Snowflake snowpro advanced architect practice test

An Architect entered the following commands in sequence:

USER1 cannot find the table.
Which of the following commands does the Architect need to run for USER1 to find the tables using the Principle of Least Privilege? (Choose two.)

• A. GRANT ROLE PUBLIC TO ROLE INTERN;
• B. GRANT USAGE ON DATABASE SANDBOX TO ROLE INTERN;
• C. GRANT USAGE ON SCHEMA SANDBOX.PUBLIC TO ROLE INTERN;
• D. GRANT OWNERSHIP ON DATABASE SANDBOX TO USER INTERN;
• E. GRANT ALL PRIVILEGES ON DATABASE SANDBOX TO ROLE INTERN;

Which organization-related tasks can be performed by the ORGADMIN role? (Choose three.)

• A. Changing the name of the organization
• B. Creating an account
• C. Viewing a list of organization accounts
• D. Changing the name of an account
• E. Deleting an account
• F. Enabling the replication of a database

Which statements describe characteristics of the use of materialized views in Snowflake? (Choose two.)

• A. They can include ORDER BY clauses.
• B. They cannot include nested subqueries.
• C. They can include context functions, such as CURRENT_TIME().
• D. They can support MIN and MAX aggregates.
• E. They can support inner joins, but not outer joins.

An Architect has a VPN_ACCESS_LOGS table in the SECURITY_LOGS schema containing timestamps of the connection and disconnection, username of the user, and summary statistics.
What should the Architect do to enable the Snowflake search optimization service on this table?

• A. Assume role with OWNERSHIP on future tables and ADD SEARCH OPTIMIZATION on the SECURITY_LOGS schema.
• B. Assume role with ALL PRIVILEGES including ADD SEARCH OPTIMIZATION in the SECURITY LOGS schema.
• C. Assume role with OWNERSHIP on VPN_ACCESS_LOGS and ADD SEARCH OPTIMIZATION in the SECURITY_LOGS schema.
• D. Assume role with ALL PRIVILEGES on VPN_ACCESS_LOGS and ADD SEARCH OPTIMIZATION in the SECURITY_LOGS schema.

There are two databases in an account, named fin_db and hr_db which contain payroll and employee data, respectively. Accountants and Analysts in the company require different permissions on the objects in these databases to perform their jobs. Accountants need read-write access to fin_db but only require read-only access to hr_db because the database is maintained by human resources personnel.
An Architect needs to create a read-only role for certain employees working in the human resources department.
Which permission sets must be granted to this role?

• A. USAGE on database hr_db, USAGE on all schemas in database hr_db, SELECT on all tables in database hr_db
• B. USAGE on database hr_db, SELECT on all schemas in database hr_db, SELECT on all tables in database hr_db
• C. MODIFY on database hr_db, USAGE on all schemas in database hr_db, USAGE on all tables in database hr_db
• D. USAGE on database hr_db, USAGE on all schemas in database hr_db, REFERENCES on all tables in database hr_db

A company wants to deploy its Snowflake accounts inside its corporate network with no visibility on the internet. The company is using a VPN infrastructure and Virtual Desktop Infrastructure (VDI) for its Snowflake users. The company also wants to re-use the login credentials set up for the VDI to eliminate redundancy when managing logins.
What Snowflake functionality should be used to meet these requirements? (Choose two.)

• A. Set up replication to allow users to connect from outside the company VPN.
• B. Provision a unique company Tri-Secret Secure key.
• C. Use private connectivity from a cloud provider.
• D. Set up SSO for federated authentication.
• E. Use a proxy Snowflake account outside the VPN, enabling client redirect for user logins.

The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organizations system.
What is the BEST way to find recent and ongoing login attempts to Snowflake?

• A. Call the LOGIN_HISTORY Information Schema table function.
• B. Query the LOGIN_HISTORY view in the ACCOUNT_USAGE schema in the SNOWFLAKE database.
• C. View the History tab in the Snowflake UI and set up a filter for SQL text that contains the text "LOGIN".
• D. View the Users section in the Account tab in the Snowflake UI and review the last login column.

An Architect needs to grant a group of ORDER_ADMIN users the ability to clean old data in an ORDERS table (deleting all records older than 5 years), without granting any privileges on the table. The groups manager (ORDER_MANAGER) has full DELETE privileges on the table.
How can the ORDER_ADMIN role be enabled to perform this data cleanup, without needing the DELETE privilege held by the ORDER_MANAGER role?

• A. Create a stored procedure that runs with callers rights, including the appropriate "> 5 years" business logic, and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
• B. Create a stored procedure that can be run using both callers and owners rights (allowing the user to specify which rights are used during execution), and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
• C. Create a stored procedure that runs with owners rights, including the appropriate "> 5 years" business logic, and grant USAGE on this procedure to ORDER_ADMIN. The ORDER_MANAGER role owns the procedure.
• D. This scenario would actually not be possible in Snowflake any user performing a DELETE on a table requires the DELETE privilege to be granted to the role they are using.

What is a valid object hierarchy when building a Snowflake environment?

• A. Account --> Database --> Schema --> Warehouse
• B. Organization --> Account --> Database --> Schema --> Stage
• C. Account --> Schema > Table --> Stage
• D. Organization --> Account --> Stage --> Table --> View

A user has the appropriate privilege to see unmasked data in a column.
If the user loads this column data into another column that does not have a masking policy, what will occur?

• A. Unmasked data will be loaded in the new column.
• B. Masked data will be loaded into the new column.
• C. Unmasked data will be loaded into the new column but only users with the appropriate privileges will be able to see the unmasked data.
• D. Unmasked data will be loaded into the new column and no users will be able to see the unmasked data.