SOL-C01 · Question #278
SOL-C01 Question #278: Real Exam Question with Answer & Explanation
The correct answer is C: Option C. Option C is the most secure because it uses an IAM role for authentication, which avoids storing long- term AWS keys directly in Snowflake. It also specifies the KMS encryption, which is necessary for accessing data encrypted with KMS. Option A uses AWS Keys, which is less secure
Question
A data engineer needs to create a new external stage in Snowflake to access data stored in AWS S3. The S3 bucket is encrypted using AWS KMS. Which of the following SQL commands is the MOST SECURE and complete way to create the stage, assuming the necessary IAM role and key ARN are already known and have the appropriate Snowflake permissions?
Options
- AOption A
- BOption B
- COption C
- DOption D
Explanation
Option C is the most secure because it uses an IAM role for authentication, which avoids storing long- term AWS keys directly in Snowflake. It also specifies the KMS encryption, which is necessary for accessing data encrypted with KMS. Option A uses AWS Keys, which is less secure. Option B doesn't provide the credentials. Option D only provides credentials with IAM role but not ENCRYPTION parameter for KMS encryption. Option E uses AWS Keys along with a token, which is still less secure than using an IAM role for authentication.
Topics
Community Discussion
No community discussion yet for this question.