Core Cloud Differences
AWS • Identity: IAM Role / Instance Profile
• Storage: S3
• Storage access model: IAM Role
• Region definition: VPC
• Networking: VPC + Subnets
• Query federation: Redshift, port 5439
• Workspace setup: Bucket + IAM Role
Azure • Identity: Service Principal / Managed Identity
• Storage: ADLS Gen2
• Storage access model: Access Connector
• Region definition: Workspace configura…
🔐 Identity & Access
Flashcard 1
Q: What enables Databricks to access GCP services?
A: Service account attached to clusters
Flashcard 2
Q: What is required for connecting to Google-managed services?
A: Enable API + attach a privileged service account
Flashcard 3
Q: What is identity federation used for?
A: Centralized user/group management via IdP (e.g., Azure AD, Okta)
Flashcard 4
Q: Who grants pr…
🔐 Identity & Access
Flashcard 1
Q: What provides identity and authentication in Azure Databricks?
A: Azure Active Directory (Entra ID)
Flashcard 2
Q: What platform governs data access and permissions?
A: Unity Catalog
Flashcard 3
Q: What is a service principal?
A: A non-human identity used for automation and API access
Flashcard 4
Q: How do service principals interact with Databricks?
A: Through …
🔐 Identity & Access
Flashcard 1
Q: What enables Databricks to access AWS services securely?
A: IAM Role (Cross-account / Instance profile)
Flashcard 2
Q: What role is required for accessing external storage (S3)?
A: Self-assuming cross-account IAM role
Flashcard 3
Q: What is the trusted principal for external storage permissions?
A: Static Unity Catalog IAM role
Flashcard 4
Q: What privileges are…
Where are storage credentials created?
A Workspace/Data explorer
B Workspace/Admin console
C Account console/Data page
D SQL
Answer: A
Rationale:
A is correct. Storage credentials are created in the Workspace Data Explorer.
B is incorrect. Admin console is for workspace administration, not credential creation.
C is incorrect. Account console does not manage wo…
What are two benefits of Azure Databricks being a first-party service to Microsoft?
A It is covered by Microsoft’s Trust and Compliance assurances and supported by Microsoft SLAs
B It reduces storage costs and removes Azure dependency
C It only supports open-source tooling without Azure integration
D It eliminates the need for governance tools
Answer: A
Ration…
see moreWhich two statements are true of encryption key configurations?
A They register a KMS key into your Databricks account and allow rotation of cryptographic material
B They must be created for each workspace only
C They cannot be rotated once created
D Data is not encrypted if they are not used
Answer: A
Rationale:
A is correct. Encryption configurations integr…
