DBS401
#39.In SQL Server, password policies can be reconfigured and customized for each user login using the ____ function. a.ALTER LOGIN b.SETUP c.USER d.PASSWORD
a.ALTER LOGIN
#89.____ is the process of confirming the identity of those individuals or applications that request access to a secure environment. a.Authentication b.Authorization c.Inference d.Detection
a.Authentication
#40.The ____ Edition of MySQL is the most popular edition available as open source. a.Community b.Enterprise c.Professional d.Technical
a.Community
#64.The ____ for installing MySQL on Windows is ideal for almost any environment because it allows for a lighter installation of MySQL. a.Essentials Package b.Complete Package c.Noinstall Archive d.Patch Archive
a.Essentials Package
#59.The ____ portion of a Web address informs the browser what protocol is used to send the request for the Web site. a.HTTP b.SQL c.footer d.header
a.HTTP
#73.Some malware can execute on a user's system alter the user accesses a Web site. The malware executes from within the Web browser. What type of malware Is this? a.Mobile code b.Virus c.Trojan horse d.Worm
a.Mobile code
#90.JavaScript used within a Web application can almost provide certainty that the database being used is ____. a.Oracle b.MySQL c.SQL Server d.Access
a.Oracle
#70.You are trying to implement a strong authentication system. Which one of the following would be the appropriate system to implement? a.Ownership b.Knowledge c.Characteristic. d.Ownership and knowledge
a.Ownership
#100.Which of the following threats will most likely produce a Risk that affects Confidentiality, Integrity and Availability? a.Phishing b.Fraud c.Physical theft d.DDoS
a.Phishing
#14.Computer security is a set of established procedures, standards, policies, and tools that are used to protect a network from theft, misuse, and unwanted intrusions, activities, and attacks. a.True b.False
a.True
#29.In reality, database auditing takes a great deal of time, effort, and resources, and is not conducted as often as is necessary. a.True b.False
a.True
#54.Security testing requires a great deal of knowledge about the infrastructure of the system. a.True b.False
a.True
#60.The licensing option chosen during the installation of Microsoft SQL Server 2008 can be changed later on. a.True b.False
a.True
#67.Attempting to run SQL Server on a machine with the minimum hardware requirements available will result in poor performance and unpredictable functionality. a.True b.False
a.True
#95.To successfully exploit a given system, an intruder must first obtain information about the database system itself. a.True b.False
a.True
#20.An example of a(n) ____ reconnaissance attack is a user who utilizes tools such as a network sniffer to obtain information about a system or network infrastructure. a.active b.passive c.dynamic d.static
a.active
#76.An example of a(n) ____ reconnaissance attack is a user who sends SQL injections to a system in hopes of generating some type of error or system response to use to make inferences about the system or environment. a.active b.passive c.dynamic d.static
a.active
#3.External ____ tests are often not focused on one particular area of the network because little is known about the environment. a.black box b.white box c.bottom d.top
a.black box
#94.The term ____ refers to those individuals who break into our networks without authorization with the hope of destroying and/or stealing information. a.cracker b.consultant c.hacker d.defender
a.cracker
#19.Kerberos uses symmetric-key ____ to verify the identity of a client to a server and a server to a client. a.cryptology b.synchronization c.authentication d.masking
a.cryptology
#36.A(n) ____ attack involves the intruder using one avenue, such as with Web applications, to initiate the injection and a different one to obtain the results. a.indirect channel b.parallel c.multichannel d.complex
a.indirect channel
#55.A(n) ____ is a small program that enables users to automate a large number of repeated processes within a document. a.macro b.update c.upgrade d.patch
a.macro
#56.Auditing server ____ includes the review of software updates, backup strategies, application version control, resource management, and hardware updates. a.maintenance b.administration c.control d.schema
a.maintenance
#85.The most common intrusions involve malicious SQL statements that are inputted as ____. a.parameters b.filters c.e-mails d.layers
a.parameters
#21.The ____ of a database is the process of sharing recent changes made to a database with all other network databases in hopes of remaining consistent and in sync with one another. a.replication b.translation c.backup d.mirroring
a.replication
#82.The ____ user has full privileges on a MySQL server. a.root b.community c.anonymous d.primary
a.root
#98.When testing a database response, ____ characters are inserted in different places to determine vulnerability. a.single quote b.asterisk c.dollar sign d.percent sign
a.single quote
#77.Once a list of accessible databases is discovered, the next step for an intruder is to extract the ____ within the target database. a.tables b.columns c.cells d.users
a.tables
#35.What is the warm site? a. It may include all the hardware but the data may not be up to date. b. A location that can take over the operations of another location within a short period. c. This site is the least expensive of the type of sites. d. You can bring your computers and data to this location and set up operations.
b. A location that can take over the operations of another location within a short period.
#2. Symmetric cryptography has advantages and disadvantages. Which of the following is not considered a disadvantage? a. Key management b. Confidentiality c. Scalability d. Key distribution
b. Confidentiality
#46.Which correct describes the audit trail? a. It is a series of events recorded in one or more logs. b. It log data based on what the system is doing. c. It send an alert when an intrusion is detected. d. It records system events such as when systems and services start or stop.
b. It log data based on what the system is doing.
#83.____ usually refers to the main code that makes up an application. a. Raw code b. Source code c. Binary file d. Client code
b. Source code
#88.A(n) ____ key is a field within a table that contains a label that is used to build a relationship between two tables. a. identity b. foreign c. primary d. local
b. foreign
#24.MySQL is written using C and ____ programming languages. a.Java b.C++ c.ASP.NET d.JSP
b.C++
#53.In Oracle, a user profile can be created using the ____ command. a.USER_LOGIN b.CREATE_PROFILE c.USER d.CREATE_USER
b.CREATE_PROFILE
#75.____ is a free edition of SQL Server that is created for mobile devices and for mobile application developers. a.Workgroup Edition b.Compact 3.5 c.SQL Server Express Edition d.Web Edition
b.Compact 3.5
#25.The ____ requires manual installation and configuration, making this package the most difficult to apply. a.Essentials Package b.Complete Package c.Noinstall Archive d.Patch Archive
b.Complete Package
#31.____ refers to the efforts taken through policy, procedure, and design in order to create and maintain the privacy and discretion of information and systems a.Availability b.Confidentiality c.Portability d.Integrity
b.Confidentiality
#49.Which of the following terms describes the process of scrambling data so only the intended recipient can read it? a.Data integrity b.Data confidentiality c.Data security d.Nonrepudiation
b.Data confidentiality
#87.The ____ Edition of MySQL provides additional assistance for monitoring and analyzing the performance of your database server. a.Community b.Enterprise c.Professional d.Technical
b.Enterprise
#10.Computer-literate users are not likely to cause problems to a network. a.True b.False
b.False
#17.Oracle Partitioning is designed for small databases. a.True b.False
b.False
#34.In terms of security, it is a good idea to store passwords as text strings within a database. a.True b.False
b.False
#50.Firewalls tend to lose their effectiveness with time. a.True b.False
b.False
#72.Users can download MySQL for free but have to pay a small fee to modify it. a.True b.False
b.False
#78.A row is the component of a table that maintains a general category of information with similar datatypes. a.True b.False
b.False
#80.A user can only be assigned a single role. a.True b.False
b.False
#93.Intruders cannot modify GET and POST parameters. a.True b.False
b.False
#84.____ applications are designed to monitor external requests that are sent to obtain access to the database, and the database environment's responses to these requests. a.Mixed mode b.Middleware c.Communicator d.Logical
b.Middleware
#37.Choose servers for your SQL Server installation that use a(n) ____ file system. a.FAT b.NTFS c.SSH d.SSL
b.NTFS
#22.____ are the most common way to access resources available throughout the environment. a.System boosters b.Network ports c.Firewalls d.Data scopes
b.Network ports
#9.Audits can be enabled, reviewed, and created using the ____ explorer in the SQL Server Management Studio. a.Inbox b.Object c.Cycle d.Class
b.Object
#30.Which of the following is NOT the type of authentication? a.Knowledge b.Physical devices c.Ownership d.Characteristic.
b.Physical devices
#79. Which of the following is NOT the type of authentication? a.Knowledge b.Physical devices c.Ownership d.Characteristic.
b.Physical devices
#86.____ management tools represent the fundamental tools available with an installation of Microsoft Server 2008. a.Client b.Server c.Web d.Database
b.Server
#68.The needs of the hard drive will depend on the size of the operating system, the databases data files, redo files, archived redo files, and ____ files. a.log b.control c.browser d.status
b.control
#97.A ____ is a piece of information that is used to verify identity, such as a person's username and password, an application's secure ID, or a host's network name and address. a.node b.credential c.role d.privilege
b.credential
#33.To qualify for a license of the Oracle Database Standard Edition (SE), there must be at least ____ or more users. a.two b.five c.seven d.ten
b.five
#71.On all database management systems, user passwords are stored using a nonreversible ____ within a table for which privileges are needed to access. a.filter b.hash c.URL d.procedure
b.hash
#4.Password ____ traverse the network searching for passwords from remote authentication systems. a.trackers b.scanners c.diggers d.loggers
b.scanners
#48.The disadvantage of using time delays is ____. a.unreliable results b.the delay itself c.too many errors d.too few errors
b.the delay itself
#41.When choosing an appropriate operating system, you first must decide on either a ____-bit or a ____-bit platform. a.12, 24 b.24, 48 c.32, 64 d.64, 128
c.32, 64
#47.The ____ tool is a wizard that is used to prepare SQL Server failover cluster installation. a.Advanced Cluster Creation b.Advanced Cluster Development c.Advanced Cluster Preparation d.Advanced Cluster Completion
c.Advanced Cluster Preparation
#96.Which of the following ensures that only authorized parties can view the information? a.Integrity b.Availability c.Confidentiality d.Access Control
c.Confidentiality
#62.____ requests are encoded by the browser into a URL and the server will execute whatever parameters are appended to the URL itself. a.POST b.HEAD c.GET d.TRACE
c.GET
#58.MySQL is licensed under the ____. a.Berkeley Software Distribution (BSD) license b.Limited License (LL) c.General Public License (GPL) d.Unlimited Site License (USL)
c.General Public License (GPL)
#92.The ____ Services tool joins together and normalizes data from different sources. a.Analysis b.Reporting c.Integrated d.Translating
c.Integrated
#5.____ testing will identify attacks and the damage that can be caused within the database environment itself. a.Audit b.Black box c.Internal d.Local
c.Internal
#52.Oracle ____ is an online analytical processing server that provides centralized management and advanced analytical capabilities (e.g., budgeting, forecasting) for data within an environment. a.ALP b.HAP c.OLAP d.SAPS
c.OLAP
#74.____ is the default generic database administrator account for Oracle databases. a.SA b.SYSMAN c.SYSTEM d.ADMIN
c.SYSTEM
#51.Which of the following best describes spyware? a.Software that provides the originator with the venue to propagate b.Software hidden on a computer for the purpose of compromising the system c.Software used for the collection of personal data d.Software that reports data such as surfing habits and sites visited
c.Software used for the collection of personal data
#66.Which of the following is a type of malware associated with collecting personal information without appropriately obtaining prior consent? a.Trojan. b.Virus c.Spyware d.Worm
c.Spyware
#57.A(n) ____ key is a field with values that are used to sequence data. a.identity b.composite c.alternate d.control
c.alternate
#43.Monitoring privileges very closely to ensure security and ____ is a must. a.singularity b.collaboration c.granularity d.synchronization
c.granularity
#7.The ____ server contains applications that enforce business and database rules. a.top layer b.main layer c.middleware d.scripting
c.middleware
#16.A(n) ____ key is a field that contains a unique label by which we can identify a record or row in a table. a.identity b.foreign c.primary d.local
c.primary
#99.A ____ database is a storage model in which common entities are stored within separate tables that use unique key identifiers to build relationships among these entities. a.flat b.hierarchical c.relational d.network
c.relational
#32.The auditing process generally includes three steps: prepare, audit, and ____. a.research b.analyze c.report d.implement
c.report
#91.Often, ____ schedules are used in an attempt to ensure that all areas of the organization are audited over a certain period of time. a.spiral b.iterative c.rotating d.elevated
c.rotating
#81.The database ____ is the overall logical structure of the objects within the database. a.blueprint b.target c.schema d.review
c.schema
#11.What is the backdoor? a.Another name of the trojan horse b.A method to deny service by causing a computer to perform an unproductive task c.A piggyback-entry wiretapping d.A hidden access method in programs or systems
d.A hidden access method in programs or systems
#61.The ____ tool is a wizard that is used to create a failover cluster from existing cluster instances. a.Advanced Cluster Creation b.Advanced Cluster Development c.Advanced Cluster Preparation d.Advanced Cluster Completion
d.Advanced Cluster Completion
#69.Which of the following security services are provided if a sender encrypts data with her private key? a.Authentication b.Integrity c.Confidentiality d.Corruption
d.Corruption
#1.A(n) ____ is an application that allows others to search stored data in order to locate specific information. a.SQL b.POS c.TDS d.DBMS
d.DBMS
#44.The ____ holds a database of domain names and their respective IP addresses a.HTTP b.SQL c.OS d.DNS
d.DNS
#8.Oracle ____ offers a sophisticated suite of artificial intelligence tools designed to locate trends and predictive behavior within stored data. a.Encryption b.Robotics c.Business Intelligence d.Data Mining
d.Data Mining
#65.____ is designed to enable the tracking of the history of a table, for auditing and compliance purposes. a.Oracle Spatial b.Oracle Tuning Pack c.Oracle Active Data Guard d.Oracle Total Recall
d.Oracle Total Recall
#15.____ linked databases can only be accessed by the user who created the link itself. a.Local b.Secure c.Policy d.Private
d.Private
#45.____ offers a way to actively evaluate the security measures implemented within an environment in terms of strength and loss potential by focusing primarily on the actual security measures implemented. a.Security audits b.Security review c.Security classification d.Security testing
d.Security testing
#18.Which of the following best describes a rootkit? a.Software that reports data such as surfing habits and sites visited b.Software used for the collection of personal data c.Software that provides the originator with the venue to propagate d.Software hidden on a computer for the purpose of compromising the system
d.Software hidden on a computer for the purpose of compromising the system
#26.____ statements provide an opportunity for an intruder to attach his or her own queries onto already existing legitimate statements. a.ADD b.APPEND c.END d.UNION
d.UNION
#12.A ____ file is a file that contains code that can be read by machines and run as an executable file. a.computing b.boot c.server d.binary
d.binary
#13.SQL Server data is stored, retrieved, and manipulated within a ____ architecture. a.triangular b.flat c.node-outposts d.client-server
d.client-server
#28.After installation, MySQL must be ____. a.ported b.linked c.encrypted d.configured
d.configured
#23.The two types of information reconnaissance are ____. a.internal and external b.static and dynamic c.open and closed d.passive and active
d.passive and active
#63.The first step in preparation for an audit is the ____ stage. a.feedback b.market research c.reporting d.planning and preparation
d.planning and preparation
#38.A row is often referred to as a ____. a.field b.cell c.sheet d.record
d.record
#6.A virus that installs itself or takes residence directly in the main system memory of a computer is known as a ____ virus. a.direct b.Trojan c.time bomb d.resident
d.resident
#27.In a ____ attack, an intruder uses only one channel for which to execute SQL injections and obtain the returned results. a.direct channel b.point-based c.simple d.single-channel
d.single-channel
#42.A SQL injection executed without an error returned from the database is known as a(n) ____ injection. a.baseline b.natural c.successful d.unsuccessful
d.unsuccessful