Question 21
Domain 5: Monitoring and AlertingFor compliance investigations, which Databricks capability is most directly used to review who accessed governed data?
Correct answer: B
Explanation
Databricks says to use “system tables for observability over resource utilization, cost, auditing and workload monitoring,” and audit logs are the primary record for compliance review. Access-related system tables show who accessed governed data, which supports tracing data access for investigations.
Why each option is right or wrong
A. Notebook widgets
Notebook widgets collect user input for notebooks; they do not provide governance-grade access auditing.
B. Audit logs and access-related system tables
Databricks compliance investigations rely on Unity Catalog auditability: the account-level audit log records access events, and the system tables in the `system.access` schema are the built-in source for reviewing data-access activity. In particular, `system.access.audit` and related access tables capture who accessed governed assets, when, and from where, which is the direct evidence used to reconstruct access history for an investigation.
C. Delta DESCRIBE HISTORY only
DESCRIBE HISTORY tracks table changes and operations, not a full record of all governed-data access.
D. Job parameters
Job parameters configure runs; they are not intended to show who accessed protected data.