Account Access & Security - Quiz Flashcards

1
Q

Snowflake uses the following access control schemes: Role Based Access Control (RBAC) and ___________.

A

Discretionary Access Control (DAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which system-define role is it recommended to assign custom roles to? Choose one correct value.
-ORGADMIN
-ACCOUNTADMIN
-SECURITYADMIN
-SYSADMIN
-USERADMIN

A

SYSADMIN

If custom roles are not assigned to the SYSADMIN role, system admins will not be able to manage the objects owned by the custom role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If the user property DISABLE_MFA was set to true, the user would need to re-enroll to use multi-factor authentication again. True or false?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network policies currently support which type of IP address?

A

IPv4

“Network policies currently support only Internet Protocol version 4 (i.e. IPv4) addresses.” - https://docs.snowflake.com/en/user-guide/network-policies.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Key rotation is the practice of transparently replacing existing account and table encryption keys every __ number of days.

A

30

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Only standard views can be designated as secure. True or false?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The ACCOUNT_USAGE share contains a database called SNOWFLAKE. The views in this database are used to provide fine-grained metrics at the account and object level. What is the maximum number of months data in these views available for?

A

12

Certain account usage views provide historical usage metrics. The retention period for these views is 1 year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

By default, which system-define role can access the SNOWFLAKE database?

A

ACCOUNTADMIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Account usage views record dropped objects. True or false?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

If the role ACCOUNTADMIN was currently active, what would a user see issuing a query that included an email column with the below column masking policy applied to it?

CREATE MASKING POLICY EMAIL_MASK AS (VAL STRING) RETURN STRING ->
CASE
WHEN CURRENT_ROLE() IN (‘ADMIN’) THEN VAL
WHEN CURRENT_USER() IN (‘DEVELOPER’) THEN REGEXP_REPLACE(VAL, ‘.+@’, ‘@’)
ELSE ‘
**
END;

A

A fully masked email

The ACCOUNTADMIN role would fall under the else condition in the policy body as it’s neither the ADMIN or DEVELOPER role, therefore returning the fully masked email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly