ARA-C01 Exam Dumps : SnowPro Advanced: Architect Certification Exam

This question tests Snowflake’s native Git integration setup pattern, which relies on Snowflake security objects to authenticate outbound access to an external Git provider. The correct sequence begins with creating an API integration because it defines and authorizes the external endpoint(s) Snowflake is allowed to communicate with. In Snowflake, integrations are the governance layer for external connectivity—administrators explicitly allow network destinations and control whether the integration is enabled, which is foundational before any credential object can be used.

Next, the Architect creates a secret to securely store the authentication material required by the Git provider (for example, a token or other supported credential). Secrets are designed for securely managing sensitive values and are referenced by other Snowflake objects without exposing the credential in plain text in SQL or configuration.

Finally, the Architect creates the Snowflake Git repository stage, which is the object that actually references the Git repo location and uses the configured integration and secret to authenticate and interact with the repository. Creating the stage last ensures all required prerequisites (allowed connectivity + stored credentials) exist and can be bound to the stage cleanly, aligning with Snowflake’s documented dependency model for external integrations.

When a SnowflakeBusiness Critical (BC)edition account shares data, it must followdata sharing restrictionsdesigned to maintain thehigher level of compliance and securityguaranteed by BC.

Bydefault, BC accounts canonly share data with other BC (or higher)accounts, to maintain consistent security and compliance (e.g., HIPAA, HITRUST, FedRAMP).

However,an exceptioncan be madeif a user with the proper privilegeexplicitly disables the restriction.

Key Concept: share_restrictions

Snowflake enforcesdata sharing restrictionsby default forBC accounts.

Arole with the OVERRIDE SHARE RESTRICTIONS global privilegecan bypass this by setting theshare_restrictions = FALSEwhen adding the target account.

Correct Option: D

This is correct because:

The usermust have a role with the OVERRIDE SHARE RESTRICTIONS privilege.

That user can thenset share_restrictions = FALSEwhen adding the Enterprise edition consumer account.

Official Documentation Extract:

"If the data provider is a Business Critical (or higher) account, Snowflake enforces a restriction by default that only allows sharing data with other Business Critical (or higher) accounts. A user in the provider account with a role that has the global privilege OVERRIDE SHARE RESTRICTIONS can override this restriction by explicitly setting SHARE_RESTRICTIONS = FALSE when adding the consumer account."

Source:Snowflake Docs – CREATE SHARE

Why Other Options Are Incorrect:

A.Incorrect – This is not absolute. Business Critical accountscanshare data with Enterprise accounts,if the restriction is explicitly overridden.

B.Incorrect – Simply having authority to create or alter a share isnot enough. You must have the OVERRIDE SHARE RESTRICTIONS privilege and set the restriction explicitly.

C.Incorrect – Setting share_restrictions = FALSE is required, but theprivilege to overridemust also be held by the role. Without the privilege, the action will fail.

Tri-Secret Secure is a feature that allows customers to use their own key, called the customer-managed key (CMK), in addition to the Snowflake-managed key, to create a composite master key that encrypts the data in Snowflake. The composite master key is also known as the account master key (AMK), as it is unique for each account and encrypts the table master keys (TMKs) that encrypt the file keys that encrypt the data files. The customer-managed key is used at the account level, not at the root level, the table level, or the micro-partition level. The root level is protected by a hardware security module (HSM), the table level is protected by the TMKs, and the micro-partition level is protected by the file keys12. References:

Understanding Encryption Key Management in Snowflake

Tri-Secret Secure FAQ for Snowflake on AWS