Account Access & Security - Quiz Flashcards
Snowflake uses the following access control schemes: Role Based Access Control (RBAC) and ___________.
Discretionary Access Control (DAC)
Which system-define role is it recommended to assign custom roles to? Choose one correct value.
-ORGADMIN
-ACCOUNTADMIN
-SECURITYADMIN
-SYSADMIN
-USERADMIN
SYSADMIN
If custom roles are not assigned to the SYSADMIN role, system admins will not be able to manage the objects owned by the custom role.
If the user property DISABLE_MFA was set to true, the user would need to re-enroll to use multi-factor authentication again. True or false?
True
Network policies currently support which type of IP address?
IPv4
“Network policies currently support only Internet Protocol version 4 (i.e. IPv4) addresses.” - https://docs.snowflake.com/en/user-guide/network-policies.html
Key rotation is the practice of transparently replacing existing account and table encryption keys every __ number of days.
30
Only standard views can be designated as secure. True or false?
False
The ACCOUNT_USAGE share contains a database called SNOWFLAKE. The views in this database are used to provide fine-grained metrics at the account and object level. What is the maximum number of months data in these views available for?
12
Certain account usage views provide historical usage metrics. The retention period for these views is 1 year.
By default, which system-define role can access the SNOWFLAKE database?
ACCOUNTADMIN
Account usage views record dropped objects. True or false?
True
If the role ACCOUNTADMIN was currently active, what would a user see issuing a query that included an email column with the below column masking policy applied to it?
CREATE MASKING POLICY EMAIL_MASK AS (VAL STRING) RETURN STRING ->
CASE
WHEN CURRENT_ROLE() IN (‘ADMIN’) THEN VAL
WHEN CURRENT_USER() IN (‘DEVELOPER’) THEN REGEXP_REPLACE(VAL, ‘.+@’, ‘@’)
ELSE ‘**’
END;
A fully masked email
The ACCOUNTADMIN role would fall under the else condition in the policy body as it’s neither the ADMIN or DEVELOPER role, therefore returning the fully masked email.