SnowPro Core · 10% of the exam

Data protection and sharing: free practice questions

5 sample questions from our 25-question bank for this domain — answers and explanations included. These are the same scenario-based style as the real Snowflake exam.

1. A company is on Snowflake Standard edition. They want to configure the longest possible Time Travel window for a critical permanent table storing financial records. What is the maximum DATA_RETENTION_TIME_IN_DAYS value they can set?

  • A. 0 days
  • B. 1 day✓ Correct
  • C. 7 days
  • D. 90 days
Explanation

On Snowflake Standard edition, the maximum configurable Time Travel retention period for permanent tables is 1 day. Enterprise edition and above support up to 90 days of Time Travel. Option A (0 days) would disable Time Travel entirely. Option C (7 days) and Option D (90 days) are only available on Enterprise edition or higher, not on Standard edition. This is a frequently tested distinction in the COF-C02 exam.

2. A data engineer at a healthcare company creates a secure UDF written in JavaScript that de-identifies patient records. They want to include this UDF in a data share so consumers can call it on their end. Which of the following constraints applies to sharing UDFs?

  • A. Only SQL UDFs can be included in a share; JavaScript, Python, and Java UDFs cannot be shared.
  • B. The UDF must be marked as SECURE, and only UDFs that reference objects within the shared database are supported in a share.
  • C. UDFs of any language (SQL, JavaScript, Python, Java) can be added to a share, provided they are defined as SECURE UDFs.✓ Correct
  • D. Shared UDFs execute inside the consumer's virtual warehouse, so the consumer must have a running warehouse to invoke them.
Explanation

Snowflake allows SQL, JavaScript, Java, and Python UDFs to be included in a share as long as they are created as SECURE UDFs (using the SECURE keyword). The SECURE designation hides the UDF body from consumers while still allowing them to call it. Option A is incorrect because non-SQL UDFs (JavaScript, Python, Java) can be shared if marked SECURE. Option B is partially correct in spirit but overstates the restriction — UDFs do not strictly need to reference ONLY objects within the shared database; the key requirement is that they are SECURE. Option D is incorrect: shared UDFs execute using the provider's serverless compute model or the consumer's warehouse depending on the UDF type; for most shared UDFs, the consumer's warehouse processes the call, but this is not a 'constraint' that prevents sharing — it is normal behavior and does not restrict which UDF languages can be shared.

3. A Snowflake architect is designing a data sharing strategy for a SaaS company that wants to distribute different, customized datasets to hundreds of external customer accounts. Each customer should only see their own data. Which approach best meets this requirement using Snowflake-native sharing features?

  • A. Create one share per customer with a secure view that filters data using CURRENT_ACCOUNT(), and add each customer's account to its respective share.✓ Correct
  • B. Create a single share containing all customer data and rely on row-level security policies in the consumer account to filter rows.
  • C. Publish a single Marketplace listing and use column masking policies to hide data from unauthorized consumers.
  • D. Create one database per customer, replicate all of them using Replication Groups, and provide each customer direct database access.
Explanation

The correct answer is A. The standard Snowflake pattern for multi-tenant data sharing is to create a secure view that uses CURRENT_ACCOUNT() (or CURRENT_ACCOUNT() mapped through a policy table) to dynamically filter rows to only the consumer's own data. You then grant this single secure view to a share, and each consumer account is added to its own share. This is scalable and secure. B is wrong because you cannot impose Snowflake policies in the consumer account from the provider side; the consumer controls their own account's policies and could potentially see all rows. C is wrong because a single Marketplace listing is public (or privately shared as one unit) and column masking does not provide row-level isolation between different consumer accounts. D is wrong because Replication Groups are for internal organizational DR/failover, not for distributing isolated customer data to external parties, and direct database access would not enforce per-customer row filtering.

4. A Snowflake administrator is comparing storage costs for a newly created TRANSIENT table versus a PERMANENT table with default settings. Which TWO statements are TRUE regarding storage cost differences between these table types? (Select TWO)

  • A. Transient tables incur charges for both Time Travel storage and Fail-Safe storage, just like permanent tables.
  • B. Permanent tables with default settings include up to 7 days of Fail-Safe storage at no additional charge beyond standard storage rates.✓ Correct
  • C. Transient tables support a maximum of 1 day of Time Travel and have NO Fail-Safe period, reducing long-term storage costs.✓ Correct
  • D. Fail-Safe storage for permanent tables is charged at the same per-terabyte rate as active storage.
  • E. Transient tables cannot have Time Travel enabled and therefore cannot be used with the AT or BEFORE clauses.
  • F. Permanent tables always retain 90 days of Fail-Safe regardless of the DATA_RETENTION_TIME_IN_DAYS setting.
Explanation

Option B is correct: permanent tables include a 7-day Fail-Safe period charged at standard storage rates (included in Snowflake's storage pricing model). Option C is correct: transient tables have a maximum of 1 day of Time Travel and zero days of Fail-Safe, which significantly reduces storage costs for large, short-lived datasets. Option A is wrong: transient tables have NO Fail-Safe period. Option D is partially misleading: Fail-Safe is charged at the same storage rate, but framing it as 'additional' is incorrect since it is simply storage consumption — however this option is marked wrong primarily because the key differentiator question is about transient vs permanent costs, and option D does not accurately reflect a true difference statement. Option E is wrong: transient tables DO support Time Travel (up to 1 day) and CAN use AT/BEFORE clauses. Option F is wrong: Fail-Safe is always 7 days for permanent tables, not 90 days; 90 days is the max Time Travel on Enterprise edition.

5. A company stores sensitive PII in a Snowflake table. A data analyst in a different Snowflake account needs access to aggregated, anonymized results from that table via a secure data share. A developer proposes creating a standard (non-secure) view over the table and adding it to the share. Why is this approach problematic?

  • A. Standard views cannot be added to a share; only tables can be shared directly.
  • B. A standard view exposes its underlying SQL definition to the consumer account, potentially revealing table structure and business logic.✓ Correct
  • C. The consumer account must be a reader account to access any shared views.
  • D. Standard views in a share always grant the consumer full SELECT privileges on the base table.
Explanation

The correct answer is B. In Snowflake, standard views expose their definition (the underlying SQL query) to users who have access to them. When shared with a consumer account, this means the consumer can use SHOW VIEWS or GET_DDL() to inspect the view definition, revealing table names, column names, and business logic applied to PII data. A is wrong because views (including standard views) can technically be added to a share, though it is not recommended for sensitive data. C is wrong because reader accounts are one type of consumer, but full Snowflake accounts can also consume shares—there is no restriction to reader accounts only. D is wrong because sharing a view does not grant SELECT on the base table itself; the consumer can only query the view, not the underlying table directly.

20 more questions in this domain

Practice the full bank with instant grading, flashcards, and a timed mock exam.

Start practicing free