Exam SnowPro Core topic 1 question 70 discussion

At a minimum, Snowflake strongly recommends that all users with the ACCOUNTADMIN role be required to use MFA.

B. SECURITYADMIN, ACCOUNTADMIN, SYSADMIN as of June 1, 2024

It doesn't make sense to me why they don't recommend securityadmin and sysadmin with MFA, but they really only recommend AccountAdmin. So D is correct.

SECURITYADMIN, ACCOUNTADMIN, SYSADMIN

B. SECURITYADMIN, ACCOUNTADMIN, SYSADMIN as of June 1, 2024

● Enforce MFA for all human users ● Enforce External OAuth or Key-Pair for programmatic user access

account and security admin

Answer must be B since 1 June 2024: At a minimum, Snowflake strongly recommends that all users with the following system-defined roles enable MFA: ACCOUNTADMIN. SECURITYADMIN. SYSADMIN.1 June 2024

As of the breaches that have occurred lately as of June 2024. Option A is now the correct answer.

The recommended roles for Multi-Factor Authentication (MFA) in Snowflake are: C. SECURITYADMIN, ACCOUNTADMIN Here's why: SECURITYADMIN: This role has broad privileges for managing security policies, users, and access controls. An unauthorized user gaining access to a SECURITYADMIN account could cause significant security risks. Enforcing MFA adds an extra layer of protection for such accounts. ACCOUNTADMIN: This role can manage account settings, users, and billing. MFA helps safeguard these critical administrative controls. While not explicitly mentioned in the minimum recommendation: SYSADMIN: The SYSADMIN role has full control over the Snowflake account. Ideally, MFA should be enabled for this role as well for maximum security. Public: The PUBLIC role has limited privileges and typically doesn't require MFA.

D is correct

D is correct

D is correct

Answer D is correct: https://docs.snowflake.com/en/user-guide/security-mfa.html