Study COF-C03 Governance, Monitoring, and Cost Control: key concepts, common traps, and exam decision cues.
This part of the exam is not only about “security.” It is about whether you can tell the difference between a policy that protects data, a history view that explains behavior, and a control that limits warehouse spend.
Resource monitor: Snowflake control used to notify, suspend, or otherwise react when warehouse-credit consumption crosses a threshold.
| Need | Strongest first lane |
|---|---|
| hide or transform sensitive values for some users | masking policy |
| label or organize data for governance use | tags and related governance metadata |
| explain which warehouse or query consumed credits | monitoring history and usage evidence |
| react when warehouse spend crosses a threshold | resource monitor |
| If the clue is… | Better reading |
|---|---|
| “why did credits spike yesterday?” | start with monitoring evidence |
| “stop a warehouse after budget thresholds” | think resource monitor |
| “protect data values for some roles” | think governance policy, not warehouse size |
Monitoring answers are usually about evidence first. Governance answers are about protection or policy first. Cost-control answers are about thresholds, warehouse behavior, or operational guardrails.
Snowflake often tests whether you can avoid solving the wrong problem. A monitoring surface explains behavior, a policy governs exposure, and a resource monitor reacts to spend thresholds.
| Scenario | Better first move |
|---|---|
| credit spike must be explained | inspect history and monitoring evidence |
| sensitive fields should appear differently by role | use masking policy |
| warehouse spend must trigger action | use resource monitor |
| team jumps from one cost spike straight to resizing | gather evidence before tuning |
| Trap | Better rule |
|---|---|
| using a warehouse answer for a governance-policy problem | warehouses solve compute, not masking or tagging |
| treating a monitoring question like an optimization question | first explain what happened before proposing a fix |
| using privilege language when the problem is data-protection behavior | distinguish access from governed presentation |