ARA-C01 · Question #130
The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization's system. What is the BEST way to find recent and ongoing login attempts to Snowfl
The correct answer is B. Query the LOGIN_HISTORY view in the ACCOUNT_USAGE schema in the SNOWFLAKE. The ACCOUNT_USAGE.LOGIN_HISTORY view in the SNOWFLAKE database is the best option for investigating credential stuffing attacks because it retains up to 365 days of login history and includes all login attempts-both successful and failed-for every user. Option A (the LOGIN_HISTOR
Question
The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization's system. What is the BEST way to find recent and ongoing login attempts to Snowflake?
Options
- ACall the LOGIN_HISTORY Information Schema table function.
- BQuery the LOGIN_HISTORY view in the ACCOUNT_USAGE schema in the SNOWFLAKE
- CView the History tab in the Snowflake UI and set up a filter for SQL text that contains the text
- DView the Users section in the Account tab in the Snowflake UI and review the last login column.
How the community answered
(30 responses)- A7% (2)
- B77% (23)
- C3% (1)
- D13% (4)
Explanation
The ACCOUNT_USAGE.LOGIN_HISTORY view in the SNOWFLAKE database is the best option for investigating credential stuffing attacks because it retains up to 365 days of login history and includes all login attempts-both successful and failed-for every user. Option A (the LOGIN_HISTORY Information Schema table function) only retains data for the last 7 days and is scoped to the current session's accessible objects, limiting historical analysis. Option C (the History tab in the UI) shows query history, not authentication/login events. Option D (the Users section) only shows each user's last login timestamp, providing no detail about failed attempts, IP addresses, or the volume of attempts needed to identify a stuffing attack.
Topics
Community Discussion
No community discussion yet for this question.