Computer Security Principles and Practice 4th Edition By William Stallings - Test Bank

Computer Security Principles and Practice 4th Edition By William Stallings – Test Bank

Instant Download – Complete Test Bank With Answers

Sample Questions Are Posted Below

Chapter 5 – Database and Cloud Security

TRUE/FALSE QUESTIONS:

T          F          1.   A query language provides a uniform interface to the database.

T          F          2.   A single countermeasure is sufficient for SQLi attacks.

T          F          3.   To create a relationship between two tables, the attributes that define the

primary key in one table must appear as attributes in another table, where they are referred to as a foreign key.

T          F          4.  The value of a primary key must be unique for each tuple of its table.

T          F          5.   A foreign key value can appear multiple times in a table.

T          F          6.  A view cannot provide restricted access to a relational database so it cannot

be used for security purposes.

T          F          7.  The database management system makes use of the database description

tables to manage the physical database.

T          F          8.  Two disadvantages to database encryption are key management and

inflexibility.

T          F          9.  Fixed server roles operate at the level of an individual database.

T          F          10.  SQL Server allows users to create roles that can then be assigned access

rights to portions of the database.

T          F          11.  A data center generally includes backup power supplies.

T          F          12.  Site security of the data center itself includes barriers to entry, coupled with

authentication techniques for gaining physical access.

T          F          13.  Network security is extremely important in a facility in which such a large

collection of assets is concentrated in a single place and accessible by       external network connections.

T          F          14.   Security specifically tailored to databases is an increasingly important

component of an overall organizational security strategy.

T          F          15.  Encryption becomes the last line of defense in database security.

MULTIPLE CHOICE QUESTIONS:

1. A(n) __________ is a structured collection of data stored for use by one or more applications.
2. attribute                         B.  database
3. tuple                         D.  inference
4. The basic building block of a __________ is a table of data, consisting of rows and columns, similar to a spreadsheet.
5. relational database                        B.  query set
6. DBMS                                           D.  perturbation
7. In relational database parlance, the basic building block is a __________, which is a flat table.
8. attribute                                         B.  tuple
9. primary key                                   D.  relation
10. In a relational database rows are referred to as _________.
11. relations                                         B.  attributes
12. views                                             D.  tuples
13. A _________ is defined to be a portion of a row used to uniquely identify a row in a table.
14. foreign key                                    B.  query
15. primary key                                   D.  data perturbation
16. A _________ is a virtual table.
17. tuple                                              B.  query
18. view                                               D.  DBMS
19. A(n) __________ is a user who has administrative responsibility for part or all of the database.
20. administrator                                 B.  database relations manager
21. application owner                          D.  end user other than application owner

8. An end user who operates on database objects via a particular application but does not own any of the database objects is the __________.
9. application owner                         B.  end user other than application owner
10. foreign key                                                D.  administrator
11. __________ is the process of performing authorized queries and deducing unauthorized information from the legitimate responses received.
12. Perturbation                                  B.  Inference
13. Compromise                                  D.  Partitioning
14. A ___________ is the portion of the data center that houses data processing equipment.
15. computer room                              B.    main distribution area
16. entrance room                                D.  horizontal distribution area
17. __________ houses cross-connects and active equipment for distributing cable to the equipment distribution area.
18. Main distribution area                   B.  Equipment distribution area
19. Horizontal distribution area          D.  Zone distribution area
20. __________ encompasses intrusion detection, prevention and response.
21. Intrusion management                               B.  Security assessments
22. Database access control                            D.  Data loss prevention
23. _________ is an organization that produces data to be made available for controlled release, either within the organization or to external users.
24. Client                                            B.  Data owner
25. User                                               D.  Server
26. __________ is an organization that receives the encrypted data from a data owner and makes them available for distribution to clients.
27. User                                              B.  Client
28. Data owner                                    D.  Server
29. __________ specifies the minimum requirements for telecommunications infrastructure of data centers.
30. TIA-492                            B.   RFC-4949
31. NIST-7883                        D.  RSA-298

SHORT ANSWER QUESTIONS:

1. A __________ is a suite of programs for constructing and maintaining the database and for offering ad hoc query facilities to multiple users and applications.
2. In a relational database columns are referred to as _________.
3. A _________ is the result of a query that returns selected rows and columns from one or more tables.
4. __________ is a standardized language that can be used to define schema, manipulate, and query data in a relational database.
5. With ___________ administration the owner (creator) of a table may grant and revoke access rights to the table.
6. In a ___________ administration a small number of privileged users may grant and revoke access rights.
7. In addition to granting and revoking access rights to a table, in a ___________ administration the owner of the table may grant and revoke authorization rights to other users, allowing them to grant and revoke access rights to the table.
8. In a discretionary access control environment database users are classified into three broad categories: administrator, end user other than application owner, and __________.
9. The information transfer path by which unauthorized data is obtained is referred to as an ___________ channel.
10. The __________ attack typically works by prematurely terminating a text string and appending a new command.
11. The __________ form of attack injects code in one or more conditional statements so they always evaluate to true.
12. A __________ language provides a uniform interface to the database for users and applications.
13. _________, out-of-band, and inferential are the three main categories of SQLi attack types.
14. A __________   is an enterprise facility that houses a large number of servers, storage devices, and network switches and equipment.
15. The Telecommunications Industry Association standard _________ specifies the minimum requirements for telecommunications infrastructure of data centers.

Chapter 5 – Database and Cloud Security

Answer Key

TRUE/FALSE QUESTIONS:

1. T
2. F
3. T
4. T
5. T
6. F
7. T
8. T
9. F
10. T
11. T
12. F
13. T
14. T
15. T

MULTIPLE CHOICE QUESTIONS:

1. B
2. A
3. D
4. D
5. C
6. C
7. A
8. B
9. B
10. A
11. C
12. A
13. B
14. D
15. A

SHORT ANSWER QUESTIONS:

1. database management system (DBMS)
2. attributes
3. view
4. Structured query language (SQL)
5. ownership-based
6. centralized
7. decentralized
8. application owner
9. inference
10. SQLi
11. tautology
12. query
13. Inband
14. data center
15. TIA-492