Snowflake ADA-C01 Exam Practice Test Instant Access

Question 1

What session parameter can be used to test the integrity of secure views based on the account that is accessing that view?

AMIMIC_CONSUMER_ACCOUNT

BTEST_ACCOUNT_ID

CPRODUCER_TEST_ACCT

DSIMULATED_DATA_SHARING_CONSUMER

Answer : D

The SIMULATED_DATA_SHARING_CONSUMER session parameter allows a data provider to test the integrity of secure views based on the account that is accessing that view2. By setting this parameter to the name of the consumer account, the data provider can query the secure view and see the results that a user in the consumer account will see2. This helps to ensure that sensitive data in a shared database is not exposed to unauthorized users1. The other options are not valid session parameters in Snowflake3

Question 2

A Snowflake account is configured with SCIM provisioning for user accounts and has bi-directional synchronization for user identities. An Administrator with access to SECURITYADMIN uses the Snowflake UI to create a user by issuing the following commands:

use role USERADMIN;

create or replace role DEVELOPER_ROLE;

create user PTORRES PASSWORD = 'hello world!' MUST_CHANGE_PASSWORD = FALSE

default_role = DEVELOPER_ROLE;

The new user named PTORRES successfully logs in, but sees a default role of PUBLIC in the web UI. When attempted, the following command fails:

use DEVELOPER_ROLE;

Why does this command fail?

AThe DEVELOPER_ROLE needs to be granted to SYSADMIN before user PTORRES will be able to use the role.

BThe new role can only take effect after USERADMIN has logged out.

CUSERADMIN needs to explicitly grant the DEVELOPER_ROLE to the new USER.

DThe new role will only take effect once the identity provider has synchronized by way of SCIM with the Snowflake account.

Answer : C

According to the Snowflake documentation1, creating a user with a default role does not automatically grant that role to the user. The user must be explicitly granted the role by the role owner or a higher-level role. Therefore, the USERADMIN role, which created the DEVELOPER_ROLE, needs to explicitly grant the DEVELOPER_ROLE to the new user PTORRES using the GRANT ROLE command. Otherwise, the user PTORRES will not be able to use the DEVELOPER_ROLE and will see the default role of PUBLIC in the web UI. Option A is incorrect because the DEVELOPER_ROLE does not need to be granted to SYSADMIN before user PTORRES can use the role. Option B is incorrect because the new role can take effect immediately after it is created and granted to the user, and does not depend on the USERADMIN role logging out. Option D is incorrect because the new role will not be affected by the identity provider synchronization, as it is created and managed in Snowflake.

Question 3

Which tasks can be performed by the ORGADMIN role? (Select THREE).

ACreate one or more accounts in the organization.

BView a list of all regions enabled for the organization.

CCreate secure views on application tables within the organization.

DView usage information for all accounts in the organization.

EPerform zero-copy cloning on account data.

FCreate a reader account to share data with another organization.

Answer : A, B, D

A user with the ORGADMIN role can perform the following tasks1:

* Create one or more accounts in the organization.

* View a list of all regions enabled for the organization.

* View usage information for all accounts in the organization.

Option C is incorrect because creating secure views on application tables is not a function of the ORGADMIN role, but rather a function of the roles that have access to the tables and schemas within the accounts. Option E is incorrect because performing zero-copy cloning on account data is not a function of the ORGADMIN role, but rather a function of the roles that have the CLONE privilege on the objects within the accounts. Option F is incorrect because creating a reader account to share data with another organization is not a function of the ORGADMIN role, but rather a function of the roles that have the CREATE SHARE privilege on the objects within the accounts.

Question 4

What is required for stages, without credentials, to limit data exfiltration after a storage integration and associated stages are created?

AALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = true;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = false;

BALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = true;

CALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = false;

DALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
ALTER ACCOUNT my_account SET
REQUIRE_STORAGE_INTEGRATION FOR STAGE_OPERATION = true;
ALTER ACCOUNT my_account SET
PREVENT_UNLOAD_TO_INLINE_URL = true;

Answer : D

According to the Snowflake documentation1, stages without credentials are a way to create external stages that use storage integrations to access data files in cloud storage without providing any credentials to Snowflake. Storage integrations are objects that define a trust relationship between Snowflake and a cloud provider, allowing Snowflake to authenticate and authorize access to the cloud storage. To limit data exfiltration after a storage integration and associated stages are created, the following account-level parameters can be set:

* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION: This parameter enforces that all external stages must be created using a storage integration. This prevents users from creating external stages with inline credentials or URLs that point to unauthorized locations.

* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION: This parameter enforces that all operations on external stages, such as PUT, GET, COPY, and LIST, must use a storage integration. This prevents users from performing operations on external stages with inline credentials or URLs that point to unauthorized locations.

* PREVENT_UNLOAD_TO_INLINE_URL: This parameter prevents users from unloading data from Snowflake tables to inline URLs that do not use a storage integration. This prevents users from exporting data to unauthorized locations.

Therefore, the correct answer is option D, which sets all these parameters to true. Option A is incorrect because it sets PREVENT_UNLOAD_TO_INLINE_URL to false, which allows users to unload data to inline URLs that do not use a storage integration. Option B is incorrect because it sets both REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION and REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION to false, which allows users to create and operate on external stages without using a storage integration. Option C is incorrect because it sets all the parameters to false, which does not enforce any restrictions on data exfiltration.

Question 5

What are characteristics of data replication in Snowflake? (Select THREE).

AThe ALTER DATABASE ... ENABLE REPLICATION TO ACCOUNTS command must be issued from the primary account.

BUsers must be granted REPLICATIONADMIN privileges in order to enable replication.

CTo start replication run the ALTER DATABASE ... REFRESH command on the account where the secondary database resides.

DReplication can only occur within the same cloud provider.

EDatabases created from shares can be replicated.

FUsers can have unlimited primary databases and they can be replicated to an unlimited number of accounts if all accounts are within the same organization.

Answer : A, E, F

* Option A is correct because the ALTER DATABASE ... ENABLE REPLICATION TO ACCOUNTS command must be issued from the primary account that owns the database to be replicated1.

* Option B is incorrect because users must be granted REPLICATIONGRANTER privileges in order to enable replication1.

* Option C is incorrect because to start replication, the ALTER DATABASE ... REFRESH command must be run on the primary database, not the secondary database1.

* Option D is incorrect because replication can occur across different cloud providers, as well as across regions2.

* Option E is correct because databases created from shares can be replicated, as long as the share is active and the database is not dropped or altered1.

* Option F is correct because users can have unlimited primary databases and they can be replicated to an unlimited number of accounts if all accounts are within the same organization1.

Question 6

An Administrator wants to delegate the administration of a company's data exchange to users who do not have access to the ACCOUNTADMIN role.

How can this requirement be met?

AGrant imported privileges on data exchange EXCHANGE_NAME to ROLE_NAME;

BGrant modify on data exchange EXCHANGE_NAME to ROLE_NAME;

CGrant ownership on data exchange EXCHANGE_NAME to ROLE NAME;

DGrant usage on data exchange EXCHANGE_NAME to ROLE_NAME;

Answer : B

According to the [GRANT MODIFY] documentation, the MODIFY privilege on a data exchange allows a role to perform administrative tasks on the data exchange, such as inviting members, approving profiles, and reviewing listings. This privilege can be granted by the ACCOUNTADMIN role or a role that already has the MODIFY privilege on the data exchange. Therefore, to delegate the administration of a company's data exchange to users who do not have access to the ACCOUNTADMIN role, the best option is to grant the MODIFY privilege on the data exchange to a role that the users can assume. The other options are incorrect because:

* A. There is no such privilege as IMPORTED PRIVILEGES in Snowflake. The correct privilege name is IMPORT SHARE, which allows a role to create a database from a share. This privilege is not related to the administration of a data exchange, but to the consumption of shared data.

* C. There is no such privilege as OWNERSHIP in Snowflake. The correct privilege name is OWNED BY, which indicates the role that owns an object and has full control over it. However, this privilege cannot be granted or revoked, but only transferred by the current owner to another role using the GRANT OWNERSHIP command. Therefore, this option is not feasible for delegating the administration of a data exchange.

* D. The USAGE privilege on a data exchange allows a role to access the data exchange and view the available data listings. This privilege does not allow a role to perform administrative tasks on the data exchange, such as inviting members, approving profiles, and reviewing listings. Therefore, this option is not sufficient for delegating the administration of a data exchange.

Question 7

An organization's sales team leverages this Snowflake query a few times a day:

SELECT CUSTOMER ID, CUSTOMER_NAME, ADDRESS, PHONE NO

FROM CUSTOMERS

WHERE LAST UPDATED BETWEEN TO_DATE (CURRENT_TIMESTAMP) AND (TO_DATE (CURRENT_TIMESTAMP) -7);

What can the Snowflake Administrator do to optimize the use of persisted query results whenever possible?

AWrap the query in a User-Defined Function (UDF) to match syntax execution.

BAssign everyone on the sales team to the same virtual warehouse.

CAssign everyone on the sales team to the same security role.

DLeverage the CURRENT_DATE function for date calculations.

Answer : D

According to the web search results from my predefined tool search_web, one of the factors that affects the reuse of persisted query results is the exact match of the query syntax1. If the query contains functions that return different values for successive runs, such as CURRENT_TIMESTAMP, then the query will not match the previous query and will not benefit from the cache. To avoid this, the query should use functions that return consistent values for the same day, such as CURRENT_DATE, which returns the current date without the time component2. Option A is incorrect because wrapping the query in a UDF does not guarantee the syntax match, as the UDF may also contain dynamic functions. Option B is incorrect because the virtual warehouse does not affect the persisted query results, which are stored at the account level1. Option C is incorrect because the security role does not affect the persisted query results, as long as the role has the necessary privileges to access the tables and views used in the query1.

1: Using Persisted Query Results | Snowflake Documentation 2: Date and Time Functions | Snowflake Documentation

Snowflake ADA-C01 SnowPro Advanced: Administrator Certification Exam Practice Test