20 Questions
Database security encompasses only the protection of the data held in a database
False
Breaches of security may affect only the data held in a database
False
Theft and fraud can alter data in a database
False
Database security should focus on reducing the opportunities for theft and fraud
True
Loss of availability means data or the system cannot be accessed, severely impacting an organization's financial performance.
True
Countermeasures to threats on computer systems range from physical controls to administrative procedures.
True
The security of a DBMS is closely associated with the security of the operating system.
True
Mandatory Access Control (MAC) is based on system-wide policies that cannot be changed by individual users and involves security class assignments and clearance for users.
True
Setting a password for the database is available through the Encrypt with Password option in the File/Info section
True
Roles in Oracle can be granted to users or a group of privileges can be granted to a role, which is then assigned to users
True
Internet communication relies on TCP/IP, which was not designed with security in mind
True
Proxy servers in a Web environment intercept requests to determine if they can fulfill them and have two main purposes: improving performance and filtering requests
True
True or false: The Bell-LaPadula model imposes three restrictions on reading and writing database objects: Simple Security Property, *-Property, and Discretionary Access Control?
False
True or false: Journaling is the process of maintaining a log file of all changes made to the database, enabling effective recovery in case of failure?
True
True or false: The Data Encryption Standard (DES) uses a 64-bit key to transform each 56-bit block of plaintext?
False
True or false: Most working systems are based on user keys longer than the message, as longer keys are considered more secure?
False
PGP (Pretty Good Privacy) uses a 128-bit symmetric algorithm for bulk encryption, which is currently considered unbreakable by existing technologies and knowledge.
True
Keys with 64 bits are likely breakable by major governments with special hardware, with 80-bit keys potentially becoming breakable in the future.
True
RAID levels include RAID 0, RAID 1, RAID 0+1, RAID 2, RAID 3, RAID 4, RAID 5, and RAID 6, each with different redundancy and performance characteristics.
True
Microsoft Office Access 2010 does not support SQL GRANT and REVOKE statements for access control, instead providing methods like splitting the database, setting a password, enabling disabled content, and packaging, signing, and deploying the database.
True
Study Notes
Data Security and Administration in Database Management Systems
- PGP (Pretty Good Privacy) uses a 128-bit symmetric algorithm for bulk encryption, which is currently considered unbreakable by existing technologies and knowledge.
- Keys with 64 bits are likely breakable by major governments with special hardware, with 80-bit keys potentially becoming breakable in the future.
- Asymmetric encryption, such as the public key cryptosystems, uses different keys for encryption and decryption, with the most well-known being RSA.
- The hardware running the DBMS should be fault-tolerant, with RAID (Redundant Array of Independent Disks) technology providing redundancy and improved reliability.
- RAID levels include RAID 0, RAID 1, RAID 0+1, RAID 2, RAID 3, RAID 4, RAID 5, and RAID 6, each with different redundancy and performance characteristics.
- Microsoft Office Access 2010 does not support SQL GRANT and REVOKE statements for access control, instead providing methods like splitting the database, setting a password, enabling disabled content, and packaging, signing, and deploying the database.
- Splitting the database, separating database tables from application objects, is the most secure way to protect data and can be done using the Database Splitter Wizard in Office Access 2010.
Test your understanding of the security model for assigning security classes to database objects and subjects. Learn about the ordering of security classes and how clearances are assigned to subjects in the system.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
