The following commands were executed:
Grant usage on database PROD to role PROD_ANALYST;
Grant usage on database PROD to role PROD_SUPERVISOR;
Grant ALL PRIVILEGES on schema PROD.WORKING to role PROD_ANALYST;
Grant ALL PRIVILEGES on schema PROD.WORKING to role PROD_SUPERVISOR;
Grant role PROD_ANALYST to user A;
Grant role PROD_SUPERVISOR to user B;
What authority does each user have on the WORKING schema?
AOnly user B can create tables, because all privileges were transferred to PROD_SUPERVISOR.
BTables created by either user A or user B will be visible to both users.
CAll existing tables in schema PROD.WORKING will be visible to both users.
DBoth user A and user B can create tables in the PROD.WORKING schema.
What steps are required to set up OKTAAPI token integration in Snowflake?
A
grant role okta_provisioner to role ACCOUNTADMIN;2. create or replace security integration okta_provisioningtype = scimscim_client = 'okta'run_as_role = 'OKTA_PROVISIONER';3. Update these steps every 12 months.
B
use role ACCOUNTADMIN;2. select system$ generate_scim_access_token ('OKTA_PROVISIONING');3. Update these steps every 12 months.
C
create or replace security integration okta_provisioningtype = scimscim client = 'okta'run_as_role = 'OKTA_PROVISIONER';2. Update this step every 6 months.
D
use role ACCOUNTADMIN;2. select system$ generate_scim_access_token ('OKTA_PROVISIONING');3. Update these steps every 6 months.
Which command can temporarily disable Multi-factor Authentication (MFA) for the Snowflake username user1 for 24 hours?
Aalter user user1 set MINS_TO_BYPASS_MFA=1440;
Balter user user1 set DISABLE_MFA=1440;
Calter user user1 set TEMPORARY_MFA_BYPASS=1440;
Dalter user user1 set HOURS_TO_BYPASS_MFA=24;
A virtual warehouse report_wh is configured with AUTO_RESUME=TRUE and AUTO_SUSPEND=300. A user has been granted the role accountant.
An application with the accountant role should use this warehouse to run financial reports, and should keep track of compute credits used by the warehouse.
What minimal privileges on the warehouse should be granted to the role to meet the requirements for the application? (Choose two.)
AOPERATE
BMODIFY
CMONITOR
DUSAGE
EOWNERSHIP
A user has enrolled in Multi-factor Authentication (MFA) for connecting to Snowflake. The user informs the Snowflake Administrator that they lost their mobile phone the previous evening.
Which step should the Administrator take to allow the user to log in to the system, without revoking their MFA enrollment?
AAlter the user and set MINS_TO_BYPASS_MFA to a value that will disable MFA long enough for the user to log in.
BAlter the user and set DISABLE_MFA to true, which will suspend the MFA requirement for 24 hours.
CInstruct the user to connect to Snowflake using SnowSQL, which does not support MFA authentication.
DInstruct the user to append the normal URL with /?mode=mfa_bypass&code= to log on.
What SCIM integration types are supported in Snowflake? (Choose three.)
AAmazon Web Services (AWS)
BGoogle Cloud Platform (GCP)
COkta
DCustom
EAzure Active Directory (Azure AD)
FDuo Security Provisioning Connector
What role or roles should be used to properly create the object required to setup OAuth 2.0 integration?
AAny role with GRANT USAGE on SECURITY INTEGRATION
BACCOUNTADMIN and SYSADMIN
CACCOUNTADMIN and SECURITYADMIN
DACCOUNTADMIN only
For Snowflake network policies, what will occur when the account_level and user_level network policies are both defined?
AThe account_level policy will override the user_level policy.
BThe user_level policy will override the account_level policy.
CThe user_level network policies will not be supported.
DA network policy error will be generated with no definitions provided.
What access control policy will be put into place when future grants are assigned to both database and schema objects?
ADatabase, privileges will take precedence over schema privileges.
BSchema privileges will take precedence over database privileges.
CAn access policy combining both the database object and the schema object will be used, with the most permissive policy taking precedence.
DAn access policy combining both the database object and the schema object will be used, with the most restrictive policy taking precedence.
What roles can be used to create network policies within Snowflake accounts? (Choose three.)
ASYSADMIN
BSECURITYADMIN
CACCOUNTADMIN
DORGADMIN
EAny role with the global permission of CREATE NETWORK POLICY
FAny rote that owns the database where the network policy is created
The following SQL command was executed:
Which role(s) can alter or drop table XYZ?
ABecause ACCOUNTADMIN created the table, only the ACCOUNTADMIN role can alter or drop table XYZ.
BSECURITYADMIN, SYSADMIN, and ACCOUNTADMIN can alter or drop table XYZ.
CPROD_WORKING_OWNER, ACCOUNTADMIN, and SYSADMIN can alter or drop table XYZ.
DOnly the PROD_WORKING_OWNER role can alter or drop table XYZ.
A user with the proper role issues the following commands when setting up and activating network policies:
Afterwards, user1 attempts to log in to Snowflake from IP address 3.3.3.10.
Will the login be successful?
AYes, because 3.3.3.10 is found in the ALLOWED_IP_LIST of bar_policy.
BNo, because 3.3.3.10 is found in the BLOCKED_IP_LIST of bar_policy.
CYes, because 3.3.3.10 is found in the ALLOWED_IP_LIST of foo_policy.
DNo, because 3.3.3.10 is not found in the ALLOWED_IP_LIST of foo_policy.
Which tasks can be performed by the ORGADMIN role? (Choose three.)
ACreate one or more accounts in the organization.
BView a list of all regions enabled for the organization.
CCreate secure views on application tables within the organization.
DView usage information for all accounts in the organization.
EPerform zero-copy cloning on account data.
FCreate a reader account to share data with another organization.
A Snowflake account is configured with SCIM provisioning for user accounts and has bi-directional synchronization for user identities. An Administrator with access to SECURITYADMIN uses the Snowflake UI to create a user by issuing the following commands:
The new user named PTORRES successfully logs in, but sees a default role of PUBLIC in the web UI. When attempted, the following command fails: use DEVELOPER_ROLE;
Why does this command fail?
AThe DEVELOPER_ROLE needs to be granted to SYSADMIN before user PTORRES will be able to use the role.
BThe new role can only take effect after USERADMIN has logged out.
CUSERADMIN needs to explicitly grant the DEVELOPER_ROLE to the new USER.
DThe new role will only take effect once the identity provider has synchronized by way of SCIM with the Snowflake account.
What are characteristics of Dynamic Data Masking? (Choose two.)
AA masking policy that is currently set on a table can be dropped.
BA single masking policy can be applied to columns in different tables.
CA masking policy can be applied to the VALUE column of an external table.
DThe role that creates the masking policy will always see unmasked data in query results.
EA single masking policy can be applied to columns with different data types.
What are benefits of creating and maintaining resource monitors in Snowflake? (Choose three.)
AThe cost of running a resource monitor is only 10% of a credit, per day of operation.
BMultiple resource monitors can be applied to a single virtual warehouse.
CResource monitors add no additional load to virtual warehouse compute.
DMultiple triggers can be configured across various virtual warehouse thresholds.
EResource monitor governance is tightly controlled and monitors can only be created by the ACCOUNTADMIN role or users with the CREATE MONITOR privilege.
FResource monitors can be applied to more than one virtual warehouse.
Which commands can be performed by a user with the ORGADMIN role but not the ACCOUNTADMIN role? (Choose two.)
ASHOW REGIONS;
BSHOW USERS;
CSHOW ORGANIZATION ACCOUNTS;
DGRANT ROLE ORGADMIN TO USER <username>;
E
What are the requirements when creating a new account within an organization in Snowflake? (Choose two.)
AThe account requires at least one ORGADMIN rote within one of the organization's accounts.
BThe account name is immutable and cannot be changed.
CThe account name must be specified when the account is created.
DThe account name must be unique among all Snowflake customers.
EThe account name must be unique within the organization.
What are benefits of using Snowflake organizations? (Choose two.)
AAdministrators can change Snowflake account editions on-demand based on need.
BAdministrators can monitor and understand usage across all accounts in the organization.
CAdministrators can simplify data movement across all accounts within the organization.
DUser administration is simplified across all accounts within the organization.
EAdministrators have the ability to create accounts in any available cloud provider or region.
An Administrator has been asked to support the company's application team need to build a loyalty program for its customers. The customer table contains Personal Identifiable Information (PII), and the application team's role is DEVELOPER.
CREATE TABLE customer_data (
customer_first_name string,
customer_last_name string,
customer_address string,
customer_email string,
... some other columns,
) ;
The application team would like to access the customer data, but the email field must be obfuscated.
How can the Administrator protect the sensitive information, while maintaining the usability of the data?
ACreate a view on the customer_data table to eliminate the email column by omitting it from the SELECT clause. Grant the role DEVELOPER access to the view.
BCreate a separate table for all the non-PII columns and grant the role DEVELOPER access to the new table.
CUse the CURRENT_ROLE and CURRENT_USER context functions to integrate with a secure view and filter the sensitive data.
DUse the CURRENT_ROLE context function to integrate with a masking policy on the fields that contain sensitive data.
An Administrator needs to create a sample of the table LINEITEM. The sample should not be repeatable and the sampling function should take the data by blocks of rows.
What select command will generate a sample of 20% of the table?
Aselect * from LINEITEM sample bernoulli (20);
Bselect * from LINEITEM sample system (20);
Cselect * from LINEITEM tablesample block (20 rows);
Dselect * from LINEITEM tablesample system (20) seed (1);
A team is provisioning new lower environments from the production database using cloning. All production objects and references reside in the database, and do not have external references.
What set of object references needs to be re-pointed before granting access for usage?
ASequences, views, and secure views
BSequences, views, secure views, and materialized views
CSequences, storage integrations, views, secure views, and materialized views
DThere are no object references that need to be re-pointed
An Administrator has a user who needs to be able to suspend and resume a task based on the current virtual warehouse load, but this user should not be able to modify the task or start a new run.
What privileges should be granted to the user to meet these requirements? (Choose two.)
AEXECUTE TASK on the task
BOWNERSHIP on the task
COPERATE on the task
DUSAGE on the database and schema containing the task
EOWNERSHIP on the database and schema containing the task
Preview
