ExamGecko
Search Search Login
Home Home / Snowflake / ARA-C01
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is a valid object hierarchy when building a Snowflake environment?
A company has an inbound share set up with eight tables and five secure views. The company plans to make the share part of its production data pipelines. Which actions can the company take with the inbound share? (Choose two.)
What is a characteristic of event notifications in Snowpipe?
The following DDL command was used to create a task based on a stream: Assuming MY_WH is set to auto_suspend -- 60 and used exclusively for this task, which statement is true?
A Snowflake Architect is designing a multi-tenant application strategy for an organization in the Snowflake Data Cloud and is considering using an Account Per Tenant strategy. Which requirements will be addressed with this approach? (Choose two.)
What transformations are supported in the below SQL statement? (Select THREE). CREATE PIPE ... AS COPY ... FROM (...)
A Snowflake Architect is setting up database replication to support a disaster recovery plan. The primary database has external tables. How should the database be replicated?
How can the Snowpipe REST API be used to keep a log of data load history?
At which object type level can the APPLY MASKING POLICY, APPLY ROW ACCESS POLICY and APPLY SESSION POLICY privileges be granted?
A company has a table with that has corrupted data, named Dat a. The company wants to recover the data as it was 5 minutes ago using cloning and Time Travel. What command will accomplish this?

Question 42 - ARA-C01 discussion

Report
Export

A company is using a Snowflake account in Azure. The account has SAML SSO set up using ADFS as a SCIM identity provider. To validate Private Link connectivity, an Architect performed the following steps:

* Confirmed Private Link URLs are working by logging in with a username/password account

* Verified DNS resolution by running nslookups against Private Link URLs

* Validated connectivity using SnowCD

* Disabled public access using a network policy set to use the company's IP address range

However, the following error message is received when using SSO to log into the company account:

IP XX.XXX.XX.XX is not allowed to access snowflake. Contact your local security administrator.

What steps should the Architect take to resolve this error and ensure that the account is accessed using only Private Link? (Choose two.)

A.
Alter the Azure security integration to use the Private Link URLs.
Answers
A.
Alter the Azure security integration to use the Private Link URLs.
B.
Add the IP address in the error message to the allowed list in the network policy.
Answers
B.
Add the IP address in the error message to the allowed list in the network policy.
C.
Generate a new SCIM access token using system$generate_scim_access_token and save it to Azure AD.
Answers
C.
Generate a new SCIM access token using system$generate_scim_access_token and save it to Azure AD.
D.
Update the configuration of the Azure AD SSO to use the Private Link URLs.
Answers
D.
Update the configuration of the Azure AD SSO to use the Private Link URLs.
E.
Open a case with Snowflake Support to authorize the Private Link URLs' access to the account.
Answers
E.
Open a case with Snowflake Support to authorize the Private Link URLs' access to the account.
Suggested answer: B, D

Explanation:

The error message indicates that the IP address in the error message is not allowed to access Snowflake because it is not in the allowed list of the network policy. The network policy is a feature that allows restricting access to Snowflake based on IP addresses or ranges. To resolve this error, the Architect should take the following steps:

Add the IP address in the error message to the allowed list in the network policy. This will allow the IP address to access Snowflake using the Private Link URLs. Alternatively, the Architect can disable the network policy if it is not required for security reasons.

Update the configuration of the Azure AD SSO to use the Private Link URLs. This will ensure that the SSO authentication process uses the Private Link URLs instead of the public URLs.The configuration can be updated by following the steps in the Azure documentation1.

These two steps should resolve the error and ensure that the account is accessed using only Private Link. The other options are not necessary or relevant for this scenario. Altering the Azure security integration to use the Private Link URLs is not required because the security integration is used for SCIM provisioning, not for SSO authentication. Generating a new SCIM access token using system$generate_scim_access_token and saving it to Azure AD is not required because the SCIM access token is used for SCIM provisioning, not for SSO authentication.Opening a case with Snowflake Support to authorize the Private Link URLs' access to the account is not required because the authorization can be done by the account administrator using the SYSTEM$AUTHORIZE_PRIVATELINK function2.

Show Answer
asked 23/09/2024
Mário Afonso
23 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms