Answer-first summary for fast verification
Answer: Ensure all ACCOUNTADMIN roles use Multi-factor Authentication (MFA)., Assign the ACCOUNTADMIN role to at least two users, but as few as possible.
The correct answers are A and D based on Snowflake's official best practices for the ACCOUNTADMIN role. Option A (Ensure all ACCOUNTADMIN roles use Multi-factor Authentication) is recommended because ACCOUNTADMIN has the highest privileges in Snowflake, and MFA provides critical security protection against unauthorized access. Option D (Assign the ACCOUNTADMIN role to at least two users, but as few as possible) ensures business continuity by preventing single points of failure while maintaining the principle of least privilege. Option B is incorrect because role ownership doesn't relate to ACCOUNTADMIN best practices. Option C is incorrect because restricting to only one user creates a single point of failure. Option E is incorrect because granting SECURITYADMIN to all ACCOUNTADMIN users is not a best practice and could create unnecessary privilege escalation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
What are the best practice recommendations for using the ACCOUNTADMIN system-defined role in Snowflake? (Choose two.)
A
Ensure all ACCOUNTADMIN roles use Multi-factor Authentication (MFA).
B
All users granted ACCOUNTADMIN role must be owned by the ACCOUNTADMIN role.
C
The ACCOUNTADMIN role must be granted to only one user.
D
Assign the ACCOUNTADMIN role to at least two users, but as few as possible.
E
All users granted ACCOUNTADMIN role must also be granted SECURITYADMIN role.
No comments yet.