- (Topic 4)
What happens to the objects in a reader account when the DROP MANAGED ACCOUNT command is executed?
Correct Answer:
A
When the DROP MANAGED ACCOUNT command is executed in Snowflake, it removes the managed account, including all objects created within the account, and access to the account is immediately restricted2.
References: [COF-C02] SnowPro Core Certification Exam Study Guide
- (Topic 6)
What is the default access of a securable object until other access is granted?
Correct Answer:
A
In Snowflake, the default access level for any securable object (such as a table, view, or schema) is "No access" until explicit access is granted. This means that when an object is created, only the owner of the object and roles with the necessary privileges can access it. Other users or roles will not have any form of access to the object until it is explicitly granted.
This design adheres to the principle of least privilege, ensuring that access to data is tightly controlled and that users and roles only have the access necessary for their functions. To grant access, the owner of the object or a role with the GRANT option can use the GRANT statement to provide specific privileges to other users or roles.
For example, to grant SELECT access on a table to a specific role, you would use a command similar to:
GRANTSELECTONTABLEmy_tableTOROLE my_role;
Reference: Snowflake Documentation on Access Control (https://docs.snowflake.com/en/user-guide/security-access-control-overview.html)
- (Topic 6)
Authorization to execute CREATE
Correct Answer:
A
In Snowflake, the authorization to executeCREATE <object>statements, such as creating tables, views, databases, etc., is determined by the role currently set as the user's primary role. The primary role of a user or session specifies the set of privileges(including creation privileges) that the user has. While users can have multiple roles, only the primary role is used to determine what objects the user can create unless explicitly specified in the session.
Reference: This is based on the principle of Role-Based Access Control (RBAC) in Snowflake, where roles are used to manage access permissions. The official Snowflake documentation on Understanding and Using Roles would be the best resource to verify this information: https://docs.snowflake.com/en/user-guide/security-access-control- overview.html#roles
- (Topic 3)
What role is required to use Partner Connect?
Correct Answer:
A
To use Partner Connect, the ACCOUNTADMIN role is required. Partner Connect allows account administrators to easily create trial accounts with selected Snowflake business partners and integrate these accounts with Snowflake
- (Topic 2)
A user has unloaded data from a Snowflake table to an external stage.
Which command can be used to verify if data has been uploaded to the external stage named my_stage?
Correct Answer:
B
The list @my_stage command in Snowflake can be used to verify if data has been uploaded to an external stage named my_stage. This command provides a list of files that are present in the specified stage2.
