Secure Databases

Ace your homework & exams now with Quizwiz!

The statement, 'or '1'='1, always returns ____.

True

____ statements provide an opportunity for an intruder to attach his or her own queries onto already existing legitimate statements.

UNION

Appropriate ____ control is essential to ensure the confidentiality, integrity, and availability of the DBMS.

access

The process for which permissions are applied to a user is known as ____.

authorization

____ are responsible for the theft and destruction that affect our systems.

black hats

A ____ is a piece of information that is used to verify identity, such as a person's username and password, an application's secure ID, or a host's network name and address.

credential

A(n) ____ SQL statement is a SQL statement that is generated on the fly by an application (such as a Web application), using a string of characters derived from a user's input parameters into a form within the application itself.

dynamic

Including ____ processes between the user input and the dynamically created statement that define certain limitations for a user's input can easily reduce the number of SQL injection attacks.

filtering

The term ____ refers to those who have mastered the firmware and software of modern computer systems, and enjoy the exploration and analysis of network security with no intent to intrude or cause harm.

hacker

On all database management systems, user passwords are stored using a nonreversible ____ within a table for which privileges are needed to access.

hash

It can be beneficial, if the resources are available, to create a ____ environment to mislead intruders.

honeypot

Viruses that do not become active until predetermined specific conditions are met are known as ____ bombs.

logic

Through ____ and monitors, an experienced security professional can identify a potential attack.

logs

A(n) ____ attack involves the intruder using one avenue, such as with Web applications, to initiate the injection and a different one to obtain the results.

multichannel

Preparing for a database security audit requires the auditor to gather as much information about the database environment as possible to define the specific ____.

perimeter

The first step in preparation for an audit is the ____ stage.

planning and preparation

It is possible for the DNS server to be attacked, an intrusion called DNS ____.

poisoning

A security audit tests to ensure that the proper ____ and procedures are in place to handle a potential vulnerability.

policies

The auditor or auditing committee's recommendations are typically followed by a specific set of ____ actions.

remediation

The auditing process generally includes three steps: prepare, audit, and ____.

report

A virus that installs itself or takes residence directly in the main system memory of a computer is known as a ____ virus.

resident

The database ____ is the overall logical structure of the objects within the database.

schema

The audit ____ is the area or system on which the security audit will focus.

scope

In a ____ attack, an intruder uses only one channel for which to execute SQL injections and obtain the returned results.

single-channel

A ____ Uniform Resource Locator (URL) is used to fool a user into believing that the site is a legitimate or well-known site, such as Yahoo! or Google.

spoofed

A(n) ____ SQL statement is a statement that is built by the user and the full text of the statement is known at compilation.

static

Filters will often use ____ comparisons to identify dangerous code being input or displayed as output.

string

A SQL injection executed without an error returned from the database is known as a(n) ____ injection.

successful

Once a list of accessible databases is discovered, the next step for an intruder is to extract the ____ within the target database.

tables

____ is the process of confirming the identity of those individuals or applications that request access to a secure environment.

Authentication

____ attacks often involve the act of obtaining passwords or specific pieces of information through iterative trial and error.

Brute force

____ refers to the efforts taken through policy, procedure, and design in order to create and maintain the privacy and discretion of information and systems.

Confidentiality

____ determines the dynamic behavior of a program by examining its static code.

Data flow analysis

____ responses, if present, can provide the most reliable means by which to identify the database.

Database

____ utilization and sensitive data storage are two considerations that must be included in any database security audit.

Encryption

____ audits can be requested by governing bodies or financial institutions out of concern for noncompliance or corrupt undertakings.

External

The statement, 'or '1'='2, always returns ____.

False

____ audits utilize an external group of individuals who are hired or employed by the government or other standard-setting groups for the purpose of conducting an audit.

Formal

For MySQL, the ____ command is used to provide access to a privilege.

GRANT

____ testing conducted on error messages offers administrators and security professionals great insight into their own systems.

Inferential

____ refers to the efforts taken through policy, procedure, and design in order to create and maintain reliable, consistent, and complete information and systems.

Integrity

____ applications are designed to monitor external requests that are sent to obtain access to the database, and the database environment's responses to these requests.

Middleware

JavaScript used within a Web application can almost provide certainty that the database being used is ____.

Oracle

The ____ role is a special role in which every SQL Server database user is a member and cannot be removed.

PUBLIC

____ is the attempt to obtain PII from people through the use of spoofed e-mail addresses and URLs.

Phishing

____ is a strategy that allows the database to contain multiple instances of a record, all pointing to the same primary key, but which contains and displays different values to users of different security classifications.

Polyinstantiation

____ is the system administrator login in SQL Server and it holds great power on the database.

SA

____ is the default generic database administrator account for Oracle databases.

SYSTEM

____ use human interaction to manipulate people into gaining access to systems, unauthorized areas, and confidential information.

Social Engineers

____ queries are used to analyze the data in a database for auditing users and finding trends.

Statistical


Related study sets

Economics for Mangers- Suppliers and Cost

View Set

OB Chapt 16 Nursing Management During the Postpartum Period

View Set

Sr Med Surg: PrepU Ch 14: Shock & Multiple Organ Dysfunction Syndrome

View Set