New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Snowflake ADA-C01 Exam - Topic 4 Question 8 Discussion

Actual exam question for Snowflake's ADA-C01 exam
Question #: 8
Topic #: 4
[All ADA-C01 Questions]

What roles can be used to create network policies within Snowflake accounts? (Select THREE).

Show Suggested Answer Hide Answer
Suggested Answer: D

According to the Snowflake documentation1, stages without credentials are a way to create external stages that use storage integrations to access data files in cloud storage without providing any credentials to Snowflake. Storage integrations are objects that define a trust relationship between Snowflake and a cloud provider, allowing Snowflake to authenticate and authorize access to the cloud storage. To limit data exfiltration after a storage integration and associated stages are created, the following account-level parameters can be set:

* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION: This parameter enforces that all external stages must be created using a storage integration. This prevents users from creating external stages with inline credentials or URLs that point to unauthorized locations.

* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION: This parameter enforces that all operations on external stages, such as PUT, GET, COPY, and LIST, must use a storage integration. This prevents users from performing operations on external stages with inline credentials or URLs that point to unauthorized locations.

* PREVENT_UNLOAD_TO_INLINE_URL: This parameter prevents users from unloading data from Snowflake tables to inline URLs that do not use a storage integration. This prevents users from exporting data to unauthorized locations.

Therefore, the correct answer is option D, which sets all these parameters to true. Option A is incorrect because it sets PREVENT_UNLOAD_TO_INLINE_URL to false, which allows users to unload data to inline URLs that do not use a storage integration. Option B is incorrect because it sets both REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION and REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION to false, which allows users to create and operate on external stages without using a storage integration. Option C is incorrect because it sets all the parameters to false, which does not enforce any restrictions on data exfiltration.


by Bok at Mar 04, 2024, 08:17 AM

Limited Time Offer

25%

Off

Get Premium ADA-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carmen
3 months ago
I thought ORGADMIN was also included, but I guess not!
upvoted 0 times
...
Maybelle
3 months ago
Yup, those three are definitely the main ones.
upvoted 0 times
...
Thaddeus
3 months ago
Wait, can any role with CREATE NETWORK POLICY do it? Sounds too broad.
upvoted 0 times
...
Jennifer
4 months ago
Totally agree, those are the key roles!
upvoted 0 times
...
Val
4 months ago
SYSADMIN, SECURITYADMIN, and ACCOUNTADMIN can create network policies.
upvoted 0 times
...
Carla
4 months ago
I’m leaning towards ACCOUNTADMIN, SYSADMIN, and maybe the global permission role, but I’m not entirely confident about the last one.
upvoted 0 times
...
Jerry
4 months ago
I feel like any role with the global permission to create network policies could be correct, but I can't recall if it was specifically mentioned in our study materials.
upvoted 0 times
...
Darrel
4 months ago
I remember practicing a question like this, and I think SECURITYADMIN was one of the options too.
upvoted 0 times
...
Freeman
5 months ago
I think SYSADMIN and ACCOUNTADMIN are definitely among the roles, but I'm not sure about the third one.
upvoted 0 times
...
Almeta
5 months ago
Oof, network policies in Snowflake - that's a topic I'm a bit fuzzy on. Let me re-read the question and options carefully to see if I can piece together the right answer.
upvoted 0 times
...
Brock
5 months ago
Ah, this is a good one. I remember learning about network policy management in Snowflake. I'm pretty confident I can nail this question by recalling the relevant roles.
upvoted 0 times
...
Ben
5 months ago
Hmm, I'm a bit unsure about this one. I know SYSADMIN and SECURITYADMIN have broad permissions, but I'm not sure if they specifically cover creating network policies. I'll have to think this through.
upvoted 0 times
...
Owen
5 months ago
This looks like a straightforward question about Snowflake roles and network policies. I'll need to carefully review the options and think through which roles can create network policies.
upvoted 0 times
...
Shawnda
5 months ago
Okay, I think I've got this. The key is to identify the roles that have the necessary permissions to create network policies. I'll carefully consider each option and select the three that fit the bill.
upvoted 0 times
...
Michell
5 months ago
I'm a bit confused on this one. The options seem to cover a range of different tools, and I'm not sure which one specifically handles the CCT configuration verification. I'll need to review my notes to see if I can narrow it down.
upvoted 0 times
...
An
5 months ago
The key here is that Sam didn't verify the threat intelligence sources, even though the data was cheap. That's a classic mistake that can lead to unreliable information and put the organization at risk. I'd go with A as the answer.
upvoted 0 times
...
Janine
5 months ago
Hmm, I'm not totally sure about this one. I'll have to think it through carefully. Maybe I should review my notes on external inputs and internal logical files.
upvoted 0 times
...
Mitzie
9 months ago
I bet the exam writers were just trying to trip us up with that 'Any role that owns the database' option. Nice try, but I'm sticking with the classics!
upvoted 0 times
Buddy
8 months ago
C) ACCOUNTADMIN
upvoted 0 times
...
Shalon
8 months ago
B) SECURITYADMIN
upvoted 0 times
...
Sherita
9 months ago
A) SYSADMIN
upvoted 0 times
...
...
Laine
9 months ago
I'm going with A, B, and E. The exam question says 'SELECT THREE', so E has to be one of the answers.
upvoted 0 times
...
Linn
10 months ago
Haha, the answer has to be E. Any role with the global permission of CREATE NETWORK POLICY? That's just too easy!
upvoted 0 times
Chauncey
9 months ago
User 3: Yeah, I agree with Chauncey. E) is the correct answer.
upvoted 0 times
...
Henriette
9 months ago
User 2: No, I believe it's E) Any role with the global permission of CREATE NETWORK POLICY.
upvoted 0 times
...
Felix
9 months ago
User 1: I think the answer is A) SYSADMIN.
upvoted 0 times
...
...
Alyce
10 months ago
Wait, what? I thought ORGADMIN could also create network policies. This exam is tricky!
upvoted 0 times
Jestine
8 months ago
C) ACCOUNTADMIN
upvoted 0 times
...
Regenia
9 months ago
B) SECURITYADMIN
upvoted 0 times
...
Jill
9 months ago
A) SYSADMIN
upvoted 0 times
...
...
Brigette
10 months ago
I think A, B, and C are the correct answers. SYSADMIN, SECURITYADMIN, and ACCOUNTADMIN all have the necessary permissions to create network policies.
upvoted 0 times
Caprice
10 months ago
Yes, SYSADMIN, SECURITYADMIN, and ACCOUNTADMIN are the roles that can be used to create network policies.
upvoted 0 times
...
Odette
10 months ago
I agree, A, B, and C are the correct roles for creating network policies.
upvoted 0 times
...
...
Quentin
10 months ago
I'm not sure about D, E, and F. I think they are not the roles that can create network policies.
upvoted 0 times
...
Zana
11 months ago
I agree with Erick. SYSADMIN, SECURITYADMIN, and ACCOUNTADMIN are the roles that can create network policies.
upvoted 0 times
...
Erick
11 months ago
I think A, B, and C can be used to create network policies.
upvoted 0 times
...

Save Cancel