ExamGecko
Search Search Login
Home Home / Snowflake / ARA-C01
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is a valid object hierarchy when building a Snowflake environment?
A Snowflake Architect is designing a multi-tenant application strategy for an organization in the Snowflake Data Cloud and is considering using an Account Per Tenant strategy. Which requirements will be addressed with this approach? (Choose two.)
A company has an inbound share set up with eight tables and five secure views. The company plans to make the share part of its production data pipelines. Which actions can the company take with the inbound share? (Choose two.)
What is a characteristic of event notifications in Snowpipe?
The following DDL command was used to create a task based on a stream: Assuming MY_WH is set to auto_suspend -- 60 and used exclusively for this task, which statement is true?
What transformations are supported in the below SQL statement? (Select THREE). CREATE PIPE ... AS COPY ... FROM (...)
A Snowflake Architect is setting up database replication to support a disaster recovery plan. The primary database has external tables. How should the database be replicated?
How can the Snowpipe REST API be used to keep a log of data load history?
The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization's system. What is the BEST way to find recent and ongoing login attempts to Snowflake?
At which object type level can the APPLY MASKING POLICY, APPLY ROW ACCESS POLICY and APPLY SESSION POLICY privileges be granted?

Question 81 - ARA-C01 discussion

Report
Export

A healthcare company is deploying a Snowflake account that may include Personal Health Information (PHI). The company must ensure compliance with all relevant privacy standards.

Which best practice recommendations will meet data protection and compliance requirements? (Choose three.)

A.
Use, at minimum, the Business Critical edition of Snowflake.
Answers
A.
Use, at minimum, the Business Critical edition of Snowflake.
B.
Create Dynamic Data Masking policies and apply them to columns that contain PHI.
Answers
B.
Create Dynamic Data Masking policies and apply them to columns that contain PHI.
C.
Use the Internal Tokenization feature to obfuscate sensitive data.
Answers
C.
Use the Internal Tokenization feature to obfuscate sensitive data.
D.
Use the External Tokenization feature to obfuscate sensitive data.
Answers
D.
Use the External Tokenization feature to obfuscate sensitive data.
E.
Rewrite SQL queries to eliminate projections of PHI data based on current_role().
Answers
E.
Rewrite SQL queries to eliminate projections of PHI data based on current_role().
F.
Avoid sharing data with partner organizations.
Answers
F.
Avoid sharing data with partner organizations.
Suggested answer: A, B, D

Explanation:

A healthcare company that handles PHI data must ensure compliance with relevant privacy standards, such as HIPAA, HITRUST, and GDPR.Snowflake provides several features and best practices to help customers meet their data protection and compliance requirements1.

One best practice recommendation is to use, at minimum, the Business Critical edition of Snowflake.This edition provides the highest level of data protection and security, including end-to-end encryption with customer-managed keys, enhanced object-level security, and HIPAA and HITRUST compliance2. Therefore, option A is correct.

Another best practice recommendation is to create Dynamic Data Masking policies and apply them to columns that contain PHI. Dynamic Data Masking is a feature that allows masking or redacting sensitive data based on the current user's role.This way, only authorized users can view the unmasked data, while others will see masked values, such as NULL, asterisks, or random characters3. Therefore, option B is correct.

A third best practice recommendation is to use the External Tokenization feature to obfuscate sensitive data. External Tokenization is a feature that allows replacing sensitive data with tokens that are generated and stored by an external service, such as Protegrity.This way, the original data is never stored or processed by Snowflake, and only authorized users can access the tokenized data through the external service4. Therefore, option D is correct.

Option C is incorrect, because the Internal Tokenization feature is not available in Snowflake.Snowflake does not provide any native tokenization functionality, but only supports integration with external tokenization services4.

Option E is incorrect, because rewriting SQL queries to eliminate projections of PHI data based on current_role() is not a best practice. This approach is error-prone, inefficient, and hard to maintain.A better alternative is to use Dynamic Data Masking policies, which can automatically mask data based on the user's role without modifying the queries3.

Option F is incorrect, because avoiding sharing data with partner organizations is not a best practice. Snowflake enables secure and governed data sharing with internal and external consumers, such as business units, customers, or partners. Data sharing does not involve copying or moving data, but only granting access privileges to the shared objects.Data sharing can also leverage Dynamic Data Masking and External Tokenization features to protect sensitive data5.

Show Answer
asked 23/09/2024
Jenny Maliwanag
48 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms