Comprehensive and Detailed Explanation From Exact Extract:

Why A (Tags) is correct:In Snowflake, object tags are a data governance feature that allow administrators and data stewards to assign metadata key-value pairs to database objects such as tables, views, columns, and other objects. Tags enable the identification, classification, and tracking of objects that contain sensitive or critical information (e.g., PII, PHI, financial data).

According to Snowflake’s governance documentation, “Tags can be used to assign metadata to Snowflake objects for purposes such as data classification, cost tracking, and data protection. You can query tag references to identify all objects that have been assigned a particular tag.”

This means tags directly support identifying sensitive data by labeling and querying metadata rather than by applying security controls themselves.

Why B (External Tokens) is not correct:External tokens refer to data protection mechanisms for securing data at rest or during external function calls. They are not used to assign or query metadata for object identification or classification.

Why C (Row Access Policies) is not correct:Row access policies control access to rows within tables based on conditional logic tied to user attributes. They are used to enforce row-level security, not to identify or tag sensitive data.

Why D (Tag-Based Masking Policies) is not correct:Tag-based masking policies are an extension of the tagging feature, where a masking policy is automatically applied to columns that have a specific tag. While related to data protection, tag-based masking policies rely on tags to function and are not themselves used to identify or assign metadata. Tags must first exist for masking policies to reference them.

References (Snowflake SnowPro Core / Study Guide / Official Documentation):

Snowflake Documentation — Object Tagging: Defines and explains how tags can be assigned to tables, views, and columns to classify and identify sensitive data.

Snowflake Documentation — Governance Features Overview: Emphasizes the use of tags for data discovery and classification within data protection frameworks.

Snowflake Study Guide — Data Protection and Governance: Mentions that tags are used to manage and identify sensitive data via metadata and can be queried using TAG_REFERENCES and TAG_REFERENCES_ALL_COLUMNS views.