1. A data engineer at a financial services company is deploying a RAG-based chatbot that retrieves customer account records. During testing, they notice that raw Social Security Numbers (SSNs) appear verbatim in the retrieved chunks that are passed to the LLM prompt. Which approach BEST addresses this risk within the Databricks ecosystem?
- A. Apply a PII masking transformation to the retrieved chunks before they are injected into the prompt context, replacing SSNs with a placeholder such as [SSN_REDACTED].✓ Correct
- B. Encrypt the vector index at rest using a customer-managed key so that SSNs cannot be read by the LLM.
- C. Move the vector index to a private subnet to prevent the LLM from accessing the raw data.
- D. Add a system prompt instruction telling the LLM to ignore any SSNs it encounters in the context.
Explanation
Option A is correct because masking PII before it enters the prompt context is the standard defense-in-depth practice; the sensitive data never reaches the LLM or its logs. Option B is wrong because encryption at rest protects data on disk but does nothing to prevent the plaintext from being passed to the model at inference time. Option C is wrong because network isolation controls who can call the endpoint, not what content is included in the prompt. Option D is wrong because relying on a system prompt instruction is an unreliable 'soft' control; the LLM may still echo the SSN back in its response or in traces.