df = spark.read.format("jdbc") \
    .option("url", jdbc_url) \
    .option("user", "db_user") \
    .option("password", password) \
    .option("dbtable", "public.table") \
    .load()
print(password)

password = dbutils.secrets.get(
    scope="jdbc-secrets",
    key="db-password"
)
jdbc_url = "jdbc:postgresql://host:5432/db"
df = spark.read.format("jdbc") \
    .option("url", jdbc_url) \
    .option("user", "db_user") \
    .option("password", password) \
    .option("dbtable", "public.table") \
    .load()
print(password)

Real Exam

Last updated: January 11, 2026 at 13:08

The connection attempt to the external table will fail, and the notebook output will display the string [REDACTED].

0.0%

An interactive prompt will appear in the notebook; if the correct password is provided, the connection succeeds and the encoded password is automatically stored in DBFS.

0.0%

The connection to the external table will succeed, and the notebook output will display the string [REDACTED].

100.0%

The connection to the external table will succeed, and the plain text representation of the password will be printed in the output.