Snowflake SnowPro Advanced Administrator ADA-C01 Question # 13 Topic 2 Discussion

ADA-C01 Exam Topic 2 Question 13 Discussion:

Question #: 13

Topic #: 2

An Administrator needs to implement an access control mechanism across an organization. The organization users access sensitive customer data that comes from different regions and needs to be accessible for Analysts who work in these regions. Some Analysts need very specific access control depending on their functional roles in the organization. Following Snowflake recommended practice, how should these requirements be met? (Select TWO).

Implement views on top of base tables that exclude or mask sensitive data.

Implement row access policies and Dynamic Data Masking policies.

Include masking rules as part of data ingestion and transformation pipelines.

Use a third-party tool to share the data.

Use zero-copy cloning to replicate the database schema and provide access as needed.

Get Premium ADA-C01 Questions

Explanation

The scenario describes a need forfine-grained access controloversensitive customer dataacrossmultiple regions, withfunctional-role-based accessfor analysts. Snowflake recommends applying alayered security modelthat separates raw data from user-facing access and leveragesbuilt-in policy features.

Explanation of Correct Answers:

A. Implement views on top of base tables that exclude or mask sensitive data.

Creatingsecure viewsallows administrators toabstract sensitive fieldsor filter out certain rows and columns.

It enablesrole-based access controlby granting specific roles access only to the secure views.

Common practice is to restrict access to base tables and give users access to views that enforce business logic and data access rules.

B. Implement row access policies and Dynamic Data Masking policies.

Row Access Policiescontrol access at therow level, determining what data a user can see based on their role or session context.

Dynamic Data Maskingallows you tomask sensitive column data(like PII) dynamically based on the accessing role.

Both arecentral features of Snowflake’s fine-grained access control.

Why the other options are incorrect:

C. Include masking rules as part of data ingestion and transformation pipelines.

This isnot a Snowflake-recommended best practicefor access control.

It hardcodes data access rules into ETL/ELT logic, which reduces flexibility and central control.

Also, it masks the data permanently at ingestion time, rather than dynamically at query time.

D. Use a third-party tool to share the data.

Snowflake supports nativeSecure Data Sharing, and using a third-party tool is unnecessary and introduces complexity.

It does not address row/column-level access control within Snowflake itself.

E. Use zero-copy cloning to replicate the database schema and provide access as needed.

Zero-copy cloning is ideal fortesting, development, and backuppurposes, not for controlling access.

It duplicates metadata but doesn’t provide a mechanism for fine-grained, real-time access control.

SnowPro Administrator References:

Row Access Policies Overview

Dynamic Data Masking Overview

Access Control Best Practices

Using Secure Views for Access Control

Actual exam question for Snowflake ADA-C01 exam by Lyric3579 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D E
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Snowflake SnowPro Advanced Administrator ADA-C01 Question # 13 Topic 2 Discussion

Snowflake SnowPro Advanced Administrator ADA-C01 Question # 13 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Snowflake SnowPro Advanced Administrator ADA-C01 Question # 13 Topic 2 Discussion

Snowflake SnowPro Advanced Administrator ADA-C01 Question # 13 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval