Valid GES-C01 Dumps shared by EduDump.com for Helping Passing GES-C01 Exam! EduDump.com now offer the newest GES-C01 exam dumps, the EduDump.com GES-C01 exam questions have been updated and answers have been corrected get the newest EduDump.com GES-C01 dumps with Test Engine here:
A Snowflake administrator needs to implement a granular access control strategy for LLMs. The general policy is to restrict access to a select few models via an account-level allowlist. However, a specific data science team (using role 'DATA SCIENCE TEAM ROLE) requires access to the 'claude-3-5-sonnet' model, which should not be available to other users or globally via the allowlist. Given this scenario, which set of commands would correctly establish this access control while adhering to the specified requirements?
Correct Answer: A
Option A is correct. This sequence of commands sets an account-level allowlist for 'mistral-large? and 'snowflake-arctic' , thereby restricting general access to other models. It then explicitly grants the access to the 'claude-3-5- sonnet' model object using its dedicated application role This ensures that 'claude-3-5-sonnet' is accessible only to that specific role and not globally through the allowlist. The ' call is often recommended after modifying 'CORTEX MODELS ALLOWLIST to ensure changes are applied. Option B is incorrect because 'ALTER ACCOUNT requires the 'ACCOUNTADMI!V role, and setting to 'claude-3-5-sonnet' would make it globally available, contradicting the requirement. Option C is incorrect because model-level RBAC for base models in 'SNOWFLAKE.MODELS' is primarily applied using application roles (e.g., 'CORTEX-MODEL-ROLE'), not directly with 'GRANT USAGE ON MODEL'. Option D is incorrect. While clearing the allowiist is a valid part of a strategy, GRANT USAGE ON ALL MODELS IN SCHEMA SNOWFLAKE.MODELS' would grant access to 'all' models in that schema, which contradicts the requirement for 'claude-3-5-sonnet' to be exclusive to the data science team and not generally available. Option E is incorrect because 'ALTER ACCOUNT requires the ACCOUNTADMIN' role, and setting the allowlist to 'claude-3-5-sonnet' would make it generally available, violating the isolation requirement.