Snowflake ADA-C01 Exam Practice Test Instant Access

Question 1

What is required for stages, without credentials, to limit data exfiltration after a storage integration and associated stages are created?

AALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = true;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = false;

BALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = true;

CALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = false;

DALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION FOR STAGE_OPERATION = true;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = true;

Answer : D

According to the Snowflake documentation1, stages without credentials are a way to create external stages that use storage integrations to access data files in cloud storage without providing any credentials to Snowflake. Storage integrations are objects that define a trust relationship between Snowflake and a cloud provider, allowing Snowflake to authenticate and authorize access to the cloud storage. To limit data exfiltration after a storage integration and associated stages are created, the following account-level parameters can be set:

* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION: This parameter enforces that all external stages must be created using a storage integration. This prevents users from creating external stages with inline credentials or URLs that point to unauthorized locations.

* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION: This parameter enforces that all operations on external stages, such as PUT, GET, COPY, and LIST, must use a storage integration. This prevents users from performing operations on external stages with inline credentials or URLs that point to unauthorized locations.

* PREVENT_UNLOAD_TO_INLINE_URL: This parameter prevents users from unloading data from Snowflake tables to inline URLs that do not use a storage integration. This prevents users from exporting data to unauthorized locations.

Therefore, the correct answer is option D, which sets all these parameters to true. Option A is incorrect because it sets PREVENT_UNLOAD_TO_INLINE_URL to false, which allows users to unload data to inline URLs that do not use a storage integration. Option B is incorrect because it sets both REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION and REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION to false, which allows users to create and operate on external stages without using a storage integration. Option C is incorrect because it sets all the parameters to false, which does not enforce any restrictions on data exfiltration.

Question 2

Which type of listing in the Snowflake Marketplace can be added and queried immediately?

AMonetized listing

BStandard listing

CRegional listing

DPersonalized listing

Answer : B

According to the Snowflake documentation1, a standard listing is a type of listing that provides free access to the full data product, with no payment required. A standard listing can be added and queried immediately by the consumer, as long as they accept the terms and conditions of the listing. A monetized listing is a type of listing that charges for access to the data product, using the pricing models offered by Snowflake. A monetized listing requires the consumer to provide payment information and agree to the billing terms before accessing the data product. A regional listing is not a type of listing, but a way to specify the regions where the listing is available. A personalized listing is a type of listing that provides limited trial access to the data product, with unlimited access to the full data product available upon request. A personalized listing requires the consumer to request access from the provider and wait for the provider to grant access before accessing the data product. Therefore, the only type of listing that can be added and queried immediately is the standard listing.

Question 3

A Snowflake account is configured with SCIM provisioning for user accounts and has bi-directional synchronization for user identities. An Administrator with access to SECURITYADMIN uses the Snowflake UI to create a user by issuing the following commands:

use role USERADMIN;

create or replace role DEVELOPER_ROLE;

create user PTORRES PASSWORD = 'hello world!' MUST_CHANGE_PASSWORD = FALSE

default_role = DEVELOPER_ROLE;

The new user named PTORRES successfully logs in, but sees a default role of PUBLIC in the web UI. When attempted, the following command fails:

use DEVELOPER_ROLE;

Why does this command fail?

AThe DEVELOPER_ROLE needs to be granted to SYSADMIN before user PTORRES will be able to use the role.

BThe new role can only take effect after USERADMIN has logged out.

CUSERADMIN needs to explicitly grant the DEVELOPER_ROLE to the new USER.

DThe new role will only take effect once the identity provider has synchronized by way of SCIM with the Snowflake account.

Answer : C

According to the Snowflake documentation1, creating a user with a default role does not automatically grant that role to the user. The user must be explicitly granted the role by the role owner or a higher-level role. Therefore, the USERADMIN role, which created the DEVELOPER_ROLE, needs to explicitly grant the DEVELOPER_ROLE to the new user PTORRES using the GRANT ROLE command. Otherwise, the user PTORRES will not be able to use the DEVELOPER_ROLE and will see the default role of PUBLIC in the web UI. Option A is incorrect because the DEVELOPER_ROLE does not need to be granted to SYSADMIN before user PTORRES can use the role. Option B is incorrect because the new role can take effect immediately after it is created and granted to the user, and does not depend on the USERADMIN role logging out. Option D is incorrect because the new role will not be affected by the identity provider synchronization, as it is created and managed in Snowflake.

Question 4

What are benefits of using Snowflake organizations? (Select TWO).

AAdministrators can change Snowflake account editions on-demand based on need.

BAdministrators can monitor and understand usage across all accounts in the organization.

CAdministrators can simplify data movement across all accounts within the organization.

DUser administration is simplified across all accounts within the organization.

EAdministrators have the ability to create accounts in any available cloud provider or region.

Answer : B, E

According to the Snowflake documentation1, organizations are a feature that allows linking the accounts owned by a business entity, simplifying account management and billing, replication and failover, data sharing, and other account administration tasks. Some of the benefits of using organizations are:

* Administrators can monitor and understand usage across all accounts in the organization using the ORGANIZATION_USAGE schema, which provides historical usage data for all accounts in the organization via views in a shared database named SNOWFLAKE2. This can help to optimize costs and performance across the organization.

* Administrators have the ability to create accounts in any available cloud provider or region using the CREATE ACCOUNT command, which allows specifying the cloud platform and region for the new account3. This can help to meet the business needs and compliance requirements of the organization.

Option A is incorrect because administrators cannot change Snowflake account editions on-demand based on need, but rather have to contact Snowflake Support to request an edition change4. Option C is incorrect because administrators cannot simplify data movement across all accounts within the organization, but rather have to enable account database replication for both the source and target accounts, and use the ALTER DATABASE ... ENABLE REPLICATION TO ACCOUNTS command to promote a local database to serve as the primary database and enable replication to the target accounts5. Option D is incorrect because user administration is not simplified across all accounts within the organization, but rather requires creating and managing users, roles, and privileges for each account separately, unless using a federated authentication method such as SSO or SCIM.

Question 5

A large international company with many operating regions requires data to be shared bi-directionally among all offices (head office to regional offices and regional offices among themselves). This company is a Snowflake account holder with European operations deployed in Microsoft Azure (single region) while North American regional offices are using AWS (single region) as their deployment cloud. This setup is required to comply with Personal Identifiable Information (PII) regulations in some of the European countries. The corporate head office is in Europe.

How can this data be shared bi-directionally, while MINIMIZING costs?

AUse data replication everywhere to reduce costs associated with same-region sharing.

BUse the PUT command to move files to an Amazon S3 bucket and Azure Blobs, and use an external file management application to move files within the corporate VPC.

CMove all the Snowflake accounts to a single region, and implement data sharing.

DUse bi-directional data sharing among offices in the same region and replication among offices across the continents.

Answer : D

According to the Snowflake documentation1, data sharing is a feature that allows sharing selected objects in a database in one account with other accounts in the same organization, without copying or transferring any data. Data sharing is supported across regions and across cloud platforms, but it requires enabling account database replication for both the source and target accounts2. Data replication is a feature that allows replicating objects from a source account to one or more target accounts in the same organization, providing read-only access for the replicated objects. Data replication is also supported across regions and across cloud platforms, but it incurs additional storage costs for the replicated data2. Therefore, the best way to share data bi-directionally among all offices, while minimizing costs, is to use data sharing among offices in the same region, which does not require replication or additional storage, and use replication among offices across the continents, which provides near real-time access to the shared data. Option A is incorrect because using data replication everywhere would increase the costs associated with additional storage and compute resources for the replicated data. Option B is incorrect because using the PUT command to move files to an Amazon S3 bucket and Azure Blobs, and using an external file management application to move files within the corporate VPC, would not leverage the benefits of Snowflake's data sharing and replication features, and would also incur additional costs and complexity for data transfer and synchronization. Option C is incorrect because moving all the Snowflake accounts to a single region would violate the PII regulations in some of the European countries, and would also incur additional costs and complexity for data migration and consolidation.

Question 6

The following commands were executed:

Grant usage on database PROD to role PROD_ANALYST;

Grant usage on database PROD to role PROD_SUPERVISOR;

Grant ALL PRIVILEGES on schema PROD. WORKING to role PROD_ANALYST;

Grant ALL PRIVILEGES on schema PROD. WORKING to role PROD_SUPERVISOR;

Grant role PROD ANALYST to user A;

Grant role PROD SUPERVISOR to user B;

What authority does each user have on the WORKING schema?

AOnly user B can create tables, because all privileges were transferred to PROD_SUPERVISOR.

BTables created by either user A or user B will be visible to both users.

CAll existing tables in schema PROD. WORKING will be visible to both users.

DBoth user A and user B can create tables in the PROD. WORKING schema.

Answer : D

Question 7

A requirement has been identified to allow members of a corporate Data Product team to bring in data sets from the Snowflake Marketplace. The members of this team use

the role DP_TEAM.

What grant statements must the ACCOUNTADMIN execute in order for the DP TEAM role to import and work with data from the Marketplace?

Agrant marketplace in account to role dp_team;
grant create database from share to role dp_team;

Bgrant usage on snowflake_marketplace to role dp_team;
grant create database on account to role dp_team;

Cgrant imported privileges on account to role dp_team;
grant create database on account to role dp_team;

Dgrant import share on account to role dp_team;
grant create database on account to role dp_team;

Answer : D

Option D is the correct answer because it follows the steps described in the Snowflake documentation for importing data from the Snowflake Marketplace. The ACCOUNTADMIN role needs to grant the IMPORT SHARE privilege on the account to the DP_TEAM role, which allows the role to import data from any provider in the marketplace. The ACCOUNTADMIN role also needs to grant the CREATE DATABASE privilege on the account to the DP_TEAM role, which allows the role to create a database from a share. Option A is incorrect because there is no MARKETPLACE privilege in Snowflake. Option B is incorrect because the USAGE privilege on SNOWFLAKE_MARKETPLACE is not sufficient to import data from the marketplace. Option C is incorrect because there is no IMPORTED PRIVILEGES privilege in Snowflake.

Snowflake ADA-C01 SnowPro Advanced: Administrator Certification Exam Practice Test