Study Databricks GENAI-ASSOC Masking and Injection Risk: key concepts, common traps, and exam decision cues.
This lesson is about practical protection. The exam guide names masking, malicious-input defense, legal and licensing requirements, and problematic-text alternatives because Databricks expects you to build systems that are usable and defensible, not just impressive.
| Need | Better first instinct |
|---|---|
| hide or redact sensitive content | masking |
| defend against malicious user inputs | guardrail or prompt-injection mitigation |
| avoid unlawful or unlicensed source use | legal and licensing review |
| reduce risk from problematic source text | replace or mitigate the risky source |
| If the risk is mainly about… | Better first read |
|---|---|
| sensitive values appearing in prompts or context | masking or redaction |
| manipulative user or document content | injection mitigation and guardrails |
| source reuse rights | legal and licensing constraints |
| harmful or unusable source text | source replacement or mitigation before retrieval |
| Trap | Better rule |
|---|---|
| treating governance as paperwork only | the exam wants concrete technical and content controls |
| assuming a stronger model fixes prompt injection | malicious-input defense is its own control problem |
| ignoring data-source licensing because the retrieval works | usable does not mean lawful |
A RAG app retrieves the right documents, but some of them contain sensitive identifiers and some were never licensed for this use. Which answer is strongest first?
Correct answer: A. Governance on this exam is about making the system defensible, not just accurate.
Governance questions usually start by separating content quality problems from control problems. If the risk is malicious user manipulation, think prompt-injection mitigation and guardrails. If the source itself creates legal exposure, inspect licensing and allowed use first. The weak answer usually treats these as prompt-quality issues instead of safety and governance boundaries.