Snowflake Updated SOL-C01 Exam Questions and Answers by riyan

Snowflake usesrole-based access control (RBAC), where privileges are assigned to roles rather than individual users. All of the listed privileges (SELECT, INSERT, MONITOR) can be granted to a role.

SELECTallows reading data from tables, views, or materialized views.

INSERTallows adding new rows into a table.

MONITORallows viewing query history, warehouse status, and resource usage.

In addition, roles can receive privileges such as CREATE TABLE, USAGE, MODIFY, OPERATE, OWNERSHIP, and many others. Users inherit all privileges assigned to the roles they possess, enabling scalable security design.

Thus, all listed privileges can be granted to Snowflake roles.

====================================================

Snowflake’s RBAC security model revolves aroundUsers,Roles, andPrivileges. Users represent individual identities or service accounts. Roles group privileges and are assigned to users. Privileges define specific actions that can be performed on objects (e.g., SELECT, INSERT, OWNERSHIP). “Permissions” is not a formal RBAC component—permissions are effectively the result of privileges assigned to roles. Therefore, the three core RBAC components are Users, Roles, and Privileges.

=======================================

Snowflake processes queries usingMassively Parallel Processing (MPP)compute clusters, deployed as virtual warehouses. Each warehouse consists of multiple compute nodes working in parallel to execute queries efficiently. When a query is submitted, Snowflake distributes tasks across nodes, processes data subsets concurrently, and aggregates results. This architecture enables high performance, scalability, and the ability to handle complex analytical workloads. While Snowflake does incorporate elements of shared-disk storage, query execution itself depends on MPP compute clusters. Options such as third-party connectors or storage optimization do not represent the core query processing mechanism.

=======================================

Snowflake’s database storage layer is responsible for encrypting data at rest. All persisted data—whether structured, semi-structured, or unstructured—is encrypted using strong encryption algorithms such as AES-256. This process is automatic and transparent to users, ensuring that files and micro-partitions stored in Snowflake-managed cloud storage are encrypted by default. Data in transit is protected separately through TLS.

Virtual warehouses provide compute resources to execute queries and do not perform storage-level encryption. Data loading utilities (such as COPY INTO and client tools) orchestrate data movement but do not handle at-rest encryption. The Cloud Services layer manages metadata, session management, security policies, and query optimization, but the actual encryption of stored data is part of the storage subsystem.

==================