nerdexam
Snowflake

DEA-C02 · Question #124

A Data Engineer needs to create a SQL script that will load and transform data in batch mode into Snowflake. The script should be run with SnowSQL, and should be scheduled to run at specific times in

The correct answer is B. Key-pair authentication. Key-pair authentication (B) is ideal for automated, scheduled batch processes because it uses a private/public key pair - the private key is stored securely on the machine running SnowSQL, requiring no human interaction at runtime. This makes it both secure and fully automatable

Security and Governance

Question

A Data Engineer needs to create a SQL script that will load and transform data in batch mode into Snowflake. The script should be run with SnowSQL, and should be scheduled to run at specific times in the company’s corporate scheduler. Based on this scenario, what is the MOST secure way to authenticate into Snowflake?

Options

  • ASingle Sign-On (SSO)
  • BKey-pair authentication
  • CUsername and password
  • DMulti-Factor Authentication (MFA)

How the community answered

(57 responses)
  • A
    4% (2)
  • B
    72% (41)
  • C
    9% (5)
  • D
    16% (9)

Explanation

Key-pair authentication (B) is ideal for automated, scheduled batch processes because it uses a private/public key pair - the private key is stored securely on the machine running SnowSQL, requiring no human interaction at runtime. This makes it both secure and fully automatable without embedding plaintext credentials in scripts or config files.

Why the distractors fail:

  • SSO (A) requires a browser-based redirect and human login interaction, making it incompatible with unattended scheduled jobs.
  • Username/password (C) can work technically, but storing credentials in scripts or environment variables is a security risk and is the least secure option listed.
  • MFA (D) requires a human to approve a push notification or enter a one-time code at login time - impossible to automate in a corporate scheduler.

Memory tip: Think "batch = no human present." Any auth method that requires a human to click, type, or approve something is eliminated immediately. Key-pair auth is the standard for service accounts and automated pipelines across most cloud data platforms, not just Snowflake.

Topics

#Snowflake authentication#Key-pair authentication#Automated workflows#Security best practices

Community Discussion

No community discussion yet for this question.

Full DEA-C02 Practice