ExamGecko
Search Search Login
Home Home / Snowflake / ARA-C01
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

What is a valid object hierarchy when building a Snowflake environment?
A Snowflake Architect is designing a multi-tenant application strategy for an organization in the Snowflake Data Cloud and is considering using an Account Per Tenant strategy. Which requirements will be addressed with this approach? (Choose two.)
A company has an inbound share set up with eight tables and five secure views. The company plans to make the share part of its production data pipelines. Which actions can the company take with the inbound share? (Choose two.)
What is a characteristic of event notifications in Snowpipe?
The following DDL command was used to create a task based on a stream: Assuming MY_WH is set to auto_suspend -- 60 and used exclusively for this task, which statement is true?
What transformations are supported in the below SQL statement? (Select THREE). CREATE PIPE ... AS COPY ... FROM (...)
A Snowflake Architect is setting up database replication to support a disaster recovery plan. The primary database has external tables. How should the database be replicated?
How can the Snowpipe REST API be used to keep a log of data load history?
The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization's system. What is the BEST way to find recent and ongoing login attempts to Snowflake?
At which object type level can the APPLY MASKING POLICY, APPLY ROW ACCESS POLICY and APPLY SESSION POLICY privileges be granted?

Question 84 - ARA-C01 discussion

Report
Export

An Architect entered the following commands in sequence:

USER1 cannot find the table.

Which of the following commands does the Architect need to run for USER1 to find the tables using the Principle of Least Privilege? (Choose two.)

A.
GRANT ROLE PUBLIC TO ROLE INTERN;
Answers
A.
GRANT ROLE PUBLIC TO ROLE INTERN;
B.
GRANT USAGE ON DATABASE SANDBOX TO ROLE INTERN;
Answers
B.
GRANT USAGE ON DATABASE SANDBOX TO ROLE INTERN;
C.
GRANT USAGE ON SCHEMA SANDBOX.PUBLIC TO ROLE INTERN;
Answers
C.
GRANT USAGE ON SCHEMA SANDBOX.PUBLIC TO ROLE INTERN;
D.
GRANT OWNERSHIP ON DATABASE SANDBOX TO USER INTERN;
Answers
D.
GRANT OWNERSHIP ON DATABASE SANDBOX TO USER INTERN;
E.
GRANT ALL PRIVILEGES ON DATABASE SANDBOX TO ROLE INTERN;
Answers
E.
GRANT ALL PRIVILEGES ON DATABASE SANDBOX TO ROLE INTERN;
Suggested answer: B, C

Explanation:

According to the Principle of Least Privilege, the Architect should grant the minimum privileges necessary for the USER1 to find the tables in the SANDBOX database.

The USER1 needs to have USAGE privilege on the SANDBOX database and the SANDBOX.PUBLIC schema to be able to access the tables in the PUBLIC schema. Therefore, the commands B and C are the correct ones to run.

The command A is not correct because the PUBLIC role is automatically granted to every user and role in the account, and it does not have any privileges on the SANDBOX database by default.

The command D is not correct because it would transfer the ownership of the SANDBOX database from the Architect to the USER1, which is not necessary and violates the Principle of Least Privilege.

The command E is not correct because it would grant all the possible privileges on the SANDBOX database to the USER1, which is also not necessary and violates the Principle of Least Privilege.

Show Answer
asked 23/09/2024
Muhanad Mohamed
33 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms