Table of Contents
Question
A company wants to deploy its Snowflake accounts inside its corporate network with no visibility on the internet. The company is using a VPN infrastructure and Virtual Desktop Infrastructure (VDI) for its Snowflake users. The company also wants to re-use the login credentials set up for the VDI to eliminate redundancy when managing logins.
What Snowflake functionality should be used to meet these requirements? (Choose two.)
A. Set up replication to allow users to connect from outside the company VPN.
B. Provision a unique company Tri-Secret Secure key.
C. Use private connectivity from a cloud provider.
D. Set up SSO for federated authentication.
E. Use a proxy Snowflake account outside the VPN, enabling client redirect for user logins.
Answer
C. Use private connectivity from a cloud provider.
E. Use a proxy Snowflake account outside the VPN, enabling client redirect for user logins.
Explanation
The correct answers are C and E.
- C. Use private connectivity from a cloud provider. Snowflake offers private connectivity options for customers who want to connect to Snowflake without using the public internet. This can be done by using a cloud provider’s virtual private network (VPN) or by using a dedicated line.
- E. Use a proxy Snowflake account outside the VPN, enabling client redirect for user logins. A proxy Snowflake account can be used to allow users to connect to Snowflake from outside the company VPN. This can be done by enabling client redirect, which will redirect users to the proxy Snowflake account when they try to connect to Snowflake. The proxy Snowflake account can then use the company’s VPN to connect to Snowflake.
The other options are not correct because:
- A. Set up replication to allow users to connect from outside the company VPN. Replication is used to create copies of data in Snowflake. It does not allow users to connect to Snowflake from outside the company VPN.
- B. Provision a unique company Tri-Secret Secure key. Tri-Secret Secure (TSS) keys are used to encrypt data in Snowflake. They do not allow users to connect to Snowflake from outside the company VPN.
- D. Set up SSO for federated authentication. SSO can be used to allow users to sign in to multiple applications using a single set of credentials. However, it does not allow users to connect to Snowflake from outside the company VPN.
Here are some additional details about the two correct options:
- Private connectivity from a cloud provider. When using private connectivity from a cloud provider, the company will need to create a VPN tunnel between Snowflake and the cloud provider. The company will then need to configure their Snowflake account to use the VPN tunnel.
- Proxy Snowflake account. When using a proxy Snowflake account, the company will need to create a new Snowflake account that is outside the company VPN. The company will then need to configure their Snowflake clients to use the proxy Snowflake account.
Reference
- Network Policies | Snowflake Documentation
- Managing Accounts in Your Organization | Snowflake Documentation
- Connecting to Your Accounts | Snowflake Documentation
- Setup Considerations When Integrating AWS PrivateLink With Snowflake
- Azure Private Link & Snowflake | Snowflake Documentation
- Azure Virtual Desktop security best practices – Azure | Microsoft Learn
Snowflake SnowPro Advanced Architect certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Snowflake SnowPro Advanced Architect exam and earn Snowflake SnowPro Advanced Architect certification.