Snowflake SnowPro Specialty - Native Apps Sample Questions:

1. You are packaging a Snowflake Native App and need to ensure that consumer accounts can only access specific data views you've created within your application schem a. You want to prevent consumers from directly querying the underlying tables. Which of the following security measures, when implemented together, BEST achieve this objective? (Choose two)

A) Do not grant any privileges on the underlying tables to the 'application role' within the application package.
B) Use secure views to expose data, ensuring data access is controlled through the view's definition.
C) Grant 'SELECT' privilege on the underlying tables to the 'application role' within the application package.
D) Grant 'SELECT privilege only on the views to the 'application role' within the application package.
E) Grant "OWNERSHIP' on the views to the 'application role' within the application package.

2. A company publishes a Snowflake Native Application on the Snowflake Marketplace providing aggregated sales dat a. They want to ensure data is fresh and updated daily at 00:00 UTC. They are considering several approaches to automate this data refresh process.
Which of the following methods are MOST effective and SECURE for scheduling and executing this daily data update within the Snowflake Native Application environment? Choose two.

A) Use Snowflake Tasks scheduled to run daily at 00:00 UTC to execute a stored procedure within the Native Application that updates the data.
B) Utilize a cron job on a virtual machine to execute a SQL script via SnowSQL, connecting to Snowflake and refreshing the data.
C) Leverage Snowflake's Data Marketplace update scheduling feature (if available and applicable to their type of listing) to automatically refresh the data.
D) Schedule a Python script using an external task service (e.g., AWS Lambda) that connects to Snowflake and executes the data refresh procedure.
E) Implement a Java-based scheduler within the Snowflake Native Application itself using UDFs, triggered by an external service via API integration.

3. You are developing a Snowflake Native Application. You need to grant specific privileges on a warehouse named 'APP WH' to the application role 'app_public' to allow application users to execute queries within that warehouse. Which of the following SQL statements is the MOST secure and appropriate way to achieve this, adhering to the principle of least privilege?

A)

B)

C)

D)

E)

4. You are preparing to publish a Snowflake Native Application on the Snowflake Marketplace. Your application requires several external functions (UDFs) that need to be securely called. Which of the following steps are crucial to correctly configure these external functions within your application package to ensure they function as expected after installation by consumers?

A) Ensure that the external functions are defined using the 'SECURE' keyword and that the API integration object associated with the functions is included in the application package setup script.
B) Define external functions with 'VOLATILE keyword to bypass security restrictions. As it needs to be executed during installation, define it in application setup scripts and the API integration object's details will be automatically configured at the consumer end.
C) Grant the ' USAGE privilege on the API integration object to the application role used by the consumer. This will be automatically inherited when the consumer installs the application.
D) Provide clear documentation for the consumer to manually configure the API integration object in their Snowflake account after installing the application.
E) Set the application version as 'TRUSTED' using the 'ALTER APPLICATION VERSION' command after installation.

5. A financial services company is developing a Snowflake Native App. It needs to securely access external market data via an API and store the processed results in a consumer-provided table. Considering security best practices and the Snowflake Native App Framework limitations, which of the following approaches represents the MOST secure and recommended implementation for this scenario?

A) Utilize a Python UDF with the 'external network access' capability to call the external API directly from within the UDF. Store the processed data directly into a consumer-provided table by using the application role. API key is stored in snowflake secret.
B) Employ a Snowflake external function, configured with a service account, which invokes an API integration stored in the provider account. The external function returns the data, which is then inserted into a consumer-owned table using a stored procedure and INSERT statements, where the application role has been granted the necessary INSERT privilege.
C) Utilize a Java UDF with the 'network access' capability to call the external API directly from within the UDF. Store the processed data directly into a consumer- provided table by using the application role with INSERT privilege granted by consumer.
D) Use a Snowflake external function with an API integration that passes the API key as a parameter. Store the processed data in a consumer-provided table using dynamic SQL.
E) Use a Snowflake external function with an API integration, configured with a service account that has the necessary permissions to access the API. Store the processed data in a consumer-provided table using stored procedures and INSERT statements using the application role.

Solutions: