Snowflake SnowPro Specialty - Native Apps 認定 NAS-C01 試験問題:

1. You're building a Streamlit application within a Snowflake Native App that uses the Permissions API (hypothetical) to control access to sensitive dat a. Your security team has mandated that any changes to data access privileges must be audited. How can you effectively log all privilege grant and revoke operations performed via the Permissions API within your Streamlit application running inside Snowflake, assuming you are given the hypothetical 'PermissionsClient' and methods as below?

A) Use Snowflake's native logging capabilities in the application's setup script, logging directly to the Snowflake event log. However, these logs may require a system administrator to interpret and extract.
B) Implement a custom logging function that captures the API calls and their parameters. Use a try-except block around each API call, logging the details to a separate audit table in Snowflake, and pushing logs to external SIEM tools.
C) Rely solely on the Permissions API's built-in audit trails, assuming it automatically logs all operations to a system table accessible only by Snowflake administrators.
D) Configure Snowflake's event tables for security to track privilege grants and revokes. Create a Streamlit function that fetches and displays these audit events within the application's admin panel. Push data into separate staging area.
E) Leverage Snowflake's built-in 'QUERY _ HISTORY' view to track all SQL commands executed by the Streamlit application. Filter for 'GRANT and 'REVOKE statements to identify privilege changes. Replicate to external storage for retention.

2. You are developing a Snowflake Native Application that leverages Snowflake's Snowpark API for data processing. The application performs a series of complex transformations on a DataFrame. You need to optimize the application's performance and minimize resource consumption. Which of the following strategies would be MOST effective in achieving this goal?

A) Explicitly specify the execution order of the transformations using 'cache()' on each intermediate DataFrame to force immediate materialization.
B) Employ lazy evaluation by chaining together transformations on the DataFrame and only triggering execution when the final result is needed.
C) Use the method frequently to materialize intermediate DataFrames and inspect the data.
D) Rely on Snowpark's query optimizer to automatically optimize the entire data processing pipeline without any manual intervention.
E) Break down the DataFrame processing into smaller steps and store the intermediate results in temporary tables within the application's sandbox database.

3. You are developing a Snowflake Native Application that utilizes Snowpark Container Services to perform complex image processing. The application needs to securely access data stored in the consumer's Snowflake account, specifically a table named 'USER IMAGES' in the schema 'RAW DATA'. The container image is built and pushed to Snowflake's internal registry. Which of the following steps are necessary to ensure the container service can access this data securely and efficiently within the consumer's account without exposing credentials directly in the container environment?

A) Create a Snowflake service account and grant it SELECT privileges on the 'RAW DATA.USER IMAGES table. Store the service account's credentials as environment variables within the container service's specification.
B) Configure a Snowflake OAuth integration and associate it with the container service. The container application would then use the OAuth client credentials to obtain an access token and authenticate with Snowflake.
C) Grant the SNOWFLAKE CONTAINER SERVICE role to the account administrator and use the administrator's credentials within the container service's code.
D) Create a Snowflake network rule that allows access to all Snowflake internal IPs. Associate this rule with the container service's network policy.
E) Create a Snowflake database role, grant SELECT privileges on ' to this role, and then assign this role to the service account used by the container service through an entitlement.

4. You've built a Snowflake Native Application and are ready to test it in test mode. The application utilizes both internal stages and external stages for data storage. Which of the following statements accurately describe the behavior of stages and data access during test mode installations from the provider's perspective?

A) Data loaded into internal stages during test mode is automatically persisted to the consumer's account upon final installation of the application.
B) During test mode, the provider has full access to all data stored in both internal and external stages associated with the application, mimicking the access rights in a production environment.
C) External stages, regardless of their access permissions, are inaccessible during test mode installations to prevent unintended data leakage.
D) Internal stages defined within the application package are accessible to the application code running in test mode. Data placed in these stages before installation is available immediately.
E) The provider can configure specific external stages to be accessible in test mode by granting appropriate privileges to the application role and explicitly defining these stages in the setup script.

5. You are creating a Snowflake Native Application that uses Snowpark Container Services. The application needs to process large datasets and requires a Compute Pool with specific GPU resources. You use the following SQL command to create a compute pool:

After creating the compute pool, you notice that your Snowpark Container Service is unable to start. Upon inspecting the 'SYSTEM$GET CP POLICY' for the allowed instance families list does not contain 'GPU NV M'. What is the MOST likely reason for this and how do you rectify it?

A) The COMPUTE POOL needs to be explicitly associated to the application package by running ALTER APPLICATION PACKAGE ADD COMPUTE POOL my_compute_poor.
B) You need to explicitly grant the 'USAGE privilege on the instance family to the application role used by the container service using "GRANT USAGE ON INSTANCE FAMILY GPU NV M TO ROLE
C) The specified instance family is invalid or not supported in your region. Use 'SYSTEM$GET_CP POLICY to verify the available instance families and choose a supported one.
D) The account does not have access to GPU-based instance families. Contact Snowflake support to enable GPU instance families for your account.
E) GPU instance types are automatically enabled as part of SPCS and there is no account restriction.

質問と回答：