SOL-C01 · Question #63
SOL-C01 Question #63: Real Exam Question with Answer & Explanation
The correct answer is A: The network policy was not activated at the account level correctly. Check using `SHOW. If the network policy isn't activated at the account level, it won't be enforced. User-level policies override account-level policies. An incorrectly configured `BLOCKED IP LIST might allow traffic through. Restarting the warehouse is not related to network policy enforcement. Th
Question
A Snowflake administrator is configuring network policies for their organization. They need to restrict access to their Snowflake account to only specific IP addresses associated with their corporate network. They create a network policy with an 'ALLOWED IP LIST. After activating the policy at the account level, users from outside the allowed IP range are still able to connect. Which of the following reasons could explain why this is happening? (Choose all that apply)
Options
- AThe network policy was not activated at the account level correctly. Check using `SHOW
- BThere is another network policy active at the user level that overrides the account-level policy.
- CSnowflake does not enforce network policies until the virtual warehouse is restarted.
- DThe `BLOCKED IP LIST in the network policy is configured incorrectly, inadvertently allowing traffic
- EThe user is connecting through a VPN that uses an IP address within the 'ALLOWED_IP_LIST.
Explanation
If the network policy isn't activated at the account level, it won't be enforced. User-level policies override account-level policies. An incorrectly configured `BLOCKED IP LIST might allow traffic through. Restarting the warehouse is not related to network policy enforcement. The VPN explanation would be the expected result if the user followed the rules, not a reason why things are not working. So only A, B and D apply to this situation.
Topics
Community Discussion
No community discussion yet for this question.