Network Security

Question 1

What are two additions to the out of the box security Snowflake provides

Answer 1

Layering on built in network policies - specify what IP addresses can connect
Integrating CSP (Cloud service provider) capabilities that may add more security to network connectivity (AWS Private Link)

Question 2

All Snowflake network connectivity architectures include what five basic connections

Answer 2

1. Snowflake account URL
2. one or more OCSP
3. Snowflake Internal Stage
4. cloud storage
5. The connection between the users’ browsers and the Snowflake Apps layer,

Question 3

What are the two types of data flowing on the network paths

Answer 3

Customer’s Data
Online Certificate Status Protocol (OCSP) which is used to validate certificates used to establish TLS 1.2 tunnels for network communications.

Question 4

T/F Only the OCSP traffic uses an unencrypted channel over port 80.

Answer 4

True

Question 5

T/F Connectivity to the Snowflake internal stage is optional

Answer 5

False

Question 6

T/F Connectivity to an external stage is optional

Answer 6

True

Question 7

Integration with CSP Private networking are only available with

Answer 7

AWS Private Link and Azure Private Link

Question 8

What encryption is used on all data communication out of the box

Answer 8

TLS 1.2

Question 9

T/F Any design where a Network Policy is being used for every user is likely on the wrong path

Answer 9

True

Question 10

When should CSP be really considered

Answer 10

When large amounts of data or extremely sensitive data is flowing

Question 11

Which edition should you consider if you have HIPAA concerns

Answer 11

Business Critical Edition