SnowPro Advanced: Architect — Question 132

A company implemented a Snowflake design solution using multiple public cloud services. An AWS Lambda function is invoked multiple times each day.

The company has implemented Multi-Factor Authentication (MFA) based on user authentication. For machine-to-machine authentication, user names and passwords are used in many cases. The company wants a solution that will MINIMIZE interruptions to the production environment, security implementation, and operation costs, while protecting the Snowflake account from common vulnerabilities.

How can these requirements be met?

Answer options

• A. Implement a network policy on the account, using an allowlist for necessary CIDR ranges from the public cloud services.
• B. Implement key pair authentication and auto key rotation for authentication.
• C. Implement private connectivity on the Snowflake account and surrounding cloud services, restricting Snowflake access to private traffic only.
• D. Use a cloud provider’s secrets management service to protect passwords, and only supply the passwords at runtime.

Correct answer: B

Explanation

Option B is correct because key pair authentication with auto key rotation enhances security by minimizing the risk of compromised credentials, which is crucial for machine-to-machine authentication. Option A, while it may improve network security, does not directly address the authentication requirements. Option C restricts access but may not be feasible for all use cases, and Option D involves managing secrets but does not replace the need for strong authentication mechanisms like key pairs.