Database Views

Questions and Answers

What is the primary factor considered when implementing biometric identification systems?

Habits and identification part of the body

Unique physical attributes or behavior (correct)

Income level and tone of voice

Age and sex of a person

What is the first step in protecting data's confidentiality?

Reviewing user access rights

Installing a firewall

Identifying sensitive information (correct)

Implementing encryption

What type of access control is based on an individual's identity?

Non-Discretionary Access Control

Rule-based Access control

Identity-based Access control (correct)

Lattice-based Access control

What is the primary purpose of biometric identification systems?

To uniquely identify a person

What is the main goal of protecting data's confidentiality?

To ensure only authorized access

What type of access control is based on a set of rules?

Rule-based Access control

What is the primary consideration when implementing discretionary access control?

Identity of an individual

What is the primary mechanism to protect sensitive information after identification?

Implementing encryption

What is the primary purpose of views in a database?

To provide abstraction and simplify database design

What is a key benefit of using views in a database?

Easier data normalization

What is a characteristic of rows available through a view?

They are not sorted

What is the purpose of abstraction in database design?

To simplify database design

What is the term for testing internal structures or workings of an application?

White-box testing

What is the opposite of white-box testing?

Black-box testing

What is the purpose of normalization in database design?

To reduce data redundancy

What is a benefit of using views to aggregate data?

Simplified database design

What is the primary focus of the Bell-LaPadula model?

Data confidentiality

Who developed the Bell-LaPadula model?

David Elliott Bell and Leonard J. LaPadula

What is the primary goal of the Bell-LaPadula model?

To formalize the U.S. Department of Defense multilevel security policy

What is the purpose of security labels in the Bell-LaPadula model?

To classify objects as sensitive or unclassified

What is a 'secure state' in the Bell-LaPadula model?

A state where only permitted access modes are allowed

What is the relationship between subjects and objects in the Bell-LaPadula model?

Entities in an information system are divided into subjects and objects

What is the purpose of transition functions in the Bell-LaPadula model?

To define the transition from one state to another

What is the benefit of the Bell-LaPadula model?

It proves that the system satisfies the security objectives

What is the main difference between the Biba model and the Bell-LaPadula model?

The Biba model has the reverse rules of the Bell-LaPadula model.

What is the purpose of the 'no read down' integrity rule in the Biba model?

To prevent a subject from reading an object at a lower integrity level.

What is the 'Simple Integrity Axiom' in the Biba model?

A subject at a given level of integrity must not read an object at a lower integrity level.

What is the '* (star) Integrity Axiom' in the Biba model?

A subject at a given level of integrity must not write to an object at a higher integrity level.

What is the main concept behind Lattice-Based Access Control (LBAC)?

A subject's access to an object is determined by the subject's integrity level.

What is the mathematical expression of the security level access in Lattice-Based Access Control (LBAC)?

The greatest lower bound (meet) of the levels of the subject and object.

What is the result of combining two objects X and Y in Lattice-Based Access Control (LBAC)?

A new object Z, which is assigned the security level formed by the join of the levels of X and Y.

What is the purpose of the lattice in Lattice-Based Access Control (LBAC)?

To define the levels of security that a subject may have access to and that an object may have.

What is the primary objective of the information flow model developed by Dorothy Denning?

To address covert channels

Which access control category is designed to specify rules of acceptable behavior in an organization?

Organizational Security Policy

What is a characteristic of two-factor authentication?

It relies on two independent proofs of identity

What is NOT a characteristic of two-factor authentication?

It relies on hand geometry for authentication

Which of the following is an incorrect statement about two-factor authentication?

It requires two measurements of hand geometry

What is the purpose of the information flow model?

To address covert channels

What is an incorrect statement about access control categories?

Organizational Security Policy is not one of the seven types

What is a characteristic of the Bell-LaPadula model?

It is a type of mandatory access control

What type of error occurs when an application or system is vulnerable due to an unexpected interaction with the operating system or another application?

Exceptional condition handling error

Which biometric device has the highest precision rate?

Retina scan

What is the primary reason why users tend to dislike retina scans?

They are not user-friendly

What is the main difference between environmental errors and configuration errors?

Environmental errors are caused by system flaws, while configuration errors are caused by user interactions

Which of the following is NOT a type of error that can occur in a system?

Syntax error

What is the primary goal of the Bell-LaPadula model?

To protect sensitive information from unauthorized access

What is the purpose of security labels in the Bell-LaPadula model?

To classify objects based on their sensitivity level

Which of the following is a characteristic of the Biba model?

It has the 'no read down' integrity rule

What type of controls are encryption and access control considered as?

Logical controls

What is the term for having more computer rights, permissions, and access than required?

Excessive Privileges

What information do sensitivity labels attached to objects contain in Mandatory Access Control?

The item's classification and category set

What is the primary purpose of logical controls like encryption and access control?

To prevent security breaches

What is the primary focus of the Bell-LaPadula model?

Confidentiality

What is the purpose of security labels in the Bell-LaPadula model?

To classify objects

What is the primary goal of the Bell-LaPadula model?

To prevent unauthorized access

What is the relationship between subjects and objects in the Bell-LaPadula model?

Subjects have read access to objects

What is the primary focus of white-box testing?

To exercise paths through the code and determine the appropriate outputs

What is the main difference between alpha and beta testing?

Alpha testing is performed by internal users, while beta testing is performed by external users

What is the purpose of pilot testing?

To provide a limited evaluation of the system

What is the last stage of testing before a product is considered finished?

Beta testing

What type of testing involves exercising paths through the code and determining the appropriate outputs?

White-box testing

What is an advantage of white-box testing?

It can uncover many errors or problems

What is the primary difference between an alpha version and a beta version?

An alpha version is for internal users, while a beta version is for external users

What is the purpose of proof of concept in testing?

To provide a limited evaluation of the system

Which type of access control is characterized by the restriction of access to systems and the protection of information?

Logical or Technical Controls

What is an example of a logical or technical control?

Encryption

What is the primary purpose of logical or technical controls?

To restrict access to systems and protect information

Which of the following is NOT an example of a logical or technical control?

Policies and procedures

What is the primary focus of logical or technical controls in terms of access control?

Restriction of access to systems

What is the primary mechanism used by logical or technical controls to protect information?

Encryption

What is the main difference between logical or technical controls and other types of access control?

They involve the restriction of access to systems and the protection of information

What is the primary benefit of using logical or technical controls to protect information?

They provide an additional layer of security

What is the main purpose of a security model in enforcing a security policy?

To map abstract security goals to information system terms

What is the primary focus of the Bell-LaPadula model?

Confidentiality of information

What determines the handling procedures for classified information in a multilevel security system?

The object's classification level

What is used to determine if subjects can access different objects in the Bell-LaPadula model?

Matrix and security levels

What is the relationship between subjects and objects in the Bell-LaPadula model?

Subjects can access objects with a lower classification level

What is the purpose of a security policy in a multilevel security system?

To establish the abstract security goals of the system

What is the benefit of using a security model in system design?

It provides a mathematical framework for system specifications

What is the primary goal of a security model in enforcing a security policy?

To enforce the security policy through explicit data structures and techniques

What is the Failed Acceptance Rate (FAR) measuring?

The rate at which attempts by unauthorized users are incorrectly accepted as valid

What is the relationship between Failed Rejection Rate (FRR) and Failed Acceptance Rate (FAR)?

As FRR increases, FAR decreases

What is the Cross-over Error Rate (CER) also known as?

Equal Error Rate (EER)

What type of error occurs when a valid user is rejected by the system?

False Rejection Rate

What is the purpose of the Cross-over Error Rate (CER)?

To measure the accuracy of a biometric system

What is the relationship between the Failed Rejection Rate (FRR) and the Cross-over Error Rate (CER)?

FRR is equal to CER

What is the importance of the Cross-over Error Rate (CER) in biometric systems?

It measures the accuracy of a biometric system

What is the purpose of the DROP command in a database?

To remove entire database objects from the DBMS

What is the purpose of biometric systems?

To provide authentication

What is the primary function of the INSERT command in SQL?

To add a new record to an existing table

What is the most commonly used command in SQL?

SELECT

What does the 'null' keyword indicate in a database field?

The field can be empty or contain no value

What is the purpose of the Data Definition Language (DDL)?

To define the structure of a database

What is the purpose of the Data Manipulation Language (DML)?

To retrieve, insert, and modify database information

What is the purpose of the command 'DROP TABLE personal_info'?

To remove the entire personal_info table from the database

What is the purpose of the command 'DROP DATABASE employees'?

To remove the entire employees database from the DBMS

What is the primary factor considered when implementing mandatory access control?

Security clearance

What protocol was used by the initial version of the Terminal Access Controller Access Control System (TACACS) for communication between clients and servers?

UDP

What type of access control is based on labels, which indicate a subject's clearance?

Mandatory access control

What is the primary purpose of the Terminal Access Controller Access Control System (TACACS)?

To authenticate and authorize access to resources

What is the default port used by TACACS for communication between clients and servers?

Port 49

What is the primary advantage of using mandatory access control?

Improved security due to clearance-based access

What is the primary difference between the initial and extended versions of TACACS?

Level of functionality

What is the purpose of the TACACS daemon or TACACSD?

To determine whether to accept or deny authentication requests

What is the primary purpose of authentication in an access control system?

To verify the claimed identity of a user

What type of access control is used to specify rules of acceptable behavior in an organization?

Preventive Access Control

What is the term for testing internal structures or workings of an application?

White-box testing

What is the primary goal of the Bell-LaPadula model?

To ensure confidentiality of sensitive data

What is the purpose of security labels in the Bell-LaPadula model?

To specify the level of access to a resource

What is the term for having more computer rights, permissions, and access than required?

Privilege escalation

What is the primary purpose of views in a database?

To simplify complex queries

What is a characteristic of the Biba model?

It is used to implement integrity controls on data

What is the primary purpose of using physical attributes or behavior in biometric identification systems?

To accurately identify individuals

What is the primary consideration when implementing discretionary access control?

User identity and access rights

What is the primary mechanism to protect sensitive information after identification?

Encryption implementation

What is the relationship between subjects and objects in the Bell-LaPadula model?

Subjects have read access to objects

What is the primary objective of the information flow model developed by Dorothy Denning?

To prevent unauthorized data flow

What type of error occurs when an application or system is vulnerable due to an unexpected interaction with the operating system or another application?

Environmental error

What is the primary goal of protecting data's confidentiality?

To prevent unauthorized data access

What is the primary benefit of using identity-based access control?

It is based on an individual's identity

What type of vulnerability can occur when a process attempts to store data beyond the boundaries of a fixed-length buffer?

Buffer Overflow

What is the definition of a 'System Crash'?

A system that stops performing its expected function

Which type of password token involves time synchronization?

Synchronous dynamic password tokens

What is the primary consideration when implementing discretionary access control?

Access control lists

What is the purpose of security labels in the Bell-LaPadula model?

To classify objects based on their sensitivity level

What is the primary goal of the Bell-LaPadula model?

To preserve the confidentiality and integrity of data

What type of error occurs when an application or system is vulnerable due to an unexpected interaction with the operating system or another application?

Environmental error

What is the term for having more computer rights, permissions, and access than required?

Overprivilege

What type of testing is used to determine the effectiveness of a software program's logic?

White Box Testing

What is the purpose of regression testing?

To rerun a portion of a test scenario or test plan

What is the primary focus of sociability testing?

To confirm that a new or modified system can operate in its target environment

What is the purpose of parallel testing?

To feed test data into two systems and compare the results

What type of testing is associated with testing components of an information system's 'functional' operating effectiveness?

Black Box Testing

What is the primary purpose of function/validation testing?

To test the functionality of the system against the detailed requirements

What type of testing is used to test the impact of installing new dynamic link libraries (DLLs) on the desktop environment?

Sociability Testing

What is the primary difference between white box testing and black box testing?

White box testing tests internal structures, while black box testing tests functional operating effectiveness

Which protocol is used by RADIUS servers to authenticate users?

CHAP and PAP

What is the main advantage of using a RADIUS approach to authentication?

It provides stronger form of authentication

What type of passwords can RADIUS servers make use of?

Both dynamic and static passwords

What is the primary function of a Network Access Server (NAS) in a RADIUS system?

To act as a client of RADIUS servers

What is the term RADIUS an acronym for?

Remote Authentication Dial In User Service

What type of authentication is possible with RADIUS, using hardware or software tokens?

Two-factor authentication

What is the purpose of the token in RADIUS token-based schemes?

To generate a dynamic password

What is the document that describes the features and functions of RADIUS?

RFC 2138

Which type of controls are used to prevent unauthorized personnel or programs from gaining remote access to computing resources?

Preventive/Technical

What is the primary purpose of technical controls in access control?

To prevent unauthorized access

What is an example of a technical control used to enforce access control policies?

Access control software

What is the primary goal of preventive technical controls?

To prevent unauthorized access

Which of the following is an example of a technical control used to prevent unauthorized access?

Smart cards

What is the primary purpose of technical controls in access control?

To prevent unauthorized access

Which of the following is a characteristic of technical controls?

They are used to prevent unauthorized access

What is the primary benefit of using technical controls in access control?

They prevent unauthorized access

What is the primary focus of the Bell-LaPadula model in terms of security?

Data confidentiality and controlled access

What is the purpose of transition functions in the Bell-LaPadula model?

To transition from one secure state to another

What is the main difference between the Bell-LaPadula model and the Biba model?

One focuses on confidentiality, the other on integrity

What is the relationship between subjects and objects in the Bell-LaPadula model?

Subjects have access to objects based on clearance levels

What is the benefit of using a formal state transition model like the Bell-LaPadula model?

It proves that a system satisfies security objectives

What is the purpose of security labels in the Bell-LaPadula model?

To classify objects based on their sensitivity level

What is a 'secure state' in the Bell-LaPadula model?

A state where only permitted access modes are allowed

What is the primary goal of the Bell-LaPadula model in terms of access control?

To control access to classified information

What is the primary consideration when balancing access controls enforced by an organization and system policy with the ability of information owners to determine access?

The discretionary access control model

What is the main characteristic of a Limited RBAC architecture?

User-role mapping within a single application

What is the primary objective of role-based access control (RBAC)?

To determine access control authorizations based on job functions

What is the purpose of the DROP command in SQL?

To remove entire database objects from the DBMS

How do objects associated with a role inherit privileges in RBAC?

Through the privileges assigned to that role

What is the primary difference between Non-RBAC and Limited RBAC architectures?

The scope of the role structure

What is the purpose of the INSERT command in SQL?

To add new records to a table

How are access control decisions made in a role-based access control (RBAC) model?

Based on job function

What is the purpose of the SELECT command in SQL?

To retrieve data from a table

What is the purpose of the 'null' keyword in SQL?

To allow a column to contain null values

What is the primary benefit of using groups in role-based access control (RBAC)?

Simplifying access control strategies

What is the Data Definition Language (DDL) used for?

To define the structure of a database

What is the main advantage of using role-based access control (RBAC) over traditional access control models?

Simplified access control strategies

What is the Data Manipulation Language (DML) used for?

To retrieve, insert, and modify database information

What is the purpose of the 'money' argument in SQL?

To store a value in a dollars and cents format

What is the command to remove the entire 'employees' database?

DROP DATABASE employees

What is the primary reason why environmental errors occur in a system?

Due to an unexpected interaction between an application and the operating system

Which of the following biometric devices has the highest precision rate?

Retina scan

What is the primary difference between environmental errors and configuration errors?

Environmental errors occur due to an unexpected interaction, while configuration errors occur due to user-controllable settings

What type of error occurs when an application or system is vulnerable due to an exceptional condition that has arisen?

Exceptional condition handling error

What is the primary reason why users tend to dislike retina scans?

They are not user-friendly and very intrusive

Which of the following is NOT a type of error that can occur in a system?

Network error

What is the primary goal of the system when it is vulnerable due to an exceptional condition that has arisen?

To minimize the impact of the exceptional condition

What is the primary difference between an environmental error and an access validation error?

Environmental errors occur due to an unexpected interaction, while access validation errors occur due to a faulty access control mechanism

What is the primary purpose of preventive physical controls?

To prevent unauthorized personnel from entering computing facilities and to protect against natural disasters

Which of the following is an example of a preventive administrative control?

Security awareness and technical training

What is the main goal of site selection as a preventive physical control?

To select a location that is secure and safe from natural disasters and unauthorized access

Which of the following is NOT an example of a preventive physical control?

Procedures for recruiting and terminating employees

What is the primary purpose of disaster recovery, contingency, and emergency plans as a preventive administrative control?

To provide a plan for recovering from disasters and emergencies

Which of the following is an example of a physical control that is used to protect against natural disasters?

Fire extinguishers

What is the primary purpose of user registration for computer access as a preventive administrative control?

To provide a secure way for users to access computers

Which of the following is a characteristic of preventive administrative controls?

They are personnel-oriented techniques for controlling people's behavior

What is the primary purpose of a logon banner for anonymous users?

To notify users of acceptable use policies

Which of the following is a characteristic of something you know?

A password or PIN

What is the primary purpose of two-factor authentication?

To provide an additional layer of security

Which of the following is a type of something you are?

A fingerprint or facial recognition

What is the primary benefit of using two-factor authentication?

Increased security

Which of the following is NOT a type of authentication factor?

Something you eat

What is the primary consideration when implementing biometric authentication?

Accuracy

Which of the following is a characteristic of something you have?

A smartcard or token

Study Notes

Views in Databases

• A view is a relational table that provides abstraction, similar to functions in programming.
• Views can be nested, aggregating data from other views, making it easier to create lossless join decomposition.
• Rows available through a view are not sorted, as sets are not sorted by definition.
• An ORDER BY clause in a view definition is meaningless and not allowed in the SQL standard.

Testing Methods

• White-box testing examines the internal structure or working of an application.
• It tests internal structures or workings of an application, as opposed to its functionality (black-box testing).

Biometric Identification

• Biometric identification systems use unique physical attributes or behavior of a person for identification.
• Implementation of fast, accurate, reliable, and user-acceptable biometric identification systems is already taking place.

Data Confidentiality

• Identifying which information is sensitive is the first step in protecting data confidentiality.
• Installing a firewall, implementing encryption, and reviewing user access rights are subsequent steps.

Discretionary Access Control (DAC)

• Identity-based Access Control is a type of DAC that is based on an individual's identity.
• Other types of DAC include Rule-based Access Control, Non-Discretionary Access Control, and Lattice-based Access Control.

Bell-LaPadula Model

• The Bell-LaPadula model is a formal state transition model of computer security policy that describes a set of access control rules.
• It focuses on data confidentiality and controlled access to classified information.
• The model is built on the concept of a state machine with a set of allowable states in a computer network system.

Lattice-Based Access Control

• Lattice-Based Access Control (LBAC) is a complex access control model based on the interaction between objects and subjects.
• A lattice is used to define the levels of security that an object may have and that a subject may have access to.

Two-Factor Authentication

• Two-factor authentication requires two independent proofs of identity, such as something the user has and something the user knows.
• It may be used with single sign-on technology.

Access Control Categories

• One of the seven types of Access Control Categories is designed to specify rules of acceptable behavior in an organization.

Exceptional Condition Handling Error

• An exceptional condition handling error occurs when a system becomes vulnerable due to an unexpected condition that arises.

Biometric Devices

• Retina scan has the lowest user acceptance level among biometric devices due to its invasive nature.
• Retina scan is the most precise with an error rate of about one per 10 million usages.

Technical Controls

• Technical controls, also known as logical controls, can be built into the operating system, be software applications, or supplemental hardware/software units.
• Examples of technical controls include encryption, smart cards, access lists, and transmission protocols.

Excessive Privileges

• Excessive privileges occur when a user has more computer rights, permissions, and access than necessary for their tasks.
• This is a common security issue that is hard to control in large environments.

Mandatory Access Control

• In Mandatory Access Control, sensitivity labels attached to objects contain the item's classification and category set.

White-Box Testing

• White-box testing involves an internal perspective of the system and programming skills to design test cases.
• It can be applied at unit, integration, and system levels of the software testing process.

Alpha and Beta Testing

• Alpha testing is performed only by internal users and may not contain all the features planned for the final version.
• Beta testing is a form of user acceptance testing, involving a limited number of external users and is the last stage of testing.

Pilot Testing

• Pilot testing is a preliminary test that focuses on specific and predefined aspects of a system.
• It is not meant to replace other testing methods, but rather to provide a limited evaluation of the system.

Security Models

• A security model maps abstract goals of the policy to information system terms by specifying explicit data structures and techniques necessary to enforce the security policy.
• The Bell-LaPadula model is a state machine model that enforces the confidentiality aspects of access control.

Kerberos

• Kerberos addresses the confidentiality and integrity of information, but does not address availability.

Biometric Method Accuracy

• Measured in terms of Failed Acceptance Rate (FAR) and Failed Rejection Rate (FRR)
• Both expressed as percentages
• FAR: rate at which attempts by unauthorized users are incorrectly accepted as valid
• FRR: rate at which authorized users are denied access
• The Cross-over Error Rate (CER) is the point at which the FRR and the FAR have the same value
• CER is also called the Equal Error Rate (EER)

Host-Based IDS

• Resident on each of the critical hosts
• Not decentralized or central hosts

Data Definition Language (DDL)

• Used to create and modify database structures
• Includes commands such as DROP, which removes entire database objects
• Be careful when using DROP, as it removes entire data structures

Data Manipulation Language (DML)

• Used to retrieve, insert, and modify database information
• Includes commands such as INSERT, SELECT, and DELETE
• INSERT: adds records to an existing table
• SELECT: retrieves data from a database

Access Control Models

• Mandatory Access Control (MAC): requires security clearance for subjects
• Identity-based access control: a type of discretionary access control
• Role-based access control: a type of non-discretionary access control

Terminal Access Controller Access Control System (TACACS)

• Used for communication between clients and servers
• Originally used UDP, but was extended to use TCP
• Defined in RFC 1492, uses port 49 by default

Biometric Identification

• Uses unique physical attributes or behavior of a person for identification
• Implemented to provide fast, accurate, reliable, and user-acceptable identification

Protecting Data Confidentiality

• First step: identify which information is sensitive
• Implement encryption and review user access rights to protect the data

Discretionary Access Control (DAC)

• Identity-based access control: a type of DAC that is based on an individual's identity

Authentication

• Verification that the user's claimed identity is valid
• Usually implemented through a user password at log-on time

IS Audit

• Race condition: a technique that an attacker could use to force authorization step before authentication

Buffer Overflow

• A condition where a process attempts to store data beyond the boundaries of a fixed-length buffer
• Can be exploited if no data input validation is in place within the software
• Can lead to a system crash

System Crash

• A condition where a program stops performing its expected function and stops responding to other parts of the system
• Can be the result of exploit code being launched against the target

Password Tokens

• Types of password tokens include static, synchronous dynamic, asynchronous dynamic, and challenge-response tokens
• Synchronous dynamic password tokens generate a new unique password value at fixed time intervals, requiring synchronization with the server
• Example: Time-based one-time passwords

Software Testing

• Types of testing include:
  • White box testing: assesses the effectiveness of a software program's logic
  • Black box testing: tests components of an information system's functional operating effectiveness
  • Function/validation testing: tests the functionality of a system against detailed requirements
  • Regression testing: reruns test scenarios to ensure changes or corrections haven't introduced new errors
  • Parallel testing: feeds test data into two systems to compare results
  • Sociability testing: confirms new or modified systems can operate in their target environment without adverse impact

Authentication

• RADIUS (Remote Authentication Dial In User Service) is an Internet protocol that carries authentication, authorization, and configuration information
• RADIUS incorporates an authentication server and can use both dynamic and static passwords
• Dynamic passwords are used in token-based schemes, generating a unique access number synchronized with the security server

Access Control

• Preventive technical controls use technology to enforce access control policies
• Examples of preventive technical controls include:
  • Access control software
  • Antivirus software
  • Library control systems
  • Passwords
  • Smart cards
  • Encryption
  • Dial-up access control and callback systems

Exceptional Condition Handling Error

• An exceptional condition handling error occurs when a system becomes vulnerable due to an unexpected situation.

Biometric Devices

• Retina scan has the lowest user acceptance level, as it is invasive and requires users to get close to a device.
• Retina scan is the most precise with an error rate of about one per 10 million uses.

Access Control Models

• There are three general access control frameworks: Discretionary access control (DAC), Mandatory access control (MAC), and Nondiscretionary access control.
• Role-Based Access Control (RBAC) bases access control authorizations on user roles within an organization.
• Access control decisions are based on job function, governed by policy, and each role has its own access capabilities.
• Objects associated with a role inherit privileges assigned to that role.

RBAC Architectures

• There are four basic RBAC architectures: Non-RBAC, Limited RBAC, and two others.
• Non-RBAC involves traditional user-granted access to data or applications without formal roles.
• Limited RBAC involves mapping users to roles within a single application.

Data Definition Language (DDL)

• DDL is used to create and modify database structures.
• The DROP command is used to remove entire database objects from a DBMS.
• Use the DROP command with care, as it permanently removes data structures.

Data Manipulation Language (DML)

• DML is used to retrieve, insert, and modify database information.
• Basic DML commands include INSERT, SELECT, and others.

Physical Controls

• Preventive physical controls are employed to prevent unauthorized personnel from entering computing facilities.
• Examples of physical controls include backup files, fences, security guards, badge systems, and locks.

Administrative Controls

• Preventive administrative controls are personnel-oriented techniques for ensuring the confidentiality, integrity, and availability of computing data and programs.
• Examples of administrative controls include security awareness, separation of duties, procedures for recruiting and terminating employees, and disaster recovery plans.

Session Monitoring

• The most appropriate way to notify internal users of session monitoring is through a written agreement.
• Logon banners can serve as a constant reminder for internal users.

Two-Factor Authentication

• A two-factor authentication mechanism relies on two different kinds of authentication factors.
• The three possible categories of factors are: something you know (e.g., a PIN or password), something you have (e.g., a smart card), and something you are (e.g., biometrics).
• Something you do (e.g., signature dynamics) is a subset of something you are.

Description

This quiz is about database views, how they provide abstraction, and their role in normalizing databases. It covers topics like nested views and lossless join decomposition.