Snowflake SnowPro Advanced - Security Engineer Certification Exam Syllabus

• Automate RBAC management programmatically
• Integrate RBAC management with IdPs using SCIM (user group membership)
• Manage hierarchical RBAC models

- Define and manage custom roles and least-privilege role hierarchies:

• Understand best practices for role design (functional vs. access roles):
  - System-defined roles
  - SNOWFLAKE database roles
  - SNOWFLAKE application roles
  - User-defined custom roles (account, database, and application)
• Manage privilege grants in Snowflake

• Snowflake-managed MFA
• Externally-managed MFA

- Implement Single-Sign-On (SSO):

• Configure SAML, and OAuth authentication
• Troubleshoot SSO integration issues

- Manage secure programmatic access:

• Implement key-pair authentication
• Implement Programmatic Access Token (PAT) authentication
• Implement external API authentication and secrets

- Rotate user credentials
- Configure and monitor session policies
- Design and manage leaked password and malicious IP protections

• Use network rules for granular access control
• Rules policies: IP allow lists and deny lists
• Apply network policies to accounts and users

- Configure and troubleshoot private connectivity and storage integrations:

• AWS PrivateLink, Azure Private Link, and GCP Private Service Connect
• Troubleshoot private connectivity issues

- Support multi-cloud network policy enforcement

• Use network rules to manage allowed external endpoints
• Leverage API authentication integrations
• Establish the order of operations:
  - Perform third-party vendor risk assessment

● Leverage Snowflake secrets for secure authentication with external endpoints:

• OAuth
• Cloud provider tokens
• Passwords
• Generic strings

● Understand best practice recommendations for secure connectivity from Snowflake to external systems:

• Egress proxy configurations
• Configure external functions

• Design and apply Dynamic Data Masking policies
• Create masking policies with SQL expressions and Snowflake functions
• Manage the masking policy lifecycle:
  - Monitor the impact of policy changes on data visibility

- Use the External Tokenization function
- Use tag-based masking policies
- Use projection policies
- Implement row-access policies:

• Design and apply row-access policies with SQL expressions and Snowflake functions
• Understand policy precedence and interactions
• Manage the row access policy lifecycle:
  - Troubleshoot row access policy enforcement

- Utilize aggregation policies, differential privacy policies, and budgets

• Use synthetic data to support privacy

- Configure and manage Snowflake Data Clean Rooms:

• Apply the principles of secure multi-party computation
• Support collaborative analysis without direct data exposure
• Understand the security implications of using secure objects, including views, functions, and procedures

- Configure Data Listings

• Manage Time Travel settings at the table, schema, and account levels
• Understand the differences and use cases for Time Travel and Fail-safe
• Differentiate between Time Travel and Fail-safe in context of security and compliance

- Configure and enforce data retention policies
- Define appropriate retention strategies for structured and semi-structured data:

• Align retention policies with compliance requirements (for example, GDPR and HIPAA)
• Apply retention settings using DDL and governance tools (for example, tagging and policies)

- Manage the data lifecycle using object lifecycle management features:

• Automate data archival and purging using lifecycle management best practices
• Use table metadata and access patterns to determine data aging strategies
• Leverage features including transient tables, temporary tables, and auto-drop configurations

• Audit tagging using the TAG_REFERENCES and TAG_REFERENCES_HISTORY views
• Visualize data lineage

- Implement data classification:

• Configure automatic, custom, and manual classifications
• Integrate data classification into data governance policies

• Implement the principle of least privilege for replication-specific roles
• Manage and audit privileges such as CREATE REPLICATION GROUP and REPLICATE

- Define and secure ownership of replication and failover group objects
- Manage replication protocols and policies

• Configure replication groups to include critical security objects
• Replicate network policies to maintain consistent access controls

- Manage the replication of security integrations (SAML2, OAuth, SCIM) to ensure seamless authentication and authorization post-failover
- Validate the replication of users, roles, and grants

• Conduct periodic audits of replication configurations
• Perform controlled tests of the failover process to validate security object promotion and functionality

- Configure Client Redirect
- Execute replication and failover operations:

• Monitor audit logs for anomalies during the transition process
• Re-establish security configurations for external resources, for example trust relationships for external stages

- Perform a post-failover validation audit:

• Verify that replicated network policies and security integrations are active and enforced on the new primary account.
• Audit user roles and permissions
• Validate the secure client redirection configurations

• Monitor the ACCOUNT_USAGE views for information on alert thresholds, correlating events, and incident responses:
  - Use Snowflake Trail observability features
  - Map evidence to security frameworks (such as GDPR, HIPAA, etc.)
  - Manage interfaces for auditors

- Integrate external monitoring and observability tools with Snowflake
- Trace data access within AI/ML workloads running on Snowpark Container Services
- Track changes of the use of secure objects (for example, views, functions, and procedures)
- Monitor login history for authentication anomalies, including brute-force attacks and unauthorized access attempts manually, or using Trust Center and external tools
- Set up automated alerts and notifications for security events:

• Configure email or external integrations for security alerts using tasks and streams

• Security-related implications
• Credit consumption considerations
• Operational-overhead implications
• Cloud provider implications

- Monitor anomalous credit consumption as a critical security signal:

• Changes in serverless compute consumption
• Credit consumption of advanced features, for example AI, Snowpark and Container Services

• Explain how encryption, access controls, masking, and auditing support regulatory requirements (for example, GDPR, HIPAA, CCPA, and PCI DSS)

- Define, enable, and automate audit policies to support compliance reporting
- Use Snowflake Trust Center resources to support compliance and security:

• Snowflake Compliance Center
• Security certifications
• Compliance reports

• Data sharing configurations
• Over-privileged roles and users
• Compromised service account credentials
• Vulnerabilities in 3rd-party connections and packages

- Implement mitigation strategies

• Monitor Snowflake logs
• Investigate alerts from security tools
• Triage incoming alerts
• Isolate affected user accounts
• Revoke compromised credentials or API keys
• Implement new or update existing network policies
• Suspend data sharing or integration

- Manage eradication and recovery:

• Identify the root cause of the incident
• Remove any malicious access or persisting mechanisms
• Restore data from backups, Time Travel, or Fail-safe

• ACCOUNT_USAGE views
• Use Time Travel and Fail-safe to access historical states of data
• Establish a chain of custody for evidence

- Perform a forensic analysis:

• Analyze query logs (query_history) to identify what actions were performed
• Review access logs (access_history) to determine which tables, views, and columns were read or modified
• Examine login history (login_history) to trace the source IP, client application, and authentication methods used
• Correlate Snowflake data with logs from other systems (for example, identity provider, network devices) to build an incident timeline

• Establish roles and permissions to ensure services access Snowflake data securely
• Manage sensitive configurations within service specifications (YAML)

- Monitor and troubleshoot security issues within Snowpark Container Services deployments:

• Use the SERVICE_USAGE_HISTORY and compute pool monitoring views
• Monitor container logs

• Configure COMPLETE() and TRY_COMPLETE() functions to filter content
• Use filtered responses (for example, NULL from TRY_COMPLETE())

- Use Cortex functions to classify data and detect anomalies:

• Apply CLASSIFY_TEXT() to identify and tag sensitive data categories

- Use Cortex AI for data security:

• Apply AI Observability features for Gen AI application security
• Use LLM-as-a-Judge to evaluate AI application responses for bias, toxicity, and accuracy (relevant to data security and responsible AI)
• Interpret traces to debug and audit the flow of sensitive data through Gen AI applications
• Monitor AI application performance metrics related to security and data quality

- Use Cortex Analyst to support secure data exploration:

• Securely configure semantic models
• Access Cortex Analyst request logs to audit natural language queries and generated SQL

- Configured Cortex Agents to automate security and governance workflows:

• Manage Agent orchestration and tool usage
• Use Copilot for Snowflake Horizon Catalog to analyze and audit security

• Secure, package, and share Native Apps
• Use Streamlit in Snowflake application role ownership parameters
• Use OAuth to authenticate app users
• Implications of running Native Apps in Snowpark Container Services
• Implement User-Based Access Control (UBAC) features with Native Apps

- Manage permissions for app installation and usage
- Secure application code and its dependencies:

• App internal code
• Third-party packages and libraries
• App secrets and credentials