Databricks Certified Data Engineer - Professional

Get started today

Ultimate access to all questions.

Explanation:

Explanation

In Databricks, audit logs capture the identity of the specific principal (user or service principal) whose credentials were used to authenticate each individual REST API request.

Job Creation: When User A uses their personal access token to call the jobs/create endpoint, the audit log entry for that event will list User A as the actor (userId).
Job Execution: When User B uses their own token to call the jobs/run-now (or equivalent) endpoint, the audit log will record User B as the actor for that specific execution event.

This can be verified by querying the Databricks audit log system table (system.access.audit), which tracks the userId and userName for every API event.

Why the other options are incorrect:

Service Principal: Audit logging reflects the actual identity used for authentication. Unless a Service Principal's token was used, the log will not default to a Service Principal identity.
Creator Attribution: Audit logs are event-driven and record who performed the specific action; they do not retroactively attribute actions to the original resource creator if a different user triggers the resource.
Identity Omission: User identities are fundamental to audit logs for compliance and security monitoring; they are never omitted for authenticated REST API calls.

Explanation:

Explanation

In Databricks, audit logs capture the identity of the specific principal (user or service principal) whose credentials were used to authenticate each individual REST API request.

Job Creation: When User A uses their personal access token to call the jobs/create endpoint, the audit log entry for that event will list User A as the actor (userId).
Job Execution: When User B uses their own token to call the jobs/run-now (or equivalent) endpoint, the audit log will record User B as the actor for that specific execution event.

This can be verified by querying the Databricks audit log system table (system.access.audit), which tracks the userId and userName for every API event.

Why the other options are incorrect:

Service Principal: Audit logging reflects the actual identity used for authentication. Unless a Service Principal's token was used, the log will not default to a Service Principal identity.
Creator Attribution: Audit logs are event-driven and record who performed the specific action; they do not retroactively attribute actions to the original resource creator if a different user triggers the resource.
Identity Omission: User identities are fundamental to audit logs for compliance and security monitoring; they are never omitted for authenticated REST API calls.

Comments (0)

No comments yet.

A Data Engineer (User A) has established several new data pipeline jobs using the Databricks REST API. Subsequently, a DevOps Engineer (User B) configures an external tool to trigger these jobs via the REST API. Both engineers utilized their respective personal access tokens (PATs) for authorization. How will these specific actions be documented in the workspace audit logs?

Real Exam

Last updated: January 6, 2026 at 15:43

To maintain security, user identities are excluded from audit logs when actions are performed via the REST API.

6.5%

Because User A is the owner and creator of the jobs, their identity will be logged for both the creation and all subsequent executions, regardless of who triggers them.

6.5%

User A's identity will be associated with the job creation events, while User B's identity will be associated with the job execution events.

75.3%

The system will automatically assign a Service Principal identity to these events because the REST API was used for both creation and execution.

11.7%