Databricks Certified Data Engineer Associate · Domain 7 · 15% of exam

Governance and Security

Drill 20 practice questions focused entirely on Governance and Security for the Databricks Databricks Data Engineer Associate exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A data engineer at a healthcare company needs to determine which downstream tables and dashboards would be affected if a source table containing patient records is modified. The company uses Unity Catalog to govern all data assets. Which Unity Catalog capability should the engineer use to identify these downstream dependencies?

Reviewed for accuracy · Report an issue
Question 2 of 20

A retail analytics company needs to share a curated Delta table from their Unity Catalog metastore with an external partner organization that does NOT use Databricks. The partner will consume the data using their own tools (e.g., pandas, Apache Spark, Power BI). Which Unity Catalog feature should the data engineer use to securely share this data without copying it to the partner's environment?

Reviewed for accuracy · Report an issue
Question 3 of 20

A healthcare analytics team stores a patient table in Unity Catalog that includes a sensitive 'ssn' column. Analysts need to run reports against the table, but only members of the 'compliance_team' group should see the full SSN values; everyone else should see the values masked. The data engineer must implement this without duplicating the table or removing the column. What is the most appropriate approach?

Reviewed for accuracy · Report an issue
Question 4 of 20

A data engineering team needs to allow Unity Catalog to read and write files in a specific ADLS Gen2 container so they can create external tables backed by that path. They have already created a storage credential that references a managed identity with access to the storage account. What must they create next so Unity Catalog can govern access to that specific storage path?

Reviewed for accuracy · Report an issue
Question 5 of 20

A data engineer is designing a new schema in Unity Catalog for a temporary analytics project. The team wants Unity Catalog to fully manage the table lifecycle so that dropping a table also automatically removes the underlying data files, minimizing manual cleanup once the project ends. Which type of table should the engineer create to achieve this behavior?

Reviewed for accuracy · Report an issue
Question 6 of 20

A data engineering team lead wants to allow a group of ETL developers to create new tables within an existing schema named 'sales.reporting' in Unity Catalog. The developers already have USE CATALOG on the 'sales' catalog. Which additional privileges must be granted so the developers can successfully create tables in that schema?

Reviewed for accuracy · Report an issue
Question 7 of 20

A data engineer runs GRANT SELECT ON TABLE sales.transactions.orders TO `analyst_team`. When members of analyst_team try to query the table, they receive a permission error stating they lack access. The team confirms they have SELECT on the orders table. What is the most likely cause of the error?

Reviewed for accuracy · Report an issue
Question 8 of 20

A data engineer needs to allow the 'etl_writers' group to insert, update, and delete rows in the table `sales.transactions.orders`, but the group should not be able to alter the table's schema or drop the table. The group already has USAGE on the catalog and schema and SELECT on the table. Which single privilege should be granted on the table to enable the required write operations?

Reviewed for accuracy · Report an issue
Question 9 of 20

A data engineering team of 12 people needs SELECT access to all current and future tables in the schema `sales.transactions`. New engineers join the team every few months. The lead wants to minimize ongoing administrative overhead when granting access. What is the best approach in Unity Catalog?

Reviewed for accuracy · Report an issue
Question 10 of 20

A data engineer needs to give the analytics team read access to every current and future table across all schemas within the catalog named 'sales_prod'. They want to configure this with a single grant that automatically applies to objects created later, without granting access to other catalogs in the metastore. Which action should they take?

Reviewed for accuracy · Report an issue
Question 11 of 20

A data engineer manages a Unity Catalog schema named sales.reporting that currently contains 12 tables, with more tables added weekly by an automated pipeline. The analytics team needs read access to all current and future tables in this schema without requiring the engineer to run a new grant each time a table is created. Which single GRANT statement accomplishes this most efficiently?

Reviewed for accuracy · Report an issue
Question 12 of 20

A data engineer creates a SQL user-defined function (UDF) called finance.reporting.mask_ssn in Unity Catalog that analysts will call inside their queries. The analysts already have USE CATALOG on finance and USE SCHEMA on finance.reporting. When the analysts try to invoke the function, they receive a permission error. Which single grant will allow the analysts to run the function?

Reviewed for accuracy · Report an issue
Question 13 of 20

A data analyst has been granted SELECT on the table `sales_prod.reporting.daily_orders` in Unity Catalog. However, when the analyst runs `SELECT * FROM sales_prod.reporting.daily_orders`, they receive a permission error and cannot access the data. The table owner confirms the SELECT grant was applied correctly to the table. What is the most likely cause and required fix?

Reviewed for accuracy · Report an issue
Question 14 of 20

A data engineer creates a view named finance.reporting.summary_v that selects aggregated results from the base table finance.raw.transactions. Analysts in the 'reporting_team' group need to query summary_v but must NOT be able to query the underlying transactions table directly. The engineer owns both objects. What is the minimum set of grants that satisfies this requirement?

Reviewed for accuracy · Report an issue
Question 15 of 20

A data governance officer needs to programmatically audit which principals currently hold the SELECT privilege on tables within the 'finance' catalog. They want to run a SQL query rather than clicking through the Catalog Explorer UI for each object. Which approach lets them retrieve this grant information using standard SQL?

Reviewed for accuracy · Report an issue
Question 16 of 20

A data engineer is creating a new table in Unity Catalog to store cleansed customer data. The team wants Unity Catalog to fully manage the table's underlying data files in the metastore's default managed storage location, so that dropping the table also removes the data files automatically. Which type of table should the engineer create?

Reviewed for accuracy · Report an issue
Question 17 of 20

A data engineering team is setting up Unity Catalog for their Databricks account. They plan to attach several workspaces located in the same cloud region to a shared governance layer so that catalogs, schemas, and tables can be centrally managed and shared. What is the correct relationship between a Unity Catalog metastore and workspaces in a given region?

Reviewed for accuracy · Report an issue
Question 18 of 20

A data engineer created a table named `sales.transactions.orders` in Unity Catalog and is currently its owner. The engineer is moving to a different team and wants a shared group called `analytics_admins` to be able to grant and revoke privileges on the table, alter it, and eventually drop it if needed, without the original engineer remaining involved. What is the most appropriate action?

Reviewed for accuracy · Report an issue
Question 19 of 20

A data engineer previously granted the 'analysts' group the SELECT privilege on the table sales.public.transactions. Compliance now requires that the 'analysts' group no longer be able to query this table. The engineer confirms the group has no other privileges that would grant access. Which SQL statement should the engineer run in Unity Catalog to remove this access?

Reviewed for accuracy · Report an issue
Question 20 of 20

A data engineer is working in a notebook whose default catalog is set to 'dev' and default schema is set to 'analytics'. They need to query a table named 'orders' that lives in the schema 'sales' within the catalog 'prod'. Which statement correctly references this table using the Unity Catalog three-level namespace?

Reviewed for accuracy · Report an issue

More Databricks Data Engineer Associate practice

Keep going with the other Databricks Certified Data Engineer Associate domains, or take a full timed mock exam.

← Back to Databricks Data Engineer Associate overview