Chapter 9: Security

Question 1

Snowflake supports which of the following security features? (Select all that apply.)

AES 256 encryption of data at rest
MD5 encryption of data at rest
Tri-Secret Secure encryption
Key rotation

Answer 1

AES 256 encryption of data at rest
Tri-Secret Secure encryption
Key rotation

Question 2

What is the minimum Snowflake edition that supports Tri-Secret Secure encryption?
Standard
Enterprise
Business Critical
Virtual Private Snowflake

Answer 2

Business Critical

Question 3

Which of the following statements are true regarding Snowflake’s multifactor authentication (MFA)? (Select all that apply.)

MFA is provided only in the Business Critical and above editions.
MFA is only supported by the Snowflake web interface and SnowSQL.
MFA is enabled for all users by default; however, users need to enroll themselves into MFA manually.
An administrator can disable MFA for a user.

Answer 3

MFA is enabled for all users by default; however, users need to enroll themselves into MFA manually.
An administrator can disable MFA for a user.

Question 4

Snowflake supports which of the following authentication mechanisms? (Select all that apply.)

Key pair authentication
Multifactor authentication
SAML 2.0 federated authentication
Google Authentication

Answer 4

Key pair authentication
Multifactor authentication
SAML 2.0 federated authentication

Question 5

Which of the following is true regarding key pair authentication in Snowflake? (Select all that apply.)

A user can be assigned up to two public keys.
Key pair authentication requires providing your Snowflake username and password when prompted.
The keys can be rotated if desired.
Key pair authentication is available only for the VPS edition.

Answer 5

A user can be assigned up to two public keys.
The keys can be rotated if desired.

Question 6

Which of the following statements are true regarding federated authentication in Snowflake? (Select all that apply.)

Snowflake supports most SAML 2.0 identity providers.
Once authenticated by an external identity provider, a user does not need to provide a Snowflake username.
Users need to provide a Snowflake username and password after being authenticated by an external identity provider.
Snowflake has native support for Okta and ADFS.

Answer 6

Snowflake supports most SAML 2.0 identity providers.
Snowflake has native support for Okta and ADFS.

Question 7

Which of the following is supported by Snowflake for autoprovisioning of users and groups?

MFA
SCIM
FedRAMP
ITAR

Answer 7

SCIM

Question 8

Which of the following are built-in roles provided by Snowflake? (Select all that apply.)

SECURITYADMIN
ACCOUNTADMIN
PUBLIC
USERADMIN
LOADADMIN

Answer 8

SECURITYADMIN
ACCOUNTADMIN
PUBLIC
USERADMIN

Question 9

Which of the following access control methods are supported by Snowflake? (Select all that apply.)

Attribute-based access control (ABAC)
Role-based access control (RBAC)
Discretionary access control (DAC)
Redundant access control (RAC)

Answer 9

Role-based access control (RBAC)
Discretionary access control (DAC)

Question 10

Which of the following statements are true regarding access control in Snowflake? (Select all that apply.)

Securable objects are objects or entities to which privileges can be granted.
Roles cannot be granted to other roles.
Privileges are granted through the GRANT statement and taken away using the REVOKE statement.
Roles can be granted to other users or other roles.

Answer 10

Securable objects are objects or entities to which privileges can be granted.
Privileges are granted through the GRANT statement and taken away using the REVOKE statement.
Roles can be granted to other users or other roles.

Question 11

Which of the following are methods to implement column-level security in Snowflake? (Select two.)

User policies
Dynamic data masking
Row-level policies
External tokenization

Question 12

If an IP address is in both the block list and the allowed list in a network policy, what is Snowflake’s behavior when enforcing the network policy?

The network policy is invalid as both the allowed and blocked lists cannot be populated.
Snowflake applies the blocked list first, ensuring that the IP address is blocked from connecting, even if it is also defined in the allow list.
Snowflake applies the allowed list first, ensuring the IP address is allowed to connect, even if it is defined in the block list too.
The IP address is ignored.

Answer 12

Snowflake applies the blocked list first, ensuring that the IP address is blocked from connecting, even if it is also defined in the allow list.

Question 13

What minimum Snowflake version is required for private connectivity to Snowflake?

Standard
Enterprise
Business Critical
Virtual Private Snowflake

Answer 13

Virtual Private Snowflake

Question 14

True or False: Snowflake encrypts all communication automatically using TLS 1.2, including communication for the Snowflake web UI, SnowSQL, and all the connectors and drivers.

True
False

Answer 14

True

Question 15

Snowflake supports which of the following standards?

FedRAMP
BASEL II
IRAP – Protected
HIPAA
PCI DSS

Answer 15

FedRAMP
IRAP – Protected
HIPAA
PCI DSS