Chapter 9: Security Flashcards

1
Q

Snowflake supports which of the following security features? (Select all that apply.)

AES 256 encryption of data at rest
MD5 encryption of data at rest
Tri-Secret Secure encryption
Key rotation

A

AES 256 encryption of data at rest
Tri-Secret Secure encryption
Key rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the minimum Snowflake edition that supports Tri-Secret Secure encryption?
Standard
Enterprise
Business Critical
Virtual Private Snowflake

A

Business Critical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following statements are true regarding Snowflake’s multifactor authentication (MFA)? (Select all that apply.)

MFA is provided only in the Business Critical and above editions.
MFA is only supported by the Snowflake web interface and SnowSQL.
MFA is enabled for all users by default; however, users need to enroll themselves into MFA manually.
An administrator can disable MFA for a user.

A

MFA is enabled for all users by default; however, users need to enroll themselves into MFA manually.
An administrator can disable MFA for a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Snowflake supports which of the following authentication mechanisms? (Select all that apply.)

Key pair authentication
Multifactor authentication
SAML 2.0 federated authentication
Google Authentication

A

Key pair authentication
Multifactor authentication
SAML 2.0 federated authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is true regarding key pair authentication in Snowflake? (Select all that apply.)

A user can be assigned up to two public keys.
Key pair authentication requires providing your Snowflake username and password when prompted.
The keys can be rotated if desired.
Key pair authentication is available only for the VPS edition.

A

A user can be assigned up to two public keys.
The keys can be rotated if desired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following statements are true regarding federated authentication in Snowflake? (Select all that apply.)

Snowflake supports most SAML 2.0 identity providers.
Once authenticated by an external identity provider, a user does not need to provide a Snowflake username.
Users need to provide a Snowflake username and password after being authenticated by an external identity provider.
Snowflake has native support for Okta and ADFS.

A

Snowflake supports most SAML 2.0 identity providers.
Snowflake has native support for Okta and ADFS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is supported by Snowflake for autoprovisioning of users and groups?

MFA
SCIM
FedRAMP
ITAR

A

SCIM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following are built-in roles provided by Snowflake? (Select all that apply.)

SECURITYADMIN
ACCOUNTADMIN
PUBLIC
USERADMIN
LOADADMIN

A

SECURITYADMIN
ACCOUNTADMIN
PUBLIC
USERADMIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following access control methods are supported by Snowflake? (Select all that apply.)

Attribute-based access control (ABAC)
Role-based access control (RBAC)
Discretionary access control (DAC)
Redundant access control (RAC)

A

Role-based access control (RBAC)
Discretionary access control (DAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following statements are true regarding access control in Snowflake? (Select all that apply.)

Securable objects are objects or entities to which privileges can be granted.
Roles cannot be granted to other roles.
Privileges are granted through the GRANT statement and taken away using the REVOKE statement.
Roles can be granted to other users or other roles.

A

Securable objects are objects or entities to which privileges can be granted.
Privileges are granted through the GRANT statement and taken away using the REVOKE statement.
Roles can be granted to other users or other roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following are methods to implement column-level security in Snowflake? (Select two.)

User policies
Dynamic data masking
Row-level policies
External tokenization

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If an IP address is in both the block list and the allowed list in a network policy, what is Snowflake’s behavior when enforcing the network policy?

The network policy is invalid as both the allowed and blocked lists cannot be populated.
Snowflake applies the blocked list first, ensuring that the IP address is blocked from connecting, even if it is also defined in the allow list.
Snowflake applies the allowed list first, ensuring the IP address is allowed to connect, even if it is defined in the block list too.
The IP address is ignored.

A

Snowflake applies the blocked list first, ensuring that the IP address is blocked from connecting, even if it is also defined in the allow list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What minimum Snowflake version is required for private connectivity to Snowflake?

Standard
Enterprise
Business Critical
Virtual Private Snowflake

A

Virtual Private Snowflake

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or False: Snowflake encrypts all communication automatically using TLS 1.2, including communication for the Snowflake web UI, SnowSQL, and all the connectors and drivers.

True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Snowflake supports which of the following standards?

FedRAMP
BASEL II
IRAP – Protected
HIPAA
PCI DSS

A

FedRAMP
IRAP – Protected
HIPAA
PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly