SOL-C01 · Question #94
SOL-C01 Question #94: Real Exam Question with Answer & Explanation
The correct answer is B: Use separate IAM roles for each pipeline, granting each role only the necessary permissions to. Using separate IAM roles (B) for each pipeline enforces the principle of least privilege, granting each pipeline only the necessary access to its designated S3 bucket. Creating separate external stages (D) for each pipeline, linked to its specific S3 bucket and IAM role, provides
Question
A team is developing a data pipeline to load data from various sources into Snowflake. They are using external stages pointing to AWS S3 buckets and want to ensure maximum security and isolation between different pipelines accessing these stages. Which of the following security measures should they implement? (Choose TWO)
Options
- AGrant the 'ACCOUNTADMIN' role to all users who need to access the stages.
- BUse separate IAM roles for each pipeline, granting each role only the necessary permissions to
- CStore all data files in a single S3 bucket and grant a single IAM role access to the entire bucket.
- DCreate separate external stages for each pipeline, each pointing to its specific S3 bucket and
- EDisable network policies on the Snowflake account to allow access from any IP address.
Explanation
Using separate IAM roles (B) for each pipeline enforces the principle of least privilege, granting each pipeline only the necessary access to its designated S3 bucket. Creating separate external stages (D) for each pipeline, linked to its specific S3 bucket and IAM role, provides isolation and prevents unauthorized access to other pipelines' data. Granting 'ACCOUNTADMIN' (A) provides excessive privileges. Storing all data in a single bucket (C) with a single IAM role increases the risk of data breaches. Disabling network policies (E) compromises overall security.
Topics
Community Discussion
No community discussion yet for this question.