We have prepared Snowflake SnowPro Advanced - Security Engineer (SEA-C01) certification sample questions to make you aware of actual exam properties. This sample question set provides you with information about the SnowPro Advanced - Security Engineer exam pattern, question formate, a difficulty level of questions and time required to answer each question. To get familiar with Snowflake Certified SnowPro Advanced - Security Engineer exam, we suggest you try our Sample Snowflake SEA-C01 Certification Practice Exam in simulated Snowflake certification exam environment.
To test your knowledge and understanding of concepts with real-time scenario based Snowflake SEA-C01 questions, we strongly recommend you to prepare and practice with Premium Snowflake SnowPro Advanced - Security Engineer Certification Practice Exam. The premium Snowflake SnowPro Advanced - Security Engineer certification practice exam helps you identify topics in which you are well prepared and topics in which you may need further training to achieving great score in actual Snowflake Certified SnowPro Advanced - Security Engineer exam.
Snowflake SEA-C01 Sample Questions:
01. A Security Engineer needs to generate multiple sets of synthetic data for a machine learning model that will be used to detect fraudulent financial transactions. How can the Engineer ensure join key values will remain consistent across all runs?
a) Add the similarity filter parameter and set it to true:
'similarity_filter': True
b) Create a dedicated secret, and reference the consistency_secret':
SYSTEM$REFERENCE('SECRET', 'MY_SECRET')) in the procedure call.
c) In the columns parameter, set the join key argument to true: 'columns':
{'<column_name>': {'join_key': True}}
d) Add the replace output tables parameter set to true:
'replace_output_tables': TRUE
02. An organization wants to automatically classify sensitive columns such as personally identifiable information (PII) within Snowflake datasets. Which Snowflake capability supports this functionality?
a) Resource monitor configuration identifying sensitive data using compute metrics
b) Dynamic data masking policies automatically applied during warehouse execution
c) Automated data classification using Snowflake classification services and governance tools
d) Network policy configuration identifying sensitive data based on login attributes
03. A governance pipeline has been configured to ingest AI decisions only if they match a JSON schema. Which is the MOST direct way to generate the LLM return schema-conformant JSON WITHOUT writing a custom validator?
a) Wrap the output string with OBJECT_CONSTRUCT before performing the insert.
b) Use CLASSIFY_TEXT to identify the categories and rebuild the JSON in SQL.
c) Set a session parameter to force the JSON mode.
d) Use the SNOWFLAKE.CORTEX.COMPLETE command with the => {'response_format': <JSON schema>} argument.
04. A Snowflake security engineer must implement mitigation strategies following a security risk assessment. Which actions help reduce security risks?
(Choose two)
a) Increase warehouse compute capacity used by sensitive workloads
b) Rotate authentication credentials and API keys associated with service accounts
c) Implement least-privilege access controls across Snowflake roles and privileges
d) Enable automatic clustering for frequently accessed tables
05. A security engineer must protect sensitive customer information in a Snowflake table so that analysts only see masked values unless they have an approved security role. Which feature should be implemented?
a) Dynamic data masking policy
b) Row access policy
c) Network policy
d) Warehouse resource monitor
06. During a security investigation, a Snowflake administrator must determine which tables were accessed by a compromised user. Which view provides this information?
a) WAREHOUSE_LOAD_HISTORY view identifying compute workload statistics
b) LOGIN_HISTORY view identifying authentication attempts and session metadata
c) RESOURCE_MONITOR_HISTORY view identifying warehouse credit consumption
d) ACCESS_HISTORY view identifying objects accessed during query execution
07. A security engineer wants to audit how classification tags are applied to Snowflake objects. Which view provides visibility into tag usage and assignments?
a) TAG_REFERENCES view providing information about tag assignments to objects
b) QUERY_HISTORY view providing information about executed SQL statements
c) LOGIN_HISTORY view providing authentication event records for user sessions
d) WAREHOUSE_LOAD_HISTORY view providing compute workload statistics
08. An audit identified that there may be user and custom roles that are over-privileged at the Snowflake account level. Which combination of steps should be implemented to monitor this situation?
(Select THREE).
a) Check the ACCESS_HISTORY view to identify which users have accessed which data.
b) Check the GRANTS_TO_USERS view to identify users who have access to system roles.
c) Check the GRANTS_TO_ROLES view to identify roles that have been granted the MANAGE GRANTS privilege.
d) Check the CREDENTIALS view to see which authentication methods have been used by users.
e) Check the QUERY_HISTORY view to identify if unexpected GRANT, REVOKE, CREATE USER, or ALTER_USER queries have been run.
f) Check the ROLES view to see who owns the existing roles.
09. A Security Engineer is designing a role hierarchy for a multi-team environment that has these requirements:
1. Data Scientists need read-only access to sensitive data sets in SECURE_DB.SCIENCE_DATA.
2. Data Engineers need to create and manage objects in the same data set but should not be able to access sensitive data.
3. Compliance Officers must have audit access and be able to manage grants without modifying or querying data.
4. All roles must be custom, follow least privilege best practice, and support future scalability.
Which implementation should be used?
a) Assign system roles and restrict access using network policies and warehouse-level controls.
b) Create individual custom roles and assign them directly to users, eliminating privilege inheritance vulnerabilities.
c) Use masking policies and schema-level grants to control access, assigning all users a shared role.
d) Create three custom roles with scoped privileges and nest them under a parent role, giving the custom roles limited access.
10. As part of a security investigation, a Security Engineer identified a suspicious query (QUERY_ID = '01c-b3a-d3c') in the ACCOUNT_USAGE.QUERY_HISTORY view. The query executed a complex, multi-layered secure view.
The Engineer must provide definitive proof of all underlying tables that were read by that single, specific execution of the query. How should this requirement be met?
a) Query ACCOUNT_USAGE.VIEWS to find the view definition, and manually parse the DDL text to list all referenced tables.
b) Query the ACCOUNT_USAGE.OBJECT_DEPENDENCIES view to recursively find all tables that the secure view is linked to.
c) Query the ACCOUNT_USAGE.ACCESS_HISTORY view, filtering WHERE QUERY_ID = '01c-b3a-d3c', and inspect the BASE_OBJECTS_ACCESSED.
d) Monitor the SNOWFLAKE.TRUST_CENTER views for login anomalies associated with the user who ran the query.
Answers:
|
Question: 01 Answer: b |
Question: 02 Answer: c |
Question: 03 Answer: d |
Question: 04 Answer: b, c |
Question: 05 Answer: a |
|
Question: 06 Answer: d |
Question: 07 Answer: a |
Question: 08 Answer: b, c, e |
Question: 09 Answer: d |
Question: 10 Answer: c |
Note: Please update us by writing an email on feedback@vmexam.com for any error in Snowflake Certified SnowPro Advanced - Security Engineer certification exam sample questions
