ARA-C01 · Question #52
A Snowflake Architect is designing a multiple-account design strategy. This strategy will be MOST cost-effective with which scenarios? (Select TWO).
The correct answer is B. When dealing with PCI DSS compliance, having separate accounts can be beneficial because D. Different Active Directory instances can be managed more effectively and securely when. Multiple Snowflake accounts are most cost-effective and architecturally justified in these two cases. B is correct: PCI DSS compliance often mandates strict isolation of cardholder data environments (CDE). A separate Snowflake account provides a hard boundary - separate encryptio
Question
A Snowflake Architect is designing a multiple-account design strategy. This strategy will be MOST cost-effective with which scenarios? (Select TWO).
Options
- AThe company wants to clone a production database that resides on AWS to a development
- BWhen dealing with PCI DSS compliance, having separate accounts can be beneficial because
- CThe company needs to support different role-based access control features for the development,
- DDifferent Active Directory instances can be managed more effectively and securely when
- EThe company must use a specific network policy for certain users to allow and block given IP
How the community answered
(32 responses)- A22% (7)
- B59% (19)
- C13% (4)
- E6% (2)
Explanation
Multiple Snowflake accounts are most cost-effective and architecturally justified in these two cases. B is correct: PCI DSS compliance often mandates strict isolation of cardholder data environments (CDE). A separate Snowflake account provides a hard boundary - separate encryption keys, separate audit logs, separate network policies, and a clear compliance perimeter - which is much cleaner than trying to isolate within a single account using roles and policies. This reduces compliance audit complexity and risk. D is correct: different Active Directory (or identity provider) instances cannot easily be mapped into a single Snowflake account's SSO/SCIM configuration. Separate accounts allow each business unit or subsidiary with its own IdP to be independently managed without cross-contamination of identity configurations. Choices A and C describe scenarios (cloning across clouds, RBAC differences between environments) that are better and more cheaply handled within a single account using Snowflake's native features like database cloning and role hierarchies. Choice E (network policies per user) can be configured within a single account.
Topics
Community Discussion
No community discussion yet for this question.