SnowPro Advanced: Architect — Question 135

A company that is new to Snowflake is able to connect to its account using SnowSQL, but receives the following error message in the connection logs:

SEVERE: WARNING!!! Using fail-open to connect. Driver is connecting to an HTTPS endpoint without OCSP based Certificate Revocation checking as it could not obtain a valid OCSP Response to use from the CA OCSP responder.

What does this message indicate? (Choose two.)

Answer options

• A. The SnowSQL ocsp_fail_open parameter is set to use the default value in the connection.
• B. Private Link is not enabled in the account.
• C. The DNS team did not allow port 443 in the firewall.
• D. The DNS team did not allow port 80 in the firewall.
• E. The client IP is not on the allow list.

Correct answer: A, D

Explanation

The correct answer A indicates that the SnowSQL configuration is set to fail-open, which means it will proceed with the connection despite the inability to verify the OCSP response. Answer D is also correct because the warning suggests that HTTP traffic on port 80 is being blocked, preventing the retrieval of the necessary OCSP response, while the other options do not directly relate to the OCSP error message.