SOL-C01 Question #77: Real Exam Question with Answer & Explanation

Question

You are tasked with securing sensitive data in a table called `CUSTOMER DATA'. You want to grant the 'SELECT privilege on this table to a role called 'ANALYST ROLE, but prevent them from seeing the 'CREDIT CARD NUMBER column, which contains personally identifiable information (PII). Which of the following approaches are valid in Snowflake to achieve this?

Options

• ACreate a view on 'CUSTOMER_DATA' that excludes the column and grant 'SELECT' on the view
• BUse dynamic data masking on the column and grant the 'UNMASK' privilege to only specific roles
• CGrant `SELECT on 'CUSTOMER_DATA' to 'ANALYST_ROLE and then 'REVOKE SELECT
• DApply a row access policy to filter out rows containing sensitive information when accessed by
• ECreate a secure view on 'CUSTOMER DATA that excludes the 'CREDIT CARD NUMBER column

Explanation

Option A is valid: Creating a view and granting 'SELECT on the view allows you to control which columns are visible to the 'ANALYST ROLE. Option B is valid: Dynamic data masking allows you to mask the sensitive column for unauthorized users (in this case, 'ANALYST_ROLE') while allowing authorized users to see the unmasked data using the 'UNMASK' privilege. Option C is invalid: You cannot revoke privileges on a specific column; privileges are granted and revoked at the table level. Option D is incorrect: Row Access Policies filter rows, not columns. Option E is valid: Secure views are the most secure way to filter the specific data.

No community discussion yet for this question.