ARA-C01 Question #44: Real Exam Question with Answer & Explanation

The correct answer is B: At the account level (AMK). Tri-Secret Secure is a feature that allows customers to use their own key, called the customer- managed key (CMK), in addition to the Snowflake-managed key, to create a composite master key that encrypts the data in Snowflake. The composite master key is also known as the account

Security and Compliance

Question

When activating Tri-Secret Secure in a hierarchical encryption model in a Snowflake account, at what level is the customer-managed key used?

Options

AAt the root level (HSM)
BAt the account level (AMK)
CAt the table level (TMK)
DAt the micro-partition level

Explanation

Tri-Secret Secure is a feature that allows customers to use their own key, called the customer- managed key (CMK), in addition to the Snowflake-managed key, to create a composite master key that encrypts the data in Snowflake. The composite master key is also known as the account master key (AMK), as it is unique for each account and encrypts the table master keys (TMKs) that encrypt the file keys that encrypt the data files. The customer-managed key is used at the account level, not at the root level, the table level, or the micro-partition level. The root level is protected by a hardware security module (HSM), the table level is protected by the TMKs, and the micro-partition level is protected by the file keys.

Topics

#Tri-Secret Secure#Customer-Managed Keys (CMK)#Encryption Hierarchy#Account Master Key (AMK)

Community Discussion

No community discussion yet for this question.

Full ARA-C01 Practice Browse All ARA-C01 Questions