Generative AI Engineer Associate · 8% of the exam

Governance: free practice questions

5 sample questions from our 20-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real Databricks exam.

1. A data engineer at a financial services company is deploying a RAG-based chatbot that retrieves customer account records. During testing, they notice that raw Social Security Numbers (SSNs) appear verbatim in the retrieved chunks that are passed to the LLM prompt. Which approach BEST addresses this risk within the Databricks ecosystem?

  • A. Apply a PII masking transformation to the retrieved chunks before they are injected into the prompt context, replacing SSNs with a placeholder such as [SSN_REDACTED].✓ Correct
  • B. Encrypt the vector index at rest using a customer-managed key so that SSNs cannot be read by the LLM.
  • C. Move the vector index to a private subnet to prevent the LLM from accessing the raw data.
  • D. Add a system prompt instruction telling the LLM to ignore any SSNs it encounters in the context.
Explanation

Option A is correct because masking PII before it enters the prompt context is the standard defense-in-depth practice; the sensitive data never reaches the LLM or its logs. Option B is wrong because encryption at rest protects data on disk but does nothing to prevent the plaintext from being passed to the model at inference time. Option C is wrong because network isolation controls who can call the endpoint, not what content is included in the prompt. Option D is wrong because relying on a system prompt instruction is an unreliable 'soft' control; the LLM may still echo the SSN back in its response or in traces.

2. An ML engineer is configuring a RAG pipeline that retrieves chunks from a corpus of legal contracts. Some contracts contain Social Security Numbers (SSNs) and bank account numbers. The engineer must ensure that PII never appears in the context window sent to the LLM or in the final response. Which TWO of the following controls should be applied to achieve this? (Select TWO)

  • A. Apply a PII detection and masking step to retrieved document chunks before they are appended to the LLM prompt.✓ Correct
  • B. Enable Delta Lake time travel on the contracts table so that previous versions of documents can be audited.
  • C. Configure Unity Catalog dynamic data masking on the columns containing SSNs and account numbers in the source table used by the retrieval step.✓ Correct
  • D. Set the LLM's max_tokens parameter to a low value to prevent lengthy responses that might include PII.
  • E. Enable Databricks Secret Scopes to encrypt the SSN column at rest within the contracts table.
Explanation

Option A is correct: a PII detection/masking step applied to retrieved chunks before prompt construction ensures that even if a document contains raw PII, that PII is replaced or redacted before it enters the LLM context. Option C is correct: Unity Catalog dynamic data masking on the source table prevents PII from being returned to any downstream process (including the retrieval step) for users or service principals that do not have explicit access, stopping PII at the data layer. Option B (time travel) is an auditing/versioning feature and does not mask PII. Option D (max_tokens) limits response length but does not prevent PII from being included in whatever tokens are generated. Option E (Secret Scopes) is for managing API keys and passwords, not for masking column-level PII in Delta tables.

3. A Databricks workspace administrator needs to grant a model serving endpoint's service principal the minimum permissions required to read embeddings from a Unity Catalog Vector Search index during inference, without allowing it to create, modify, or delete the index. Which Unity Catalog privilege should be granted to the service principal on the Vector Search index object?

  • A. USE CATALOG on the parent catalog only
  • B. SELECT on the Vector Search index✓ Correct
  • C. ALL PRIVILEGES on the schema containing the index
  • D. CREATE TABLE on the schema containing the index
Explanation

In Unity Catalog, the SELECT privilege on a Vector Search index grants the ability to query (read) the index, which is exactly what a serving endpoint needs during inference. This follows the principle of least privilege. Option A (USE CATALOG alone) is a prerequisite for navigating the catalog hierarchy but does not itself grant read access to the index data. Option C (ALL PRIVILEGES on the schema) would grant far more than necessary, including the ability to create, modify, and delete objects — violating least privilege. Option D (CREATE TABLE) grants the ability to create new tables in the schema, which is unrelated to reading the index and exceeds what is needed.

4. An enterprise data team registers a fine-tuned LLM in Unity Catalog and wants to enforce the principle of least privilege. They need service principal `sp_inference` to serve the model, data scientists to evaluate logged traces, and no other principal to have any access. Which THREE Unity Catalog/MLflow actions correctly scope these permissions? (Select THREE)

  • A. Grant EXECUTE on the registered model to `sp_inference` so it can load and serve the model.✓ Correct
  • B. Grant SELECT on the MLflow experiment's linked Delta table of traces to the data scientists group.
  • C. Grant ALL PRIVILEGES on the catalog to `sp_inference` to ensure the serving infrastructure has all required access.
  • D. Grant USE CATALOG and USE SCHEMA on the parent catalog and schema to both `sp_inference` and the data scientists group.✓ Correct
  • E. Grant MODIFY on the registered model to the data scientists group so they can read trace metadata.
  • F. Grant READ VOLUME on the model artifact volume to `sp_inference` if model artifacts are stored in a Unity Catalog Volume.✓ Correct
Explanation

Option A is correct because EXECUTE on the model object is the specific privilege needed to load and serve a registered model. Option D is correct because USE CATALOG and USE SCHEMA are prerequisite hierarchical privileges required to access any object within a catalog/schema; without them, even object-level grants are ineffective. Option F is correct because if model binaries are stored in a Unity Catalog Volume, the service principal also needs READ VOLUME to access the artifact files at serving time. Option B is wrong because the trace data is accessed through MLflow's UI and API rather than a direct SELECT on a Delta table; this is not the standard access pattern. Option C is wrong because ALL PRIVILEGES violates least-privilege and grants unnecessary permissions (e.g., CREATE, MODIFY) beyond what serving requires. Option E is wrong because MODIFY allows writing/editing the model object, which is broader than what data scientists need merely to read trace metadata.

5. Which TWO of the following are valid methods for implementing guardrails against harmful or off-topic content in a Databricks-hosted LLM application? (Select TWO)

  • A. Using Llama Guard or a similar classifier model as a pre- and post-processing layer to evaluate whether inputs and outputs violate safety policies.✓ Correct
  • B. Configuring the vector search index retriever to return only embeddings with a cosine similarity score below 0.3 to filter out semantically similar harmful queries.
  • C. Defining a structured system prompt that instructs the model on topic scope and refusal behavior, combined with output parsing to enforce response format constraints.✓ Correct
  • D. Setting the LLM temperature parameter to 0 to make responses fully deterministic and thereby eliminate the possibility of harmful content generation.
  • E. Restricting model endpoint access to only internal IP ranges so that external users cannot submit harmful prompts.
Explanation

Option A is correct because a safety classifier (like Llama Guard) acting as a guardrail layer is a well-established pattern for detecting policy-violating inputs and outputs before they are surfaced to users. Option C is correct because a carefully designed system prompt establishes behavioral boundaries and out-of-scope refusal instructions, which, combined with output parsing, provides a practical content governance layer. Option B is wrong because a low similarity threshold would filter out relevant on-topic queries, not harmful ones; similarity score alone is not a reliable proxy for content safety. Option D is wrong because temperature=0 only makes the model deterministic; a deterministic model can still produce harmful content if the underlying model weights and prompts lead to it. Option E is wrong because IP restriction is a network access control, not a content guardrail; it does not evaluate the substance of prompts submitted by authorized internal users.

15 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free