nerdexam
Snowflake

DEA-C02 · Question #126

A Data Engineer discovered that many tables in the company database contain sensitive details about products which are not yet in production. This information is scattered across multiple tables, in d

The correct answer is B. 1. Tag all tables that contain sensitive data.. Tagging tables containing sensitive data is correct because tags in modern data platforms (like Snowflake) are first-class governance objects - they can be queried programmatically via system views (e.g., TAG_REFERENCES), associated with data masking or row access policies, and u

Security and Governance

Question

A Data Engineer discovered that many tables in the company database contain sensitive details about products which are not yet in production. This information is scattered across multiple tables, in different columns within each table. The Engineer is focusing on securing the data in table packaging first, with access provided only to users with roles researcher and marketing. All tables with sensitive data should be identified to better manage data governance. How can these requirements be met using the LEAST amount of operational overhead?

Exhibits

DEA-C02 question #126 exhibit 1
DEA-C02 question #126 exhibit 2
DEA-C02 question #126 exhibit 3
DEA-C02 question #126 exhibit 4

Options

  • A
    1. Add a comment to all tables containing sensitive data.
  • B
    1. Tag all tables that contain sensitive data.
  • C
    1. Tag all tables that contain sensitive data.
  • D
    1. Tag all tables that contain sensitive data.

How the community answered

(33 responses)
  • A
    6% (2)
  • B
    64% (21)
  • C
    12% (4)
  • D
    18% (6)

Explanation

Tagging tables containing sensitive data is correct because tags in modern data platforms (like Snowflake) are first-class governance objects - they can be queried programmatically via system views (e.g., TAG_REFERENCES), associated with data masking or row access policies, and used to enforce access control at scale with minimal ongoing effort. This directly addresses both requirements: securing the packaging table and identifying all sensitive tables across the database.

Why A is wrong: Comments are plain text metadata with no integration into access control or governance tooling - they cannot be queried systematically to identify sensitive tables, and they cannot enforce or trigger any security policy, making them high-effort to audit and useless for automation.

Why C and D are wrong: Although they also start with tagging, their subsequent steps (not fully shown here) likely introduce additional manual steps or redundant configurations that add operational overhead compared to the streamlined tag-based approach in B.

Memory tip: Think "Tags = Trackable + Actionable, Comments = Cosmetic." Tags are machine-readable and policy-aware; comments are just notes for humans. On exams, when you see "least operational overhead" + "data governance," tags are almost always the right lever.

Topics

#Data Governance#Tags#Data Masking#Access Control

Community Discussion

No community discussion yet for this question.

Full DEA-C02 Practice