nerdexam
Snowflake

ARA-C01 · Question #130

The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization's system. What is the BEST way to find recent and ongoing login attempts to Snowfl

The correct answer is B. Query the LOGIN_HISTORY view in the ACCOUNT_USAGE schema in the SNOWFLAKE. The ACCOUNT_USAGE.LOGIN_HISTORY view in the SNOWFLAKE database is the best option for investigating credential stuffing attacks because it retains up to 365 days of login history and includes all login attempts-both successful and failed-for every user. Option A (the LOGIN_HISTOR

Security and Compliance

Question

The IT Security team has identified that there is an ongoing credential stuffing attack on many of their organization's system. What is the BEST way to find recent and ongoing login attempts to Snowflake?

Options

  • ACall the LOGIN_HISTORY Information Schema table function.
  • BQuery the LOGIN_HISTORY view in the ACCOUNT_USAGE schema in the SNOWFLAKE
  • CView the History tab in the Snowflake UI and set up a filter for SQL text that contains the text
  • DView the Users section in the Account tab in the Snowflake UI and review the last login column.

How the community answered

(30 responses)
  • A
    7% (2)
  • B
    77% (23)
  • C
    3% (1)
  • D
    13% (4)

Explanation

The ACCOUNT_USAGE.LOGIN_HISTORY view in the SNOWFLAKE database is the best option for investigating credential stuffing attacks because it retains up to 365 days of login history and includes all login attempts-both successful and failed-for every user. Option A (the LOGIN_HISTORY Information Schema table function) only retains data for the last 7 days and is scoped to the current session's accessible objects, limiting historical analysis. Option C (the History tab in the UI) shows query history, not authentication/login events. Option D (the Users section) only shows each user's last login timestamp, providing no detail about failed attempts, IP addresses, or the volume of attempts needed to identify a stuffing attack.

Topics

#Security auditing#Login history#Account Usage#Credential stuffing

Community Discussion

No community discussion yet for this question.

Full ARA-C01 Practice