SnowPro Advanced Architect: What is the BEST way to find recent and ongoing login attempts to Snowflake?

Question

The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization’s system. What is the BEST way to find recent and ongoing login attempts to Snowflake?

A. Call the LOGIN_HISTORY Information Schema table function.
B. Query the LOGIN_HISTORY view in the ACCOUNT_USAGE schema in the SNOWFLAKE database.
C. View the History tab in the Snowflake UI and set up a filter for SQL text that contains the text “LOGIN”.
D. View the Users section in the Account tab in the Snowflake UI and review the last login column.

Answer

A. Call the LOGIN_HISTORY Information Schema table function.

Explanation

A. Call the LOGIN_HISTORY Information Schema table function.

The BEST way to find recent and ongoing login attempts to Snowflake is by calling the LOGIN_HISTORY Information Schema table function. This function returns login activity within the last 7 days and can be used to query login attempts by Snowflake users along various dimensions. You can further filter the results using SQL predicates to focus on specific users, time ranges, or other criteria.

The LOGIN_HISTORY table function provides more flexibility and granularity in retrieving login attempt information compared to other options. It allows you to programmatically analyze and monitor login attempts, which is essential for identifying and mitigating credential stuffing attacks.

Here’s an example of how to retrieve up to the last 100 login events of the current user:

sql
SELECT *
FROM TABLE(INFORMATION_SCHEMA.LOGIN_HISTORY())
ORDER BY EVENT_TIMESTAMP DESC
LIMIT 100;

For a specific user, you can use the LOGIN_HISTORY_BY_USER function:

sql
SELECT *
FROM TABLE(INFORMATION_SCHEMA.LOGIN_HISTORY_BY_USER(USER_NAME => 'username'))
ORDER BY EVENT_TIMESTAMP DESC
LIMIT 100;

Remember to replace ‘username’ with the actual username you want to check login attempts for.

Reference

• How to view failed user login attempts (snowflake.com)
• Snowflake Security Overview and Best Practices
• Securing Snowflake | Snowflake Documentation
• Credential stuffing | OWASP Foundation
• Credential stuffing definition, detection, and prevention | CSO Online
• The State of Credential Stuffing Attacks (securityintelligence.com)
• LOGIN_HISTORY , LOGIN_HISTORY_BY_USER | Snowflake Documentation
• LOGIN_HISTORY View | Snowflake Documentation
• Access History | Snowflake Documentation
• QUERY_HISTORY View | Snowflake Documentation
• LOGIN_HISTORY View (Account Usage): New Column (snowflake.com)
• Account Usage | Snowflake Documentation

Snowflake SnowPro Advanced Architect certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Snowflake SnowPro Advanced Architect exam and earn Snowflake SnowPro Advanced Architect certification.