Database Security and Auditing Quiz

Questions and Answers

What is the primary purpose of system logs in a database?

• To grant access privileges to users
• To optimize database performance
• To generate automated reports for database usage
• To record every action performed by users during login sessions (correct)

What does a database audit primarily involve?

• Evaluating the performance of database queries
• Assessing user interface design of the database
• Verifying the database backup process
• Reviewing database logs to verify system activities (correct)

What does the GRANT command do in discretionary access control?

• It revokes all privileges from a user
• It permanently deletes user accounts from the database
• It provides specific privileges to users on database objects (correct)
• It allows users to assign privileges to others

Which of the following actions can be specified in the GRANT command?

SELECT (B)

What happens when the WITH GRANT OPTION is used in the GRANT command?

It allows users to further pass the granted privileges to other users (D)

What are the consequences of tampering with a database that is under audit?

May lead to a database audit to investigate suspicious activities (C)

What type of information is recorded in the system log of a database?

All operations such as updates, deletions, and queries made by users (C)

Why is tracking database operations important?

To ensure security and diagnose issues effectively (B)

What is the primary focus of the technological aspect when introducing a database system?

Setting up and maintaining the database system (C)

Which role holds more responsibility than a Database Administrator (DBA)?

Data Administrator (DA) (D)

What is the goal of the cultural aspect in the introduction of a database system?

To ensure users understand how to use the system (B)

In the context of Information Systems, what does the Application Development functional area focus on?

Creating and maintaining software for company use (D)

What is one of the primary roles of a Database Administrator (DBA)?

To manage and control shared databases (C)

Which of the following is NOT a key point in the technological aspect of database introduction?

Training users to understand the system (C)

What is the primary concern of the Database Operations functional area in Information Systems?

Handling and organizing company data (C)

What is one of the responsibilities of a Systems Administrator in relation to Database Administrators?

Coordinating all Database Administrators (B)

What is the primary goal of client-side performance tuning?

To generate SQL queries that return the correct answer quickly. (B)

Which component is NOT a part of the server-side architecture in a DBMS?

Client Process (B)

What are the phases of query processing in a DBMS?

Parsing, Execution, Fetching (D)

What role does the Query Optimizer play in SQL parsing?

Analyzes to find the most efficient data access method. (A)

Which of the following describes the function of the Lock Manager in a DBMS?

Manages concurrent access to data. (D)

What does the Data Cache in a DBMS do?

Holds recently accessed data blocks in RAM. (A)

Which concept refers to optimizing the configuration of the DBMS to respond to requests quickly?

DBMS performance tuning (B)

What is the first phase in the query processing sequence?

Parsing (A)

What is the primary purpose of access plans in a DBMS?

To execute the query and return results efficiently (D)

What happens before a new access plan is created by the system?

A SQL cache check occurs for reusability (C)

Which phase includes the generation of the result set?

SQL Fetching Phase (A)

What is a potential bottleneck in query processing?

Delays during I/O operations (B)

Indexes are beneficial primarily because they:

Enhance data retrieval speed from the database (D)

In terms of data sparsity, which statement is true?

Low data sparsity allows for better indexing opportunities (D)

Which optimizer mode uses predefined rules to choose the execution plan?

Rule-Based Optimizer (C)

What is the first step in the Data-Information-Decision Making Cycle?

Data Collection (C)

Which of the following is NOT a common cause of query processing bottlenecks?

Excessive RAM usage (B)

Which management level is primarily focused on tactical planning?

Middle Management Level (C)

What does Data Quality ensure?

Data is accurate, valid, and timely (D)

What is the main purpose of Data Profiling Software?

To check if data meets organizational standards (C)

Which function does a Database Administrator (DBA) typically perform?

Managing data security and access (C)

What role does dirty data play in database management?

It refers to data with errors and inaccuracies (C)

What is Master Data Management (MDM) Software used for?

To ensure systems have up-to-date and accurate information (D)

What outcome should be expected from the Decision Making step in the Data-Information-Decision Making Cycle?

Informed choices based on knowledge (A)

What are the key phases involved in database design?

Conceptual Design, Logical Design, Physical Design (B)

Which of the following is a primary responsibility of a Database Administrator (DBA)?

Manages day-to-day database tasks (D)

Which skill is NOT typically classified as a managerial skill needed for a DBA?

Knowledge of database languages (D)

What distinguishes a standalone data dictionary from an integrated data dictionary?

An integrated data dictionary is automatically updated (C)

Which is a function of the testing phase in database management?

Ensuring the database runs smoothly (C)

Which of the following tools do DBAs NOT typically use?

Retail Management Software (A)

How does a Data Administrator (DA) usually differ from a Database Administrator (DBA)?

DBAs are involved in setting company-wide data standards (B)

Which aspect is essential for ensuring data quality and management?

Continuously monitoring and improving data quality (C)

Flashcards

Purpose of System Logs

The system log records every action performed by users during their sessions, including updates, deletions, and queries.

Importance of System Logs

Ensures that all database operations are monitored for security and debugging purposes. It helps track down issues like transaction failures or system crashes.

What is a Database Audit?

A review of the database logs to verify all activities performed within the system over a specific period.

What is an Audit Trail?

A database log used primarily for security purposes.

Discretionary Access Control

A method of controlling access in a database by granting and revoking privileges to users.

GRANT Command

The command used to give users specific permissions on a database object.

Privileges

The rights or actions allowed for a user on a database object, such as SELECT, INSERT, UPDATE, DELETE

REVOKE Command

The command used to remove privileges from users on a database object.

SQL Performance Tuning

The process of optimizing the performance of queries executed on a database.

DBMS Performance Tuning

The process of optimizing the performance of a DBMS to handle client requests efficiently.

Listener

The component responsible for receiving SQL queries from clients.

Scheduler

The component responsible for managing the execution of SQL queries concurrently.

Lock Manager

The component responsible for controlling access to database objects.

Optimizer

The component responsible for analyzing SQL queries to determine the most efficient execution plan.

SQL Cache

A cache that stores recently executed SQL statements or procedures for faster retrieval.

Data Cache

A cache that holds the most recently accessed data blocks in RAM, making data retrieval faster.

Access Plan

A pre-defined plan outlining how a DBMS will execute a query efficiently. It optimizes I/O operations and resource usage for faster results.

SQL Cache Check

A process where the DBMS checks if an existing access plan can be reused for a query to save time and resources.

SQL Execution Phase

The stage where the DBMS executes I/O operations (reading/writing data) based on the access plan.

Locks

A mechanism used to ensure data consistency during query execution.

Data Retrieval

Data retrieval from the database files based on the query's needs. This involves transferring data into the server's memory for processing.

Result Set Generation

The stage where the DBMS compiles the query results into a structured format.

Result Delivery

The process of transferring query results from the server to the client in a controlled manner, often in batches.

Query Processing Bottleneck

A delay during query execution that significantly slows down the entire process. Usually caused by factors like slow disk access, network bottlenecks, or CPU limitations.

Dirty Data

Data with errors, inaccuracies, or inconsistencies that can negatively impact decision-making.

Data Quality

The process of ensuring data quality by verifying accuracy, validity, and timeliness, making the data trustworthy for decisions.

Data Profiling Software

Software that analyzes data, checking for errors and deviations from standards, providing valuable insights into data quality.

Master Data Management (MDM) Software

Software that centralizes and manages critical data across different systems, ensuring consistency and accuracy, preventing dirty data.

Top Management Level

The highest level of management, focusing on strategic goals, growth, and overall policies for the organization.

Middle Management Level

The middle layer of management, responsible for tactical planning, monitoring resource use, and evaluating performance.

Operational Management Level

The lowest level of management, responsible for daily operations, ensuring efficient database performance, and responding to user needs.

Data-Information-Decision Making Cycle

The process of understanding and using the collected data to make informed decisions, leading to actions that generate new data.

What is a DBA's role?

A database administrator (DBA) manages daily database operations, focusing on technical aspects like performance tuning and troubleshooting.

What is a DA's role?

A data administrator (DA) takes a long-term view, defining company-wide data policies and ensuring data quality.

What is conceptual database design?

The conceptual design focuses on what data is needed and how it should be organized. It's the blueprint of the data.

What is logical database design?

The logical design determines how data is stored and related within the database. It's about the relationships between different data pieces.

What is physical database design?

The physical design involves setting up the actual database on a physical storage system. It's the actual construction of the database.

What is a data dictionary?

A data dictionary is a centralized repository containing descriptions of all data objects within a database.

What is an integrated data dictionary?

An integrated data dictionary is directly managed by the database management system (DBMS) and is closely tied to the database. It's like the database's built-in encyclopedia.

What is a standalone data dictionary?

A standalone data dictionary is separate from the DBMS and may require manual updates. It's like an external glossary for the database.

Technological Aspect of Database Implementation

The technological aspect of introducing a database system focuses on setting up and maintaining the system efficiently. This includes choosing the right database and hardware, installing, configuring, and ensuring its smooth operation.

Managerial Aspect of Database Implementation

The managerial aspect of introducing a database system concentrates on how the database is organized and utilized within an organization. This involves determining who can access the database and defining its specific roles and responsibilities.

Cultural Aspect of Database Implementation

The cultural aspect of successfully implementing a database system emphasizes user understanding and effective utilization. It involves clear communication and training to ensure users comprehend and can operate the database effectively.

Who is a Database Administrator?

Database Administrators are the experts in managing and controlling shared and centralized databases. They ensure data integrity, security, and effective access within an organization.

Staff DBA Role

Staff DBAs act as consultants, helping devise data administration strategies. They do not enforce policies or resolve conflicts.

Line DBA Role

Line DBAs hold a key managerial role. They are responsible for enforcing data administration policies and resolving conflicts.

Application Development in IS Department

The Application Development area within an Information Systems department focuses on creating, maintaining, and improving the software used by a company. This includes brainstorming new software ideas, developing them, and ensuring their ongoing functionality.

Database Operations in IS Department

The Database Operations area within an IS department handles all the data used and stored by the company. This includes organizing data, ensuring its security, and guaranteeing access for authorized users within the organization.

Study Notes

Database Security

• Database security involves legal, ethical, policy, and technical dimensions
• Primarily aims to prevent unauthorized access to sensitive data
• Common threats include loss of integrity, availability, and confidentiality
• Strategies for protecting databases include access control, inference control, flow control, and data encryption
• Database Administrators (DBAs) are responsible for granting privileges, ensuring overall system security, and managing user accounts
• Access control manages user accounts, login verification, and audit trail creation
• Discretionary Access Control (DAC) and Mandatory Access Control (MAC) are two types of access controls

Access Control

• Objective: Only authorized users can access the database.
• How it works (in databases): Establishment of rules and permissions for authorized users for data access and modification.
• Methods: Use of user IDs and passwords to manage permissions.
• Example: University database where professors can modify grades and course materials but students can only view them.

Inference Control

• Definition: Prevents sensitive information extraction (inference) from publicly available data.
• Why is it important: Protects private data even when some parts are public.
• Example: Publishing salary data of an organization without individual names. Risk of individuals inferring salaries based on other publicly available data. Inference control masks or aggregates data to prevent salary inference.

Flow Control

• Definition: Prevents unauthorized access from reaching unauthorized users.
• Measures: Setting rules and restrictions on data paths to limit data flow to authorized users.
• Methods: Encrypting data to prevent unauthorized viewing and encryption of documents stored in a shared memory system.
• The Importance of flow control: Ensures sensitive data remains within authorized pathways.

Data Encryption

• Definition: Method to protect sensitive data (like credit card information) by transforming it into an unreadable format.
• Data transformation: Converting data using an encryption algorithm.
• Decryption: Conversion of encrypted data back to its original form using a decryption key.
• Importance: Protects sensitive information during transmission or storage, preventing theft or unauthorized access.
• Example: Encrypting credit card information during online transactions.

Types of Database Security Mechanisms

• Discretionary Security Mechanisms (DSM): Flexible, and controlled by administrators. Allows assignment of specific access rights to users.
• Example: Professors can alter course grades but students can only see. It is administered by DBAs who give and take away these privileges.
• Mandatory Security Mechanisms (MSM): Strict security mechanisms, enforced by predefined rules based on data sensitivity and user clearance levels. Example: Classified government information only accessible to users with matching or higher clearance levels.

Database Security and the DBA

• Definition of DBA: Central authority responsible for managing the database system.
• Key Responsibilities: Assign privileges to users based on roles, classify data and users based on sensitivity, enabling secure data handling and access at appropriate levels

Access Control, User Accounts, and Database Audits

• DBA manages security through access control, user accounts, and database audits.
• User account creation: DBAs create unique IDs and passwords to manage access.
• User logins: Users log in with their IDs and passwords.
• DBMS verification: The DBMS verifies login credentials for accurate access.
• Database audits: System logging of every user action, useful for security and error diagnosis.

Discretionary Access Control

• Based on the granting/revoking of privileges on an object.
• Command: GRANT and REVOKE statements.

Mandatory Access Control

• A stringent security measure classifying data and users.
• Data and users are labeled with security levels.
• Users can access data only if their security level matches or is higher than the data's security level.

Comparing Discretionary and Mandatory Access Control

Advantages of Discretionary Access Control (DAC):

• Flexible and customizable. Administrators can control access easily. • Suitable for diverse application needs.

Disadvantages of Discretionary Access Control (DAC):

• Security risk: Easily susceptible to attacks if security measures are weak or misused.

Advantages of Mandatory Access Control (MAC):

• Ensures high protection. • Strict about who can access data and how. • Suitable in environments where data security is critical

Disadvantages of Mandatory Access Control (MAC):

• Rigid and strict structure. • Not ideal for dynamic environments with frequently changing access requirements.

Database Performance Tuning and Query Optimization

• The goal of database performance tuning is to minimize the time it takes retrieve data.
• Database tuning is a series of activities and procedures to reduce response time.
• Optimising performance by ensuring components are operating at optimum levels. minimising bottlenecks to enhance overall performance.
• Activities can be divided into client-side SQL tuning and server-side DBMS tuning.

DBMS Architecture

• Purpose: Efficient database management through various processes.
• Components: Client-side processes (like SQL queries and user processes), server-side processes handling requests, receiving and responding to SQL queries, scheduling, and managing locks and optimizations.
• Includes SQL cache, data cache, I/O operations and database storage (like table spaces and data files).

Query Processing

• Process: The DBMS parses a query, selects an execution plan, executes the query, and fetches data for the client.
• Phases: Parsing (analysing SQL query to select best execution plan), execution (the DBMS runs the query), Fetching (DBMS retrieves the needed data to return to client).
• SQL tuning: Improving the efficiency of SQL to speed up processes.

Query Processing Bottlenecks

• Definition: Delays in query execution due to CPU, RAM, hard disk, network, and application code issues.

Indexes and Query Optimization

• Speed up data retrieval.
• Ordered lists of values (with pointers) associated with data records..
• Indexes scans improve performance over table scans.
• Understanding data sparsity (the number of different values in a column) helps determine when an index improves performance.

Optimizer Choices

• Two primary modes for query optimizers are rule-based optimizers that use pre-defined rules to establish the best execution paths or cost-based optimizers that scrutinize the data and choose the most efficient query execution plan.

Database Administration

• Focuses on the Data-Information-Decision Making cycle, which includes data collection, analysis, information processing, knowledge creation, decision making and actions.
• Dirty data relates to errors/inaccuracies in datasets. Data quality focuses on improving this accuracy, validity and timeliness to enable reliable decision-making. Data profiling software examines and analyses data to ensure quality. Master data management software combines and ensures all systems have up-to-date and accurate data needed for smooth operations.
• Role and placement of Database Administrators (DBAs), which cover staff positions (consultative strategies), or line positions (implementation & enforcement roles for company-wide data policies).
• DBA skills needed include management skills and technical skills in effectively managing databases.
• Tools used by DBAs, like monitoring tools for performance evaluation, performance tools for database improvement, and backup tools for data security.
• A data dictionary acts as a centralized repository for database object descriptions. This includes tables, columns, indices and relationships; this can come as an integrated component of the DBMS, or standalone one.