Database Security Model Quiz

Questions and Answers

How can the backend database be protected?

• By restricting access based on IP address
• By assigning a password and specifying its location (correct)
• By encrypting it with a digital certificate
• By using a firewall to block all incoming traffic

Where is the option to set a password for the database available?

• In the File/Info section under Encrypt with Password option (correct)
• In the Database Settings menu under Security
• In the Tools tab under Database Options
• In the Advanced Settings window under Data Protection

What can Trust Center be used for in a database?

• To schedule automatic backups
• To encrypt the entire database
• To trust (enable) disabled content and set security options (correct)
• To create user roles and permissions

What does the Package-and-Sign feature in Access do?

Places the database in an Access Deployment (.accdc) file and signs the package (B)

What types of security does Oracle provide?

System security (user name and password mechanism) and data security (privileges) (B)

What are Oracle privileges?

System privileges (action on any schema objects) and object privileges (action on specific objects) (C)

What can roles in Oracle be granted to?

Users or a group of privileges can be granted to a role, which is then assigned to users (A)

What does internet communication rely on?

TCP/IP, which was not designed with security in mind (D)

What are key aspects of securing information transmission over the Internet?

Privacy, integrity, authenticity, and nonrepudiation (C)

What are the main purposes of proxy servers in a Web environment?

Improving performance and filtering requests (B)

Match the database security feature with its description:

Encrypt with Password option = Setting a password for the database Trust Center = Trusting disabled content and setting security options for Office Access 2010 databases Package-and-Sign feature = Placing the database in an Access Deployment (.accdc) file and signing the package Oracle system security = Providing user name and password mechanism

Match the aspects of securing information transmission over the Internet with their descriptions:

Privacy = Ensuring that information is not accessed by unauthorized parties Integrity = Ensuring that information is not altered during transmission Authenticity = Verifying the identity of the sender and receiver of information Nonrepudiation = Ensuring that the sender cannot deny sending the information

Match the Oracle privileges with their descriptions:

System privileges = Allowing action on any schema objects Object privileges = Allowing action on specific objects Roles in Oracle = Can be granted to users or a group of privileges can be granted to a role, which is then assigned to users Oracle proxy servers = Intercepting requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests

Match the Internet communication aspect with its description:

TCP/IP = Was not designed with security in mind Proxy servers in a Web environment = Intercepting requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests Trust Center = Trusting disabled content and setting security options for Office Access 2010 databases Package-and-Sign feature = Placing the database in an Access Deployment (.accdc) file and signing the package

Match the Oracle data security feature with its description:

System security (user name and password mechanism) = Providing user name and password mechanism Oracle privileges = Include system privileges (action on any schema objects) and object privileges (action on specific objects) Roles in Oracle = Can be granted to users or a group of privileges can be granted to a role, which is then assigned to users Internet communication = Relies on TCP/IP, which was not designed with security in mind

Setting a password for the database is available through the Encrypt with Password option in the File/Info section

True (A)

Trust Center can be used to trust (enable) the disabled content in a database and set security options for Office Access 2010 databases

True (A)

Oracle provides system security (user name and password mechanism) and data security (privileges)

True (A)

Roles in Oracle can be granted to users or a group of privileges can be granted to a role, which is then assigned to users

True (A)

Internet communication relies on TCP/IP, which was not designed with security in mind

True (A)

Privacy, integrity, authenticity, and nonrepudiation are key aspects of securing information transmission over the Internet

True (A)

Proxy servers in a Web environment intercept requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests

True (A)

Backend database can be protected by assigning a password and specifying its location

True (A)

Package-and-Sign feature in Access places the database in an Access Deployment (.accdc) file and signs the package

True (A)

Oracle privileges include system privileges (action on any schema objects) and object privileges (action on specific objects)

True (A)

Study Notes

Database Security and Administration

• Backend database can be protected by assigning a password and specifying its location
• Setting a password for the database is available through the Encrypt with Password option in the File/Info section
• Trust Center can be used to trust (enable) the disabled content in a database and set security options for Office Access 2010 databases
• Package-and-Sign feature in Access places the database in an Access Deployment (.accdc) file and signs the package
• Oracle provides system security (user name and password mechanism) and data security (privileges)
• Oracle privileges include system privileges (action on any schema objects) and object privileges (action on specific objects)
• Roles in Oracle can be granted to users or a group of privileges can be granted to a role, which is then assigned to users
• Internet communication relies on TCP/IP, which was not designed with security in mind
• Privacy, integrity, authenticity, and nonrepudiation are key aspects of securing information transmission over the Internet
• Proxy servers in a Web environment intercept requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests

Database Security and Administration

• Backend database can be protected by assigning a password and specifying its location
• Setting a password for the database is available through the Encrypt with Password option in the File/Info section
• Trust Center can be used to trust (enable) the disabled content in a database and set security options for Office Access 2010 databases
• Package-and-Sign feature in Access places the database in an Access Deployment (.accdc) file and signs the package
• Oracle provides system security (user name and password mechanism) and data security (privileges)
• Oracle privileges include system privileges (action on any schema objects) and object privileges (action on specific objects)
• Roles in Oracle can be granted to users or a group of privileges can be granted to a role, which is then assigned to users
• Internet communication relies on TCP/IP, which was not designed with security in mind
• Privacy, integrity, authenticity, and nonrepudiation are key aspects of securing information transmission over the Internet
• Proxy servers in a Web environment intercept requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests

Database Security and Administration

• Backend database can be protected by assigning a password and specifying its location
• Setting a password for the database is available through the Encrypt with Password option in the File/Info section
• Trust Center can be used to trust (enable) the disabled content in a database and set security options for Office Access 2010 databases
• Package-and-Sign feature in Access places the database in an Access Deployment (.accdc) file and signs the package
• Oracle provides system security (user name and password mechanism) and data security (privileges)
• Oracle privileges include system privileges (action on any schema objects) and object privileges (action on specific objects)
• Roles in Oracle can be granted to users or a group of privileges can be granted to a role, which is then assigned to users
• Internet communication relies on TCP/IP, which was not designed with security in mind
• Privacy, integrity, authenticity, and nonrepudiation are key aspects of securing information transmission over the Internet
• Proxy servers in a Web environment intercept requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests

Description

Test your knowledge of database security models, including the assignment of security classes to database objects and subjects, as well as the ordering of security classes. Explore the concepts of top secret, secret, confidential, and unclassified data.