Exam4Training

What are purposes for creating a storage integration? (Choose three.)

What are purposes for creating a storage integration? (Choose three.)
A . Control access to Snowflake data using a master encryption key that is maintained in the cloud provider’s key management service.
B . Store a generated identity and access management (IAM) entity for an external cloud provider regardless of the cloud provider that hosts the Snowflake account.
C . Support multiple external stages using one single Snowflake object.
D . Avoid supplying credentials when creating a stage or when loading or unloading data.
E . Create private VPC endpoints that allow direct, secure connectivity between VPCs without traversing the public internet.
F . Manage credentials from multiple cloud providers in one single Snowflake object.

Answer: B, C, D

Explanation:

A storage integration is a Snowflake object that stores a generated identity and access management (IAM) entity for an external cloud provider, such as Amazon S3, Google Cloud Storage, or Microsoft Azure Blob Storage. This integration allows Snowflake to read data from and write data to an external storage location referenced in an external stage1.

One purpose of creating a storage integration is to support multiple external stages using one single Snowflake object. An integration can list buckets (and optional paths) that limit the locations users can specify when creating external stages that use the integration. Note that many external stage objects can reference different buckets and paths and use the same storage integration for authentication1. Therefore, option C is correct.

Another purpose of creating a storage integration is to avoid supplying credentials when creating a stage or when loading or unloading data. Integrations are named, first-class Snowflake objects that avoid the need for passing explicit cloud provider credentials such as secret keys or access

tokens. Integration objects store an IAM user ID, and an administrator in your organization grants the IAM user permissions in the cloud provider account1. Therefore, option D is correct.

A third purpose of creating a storage integration is to store a generated IAM entity for an external cloud provider regardless of the cloud provider that hosts the Snowflake account. For example, you can create a storage integration for Amazon S3 even if your Snowflake account is hosted on Azure or Google Cloud Platform. This allows you to access data across different cloud platforms using Snowflake1. Therefore, option B is correct.

Option A is incorrect, because creating a storage integration does not control access to Snowflake data using a master encryption key. Snowflake encrypts all data using a hierarchical key model, and the master encryption key is managed by Snowflake or by the customer using a cloud provider’s key management service. This is independent of the storage integration feature2.

Option E is incorrect, because creating a storage integration does not create private VPC endpoints. Private VPC endpoints are a network configuration option that allow direct, secure connectivity between VPCs without traversing the public internet. This is also independent of the storage integration feature3.

Option F is incorrect, because creating a storage integration does not manage credentials from multiple cloud providers in one single Snowflake object. A storage integration is specific to one cloud provider, and you need to create separate integrations for each cloud provider you want to access4.

Reference: Encryption and Decryption: Private Link for Snowflake: CREATE STORAGE INTEGRATION: Option 1: Configuring a Snowflake Storage Integration to Access Amazon S3

Latest ARA-C01 Dumps Valid Version with 156 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version