1. A security audit requires demonstrating which Snowflake users accessed a specific sensitive table named FINANCE.PUBLIC.PAYROLL during the last 30 days, including the queries they ran. Which Snowflake resources should the auditor query? (Select TWO)
- A. SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY to retrieve the SQL text and user for all queries executed✓ Correct
- B. SNOWFLAKE.ACCOUNT_USAGE.ACCESS_HISTORY to identify which base objects (tables) were read or written and by which user✓ Correct
- C. SNOWFLAKE.ACCOUNT_USAGE.LOGIN_HISTORY to retrieve table-level access events
- D. SNOWFLAKE.ACCOUNT_USAGE.STAGE_USAGE_HISTORY to identify file-level access
- E. INFORMATION_SCHEMA.TABLE_PRIVILEGES to list current privilege grants on the table
Explanation
QUERY_HISTORY (option A) records every query executed, including the SQL text, user name, role, and timestamp—essential for showing what queries were run. ACCESS_HISTORY (option B) records which base objects (tables, views, columns) were accessed by which user in each query, making it the definitive source for proving table-level access. Together they provide both the query content and the confirmed object-level access. Option C (LOGIN_HISTORY) records only authentication events (logins), not table access. Option D (STAGE_USAGE_HISTORY) tracks file stage usage, not table reads. Option E (INFORMATION_SCHEMA.TABLE_PRIVILEGES) shows current privilege grants, not historical access events—it cannot show who accessed the table in the past.