• Home
  • Articles
  • [Nov 16, 2024] Passing Key To Getting ADA-C01 Certified Exam Engine PDF [Q14-Q36]

[Nov 16, 2024] Passing Key To Getting ADA-C01 Certified Exam Engine PDF [Q14-Q36]

Share

[Nov 16, 2024] Passing Key To Getting ADA-C01 Certified Exam Engine PDF

ADA-C01 Exam Dumps Pass with Updated Nov-2024 Tests Dumps


Snowflake ADA-C01 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Manage and implement data sharing
  • Given a set of business requirements, establish access control architecture
Topic 2
  • Given a scenario, manage databases, tables, and views
  • Manage organizations and access control
Topic 3
  • Interpret and make recommendations for data clustering
  • Manage DML locking and concurrency in Snowflake
Topic 4
  • Given a scenario, create and manage access control
  • Given a scenario, implement resource monitors

 

NEW QUESTION # 14
DatabaseA has a single schema called Schema1. This schema contains many tables and views. The ANALYST role has privileges to select from all objects in DatabaseA. Schema1. The SYSADMIN role clones DatabaseA to DatabaseA_clone.
What privileges does the ANALYST role have on tables and views in DatabaseA_clone? (Select TWO).

  • A. SELECT on all tables and views in DatabaseA_clone. Schema1
  • B. SELECT on all tables, and only non-secure views in DatabaseA_clone. Schemal
  • C. USAGE on the schema DatabaseA clone
  • D. USAGE on the database DatabaseA_clone. Schemal
  • E. SELECT on all tables, and only secure views in DatabaseA_clone. Schemal

Answer: A,B

Explanation:
Explanation
According to the Snowflake documentation, when a database or schema is cloned, the clone inherits all granted privileges on the clones of all child objects contained in the source object, such as tables and views.
However, the clone of the container itself does not inherit the privileges granted on the source container.
Therefore, the ANALYST role will have SELECT privilege on all tables and views in DatabaseA_clone.Schema1, but not USAGE privilege on the database or schema. The type of view (secure or non-secure) does not affect the cloning of privileges.


NEW QUESTION # 15
Which type of listing in the Snowflake Marketplace can be added and queried immediately?

  • A. Standard listing
  • B. Regional listing
  • C. Monetized listing
  • D. Personalized listing

Answer: A

Explanation:
Explanation
According to the Snowflake documentation1, a standard listing is a type of listing that provides free access to the full data product, with no payment required. A standard listing can be added andqueried immediately by the consumer, as long as they accept the terms and conditions of the listing. A monetized listing is a type of listing that charges for access to the data product, using the pricing models offered by Snowflake. A monetized listing requires the consumer to provide payment information and agree to the billing terms before accessing the data product. A regional listing is not a type of listing, but a way to specify the regions where the listing is available. A personalized listing is a type of listing that provides limited trial access to the data product, with unlimited access to the full data product available upon request. A personalized listing requires the consumer to request access from the provider and wait for the provider to grant access before accessing the data product.
Therefore, the only type of listing that can be added and queried immediately is the standard listing.


NEW QUESTION # 16
What is a characteristic of Snowflake's transaction locking and concurrency modeling?

  • A. A deadlock cannot occur in Snowflake, since concurrently executed queries and DML statements do not block one another.
  • B. Queries executed within a given transaction see that transaction's uncommitted changes.
  • C. Transaction locking in Snowflake is enforced exclusively at the row and table levels.
  • D. If two queries are concurrently executed against the same table, one of the two queries will be blocked until the other query completes.

Answer: A

Explanation:
According to the Snowflake documentation1, Snowflake uses a multi-version concurrency control (MVCC) model, which means that each transaction operates on a consistent snapshot of the database at a point in time. This allows queries and DML statements to run concurrently without blocking each other, as they do not modify the same data. Therefore, a deadlock, which occurs when concurrent transactions are waiting on resources that are locked by each other, cannot happen in Snowflake. Option B is incorrect because queries and DML statements do not block each other in Snowflake, unless they are explicitly started transactions and multiple statements in each transaction2. Option C is incorrect because transaction locking in Snowflake is enforced at the partition level, not the row or table level3. Option D is incorrect because queries executed within a given transaction do not see that transaction's uncommitted changes, but only the committed changes that occurred before the transaction started1.


NEW QUESTION # 17
In general, the monthly billing for database replication is proportional to which variables? (Select TWO).

  • A. The frequency of the secondary database refreshes from the primary database
  • B. The number and size of warehouses defined in the primary account
  • C. The amount of table data in the primary database that changes as a result of data loading or DML operations
  • D. The number of times data moves across regions and/or cloud service providers between the primary and secondary database accounts
  • E. The frequency of changes to the primary database as a result of data loading or DML operations

Answer: C,E

Explanation:
Snowflake charges for database replication based on two categories: data transfer and compute resources1. Data transfer costs depend on the amount of data that is transferred from the primary database to the secondary database across regions and/or cloud service providers2. Compute resource costs depend on the use of Snowflake-provided compute resources to copy data between accounts across regions1. Both data transfer and compute resource costs are proportional to the frequency and amount of changes to the primary database as a result of data loading or DML operations3.
Therefore, the answer is A and B. The other options are not directly related to the replication billing, as the frequency of secondary database refreshes does not affect the amount of data transferred or copied4, and the number and size of warehouses defined in the primary account do not affect the replication process5.


NEW QUESTION # 18
An Administrator has a user who needs to be able to suspend and resume a task based on the current virtual warehouse load, but this user should not be able to modify the task or start a new run.
What privileges should be granted to the user to meet these requirements? (Select TWO).

  • A. OWNERSHIP on the database and schema containing the task
  • B. USAGE on the database and schema containing the task
  • C. EXECUTE TASK on the task
  • D. OPERATE on the task
  • E. OWNERSHIP on the task

Answer: B,D


NEW QUESTION # 19
What is required for stages, without credentials, to limit data exfiltration after a storage integration and associated stages are created?

  • A. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION FOR STAGE_OPERATION = true;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = true;
  • B. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = false;
  • C. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = true;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = false;
  • D. ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = false;
    ALTER ACCOUNT my_account SET
    REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = false;
    ALTER ACCOUNT my_account SET
    PREVENT_UNLOAD_TO_INLINE_URL = true;

Answer: A

Explanation:
According to the Snowflake documentation1, stages without credentials are a way to create external stages that use storage integrations to access data files in cloud storage without providing any credentials to Snowflake. Storage integrations are objects that define a trust relationship between Snowflake and a cloud provider, allowing Snowflake to authenticate and authorize access to the cloud storage. To limit data exfiltration after a storage integration and associated stages are created, the following account-level parameters can be set:
* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION: This parameter enforces that all external stages must be created using a storage integration. This prevents users from creating external stages with inline credentials or URLs that point to unauthorized locations.
* REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION: This parameter enforces that all operations on external stages, such as PUT, GET, COPY, and LIST, must use a storage integration. This prevents users from performing operations on external stages with inline credentials or URLs that point to unauthorized locations.
* PREVENT_UNLOAD_TO_INLINE_URL: This parameter prevents users from unloading data from Snowflake tables to inline URLs that do not use a storage integration. This prevents users from exporting data to unauthorized locations.
Therefore, the correct answer is option D, which sets all these parameters to true. Option A is incorrect because it sets PREVENT_UNLOAD_TO_INLINE_URL to false, which allows users to unload data to inline URLs that do not use a storage integration. Option B is incorrect because it sets both REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION and REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION to false, which allows users to create and operate on external stages without using a storage integration. Option C is incorrect because it sets all the parameters to false, which does not enforce any restrictions on data exfiltration.


NEW QUESTION # 20
Which type of listing in the Snowflake Marketplace can be added and queried immediately?

  • A. Standard listing
  • B. Regional listing
  • C. Monetized listing
  • D. Personalized listing

Answer: A

Explanation:
According to the Snowflake documentation1, a standard listing is a type of listing that provides free access to the full data product, with no payment required. A standard listing can be added and queried immediately by the consumer, as long as they accept the terms and conditions of the listing. A monetized listing is a type of listing that charges for access to the data product, using the pricing models offered by Snowflake. A monetized listing requires the consumer to provide payment information and agree to the billing terms before accessing the data product. A regional listing is not a type of listing, but a way to specify the regions where the listing is available. A personalized listing is a type of listing that provides limited trial access to the data product, with unlimited access to the full data product available upon request. A personalized listing requires the consumer to request access from the provider and wait for the provider to grant access before accessing the data product. Therefore, the only type of listing that can be added and queried immediately is the standard listing.


NEW QUESTION # 21
A user with the proper role issues the following commands when setting up and activating network policies:
CREATE OR REPLACE NETWORK POLICY foo_policy
ALLOWED_IP_LIST = ( '1.1.1.0/24', '2.2.2.0/24' , '3.3. 3. 0/24' )
BLOCKED IP LIST = ( '1.1.1.1')
COMMENT = 'Account level policy';
ALTER ACCOUNT SET NETWORK_POLICY=FOO_POLICY;
CREATE OR REPLACE NETWORK POLICY bar_policy
ALLOWED_IP_LIST = ('3.3.3.0/24')
BLOCKED IP LIST = ('3.3.3.10')
COMMENT = 'user level policy';
ALTER USER userl SET NETWORK_POLICY=BAR_POLICY;
Afterwards, user1 attempts to log in to Snowflake from IP address 3.3.3.10.
Will the login be successful?

  • A. Yes, because 3.3.3.10 is found in the ALLOWED_IP_LIST of foo_policy.
  • B. No, because 3.3.3.10 is not found in the ALLOWED_IP_LIST of foo_policy.
  • C. No, because 3.3.3.10 is found in the BLOCKED_IP_LIST of bar_policy.
  • D. Yes, because 3.3.3.10 is found in the ALLOWED_IP_LIST of bar_policy.

Answer: C

Explanation:
Explanation
According to the Snowflake documentation1, network policies are a feature that allows restricting access to your account based on user IP address. A network policy can be applied to an account, a user, or a security integration, and can specify a list of allowed IP addresses and a list of blocked IP addresses. If there are network policies applied to more than one of these, the most specific network policy overrides more general network policies. In this case, the user1 has a network policy (bar_policy) applied to them, which overrides the account-level network policy (foo_policy). The bar_policy allows access only from the IP range 3.3.3.0/24, and blocks access from the IP address 3.3.3.10. Therefore, the user1 will not be able to log in to Snowflake from IP address 3.3.3.10, as it is found in the BLOCKED_IP_LIST of bar_policy. Option A is incorrect because the ALLOWED_IP_LIST of bar_policy does not override the BLOCKED_IP_LIST of bar_policy.
Option C is incorrect because the ALLOWED_IP_LIST of foo_policy does not apply to user1, as it is overridden by the user-level network policy. Option D is incorrect because the ALLOWED_IP_LIST of foo_policy does not matter, as it is overridden by the user-level network policy.


NEW QUESTION # 22
An Administrator receives data from a Snowflake partner. The partner is sharing a dataset that contains multiple secure views. The Administrator would like to configure the data so that only certain roles can see certain secure views.
How can this be accomplished?

  • A. Create views over the incoming shared database and apply the desired RBAC onto these views.
  • B. Clone the data and insert it into a company-owned share and apply the desired RBAC on the new tables.
  • C. Apply RBAC directly onto the partner's shared secure views.
  • D. Individually grant imported privileges onto the schema in the share.

Answer: A

Explanation:
According to the Snowflake documentation1, secure views are only exposed to authorized users who have been granted the role that owns the view. Therefore, applying RBAC directly onto the partner's shared secure views (option A) is not possible, as the administrator does not own those views. Individually granting imported privileges onto the schema in the share (option B) is also not feasible, as the privileges granted on the schema do not apply to existing secure views, only to future ones2. Cloning the data and inserting it into a company-owned share (option C) is not recommended, as it would create unnecessary duplication of data and increase storage costs. The best option is to create views over the incoming shared database and apply the desired RBAC onto these views (option D). This way, the administrator can control the access to the data based on the roles in their account, without modifying the original data or views from the partner.


NEW QUESTION # 23
An Administrator has a table named SALES_DATA which needs some edits, but the Administrator does not want to change the main table dat a. The Administrator decides to make a transient copy of this table and wants the transient table to have all the same permissions as the original table.
How can the Administrator create the transient table so it inherits the same permissions as the original table, and what considerations need to be made concerning the requirements? (Select TWO).

  • A. Use the following SQL command:
    create transient table TRANSIENT SALES DATA as select * from SALES_DATA copy grants;
  • B. Use the following SQL command:
    create transient table TRANSIENT_SALES_DATA as select * from SALES_DATA;
  • C. Use the following SQL commands:
    create transient table TRANSIENT_SALES_DATA like SALES_DATA copy grants; insert into TRANSIENT_SALES_DATA select * from SALES_DATA;
  • D. Transient tables will be purged at the end of the user session and do not have any Fail-safe period.
  • E. Transient tables will persist until explicitly dropped and contribute to overall storage costs.

Answer: A,E

Explanation:
According to the Snowflake documentation1, the COPY GRANTS option can be used to copy all privileges, except OWNERSHIP, from the existing table to the new transient table. This option also preserves any future grants defined for the object type in the schema. Option A is incorrect because it does not copy any grants from the original table. Option C is incorrect because it does not copy the data from the original table, only the structure and grants. Option E is incorrect because transient tables are not session-based and do not have a Fail-safe period, but they do have a Time Travel retention period2.
1: CREATE TABLE | Snowflake Documentation 2: Working with Temporary and Transient Tables | Snowflake Documentation


NEW QUESTION # 24
What roles can be used to create network policies within Snowflake accounts? (Select THREE).

  • A. ORGADMIN
  • B. Any role with the global permission of CREATE NETWORK POLICY
  • C. Any role that owns the database where the network policy is created
  • D. ACCOUNTADMIN
  • E. SECURITYADMIN
  • F. SYSADMIN

Answer: B,D,E

Explanation:
Explanation
Network policies are used to restrict access to the Snowflake service and internal stages based on user IP address1. To create network policies, a role must have the global permission of CREATE NETWORK POLICY2. By default, the system-defined roles of SECURITYADMIN and ACCOUNTADMIN have this permission3. However, any other role can be granted this permission by an administrator4. Therefore, the answer is B, C, and E. The other options are incorrect because SYSADMIN and ORGADMIN do not have the CREATE NETWORK POLICY permission by default3, and network policies are not tied to specific databases5.


NEW QUESTION # 25
A user with the proper role issues the following commands when setting up and activating network policies:
CREATE OR REPLACE NETWORK POLICY foo_policy
ALLOWED_IP_LIST = ( '1.1.1.0/24', '2.2.2.0/24' , '3.3. 3. 0/24' )
BLOCKED IP LIST = ( '1.1.1.1')
COMMENT = 'Account level policy';
ALTER ACCOUNT SET NETWORK_POLICY=FOO_POLICY;
CREATE OR REPLACE NETWORK POLICY bar_policy
ALLOWED_IP_LIST = ('3.3.3.0/24')
BLOCKED IP LIST = ('3.3.3.10')
COMMENT = 'user level policy';
ALTER USER userl SET NETWORK_POLICY=BAR_POLICY;
Afterwards, user1 attempts to log in to Snowflake from IP address 3.3.3.10.
Will the login be successful?

  • A. Yes, because 3.3.3.10 is found in the ALLOWED_IP_LIST of foo_policy.
  • B. No, because 3.3.3.10 is not found in the ALLOWED_IP_LIST of foo_policy.
  • C. No, because 3.3.3.10 is found in the BLOCKED_IP_LIST of bar_policy.
  • D. Yes, because 3.3.3.10 is found in the ALLOWED_IP_LIST of bar_policy.

Answer: C

Explanation:
According to the Snowflake documentation1, network policies are a feature that allows restricting access to your account based on user IP address. A network policy can be applied to an account, a user, or a security integration, and can specify a list of allowed IP addresses and a list of blocked IP addresses. If there are network policies applied to more than one of these, the most specific network policy overrides more general network policies. In this case, the user1 has a network policy (bar_policy) applied to them, which overrides the account-level network policy (foo_policy). The bar_policy allows access only from the IP range 3.3.3.0/24, and blocks access from the IP address 3.3.3.10. Therefore, the user1 will not be able to log in to Snowflake from IP address 3.3.3.10, as it is found in the BLOCKED_IP_LIST of bar_policy. Option A is incorrect because the ALLOWED_IP_LIST of bar_policy does not override the BLOCKED_IP_LIST of bar_policy. Option C is incorrect because the ALLOWED_IP_LIST of foo_policy does not apply to user1, as it is overridden by the user-level network policy. Option D is incorrect because the ALLOWED_IP_LIST of foo_policy does not matter, as it is overridden by the user-level network policy.


NEW QUESTION # 26
What session parameter can be used to test the integrity of secure views based on the account that is accessing that view?

  • A. TEST_ACCOUNT_ID
  • B. SIMULATED_DATA_SHARING_CONSUMER
  • C. PRODUCER_TEST_ACCT
  • D. MIMIC_CONSUMER_ACCOUNT

Answer: B

Explanation:
Explanation
The SIMULATED_DATA_SHARING_CONSUMER session parameter allows a data provider to test the integrity of secure views based on the account that is accessing that view2. By setting this parameter to the name of the consumer account, the data provider can query the secure view and see the results that a user in the consumer account will see2. This helps to ensure that sensitive data in a shared database is not exposed to unauthorized users1. The other options are not valid session parameters in Snowflake3


NEW QUESTION # 27
.
Company A uses Snowflake to manage audio files of call recordings. Company A hired Company B, who also uses Snowflake, to transcribe the audio files for further analysis.
Company A's Administrator created a share.
What object should be added to the share to allow Company B access to the files?

  • A. A secure view with a column for pre-signed URLs.
  • B. A secure view with a column for METADATA$FILENAME.
  • C. A secure view with a column for the stage name and a column for the file path.
  • D. A secure view with a column for file URLs.

Answer: A

Explanation:
According to the Snowflake documentation1, pre-signed URLs are required to access external files in a share. A secure view can be used to generate pre-signed URLs for the audio files stored in an external stage and expose them to the consumer account. Option A is incorrect because file URLs alone are not sufficient to access external files in a share. Option C is incorrect because METADATA$FILENAME only returns the file name, not the full path or URL. Option D is incorrect because the stage name and file path are not enough to generate pre-signed URLs.


NEW QUESTION # 28
What are benefits of creating and maintaining resource monitors in Snowflake? (Select THREE).

  • A. Resource monitors add no additional load to virtual warehouse compute.
  • B. Multiple resource monitors can be applied to a single virtual warehouse.
  • C. Multiple triggers can be configured across various virtual warehouse thresholds.
  • D. Resource monitors can be applied to more than one virtual warehouse.
  • E. The cost of running a resource monitor is only 10% of a credit, per day of operation.
  • F. Resource monitor governance is tightly controlled and monitors can only be created by the ACCOUNTADMIN role or users with the CREATE MONITOR privilege.

Answer: A,C,D

Explanation:
Explanation
According to the Snowflake documentation1, resource monitors are a feature that helps you manage and control Snowflake costs by monitoring and setting limits on your compute resources. Resource monitors do not consume any credits or add any load to the virtual warehouses they monitor1. Resource monitors can also have multiple triggers that specify different actions (such as suspending or notifying) when certain percentages of the credit quota are reached2. Resource monitors can be applied to either the entire account or a specific set of individual warehouses1. The other options are not benefits of resource monitors. The cost of running a resource monitor is negligible, not 10% of a credit3. Multiple resource monitors cannot be applied to a single virtual warehouse; only one resource monitor can be assigned to a warehouse at a time2. Resource monitor governance is not tightly controlled; account administrators can enable users with other roles to view and modify resource monitors using SQL2.


NEW QUESTION # 29
An Administrator has a user who needs to be able to suspend and resume a task based on the current virtual warehouse load, but this user should not be able to modify the task or start a new run.
What privileges should be granted to the user to meet these requirements? (Select TWO).

  • A. OWNERSHIP on the database and schema containing the task
  • B. USAGE on the database and schema containing the task
  • C. EXECUTE TASK on the task
  • D. OPERATE on the task
  • E. OWNERSHIP on the task

Answer: B,D

Explanation:
Explanation
The user needs the OPERATE privilege on the task to suspend and resume it, and the USAGE privilege on the database and schema containing the task to access it1. The EXECUTE TASK privilege is not required for suspending and resuming a task, only for triggering a new run1. The OWNERSHIP privilege on the task or the database and schema would allow the user to modify or drop the task, which is not desired.


NEW QUESTION # 30
When does auto-suspend occur for a multi-cluster virtual warehouse?

  • A. After a specified period of time when an additional cluster has started on the maximum number of clusters specified for a warehouse.
  • B. When the minimum number of clusters is running and there is no activity for the specified period of time.
  • C. Auto-suspend does not apply for multi-cluster warehouses.
  • D. When there has been no activity on any cluster for the specified period of time.

Answer: B

Explanation:
Explanation
According to the Multi-cluster Warehouses documentation, auto-suspend is a feature that allows a warehouse to automatically suspend itself after a specified period of inactivity. For a multi-cluster warehouse, auto-suspend applies to the entire warehouse, not to individual clusters. Therefore, auto-suspend occurs when the minimum number of clusters is running and there is no activity for the specified period of time. The other options are incorrect because:
*A. Auto-suspend does not occur when there has been no activity on any cluster for the specified period of time. This would imply that each cluster has its own auto-suspend timer, which is not the case. The warehouse has a single auto-suspend timer that is reset by any activity on any cluster.
*B. Auto-suspend does not occur after a specified period of time when an additional cluster has started on the maximum number of clusters specified for a warehouse. This would imply that the auto-suspend timer is affected by the number of clusters running, which is not the case. The auto-suspend timer is only affected by the activity on the warehouse, regardless of the number of clusters running.
*D. Auto-suspend does apply for multi-cluster warehouses, as explained above. It is a feature that can be enabled or disabled for any warehouse, regardless of the number of clusters.


NEW QUESTION # 31
.
Company A uses Snowflake to manage audio files of call recordings. Company A hired Company B, who also uses Snowflake, to transcribe the audio files for further analysis.
Company A's Administrator created a share.
What object should be added to the share to allow Company B access to the files?

  • A. A secure view with a column for pre-signed URLs.
  • B. A secure view with a column for METADATA$FILENAME.
  • C. A secure view with a column for the stage name and a column for the file path.
  • D. A secure view with a column for file URLs.

Answer: A

Explanation:
Explanation
According to the Snowflake documentation1, pre-signed URLs are required to access external files in a share.
A secure view can be used to generate pre-signed URLs for the audio files stored in an external stage and expose them to the consumer account. Option A is incorrect because file URLs alone are not sufficient to access external files in a share. Option C is incorrect because METADATA$FILENAME only returns the file name, not the full path or URL. Option D is incorrect because the stage name and file path are not enough to generate pre-signed URLs.


NEW QUESTION # 32
Which statement allows this user to access this Snowflake account from a specific IP address (192.168.1.100) while blocking their access from anywhere else?

  • A. CREATE NETWORK POLICY ADMIN_POLICY
    ALLOWED IP LIST = ('192.168.1.100')
    BLOCKED_IP_LIST = ('0.0.0.0/0');
    ALTER USER ABC SET NETWORK_POLICY = 'ADMIN_POLICY';
  • B. CREATE NETWORK POLICY ADMIN POLICY
    ALLOWED_IP_LIST = ('192.168.1.100');
    ALTER ROLE ACCOUNTADMIN SET NETWORK_POLICY = 'ADMIN_POLICY';
  • C. CREATE OR REPLACE NETWORK POLICY ADMIN_POLICY
    ALLOWED_IP_LIST = ('192.168. 1. 100/0') ;
    ALTER USER ABC SET NETWORK_POLICY = 'ADMIN_POLICY';
  • D. CREATE NETWORK POLICY ADMIN_POLICY
    ALLOWED_IP_LIST = ('192.168.1.100');
    ALTER USER ABC SET NETWORK_POLICY = 'ADMIN_POLICY';
    User ABC is the only user with an ACCOUNTADMIN role.

Answer: A

Explanation:
Explanation
Option C creates a network policy that allows only the IP address 192.168.1.100 and blocks all other IP addresses using the CIDR notation 0.0.0.0/01. It then applies the network policy to the user ABC, who has the ACCOUNTADMIN role. This ensures that only this user can access the Snowflake account from the specified IP address, while blocking their access from anywhere else. Option A does not block any other IP addresses, option B applies the network policy to the role instead of the user, and option D uses an invalid CIDR notation.


NEW QUESTION # 33
How should an Administrator configure a Snowflake account to use AWS PrivateLink?

  • A. Create CNAME records in the DNS.
  • B. Contact Snowflake Support.
  • C. Block public access to Snowflake.
  • D. Use SnowCD to evaluate the network connection.

Answer: B

Explanation:
Explanation
To configure a Snowflake account to use AWS PrivateLink, the Administrator needs to create CNAME records in the DNS that point to the private endpoints provided by Snowflake. This allows the clients to connect to Snowflake using the same URL as before, but with private connectivity. According to the Snowflake documentation, "After you have created the VPC endpoints, Snowflake provides you with a list of private endpoints for your account. You must create CNAME records in your DNS that point to these private endpoints. The CNAME records must use the same hostnames as the original Snowflake URLs for your account." The other options are either incorrect or not sufficient to configure AWS PrivateLink. Option B is not necessary, as the Administrator can enable AWS PrivateLink using the SYSTEM$AUTHORIZE_PRIVATELINK function1. Option C is not recommended, as it may prevent some data traffic from reaching Snowflake, such as large result sets stored on AWS S32. Option D is not related to AWS PrivateLink, but to Snowflake Connectivity Diagnostic (SnowCD), which is a tool for diagnosing network issues between clients and Snowflake3.


NEW QUESTION # 34
Which command can temporarily disable Multi-factor Authentication (MFA) for the Snowflake username user1 for 24 hours?

  • A. alter user userl set TEMPORARY_MFA_BYPASS=1440;
  • B. alter user userl set MINS_TO_BYPASS_MFA=1440;
  • C. alter user userl set HOURS_TO_BYPASS_MFA=24;
  • D. alter user userl set DISABLE_MFA=1440;

Answer: B

Explanation:
Explanation
According to the Snowflake documentation1, the MINS_TO_BYPASS_MFA property specifies the number of minutes to temporarily disable MFA for a user so that they can log in without the temporary token generated by the Duo Mobile application. After the time passes, MFA is enforced and the user cannot log in without the token. Therefore, to disable MFA for 24 hours, the value of this property should be set to 1440 minutes (24 x
60). Option B is incorrect because the DISABLE_MFA property is a boolean value that permanently disables MFA for a user, not a numeric value that specifies the duration. Option C is incorrect because there is no such property as TEMPORARY_MFA_BYPASS in Snowflake. Option D is incorrect because there is no such property as HOURS_TO_BYPASS_MFA in Snowflake.


NEW QUESTION # 35
Which commands can be performed by a user with the ORGADMIN role but not the ACCOUNTADMIN role? (Select TWO).

  • A. SHOW REGIONS;
  • B. SHOW ORGANIZATION ACCOUNTS;
  • C. GRANT ROLE ORGADMIN TO USER <username>;
  • D. SHOW USERS;
  • E. SELECT SYSTEM$GLOBAL_ACCOUNT_SET_PARAMETER (
    'ACCOUNT LOCATOR',
    'ENABLE ACCOUNT DATABASE_REPLICATION',
    'true'
    );

Answer: B,E

Explanation:
Explanation
According to the Snowflake documentation1, the ORGADMIN role is a special system role that is responsible for managing operations at the organization level, such as creating and viewing accounts, enabling database replication, and setting global account parameters. The ACCOUNTADMIN role is a system role that is responsible for managing operations at the account level, such as creating and managing users, roles, warehouses, databases, and shares. Therefore, the commands that can be performed by the ORGADMIN role but not the ACCOUNTADMIN role are:
*SHOW ORGANIZATION ACCOUNTS: This command lists all the accounts in the organization and their properties, such as region, edition, and status2. The ACCOUNTADMIN role can only show the current account and its properties using the SHOW ACCOUNTS command3.
*SELECT SYSTEM$GLOBAL_ACCOUNT_SET_PARAMETER: This function sets a global account parameter for an account in the organization, such as enabling account database replication4. The ACCOUNTADMIN role can only set local account parameters using the ALTER ACCOUNT command.
Option A is incorrect because the SHOW REGIONS command can be executed by any role, not just the ORGADMIN role. Option B is incorrect because the SHOW USERS command can be executed by the ACCOUNTADMIN role, as well as any role that has been granted the MONITOR privilege on the account.
Option D is incorrect because the GRANT ROLE ORGADMIN TO USER <username> command can be executed by the ACCOUNTADMIN role, as well as any role that has been granted the ORGADMIN role1.


NEW QUESTION # 36
......

ADA-C01 exam questions for practice in 2024 Updated 74 Questions: https://lead2pass.prep4sureexam.com/ADA-C01-dumps-torrent.html

Related Articles

more
Snowflake ADA-C01 Certification Practice Exam

Copyright © 2026 Prep4sureExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy