MCQs on Snowflake Security and Governance | Snowflake
Snowflake’s security and governance features are designed to protect data and ensure compliance with organizational and regulatory standards. Chapter 7 focuses on critical aspects such as Role-Based Access Control (RBAC), data masking and encryption, secure data sharing, and monitoring and auditing. This set of multiple-choice questions will test your understanding of these key concepts.
Role-Based Access Control (RBAC)
- What is the primary purpose of Role-Based Access Control in Snowflake?
a) Optimizing query performance
b) Assigning permissions to specific users
c) Managing data encryption
d) Automating data backups - In Snowflake, roles are:
a) User-specific functions
b) Logical objects that define permissions
c) Physical storage units
d) Query optimization tools - Which command is used to create a new role in Snowflake?
a) CREATE USER
b) CREATE ROLE
c) ADD PERMISSION
d) GRANT PRIVILEGE - The hierarchy of roles in Snowflake is managed by:
a) Linking roles to warehouses
b) Assigning roles to other roles
c) Setting up database replication
d) Granting privileges to databases - To revoke a role from a user, which command is used?
a) REMOVE ROLE FROM USER
b) DELETE ROLE
c) REVOKE ROLE FROM USER
d) UNASSIGN ROLE
Data Masking and Encryption
- What is data masking in Snowflake?
a) A technique to replicate data across regions
b) Hiding sensitive data by obfuscating its values
c) Encrypting data for secure storage
d) Optimizing query performance - Data masking in Snowflake can be applied using:
a) Secure views
b) Dynamic data masking policies
c) Materialized views
d) Data replication - Which Snowflake feature ensures that data is always encrypted?
a) Time Travel
b) Always-On Encryption
c) Secure Data Vault
d) Multi-Factor Authentication - What type of encryption does Snowflake use for data at rest?
a) RSA
b) AES-256
c) Blowfish
d) DES - The primary goal of data masking is to:
a) Improve database performance
b) Simplify data replication
c) Protect sensitive information
d) Enhance data sharing capabilities
Secure Data Sharing
- Snowflake Secure Data Sharing allows:
a) Sharing data without copying it
b) Exporting data to external cloud providers
c) Encrypting data for physical transfer
d) Replicating databases across accounts - Which Snowflake object is required for secure data sharing?
a) Materialized View
b) Secure View
c) Share
d) Virtual Warehouse - Data shared using Snowflake Secure Data Sharing is:
a) Stored on shared external drives
b) Read-only for recipients
c) Automatically replicated
d) Fully editable by all users - To create a share, you must:
a) Use the “CREATE SHARE” command
b) Activate a new Snowflake account
c) Configure database replication settings
d) Modify warehouse permissions - Secure Data Sharing is ideal for:
a) Transferring large datasets quickly
b) Sharing live data securely between accounts
c) Improving warehouse performance
d) Archiving historical data
Monitoring and Auditing
- Which Snowflake feature helps track user activity?
a) Role-Based Access Control
b) Query History
c) Audit Logs
d) Secure Data Masking - Snowflake’s “Query History” provides details about:
a) All user logins
b) Data encryption status
c) Executed SQL statements
d) Role assignments - The “Access History” view in Snowflake is used to:
a) Monitor query performance
b) Track data access and usage
c) Configure secure data sharing
d) Assign roles to users - For real-time monitoring of Snowflake activities, you can use:
a) Task Scheduler
b) External Notification Services
c) Snowflake’s Resource Monitors
d) Data Replication Tools - Resource Monitors in Snowflake are primarily used to:
a) Analyze user activity
b) Control compute resource usage
c) Enhance data encryption
d) Create dynamic masking policies
Additional Questions for Review
- Which role in Snowflake typically handles audit tasks?
a) SECURITYADMIN
b) SYSADMIN
c) ACCOUNTADMIN
d) WAREHOUSEADMIN - Data encryption in transit ensures:
a) Data integrity during replication
b) Data security during transmission
c) Faster query execution
d) Automated backups - Dynamic data masking policies are defined based on:
a) Query optimization rules
b) User roles and permissions
c) Data warehouse settings
d) Audit logs - The “GRANT USAGE” privilege in Snowflake allows:
a) Users to modify database objects
b) Access to specific database objects
c) Management of user roles
d) Enabling encryption for tables - Secure Data Sharing eliminates the need for:
a) Creating copies of data
b) Encrypting data
c) Managing roles and users
d) Data warehouses - Snowflake logs all account-level activities using:
a) Activity Streams
b) Audit Logs
c) Resource Monitors
d) Query Optimizers - In Snowflake, user authentication can be enhanced by enabling:
a) Always-On Encryption
b) Multi-Factor Authentication
c) Query Caching
d) Virtual Warehousing - Monitoring and auditing help organizations:
a) Automate database backups
b) Ensure compliance and detect anomalies
c) Improve query performance
d) Reduce storage costs - Snowflake’s Time Travel feature is useful for:
a) Query performance tracking
b) Restoring data to a previous state
c) Encrypting data
d) Monitoring warehouse usage - The SECURITYADMIN role is responsible for:
a) Creating databases
b) Managing roles, users, and permissions
c) Setting up warehouses
d) Optimizing SQL queries
Answers
| Qno | Answer |
|---|---|
| 1 | b) Assigning permissions to specific users |
| 2 | b) Logical objects that define permissions |
| 3 | b) CREATE ROLE |
| 4 | b) Assigning roles to other roles |
| 5 | c) REVOKE ROLE FROM USER |
| 6 | b) Hiding sensitive data by obfuscating its values |
| 7 | b) Dynamic data masking policies |
| 8 | b) Always-On Encryption |
| 9 | b) AES-256 |
| 10 | c) Protect sensitive information |
| 11 | a) Sharing data without copying it |
| 12 | c) Share |
| 13 | b) Read-only for recipients |
| 14 | a) Use the “CREATE SHARE” command |
| 15 | b) Sharing live data securely between accounts |
| 16 | c) Audit Logs |
| 17 | c) Executed SQL statements |
| 18 | b) Track data access and usage |
| 19 | c) Snowflake’s Resource Monitors |
| 20 | b) Control compute resource usage |
| 21 | a) SECURITYADMIN |
| 22 | b) Data security during transmission |
| 23 | b) User roles and permissions |
| 24 | b) Access to specific database objects |
| 25 | a) Creating copies of data |
| 26 | b) Audit Logs |
| 27 | b) Multi-Factor Authentication |
| 28 | b) Ensure compliance and detect anomalies |
| 29 | b) Restoring data to a previous state |
| 30 | b) Managing roles, users, and permissions |