Fabric Data Engineer Associate · 33% of the exam

Implement and manage an analytics solution: free practice questions

5 sample questions from our 83-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real Microsoft exam.

1. A Fabric workspace is configured with a database project for a SQL analytics endpoint. A data engineer wants to publish schema changes (adding a new table and modifying a stored procedure) to the Test workspace without affecting the Production workspace. Which approach follows best practice for schema management using database projects in Fabric?

  • A. Make the schema changes directly in the Production SQL analytics endpoint and then export a DACPAC to apply to Test
  • B. Edit the database project files locally, commit to a feature branch, create a pull request to the test branch, and use the deployment pipeline to promote to Test after review✓ Correct
  • C. Use the Fabric Admin portal to clone the Production workspace schema to Test, then apply changes in the Test workspace directly
  • D. Modify the schema in the Development workspace SQL analytics endpoint manually, then copy the DDL scripts and run them manually in Test and Production
Explanation

The best practice is to manage schema changes as code in the database project, use Git branching (feature → test branch) with pull requests for review, and use deployment pipelines to promote validated changes to each stage. This ensures traceability, peer review, and consistent promotion. Making changes directly in Production (A) bypasses change control and risks errors. The Fabric Admin portal (C) does not offer a 'clone workspace schema' feature. Manual DDL script copying (D) is error-prone, lacks version control, and does not scale in team environments.

2. A Fabric data engineering team manages a solution where a nightly Data Pipeline should trigger automatically whenever a new batch file lands in a specific OneLake folder, rather than running on a fixed schedule. The team also needs the pipeline to pass the name of the newly arrived file as a parameter to downstream notebook activities. Which two capabilities should the team configure? (Select TWO.)

  • A. A scheduled trigger set to run every 15 minutes to poll for new files
  • B. A storage event-based trigger that fires when a new blob is created in the OneLake-connected storage path✓ Correct
  • C. A pipeline parameter to capture the file name, populated from the trigger payload using an expression such as @triggerBody().fileName✓ Correct
  • D. A Dataflow Gen2 refresh schedule set to 'on data arrival'
  • E. A Fabric Activator reflex that sends an email notification on file arrival
  • F. A tumbling window trigger to batch process files at fixed intervals
Explanation

A storage event-based trigger (B) fires the pipeline automatically when a new file is created in the specified storage path (OneLake/ADLS Gen2), eliminating the need for polling. A pipeline parameter populated from @triggerBody().fileName (C) captures the name of the file that caused the trigger and passes it dynamically to downstream activities such as notebooks — satisfying both requirements together. A scheduled trigger polling every 15 minutes (A) introduces latency, wastes compute, and does not natively pass the file name. A Dataflow Gen2 refresh schedule (D) applies to dataflow refreshes, not pipeline orchestration, and lacks parameter-passing capability. Fabric Activator/reflex (E) sends alerts or simple automated responses but is not the mechanism for triggering complex pipeline workflows with parameterized file context. A tumbling window trigger (F) runs at fixed time intervals and does not react to file arrival events.

3. A Fabric workspace has a Lakehouse whose OneLake folder structure contains a 'confidential' subfolder. A data engineering team wants to ensure that members of the 'ReportingTeam' security group can access all folders in the Lakehouse except the 'confidential' subfolder. Which approach correctly implements this requirement?

  • A. Assign the ReportingTeam the Workspace Viewer role and then create an OneLake data access role that grants access to all folders except 'confidential' by explicitly denying that path.
  • B. Create an OneLake data access role scoped to specific folders, include all folders except 'confidential', and assign the ReportingTeam to that role without granting them workspace-level Lakehouse access.✓ Correct
  • C. Create an OneLake data access role that includes all folders, assign the ReportingTeam to it, and then separately use a sensitivity label on the 'confidential' folder to block access.
  • D. Grant the ReportingTeam the Workspace Member role and instruct them not to navigate to the 'confidential' folder.
Explanation

OneLake data access roles support folder-level security scoping. By creating a role that lists only the permitted folders (excluding 'confidential') and assigning the security group to it—without granting workspace-level item access that would bypass folder controls—this achieves precise folder-level restriction. Option A is incorrect because OneLake data access roles work as allow lists for folders, not deny lists; there is no explicit deny path mechanism. Option C is incorrect because sensitivity labels control information protection and export behaviors, not OneLake folder-level read/write access. Option D grants the Member role which provides broader workspace permissions and relies on an honor system rather than enforced access control.

4. A Fabric data engineer is building a master Data Pipeline that must loop through a JSON array of source table names and call a child pipeline for each table, passing the table name as a parameter. Which combination of pipeline activities correctly implements this pattern?

  • A. Use a 'Copy Data' activity with a ForEach loop setting, passing each table name via the pipeline parameter expression @item().
  • B. Use a 'ForEach' activity to iterate over the JSON array, and inside the ForEach body add an 'Invoke Pipeline' activity that references the child pipeline and maps @item() to the child pipeline's table name parameter.✓ Correct
  • C. Use a 'Switch' activity to evaluate each table name and branch to separate 'Invoke Pipeline' activities, one per table.
  • D. Use a 'Lookup' activity to retrieve the table list, then chain multiple 'Invoke Pipeline' activities sequentially with hardcoded table name parameters.
Explanation

The ForEach activity is designed to iterate over a collection (such as a JSON array), and within its body, an Invoke Pipeline activity can pass @item() as the value for the child pipeline's parameter—this is the standard dynamic orchestration pattern in Fabric Data Pipelines. Option A is incorrect because the Copy Data activity does not support a ForEach loop setting; ForEach is a separate activity. Option C uses a Switch activity which evaluates discrete cases, not an open-ended dynamic list, and requires hardcoding each table name. Option D chains hardcoded Invoke Pipeline activities, which defeats the purpose of a dynamic loop and does not scale to variable table lists.

5. A Fabric administrator is reviewing workspace access for a lakehouse project. An auditor requests a report showing all changes made to workspace roles (e.g., users added or removed) over the past 30 days. Which approach should the administrator use to retrieve this information?

  • A. Navigate to the workspace settings in Fabric and view the 'Access history' tab, which logs all role changes.
  • B. Query the Microsoft Fabric audit logs via the Microsoft Purview audit search or the Microsoft 365 compliance portal, filtering for workspace-related operation types.✓ Correct
  • C. Use the Fabric REST API to call the 'getWorkspaceAccessList' endpoint, which returns a historical log of role changes.
  • D. Export the workspace's Git commit history from Azure DevOps, as all role changes are tracked as commits in the connected repository.
Explanation

Microsoft Fabric audit logs are integrated into Microsoft Purview (formerly Microsoft 365 compliance center). Administrators can search the unified audit log filtering for Fabric-specific operations such as AddWorkspaceUser, DeleteWorkspaceUser, and UpdateWorkspaceUser to see role changes over the past 30 days. Option A is incorrect: there is no 'Access history' tab in workspace settings; workspace settings show current access, not historical changes. Option C is incorrect: the Fabric REST API 'getWorkspaceAccessList' endpoint returns the current access list, not a historical log of changes. Option D is incorrect: Git commit history tracks changes to code and item definitions, not workspace role/permission changes.

78 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free