• Home
  • Blogs
  • Get Ready to Pass the ADA-C01 exam Right Now Using Our SnowPro Advanced: Administrator Exam Package [Q24-Q39]

Get Ready to Pass the ADA-C01 exam Right Now Using Our SnowPro Advanced: Administrator Exam Package [Q24-Q39]

Share

Get Ready to Pass the ADA-C01 exam Right Now Using Our SnowPro Advanced: Administrator Exam Package

Enhance Your Career With Available Preparation Guide for ADA-C01 Exam

NEW QUESTION # 24
A large international company with many operating regions requires data to be shared bi-directionally among all offices (head office to regional offices and regional offices among themselves). This company is a Snowflake account holder with European operations deployed in Microsoft Azure (single region) while North American regional offices are using AWS (single region) as their deployment cloud. This setup is required to comply with Personal Identifiable Information (PII) regulations in some of the European countries. The corporate head office is in Europe.
How can this data be shared bi-directionally, while MINIMIZING costs?

  • A. Move all the Snowflake accounts to a single region, and implement data sharing.
  • B. Use the PUT command to move files to an Amazon S3 bucket and Azure Blobs, and use an external file management application to move files within the corporate VPC.
  • C. Use bi-directional data sharing among offices in the same region and replication among offices across the continents.
  • D. Use data replication everywhere to reduce costs associated with same-region sharing.

Answer: C

Explanation:
Explanation
According to the Snowflake documentation1, data sharing is a feature that allows sharing selected objects in a database in one account with other accounts in the same organization, without copying or transferring any data. Data sharing is supported across regions and across cloud platforms, but it requires enabling account database replication for both the source and target accounts2. Data replication is a feature that allows replicating objects from a source account to one or more target accounts in the same organization, providing read-only access for the replicated objects. Data replication is also supported across regions and across cloud platforms, but it incurs additional storage costs for the replicated data2. Therefore, the best way to share data bi-directionally among all offices, while minimizing costs, is to use data sharing among offices in the same region, which does not require replication or additional storage, and use replication among offices across the continents, which provides near real-time access to the shared data. Option A is incorrect because using data replication everywhere would increase the costs associated with additional storage and compute resources for the replicated data. Option B is incorrect because using the PUT command to move files to an Amazon S3 bucket and Azure Blobs, and using an external file management application to move files within the corporate VPC, would not leverage the benefits of Snowflake's data sharing and replication features, and would also incur additional costs and complexity for data transfer and synchronization. Option C is incorrect because moving all the Snowflake accounts to a single region would violate the PII regulations in some of the European countries, and would also incur additional costs and complexity for data migration and consolidation.


NEW QUESTION # 25
A company's Snowflake account has multiple roles. Each role should have access only to data that resides in the given role's specific region.
When creating a row access policy, which code snippet below will provide privileges to the role ALL_ACCESS_ROLE to see all rows regardless of region, while the other roles can only see rows for their own regions?

  • A. create or replace row access policy region policy as (region_value varchar) returns boolean -> exists ( select 1 from entitlement_table where role = current_role () and region = region_value )
  • B. create or replace row access policy region policy as (region_value varchar) returns boolean ->
    'ALL ACCESS_ROLE' = current_role ()
    and exists (
    select 1 from entitlement_table
    where role = current_role ()
    and region = region_value
    )
  • C. create or replace row access policy region policy as (region_value varchar) returns boolean ->
    'ALL ACCESS ROLE' = current_role ()
    )
  • D. create or replace row access policy region policy as (region_value varchar) returns boolean ->
    'ALL_ACCESS_ROLE' = current_role ()
    or exists (
    select 1 from entitlement_table
    where role = current_role ()
    and region = region_value
    )

Answer: D

Explanation:
This code snippet will create a row access policy that returns true if the current role is ALL_ACCESS_ROLE or if the current role matches the region value in the entitlement_table. This means that the ALL_ACCESS_ROLE can see all rows regardless of region, while the other roles can only see rows for their own regions. According to the Snowflake documentation, the CURRENT_ROLE context function returns the name of the current role for the session. The EXISTS function returns true if the subquery returns any rows. The OR operator returns true if either operand is true. Therefore, this code snippet satisfies the requirements of the question.


NEW QUESTION # 26
MY_TABLE is a table that has not been updated or modified for several days. On 01 January 2021 at 07:01, a user executed a query to update this table. The query ID is
'8e5d0ca9-005e-44e6-b858-a8f5b37c5726'. It is now 07:30 on the same day.
Which queries will allow the user to view the historical data that was in the table before this query was executed? (Select THREE).

  • A. SELECT * FROM my table PRIOR TO STATEMENT '8e5d0ca9-005e-44e6-b858-a8f5b37c5726';
  • B. SELECT * FROM my_table BEFORE (STATEMENT => '8e5d0ca9-005e-44e6-b858-a8f5b37c5726');
  • C. SELECT * FROM my table WITH TIME_TRAVEL (OFFSET => -60*30);
  • D. SELECT * FROM TIME_TRAVEL ('MY_TABLE', 2021-01-01 07:00:00);
  • E. SELECT * FROM my_table AT (TIMESTAMP => '2021-01-01 07:00:00' :: timestamp);
  • F. SELECT * FROM my_table AT (OFFSET => -60*30);

Answer: A,B,E

Explanation:
According to the AT | BEFORE documentation, the AT or BEFORE clause is used for Snowflake Time Travel, which allows you to query historical data from a table based on a specific point in the past. The clause can use one of the following parameters to pinpoint the exact historical data you wish to access:
* TIMESTAMP: Specifies an exact date and time to use for Time Travel.
* OFFSET: Specifies the difference in seconds from the current time to use for Time Travel.
* STATEMENT: Specifies the query ID of a statement to use as the reference point for Time Travel.
Therefore, the queries that will allow the user to view the historical data that was in the table before the query was executed are:
* B. SELECT * FROM my_table AT (TIMESTAMP => '2021-01-01 07:00:00' :: timestamp); This query uses the TIMESTAMP parameter to specify a point in time that is before the query execution time of 07:01.
* D. SELECT * FROM my table PRIOR TO STATEMENT '8e5d0ca9-005e-44e6-b858-a8f5b37c5726'; This query uses the PRIOR TO STATEMENT keyword and the STATEMENT parameter to specify a point in time that is immediately preceding the query execution time of 07:01.
* F. SELECT * FROM my_table BEFORE (STATEMENT => '8e5d0ca9-005e-44e6-b858-a8f5b37c5726'); This query uses the BEFORE keyword and the STATEMENT parameter to specify a point in time that is immediately preceding the query execution time of 07:01.
The other queries are incorrect because:
* A. SELECT * FROM my table WITH TIME_TRAVEL (OFFSET => -60*30); This query uses the OFFSET parameter to specify a point in time that is 30 minutes before the current time, which is 07:30. This is after the query execution time of 07:01, so it will not show the historical data before the query was executed.
* C. SELECT * FROM TIME_TRAVEL ('MY_TABLE', 2021-01-01 07:00:00); This query is not valid syntax for Time Travel. The TIME_TRAVEL function does not exist in Snowflake. The correct syntax is to use the AT or BEFORE clause after the table name in the FROM clause.
* E. SELECT * FROM my_table AT (OFFSET => -60*30); This query uses the AT keyword and the OFFSET parameter to specify a point in time that is 30 minutes before the current time, which is 07:30. This is equal to the query execution time of 07:01, so it will not show the historical data before the query was executed. The AT keyword specifies that the request is inclusive of any changes made by a statement or transaction with timestamp equal to the specified parameter. To exclude the changes made by the query, the BEFORE keyword should be used instead.


NEW QUESTION # 27
A Snowflake Administrator created a role ROLE_MANAGED_ACCESS and a schema SCHEMA_MANAGED_ACCESS as follows:
USE ROLE SECURITYADMIN;
CREATE ROLE ROLE_MANAGED_ACCESS;
GRANT ROLE ROLE_MANAGED_ACCESS TO ROLE SYSADMIN;
GRANT USAGE ON WAREHOUSE COMPUTE_WH TO ROLE ROLE_MANAGED_ACCESS;
GRANT ALL privileges ON DATABASE WORK TO ROLE ROLE_MANAGED_ACCESS;
USE ROLE ROLE_MANAGED_ACCESS;
CREATE SCHEMA SCHEMA_MANAGED_ACCESS WITH MANAGED ACCESS;
USE ROLE SECURITYADMIN;
GRANT SELECT, INSERT ON FUTURE TABLES IN SCHEMA SCHEMA MANAGED ACCESS to ROLE_MANAGED_ACCESS; The Administrator now wants to disable the managed access on the schema.
How can this be accomplished?

  • A. USE ROLE ROLE_MANAGED_ACCESS;
    DROP SCHEMA WORK. SCHEMA MANAGED_ACCESS;
    CREATE SCHEMA SCHEMA_MANAGED_ACCESS WITHOUT MANAGED ACCESS;
    Then recreate all needed objects.
  • B. ALTER SCHEMA SCHEMA MANAGED ACCESS DISABLE MANAGED ACCESS;
  • C. USE ROLE ROLE MANAGED_ACCESS;
    DROP SCHEMA WORK. SCHEMA_MANAGED_ACCESS;
    CREATE SCHEMA SCHEMA_MANAGED_ACCESS;
    Then recreate all needed objects.
  • D. REVOKE SELECT, INSERT ON FUTURE TABLES IN SCHEMA SCHEMA_MANAGED_ACCESS FROM ROLE_MANAGED_ACCESS; ALTER SCHEMA SCHEMA MANAGED ACCESS DISABLE MANAGED ACCESS;

Answer: B

Explanation:
Explanation
According to the Snowflake documentation1, you can change a managed access schema to a regular schema using the ALTER SCHEMA statement with the DISABLE MANAGED ACCESS keywords. This will disable the managed access feature on the schema and revert the access control to the default behavior. Option B is incorrect because dropping and recreating the schema will also delete all the objects and metadata in the schema, which is not necessary to disable the managed access. Option C is incorrect because revoking the privileges on the future tables from the role is not required to disable the managed access. Option D is incorrect because there is no WITHOUT MANAGED ACCESS option in the CREATE SCHEMA statement.


NEW QUESTION # 28
Which Snowflake objects can be managed using SCIM integration? (Select TWO).

  • A. Warehouses
  • B. Stages
  • C. Roles
  • D. Shares
  • E. Users

Answer: C,E

Explanation:
Explanation
A SCIM security integration allows the automated management of user identities and groups (i.e. roles) by creating an interface between Snowflake and a third-party Identity Provider (IdP)1. Snowflake supports SCIM integration with Okta, Azure, and custom SCIM clients2. SCIM integration does not support managing other Snowflake objects, such as stages, warehouses, or shares3. Therefore, the answer is B. Users and D. Roles.


NEW QUESTION # 29
When adding secure views to a share in Snowflake, which function is needed to authorize users from another account to access rows in a base table?

  • A. CURRENT ACCOUNT
  • B. CURRENT_ROLE
  • C. CURRENT_USER
  • D. CURRENT_CLIENT

Answer: C

Explanation:
Explanation
According to the Working with Secure Views documentation, secure views are designed to limit access to sensitive data that should not be exposed to all users of the underlying table(s). When sharing secure views with another account, the view definition must include a function that returns the identity of the user who is querying the view, such as CURRENT_USER, CURRENT_ROLE, or CURRENT_ACCOUNT. These functions can be used to filter the rows in the base table based on the user's identity. For example, a secure view can use the CURRENT_USER function to compare the user name with a column in the base table that contains the authorized user names. Only the rows that match the user name will be returned by the view. The CURRENT_CLIENT function is not suitable for this purpose, because it returns the IP address of the client that is connected to Snowflake, which is not related to the user's identity.


NEW QUESTION # 30
A user has enrolled in Multi-factor Authentication (MFA) for connecting to Snowflake. The user informs the Snowflake Administrator that they lost their mobile phone the previous evening.
Which step should the Administrator take to allow the user to log in to the system, without revoking their MFA enrollment?

  • A. Instruct the user to append the normal URL with /?mode=mfa_bypass&code= to log on.
  • B. Alter the user and set DISABLE_MFA to true, which will suspend the MFA requirement for 24 hours.
  • C. Instruct the user to connect to Snowflake using SnowSQL, which does not support MFA authentication.
  • D. Alter the user and set MINS TO BYPASS MFA to a value that will disable MFA long enough for the user to log in.

Answer: D

Explanation:
Explanation
The MINS_TO_BYPASS_MFA property allows the account administrator to temporarily disable MFA for a user who has lost their phone or changed their phone number1. The user can log in without MFA for the specified number of minutes, and then re-enroll in MFA using their new phone1. This does not revoke their MFA enrollment, unlike the DISABLE_MFA property, which cancels their enrollment and requires them to re-enroll from scratch1. The other options are not valid ways to bypass MFA, as SnowSQL does support MFA authentication2, and there is no such URL parameter as /?mode=mfa_bypass&code= for Snowflake3


NEW QUESTION # 31
The ACCOUNTADMIN of Account 123 works with Snowflake Support to set up a Data Exchange. After the exchange is populated with listings from other Snowflake accounts, what roles in Account 123 are allowed to request and get data?

  • A. Any role with USAGE privilege on the Data Exchange
  • B. Only the ACCOUNTADMIN role, and no other roles
  • C. Any role with IMPORT SHARE and CREATE DATABASE privileges
  • D. Any role that the listing provider has designated as authorized

Answer: A

Explanation:
To request and get data from a Data Exchange, the role in Account 123 must have the USAGE privilege on the Data Exchange object. This privilege allows the role to view the listings and request access to the data. According to the Snowflake documentation, "To view the listings in a data exchange, a role must have the USAGE privilege on the data exchange object. To request access to a listing, a role must have the USAGE privilege on the data exchange object and the IMPORT SHARE privilege on the account." The other options are either incorrect or not sufficient to request and get data from a Data Exchange. Option A is incorrect, as the ACCOUNTADMIN role is not the only role that can request and get data, as long as other roles have the necessary privileges. Option C is incorrect, as the IMPORT SHARE and CREATE DATABASE privileges are not required to request and get data, but only to create a database from a share after the access is granted. Option D is incorrect, as the listing provider does not designate the authorized roles in Account 123, but only approves or denies the requests from Account 123.


NEW QUESTION # 32
For Snowflake network policies, what will occur when the account_level and user_level network policies are both defined?

  • A. The user_level policy will override the account_level policy.
  • B. The user_level network policies will not be supported.
  • C. A network policy error will be generated with no definitions provided.
  • D. The account_level policy will override the user_level policy.

Answer: A

Explanation:
According to the Network Policies documentation, a network policy can be applied to an account, a security integration, or a user. If there are network policies applied to more than one of these, the most specific network policy overrides more general network policies. The following summarizes the order of precedence:
* Account: Network policies applied to an account are the most general network policies. They are overridden by network policies applied to a security integration or user.
* Security Integration: Network policies applied to a security integration override network policies applied to the account, but are overridden by a network policy applied to a user.
* User: Network policies applied to a user are the most specific network policies. They override both accounts and security integrations.
Therefore, if both the account_level and user_level network policies are defined, the user_level policy will take effect and the account_level policy will be ignored. The other options are incorrect because:
* The account_level policy will not override the user_level policy, as explained above.
* The user_level network policies will be supported, as they are part of the network policy feature.
* A network policy error will not be generated, as there is no conflict between the account_level and user_level network policies.


NEW QUESTION # 33
A virtual warehouse report_wh is configured with AUTO_RESUME=TRUE and AUTO_SUSPEND=300. A user has been granted the role accountant.
An application with the accountant role should use this warehouse to run financial reports, and should keep track of compute credits used by the warehouse.
What minimal privileges on the warehouse should be granted to the role to meet the requirements for the application? (Select TWO).

  • A. OPERATE
  • B. USAGE
  • C. MONITOR
  • D. OWNERSHIP
  • E. MODIFY

Answer: B,C

Explanation:
According to the Snowflake documentation1, the MONITOR privilege on a warehouse grants the ability to view the warehouse usage and performance metrics, such as the number of credits consumed, the average and maximum run time, and the number of queries executed. The USAGE privilege on a warehouse grants the ability to use the warehouse to execute queries and load data. Therefore, the minimal privileges on the warehouse that should be granted to the role to meet the requirements for the application are MONITOR and USAGE. Option A is incorrect because the OPERATE privilege on a warehouse grants the ability to start, stop, resume, and suspend the warehouse, which is not required for the application. Option B is incorrect because the MODIFY privilege on a warehouse grants the ability to alter the warehouse properties, such as the size, auto-suspend, and auto-resume settings, which is not required for the application. Option E is incorrect because the OWNERSHIP privilege on a warehouse grants the ability to drop the warehouse, grant or revoke privileges on the warehouse, and transfer the ownership to another role, which is not required for the application.


NEW QUESTION # 34
A Snowflake customer is experiencing higher costs than anticipated while migrating their data warehouse workloads from on-premises to Snowflake. The migration workloads have been deployed on a single warehouse and are characterized by a large number of small INSERTs rather than bulk loading of large extracts. That single warehouse has been configured as a single cluster, 2XL because there are many parallel INSERTs that are scheduled during nightly loads.
How can the Administrator reduce the costs, while minimizing the overall load times, for migrating data warehouse history?

  • A. The INSERTS should be converted to several tables to avoid contention on large tables that slows down query processing.
  • B. The warehouse should be kept as a SMALL or XSMALL and configured as a multi-cluster warehouse to handle the parallel load queries.
  • C. There should be another 2XL warehouse deployed to handle a portion of the load queries.
  • D. The 2XL warehouse should be changed to 4XL to increase the number of threads available for parallel load queries.

Answer: B

Explanation:
According to the Snowflake Warehouse Cost Optimization blog post, one of the strategies to reduce the cost of running a warehouse is to use a multi-cluster warehouse with auto-scaling enabled. This allows the warehouse to automatically adjust the number of clusters based on the concurrency demand and the queue size. A multi-cluster warehouse can also be configured with a minimum and maximum number of clusters, as well as a scaling policy to control the scaling behavior. This way, the warehouse can handle the parallel load queries efficiently without wasting resources or credits. The blog post also suggests using a smaller warehouse size, such as SMALL or XSMALL, for loading data, as it can perform better than a larger warehouse size for small INSERTs. Therefore, the best option to reduce the costs while minimizing the overall load times for migrating data warehouse history is to keep the warehouse as a SMALL or XSMALL and configure it as a multi-cluster warehouse to handle the parallel load queries. The other options are incorrect because:
* A. Deploying another 2XL warehouse to handle a portion of the load queries will not reduce the costs, but increase them. It will also introduce complexity and potential inconsistency in managing the data loading process across multiple warehouses.
* B. Changing the 2XL warehouse to 4XL will not reduce the costs, but increase them. It will also provide more compute resources than needed for small INSERTs, which are not CPU-intensive but I/O-intensive.
* D. Converting the INSERTs to several tables will not reduce the costs, but increase them. It will also create unnecessary data duplication and fragmentation, which will affect the query performance and data quality.


NEW QUESTION # 35
An Administrator needs to create a sample of the table LINEITEM. The sample should not be repeatable and the sampling function should take the data by blocks of rows.
What select command will generate a sample of 20% of the table?

  • A. select * from LINEITEM tablesample system (20) seed (1);
  • B. select * from LINEITEM sample system (20);
  • C. select * from LINEITEM tablesample block (20 rows);
  • D. select * from LINEITEM sample bernoulli (20);

Answer: B

Explanation:
Explanation
This command will generate a sample of 20% of the table by using the SYSTEM (or BLOCK) sampling method, which selects each block of rows with a probability of 20/100. This method is suitable for taking data by blocks of rows, as the question requires. According to the Snowflake documentation, "SYSTEM (or BLOCK): Includes each block of rows with a probability of p/100. Similar to flipping a weighted coin for each block of rows. This method does not support fixed-size sampling." The other options are either incorrect or do not meet the requirements of the question. Option A uses the BERNOULLI (or ROW) sampling method, which selects each row with a probability of 20/100, but does not take data by blocks of rows. Option C uses the BLOCK sampling method, but specifies a fixed number of rows (20) instead of a percentage (20%).
Option D uses the SYSTEM sampling method, but specifies a seed value (1), which makes the sampling repeatable, contrary to the question.


NEW QUESTION # 36
What is a characteristic of Snowflake's transaction locking and concurrency modeling?

  • A. A deadlock cannot occur in Snowflake, since concurrently executed queries and DML statements do not block one another.
  • B. Transaction locking in Snowflake is enforced exclusively at the row and table levels.
  • C. If two queries are concurrently executed against the same table, one of the two queries will be blocked until the other query completes.
  • D. Queries executed within a given transaction see that transaction's uncommitted changes.

Answer: A

Explanation:
According to the Snowflake documentation1, Snowflake uses a multi-version concurrency control (MVCC) model, which means that each transaction operates on a consistent snapshot of the database at a point in time. This allows queries and DML statements to run concurrently without blocking each other, as they do not modify the same data. Therefore, a deadlock, which occurs when concurrent transactions are waiting on resources that are locked by each other, cannot happen in Snowflake. Option B is incorrect because queries and DML statements do not block each other in Snowflake, unless they are explicitly started transactions and multiple statements in each transaction2. Option C is incorrect because transaction locking in Snowflake is enforced at the partition level, not the row or table level3. Option D is incorrect because queries executed within a given transaction do not see that transaction's uncommitted changes, but only the committed changes that occurred before the transaction started1.


NEW QUESTION # 37
Which commands can be performed by a user with the ORGADMIN role but not the ACCOUNTADMIN role? (Select TWO).

  • A. SHOW USERS;
  • B. SELECT SYSTEM$GLOBAL_ACCOUNT_SET_PARAMETER (
    'ACCOUNT LOCATOR',
    'ENABLE ACCOUNT DATABASE_REPLICATION',
    'true'
    );
  • C. GRANT ROLE ORGADMIN TO USER <username>;
  • D. SHOW REGIONS;
  • E. SHOW ORGANIZATION ACCOUNTS;

Answer: B,E

Explanation:
Explanation
According to the Snowflake documentation1, the ORGADMIN role is a special system role that is responsible for managing operations at the organization level, such as creating and viewing accounts, enabling database replication, and setting global account parameters. The ACCOUNTADMIN role is a system role that is responsible for managing operations at the account level, such as creating and managing users, roles, warehouses, databases, and shares. Therefore, the commands that can be performed by the ORGADMIN role but not the ACCOUNTADMIN role are:
*SHOW ORGANIZATION ACCOUNTS: This command lists all the accounts in the organization and their properties, such as region, edition, and status2. The ACCOUNTADMIN role can only show the current account and its properties using the SHOW ACCOUNTS command3.
*SELECT SYSTEM$GLOBAL_ACCOUNT_SET_PARAMETER: This function sets a global account parameter for an account in the organization, such as enabling account database replication4. The ACCOUNTADMIN role can only set local account parameters using the ALTER ACCOUNT command.
Option A is incorrect because the SHOW REGIONS command can be executed by any role, not just the ORGADMIN role. Option B is incorrect because the SHOW USERS command can be executed by the ACCOUNTADMIN role, as well as any role that has been granted the MONITOR privilege on the account.
Option D is incorrect because the GRANT ROLE ORGADMIN TO USER <username> command can be executed by the ACCOUNTADMIN role, as well as any role that has been granted the ORGADMIN role1.


NEW QUESTION # 38
What is required for stages, without credentials, to limit data exfiltration after a storage integration and associated stages are created?

  • A. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = false;
  • B. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = true;
  • C. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = true;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = false;
  • D. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION FOR STAGE_OPERATION = true;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = true;

Answer: D

Explanation:
According to the Snowflake documentation1, stages without credentials are a way to create external stages that use storage integrations to access data files in cloud storage without providing any credentials to Snowflake. Storage integrations are objects that define a trust relationship between Snowflake and a cloud provider, allowing Snowflake to authenticate and authorize access to the cloud storage. To limit data exfiltration after a storage integration and associated stages are created, the following account-level parameters can be set:
* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION: This parameter enforces that all external stages must be created using a storage integration. This prevents users from creating external stages with inline credentials or URLs that point to unauthorized locations.
* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION: This parameter enforces that all operations on external stages, such as PUT, GET, COPY, and LIST, must use a storage integration. This prevents users from performing operations on external stages with inline credentials or URLs that point to unauthorized locations.
* PREVENT_UNLOAD_TO_INLINE_URL: This parameter prevents users from unloading data from Snowflake tables to inline URLs that do not use a storage integration. This prevents users from exporting data to unauthorized locations.
Therefore, the correct answer is option D, which sets all these parameters to true. Option A is incorrect because it sets PREVENT_UNLOAD_TO_INLINE_URL to false, which allows users to unload data to inline URLs that do not use a storage integration. Option B is incorrect because it sets both REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION and REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION to false, which allows users to create and operate on external stages without using a storage integration. Option C is incorrect because it sets all the parameters to false, which does not enforce any restrictions on data exfiltration.


NEW QUESTION # 39
......

Get Special Discount Offer of ADA-C01 Certification Exam Sample Questions and Answers: https://www.pass4leader.com/Snowflake/ADA-C01-exam.html

New ADA-C01 Dumps For Preparing SnowPro Advanced: Administrator Certified Snowflake Exam Well: https://drive.google.com/open?id=10cuUSa1lqP7kQRaneTAh2rYF7ZHQ0rZx

Related Blogs

more
Go To ADA-C01 Questions