Chapter 9
What is a firewall?
A security system consisting of software or hardware between an internal network and the Internet
What is a computer virus?
A type of malware that replicates itself into computer programs and performs some type of harmful activity
______ limits who gains access to the database while ______ limits what a user can access within the database
Access authentication, view definition
Which of the following tasks is a typical role of a database administrator?
All are typical tasks
In regards to information security, which of the following is part of identity and access management?
All of the answers are correct
What would be an example of a violation of the principle of confidentiality?
An employee accessing a payroll database to find out how much others are paid
Ensuring data recoverability is done using?
Backup and restore operations
The following are the components of CIA triads except?
Consistency
Which of the following would be the best option for preventing unauthorized access to the database?
Creating stored procedures
You have just completed a project and need to take away the SELECT option for a testing team. Which SQL option will function the best?
DROP ROLE project_x;
______ is the process of transforming data into an unreadable form to anyone who does not know the key
Data encryption
Consider the following SQL. For best security, what type of user should Aaron Burr be? GRANT ALL ON tblUsers TO 'Aaron Burr';
Database administrator
What does the acronym DBA stand for in the context of information systems?
Database administrator
The database administrator is Edmond Dantes. What issues, if any, are present with the following SQL command? REVOKE ALL ON master_database FROM 'Edmond Dantes';
Edmond Dantes will have NO access to the database
What is NOT an example of physical security?
Encrypting email messages
How can data integrity be achieved?
Encryption
Why is database reliability important to organizations?
Ensures accuracy of business information
Which of the following is NOT a type of information security?
Financial database management
______ are threats to a database system
Hackers and SQL injection attacks
______ refers to the process of making sure only those who are entitled to information can access it
Information security
Which one of the following is a component of data reliability?
Integrity
Database security management:
Is the collection of processes and procedures used to protect data and database systems
Why should security testing be a part of information security requirements?
It checks to see if expected security protection really is in place
What is the main idea behind the principle of availability in information security?
People who are authorized to view data can do so when they need access
The ______ ensures that people only have access to the information they need to do their jobs
Principle of least privilege
What is the purpose of security operations in regards to information security?
Provide procedures and plans for maintaining security, such as security patching procedures, incident response and disaster recovery plans
A fast way to get a disrupted system that has been breached up and running is to:
Restore an updated data backup
Why does data need to have a recorded owner?
The data owner makes decisions about access to the data
What is data encryption?
The process of encoding messages so it can only be viewed by authorized individuals
Consider that you have a web site that connects to a sales database. Some of the SQL queries are embedded in the page. What security threat, if any, are you most likely to face?
There is a risk a hacker would use SQL injection
