The SnowPro Advanced: Architect Certification Exam (ARA-C01)

Enabling the search optimization service on the table can improve the performance of queries that have selective filtering criteria, which seems to be the case here. This service optimizes the execution of queries by creating a persistent data structure called a search access path, which allows some micro-partitions to be skipped during the scanning process. This can significantly speed up query performance without increasing compute costs1.

References

•Snowflake Documentation on Search Optimization Service1.

This is the correct answer because it allows the ORDER_ADMIN role to perform the data cleanup without needing the DELETE privilege on the ORDERS table. A stored procedure is a feature that allows scheduling and executing SQL statements or stored procedures in Snowflake. A stored procedure can run with either the caller’s rights or the owner’s rights. A caller’s rights stored procedure runs with the privileges of the role that called the stored procedure, while an owner’s rights stored procedure runs with the privileges of the role that created the stored procedure. By creating a stored procedure that runs with owner’s rights, the ORDER_MANAGER role can delegate the specific task of deleting old data to the ORDER_ADMIN role, without granting the ORDER_ADMIN role more general privileges on the ORDERS table. The stored procedure must include the appropriate business logic to delete only the records older than 5 years, and the ORDER_MANAGER role must grant the USAGE privilege on the stored procedure to the ORDER_ADMIN role. The ORDER_ADMIN role can then execute the stored procedure to perform the data cleanup12.

Snowflake Documentation: Stored Procedures

Snowflake Documentation: Understanding Caller’s Rights and Owner’s Rights Stored Procedures

When using the Snowflake Connector for Kafka, architects must understand the behavior differences between Snowpipe (file-based) and Snowpipe Streaming. Snowpipe Streaming is optimized for low-latency ingestion and works by continuously sending records directly into Snowflake-managed channels rather than staging files. One important characteristic is that Snowpipe Streaming automatically flushes buffered records at short, fixed intervals (approximately every second), ensuring near real-time data availability (Answer D).

Another key consideration is offset handling. The Snowflake Connector for Kafka is designed to tolerate Kafka offset jumps or resets, such as those caused by topic reprocessing or consumer group changes. Snowflake can safely ingest records without corrupting state, relying on Kafka semantics and connector metadata to maintain consistency (Answer E).

Snowpipe Streaming is not always the default ingestion method; configuration determines whether file-based Snowpipe or Streaming is used. Schema detection is not supported in Snowpipe Streaming. Traditional Snowpipe does not offer lower latency than Snowpipe Streaming. For the SnowPro Architect exam, understanding ingestion latency, buffering behavior, and fault tolerance is essential when designing streaming architectures.

=========

QUESTION NO: 57 [Snowflake Data Engineering]

An Architect wants to create an externally managed Iceberg table in Snowflake.

What parameters are required? (Select THREE).

A. External volume

B. Storage integration

C. External stage

D. Data file path

E. Catalog integration

F. Metadata file path

Answer: A, E, F

Externally managed Iceberg tables in Snowflake rely on external systems for metadata and storage management. An external volume is required to define and manage access to the underlying cloud storage where the Iceberg data files reside (Answer A). A catalog integration is required so Snowflake can interact with the external Iceberg catalog (such as AWS Glue or other supported catalogs) that manages table metadata (Answer E).

Additionally, Snowflake must know the location of the Iceberg metadata files (the Iceberg metadata JSON), which is provided via the metadata file path parameter (Answer F). This allows Snowflake to read schema and snapshot information maintained externally.

An external stage is not required for Iceberg tables, as Snowflake accesses the data directly through the external volume. A storage integration is used for stages, not for Iceberg tables. The data file path is derived from metadata and does not need to be specified explicitly. This question tests SnowPro Architect understanding of modern open table formats and Snowflake’s Iceberg integration model.

=========

QUESTION NO: 58 [Security and Access Management]

A company stores customer data in Snowflake and must protect Personally Identifiable Information (PII) to meet strict regulatory requirements.

What should an Architect do?

A. Use row-level security to mask PII data.

B. Use tag-based masking policies for columns containing PII.

C. Create secure views for PII data and grant access as needed.

D. Separate PII into different tables and grant access as needed.

Answer: B

Tag-based masking policies provide a scalable and centralized way to protect PII across many tables and schemas (Answer B). By tagging columns that contain PII and associating masking policies with those tags, Snowflake automatically enforces masking rules wherever the tagged columns appear. This approach reduces administrative overhead and ensures consistent enforcement as schemas evolve.

Row access policies control row visibility, not column masking. Secure views and table separation can protect data but introduce significant maintenance complexity and do not scale well across large environments. Snowflake best practices—and the SnowPro Architect exam—emphasize tag-based governance for sensitive data.

=========

QUESTION NO: 59 [Security and Access Management]

An Architect created a data share and wants to verify that only specific records in secure views are visible to consumers.

What is the recommended validation method?

A. Create reader accounts and log in as consumers.

B. Create a row access policy and assign it to the share.

C. Set the SIMULATED_DATA_SHARING_CONSUMER session parameter.

D. Alter the share to impersonate a consumer account.

Answer: C

Snowflake provides the SIMULATED_DATA_SHARING_CONSUMER session parameter to allow providers to test how shared data appears to specific consumer accounts without logging in as those consumers (Answer C). This feature enables secure, efficient validation of row-level and column-level filtering logic implemented through secure views.

Creating reader accounts is unnecessary and operationally heavy. Row access policies are part of access control design, not validation. Altering a share does not provide impersonation capabilities. This question tests SnowPro Architect familiarity with governance validation tools in Secure Data Sharing scenarios.

=========

QUESTION NO: 60 [Architecting Snowflake Solutions]

Which requirements indicate that a multi-account Snowflake strategy should be used? (Select TWO).

A. A requirement to use different Snowflake editions.

B. A requirement for easy object promotion using zero-copy cloning.

C. A requirement to use Snowflake in a single cloud or region.

D. A requirement to minimize complexity of changing database names across environments.

E. A requirement to use RBAC to govern DevOps processes across environments.

Answer: A, B

A multi-account Snowflake strategy is appropriate when environments have fundamentally different requirements. Using different Snowflake editions (for example, Business Critical for production and Enterprise for non-production) requires separate accounts because edition is an account-level property (Answer A).

Zero-copy cloning is frequently used for fast environment refresh and object promotion, but cloning only works within a single account. To promote data between environments cleanly, many organizations use separate accounts combined with replication or sharing strategies, making multi-account design relevant when environment isolation and promotion workflows are required (Answer B).

Single-region usage, minimizing database name changes, and RBAC governance can all be handled within a single account. This question reinforces SnowPro Architect principles around environment isolation, governance, and account-level design decisions.

Data is being imported and stored as JSON in a VARIANT column. Query performance was fine, but most recently, poor query performance has been reported. This could be caused by the following factors:

The order of the keys in the JSON was changed. Snowflake stores semi-structured data internally in a column-like structure for the most common elements, and the remainder in a leftovers-like column. The order of the keys in the JSON affects how Snowflake determines the common elements and how it optimizes the query performance. If the order of the keys in the JSON was changed, Snowflake might have to re-parse the data and re-organize the internal storage, which could result in slower query performance.

There were variations in string lengths for the JSON values in the recent data imports. Non-native values, such as dates and timestamps, are stored as strings when loaded into a VARIANT column. Operations on these values could be slower and also consume more space than when stored in a relational column with the corresponding data type. If there were variations in string lengths for the JSON values in the recent data imports, Snowflake might have to allocate more space and perform more conversions, which could also result in slower query performance.

The other options are not valid causes for poor query performance:

There were JSON nulls in the recent data imports. Snowflake supports two types of null values in semi-structured data: SQL NULL and JSON null. SQL NULL means the value is missing or unknown, while JSON null means the value is explicitly set to null. Snowflake can distinguish between these two types of null values and handle them accordingly. Having JSON nulls in the recent data imports should not affect the query performance significantly.

The recent data imports contained fewer fields than usual. Snowflake can handle semi-structured data with varying schemas and fields. Having fewer fields than usual in the recent data imports should not affect the query performance significantly, as Snowflake can still optimize the data ingestion and query execution based on the existing fields.

Considerations for Semi-structured Data Stored in VARIANT

Snowflake Architect Training

Snowflake query performance on unique element in variant column

Snowflake variant performance

 According to the SnowPro Advanced: Architect documents and learning resources, the requirement to allow data sharing between two companies that are not on the same cloud platform is to set up data replication to the region and cloud platform where the consumer resides. Data replication is a feature of Snowflake that enables copying databases across accounts in different regions and cloud platforms. Data replication allows data providers to securely share data with data consumers across different regions and cloud platforms by creating a replica database in the consumer’s account. The replica database is read-only and automatically synchronized with the primary database in the provider’s account. Data replication is useful for scenarios where data sharing is not possible or desirable due to latency, compliance, or security reasons1. The other options are incorrect because they are not required or feasible to allow data sharing between two companies that are not on the same cloud platform. Option A is incorrect because creating a pipeline to write shared data to a cloud storage location in the target cloud provider is not a secure or efficient way of sharing data. It would require additional steps to load the data from the cloud storage to the consumer’s account, and it would not leverage the benefits of Snowflake’s data sharing features. Option B is incorrect because ensuring that all views are persisted is not relevant for data sharing across cloud platforms. Views can be shared across cloud platforms as long as they reference objects in the same database. Persisting views is an option to improve the performance of querying views, but it is notrequired for data sharing2. Option D is incorrect because Company A and Company B do not need to agree to use a single cloud platform. Data sharing is possible across different cloud platforms using data replication or other methods, such as listings or auto-fulfillment3. References: ReplicatingDatabases Across Multiple Accounts | Snowflake Documentation, Persisting Views | Snowflake Documentation, Sharing Data Across Regions and Cloud Platforms | Snowflake Documentation

In Snowflake, when a user activates a secondary role during a session, certain privileges associated with DDL (Data Definition Language) operations are restricted. TheCREATEstatement, which falls under DDL operations, cannot be executed using a secondary role. This limitation is designed to enforce role-based access control and ensure that schema modifications are managed carefully, typically reserved for primary roles that have explicit permissions to modify database structures.

According to the Snowflake documentation1 and the web search results2, these two statements are true about how the change of local time due to daylight savings time is handled in Snowflake tasks. A task is a feature that allows scheduling and executing SQL statements or stored procedures in Snowflake. A task can be scheduled using a cron expression that specifies the frequency and time zone of the task execution.

A task scheduled in a UTC-based schedule will have no issues with the time changes. UTC is a universal time standard that does not observe daylight savings time. Therefore, a task that uses UTC as the time zone will run at the same time throughout the year, regardless of the local time changes1.

Task schedules can be designed to follow specified or local time zones to accommodate the time changes. Snowflake supports using any valid IANA time zone identifier in the cron expression for a task. This allows the task to run according to the local time of the specified time zone, which may include daylight savings time adjustments. For example, a task that uses Europe/London as the time zone will run one hour earlier or later when the local time switches between GMT and BST12.

Snowflake Documentation: Scheduling Tasks

Snowflake Community: Do the timezones used in scheduling tasks in Snowflake adhere to daylight savings?

This view can be used to query login attempts by Snowflake users within the last 365 days (1 year). It provides information such as the event timestamp, the user name, the client IP, the authentication method, the success or failure status, and the error code or message if the login attempt was unsuccessful. By querying this view, the IT Security team can identify any suspicious or malicious login attempts to Snowflake and take appropriate actions to prevent credential stuffing attacks1. The other options are not the best ways to find recent and ongoing login attempts to Snowflake. Option A is incorrect because the LOGIN_HISTORY Information Schema table function only returns login events within the last 7 days, which may not be sufficient to detect credential stuffing attacks that span a longer period of time2. Option C is incorrect because the History tab in the Snowflake UI only shows the queries executed by the current user or role, not the login events of other users or roles3. Option D is incorrect because the Users section in the Account tab in the Snowflake UI only shows the last login time for each user, not the details of the login attempts or the failures.

Snowflake supports data sharing across regions and cloud platforms using account replication and share replication features. Account replication enables the replication of objects from a source account to one or more target accounts in the same organization. Share replication enables the replication of shares from a source account to one or more target accounts in the same organization1.

To share data from the MARKET_DB database in the ACCOUNTA account in AWS us-east-1 region with the PARTNERB account in Azure East US 2 region, the following steps must be performed:

Create a new account (called AZABC123) in Azure East US 2 region. This account will act as a bridge between the source and the target accounts. The new account must be linked to the ACCOUNTA account using an organization2.

From the ACCOUNTA account, replicate the MARKET_DB database to the AZABC123 account using the account replication feature. This will create a secondary database in the AZABC123 account that is a replica of the primary database in the ACCOUNTA account3.

From the AZABC123 account, set up the data sharing to the PARTNERB account using the share replication feature. This will create a share of the secondary database in the AZABC123 account and grant access to the PARTNERB account. The PARTNERB account can then create a database from the share and query the data4.

Therefore, option C is the correct answer.

 Replicating Shares Across Regions and Cloud Platforms : Working with Organizations and Accounts : Replicating Databases Across Multiple Accounts : Replicating Shares Across Multiple Accounts