Database Management – Week 5

Database Management, Information Technology
Average Rating
0 out of 5 stars. 0 votes.

1/1

Question 1

Which of the following is an authentication mode supported by SQL Server 2012?

  • a. server instance authentication mode
  • b. hybrid authentication mode
  • c. system level authentication mode
  • Selected: d. mixed authentication modeThis answer is correct.

Correct! SQL Server 2012 supports two types of authentication modes: Windows authentication mode and mixed authentication mode.

1/1

Question 2

Which of the following is true about database access control?

  • Selected: a. To access a database, the SQL Server login must be mapped to a database user.This answer is correct.
  • b. Once a user logs into the SQL Server, they have automatic access to underlying database objects.
  • c. Members of the sysadmin server role do not have access to databases by default.
  • d. The database user login name must be different from the server login name.

Correct! To access a database, the SQL Server login must first be mapped to a database user, which is a database-level security principal.

1/1

Question 3

Which default account is enabled when SQL Server authentication is enabled using mixed mode?

  • a. admin
  • Selected: b. saThis answer is correct.
  • c. root
  • d. superuser

Correct! When SQL Server authentication is enabled using mixed mode, there is a default system administrator account called sa.

1/1

Question 4

Which of the following is NOT a type of security principal that may request access to a SQL Server instance?

  • Selected: a. Windows contactThis answer is correct.
  • b. Windows group
  • c. Windows account
  • d. SQL Server Login

Correct! Three types of security principals may request access to a SQL Server instance: Windows account, Windows group, and SQL Server Login.

1/1

Question 5

Which method of securing client/server connections used by SQL Server 2012 requires implementing a policy on the server and client computers?

  • a. SSL
  • Selected: b. IPSecThis answer is correct.
  • c. PPTP
  • d. L2TP

Correct! Internet Protocol Security (IPSec) is a protocol that has been integrated with the Windows operating system to secure client/server connections on an Internet Protocol (IP)–based network. The implementation of IPSec is transparent to an application such as SQL Server. Beyond implementing an IPSec policy on the server and client computers, no configuration is required.

1/1

Question 6

Which of the following is a method for securing client/server connections that uses certificates for identification?

  • a. IPSec
  • b. MS-CHAPv2
  • c. PPTP
  • Selected: d. SSL This answer is correct.

Correct! Secure Sockets Layer (SSL) is a protocol designed to encrypt data inside messages to secure client/server connections over the Internet and is suited for communications beyond the LAN. SSL is configured within SQL Server using the SQL Server Configuration Manager. SQL Server can either generate a self-signed certificate to encrypt the data, or use a certificate from a certificate authority—an external entity that issues and verifies digital certificates—which has been registered on the local computer.

1/1

Question 7

Which of the following is true about database permissions?

  • a. Connecting to a database does not require permissions, as long as the user is logged into the server.
  • Selected: b. Permissions can be granted on a schema.This answer is correct.
  • c. Permissions can be granted only to the database as a whole.
  • d. Tables are securables that group together a collection of objects.

Correct! Because permissions can be granted on a schema to a user or role, they can be used to simplify management of a particular segment of the database.

1/1

Question 8

Which of the following is NOT true about roles?

  • a. There are several predefined database level roles.
  • b. A single user can be assigned to a role.
  • Selected: c. The scope of a role is confined to each table in a database.This answer is correct.
  • d. Roles are used to manage permissions for groups of users.

Correct! Roles are database-wide in their scope.

1/1

Question 9

Which of the following is another term for the layered security model?

  • a. extreme defenses
  • b. security immersion
  • Selected: c. defense-in-depthThis answer is correct.
  • d. total security strategy

Correct! The best approach to securing a database is to use a layered security model, also known as defense-in-depth, which involves combining multiple security controls to prevent unauthorized access.

1/1

Question 10

Which of the following is NOT an action against a database object that requires a permission?

  • a. connecting to a database
  • b. executing a procedure
  • Selected: c. logging into SQL ServerThis answer is correct.
  • d. modifying a view

Correct! Connecting to a database, reading data from a table, and modifying a view are all examples of actions that require a permission. Database-level permissions apply to all objects in a database. For example, if the EXECUTE permission is granted to a user on a database, the user will be able to execute any procedure within that database.

 

 

Top of Form

Question 1

Which term is best described as a way to group together users for the purpose of managing database permissions?

  • schema
  • right
  • Selected: roleThis answer is correct.
  • principal

Correct! Whenever possible, roles should be used to manage permissions for groups of database users with similar access needs.

1/1

Question 2

Which of the following actions requires the user to provide credentials?

  • decryption of data
  • reading a data record
  • Selected: system loginThis answer is correct.
  • shutting down a system

Correct! Authentication is performed during login when a user requests access to a system. The user provides credentials, and the host system authenticates the identity of the user against an authentication database.

1/1

Question 3

Which of the following is a reason why Windows authentication is considered more secure than combining Windows and SQL Server authentication?

  • Selected: Multiple sets of credentials are not required.This answer is correct.
  • SQL Server allows for password complexity.
  • Windows authentication uses the MS-CHAPv2 protocol.
  • Windows has a limited range of password policies.

Correct! With Windows authentication, a user does not need to keep track of and enter multiple usernames and passwords.

1/1

Question 4

Which default account is enabled when SQL Server authentication is enabled using mixed mode?

  • admin
  • Selected: saThis answer is correct.
  • root
  • superuser

Correct! When SQL Server authentication is enabled using mixed mode, there is a default system administrator account called sa.

1/1

Question 5

Which of the following is an authentication mode supported by SQL Server 2012?

  • server instance authentication mode
  • hybrid authentication mode
  • system level authentication mode
  • Selected: mixed authentication modeThis answer is correct.

Correct! SQL Server 2012 supports two types of authentication modes: Windows authentication mode and mixed authentication mode.

1/1

Question 6

Which SQL function that allows you to choose the encryption algorithm should you use to encrypt an individual data item in a column?

  • EncryptByPhrase
  • EncryptSymmetric
  • EncryptColumn
  • Selected: EncryptByKeyThis answer is correct.

Correct! EncryptByKey() is a SQL function that encrypts data using a key that has been registered with the database; this provides the flexibility to choose the encryption algorithm that will be used.

0/1

Question 7

Which of the following is true about database permissions?

  • Selected: Connecting to a database does not require permissions, as long as the user is logged into the server.This answer is incorrect.
  • Permissions can be granted on a schema.
  • Permissions can be granted only to the database as a whole.
  • Tables are securables that group together a collection of objects.

Actually, look again. Because permissions can be granted on a schema to a user or role, they can be used to simplify management of a particular segment of the database. Review Module 5 again, and specifically, Page I.

0/1

Question 8

Which of the following is NOT true about roles?

  • There are several predefined database level roles.
  • A single user can be assigned to a role.
  • The scope of a role is confined to each table in a database.
  • Selected: Roles are used to manage permissions for groups of users.This answer is incorrect.

Actually, look again. Roles are database-wide in their scope. Review Module 5 again, and specifically, Page II.

1/1

Question 9

Which predefined server-level role allows a user to create or alter any database?

  • security admin
  • database auditor
  • Selected: dbcreatorThis answer is correct.
  • sysroot

Correct! dbcreator may create or alter any database.

1/1

Question 10

Which of the following is true about asymmetric encryption algorithms?

  • They use a secret key                .
  • Selected: The performance is slower than with symmetric algorithms.This answer is correct.
  • The same key is used to encrypt and decrypt data.
  • It is the most commonly used form of encryption.

Correct! Asymmetric algorithms generally offer stronger encryption than symmetric algorithms with the same length key, but their performance is slower.

Bottom of Form

Back to assessments

 

 

Question 1

Which term is best described as a way to group together users for the purpose of managing database permissions?

  • schema
  • right
  • Selected: roleThis answer is correct.
  • principal

Correct! Whenever possible, roles should be used to manage permissions for groups of database users with similar access needs.

1/1

Question 2

Which of the following is another term for the layered security model?

  • extreme defenses
  • security immersion
  • Selected: defense-in-depthThis answer is correct.
  • total security strategy

Correct! The best approach to securing a database is to use a layered security model, also known as defense-in-depth, which involves combining multiple security controls to prevent unauthorized access.

1/1

Question 3

Which predefined server-level role allows a user to create or alter any database?

  • security admin
  • database auditor
  • Selected: dbcreatorThis answer is correct.
  • sysroot

Correct! dbcreator may create or alter any database.

1/1

Question 4

Which encryption algorithm uses a 128-bit block cipher with varying key sizes?

  • Selected: AESThis answer is correct.
  • DPAPI
  • 3-key triple DES
  • EncryptByPhrase

Correct! AES is the successor to the DES algorithm. It is a block cipher that translates fixed-size blocks of unencrypted data into corresponding fixed-sized blocks of encrypted data. It uses a 128-bit block cipher.

1/1

Question 5

Which of the following is true about asymmetric encryption algorithms?

  • They use a secret key                .
  • Selected: The performance is slower than with symmetric algorithms.This answer is correct.
  • The same key is used to encrypt and decrypt data.
  • It is the most commonly used form of encryption.

Correct! Asymmetric algorithms generally offer stronger encryption than symmetric algorithms with the same length key, but their performance is slower.

1/1

Question 6

Which of the following actions requires the user to provide credentials?

  • decryption of data
  • reading a data record
  • Selected: system loginThis answer is correct.
  • shutting down a system

Correct! Authentication is performed during login when a user requests access to a system. The user provides credentials, and the host system authenticates the identity of the user against an authentication database.

1/1

Question 7

What should you reduce in a system to limit the number of security vulnerabilities?

  • password complexity
  • Selected: surface areaThis answer is correct.
  • the number of logins
  • antivirus programs

Correct! The potential number of security vulnerabilities, sometimes referred to as surface area, can be significantly reduced by enabling only the SQL Server functionality that is needed to satisfy the business requirements.

0/1

Question 8

Which environments must use SQL Server authentication because Windows authentication cannot be used?

  • Active Directory domains
  • web applications
  • Selected: Windows-only networksThis answer is incorrect.
  • multi-domain forests

Actually, look again. Windows authentication cannot be used on networks with mixed operating system environments and web applications, or for clients that reside in unknown or untrusted domains. Review Module 5 again, and specifically, Page I.

1/1

Question 9

Which type of encryption uses public and private keys?

  • symmetric
  • Selected: asymmetricThis answer is correct.
  • point-to-point
  • digital

Correct! Asymmetric keys (also known as public keys) use a public key to encrypt data and a different, private key to decrypt data.

1/1

Question 10

Which of the following is a reason why Windows authentication is considered more secure than combining Windows and SQL Server authentication?

  • Selected: Multiple sets of credentials are not required.This answer is correct.
  • SQL Server allows for password complexity.
  • Windows authentication uses the MS-CHAPv2 protocol.
  • Windows has a limited range of password policies.

Correct! With Windows authentication, a user does not need to keep track of and enter multiple usernames and passwords.

Question 1

Which of the following is true about asymmetric encryption algorithms?

  • They use a secret key                .
  • Selected: The performance is slower than with symmetric algorithms.This answer is correct.
  • The same key is used to encrypt and decrypt data.
  • It is the most commonly used form of encryption.

Correct! Asymmetric algorithms generally offer stronger encryption than symmetric algorithms with the same length key, but their performance is slower.

1/1

Question 2

Which encryption algorithm uses a 128-bit block cipher with varying key sizes?

  • Selected: AESThis answer is correct.
  • DPAPI
  • 3-key triple DES
  • EncryptByPhrase

Correct! AES is the successor to the DES algorithm. It is a block cipher that translates fixed-size blocks of unencrypted data into corresponding fixed-sized blocks of encrypted data. It uses a 128-bit block cipher.

0/1

Question 3

Which of the following is NOT an action against a database object that requires a permission?

  • Selected: connecting to a databaseThis answer is incorrect.
  • executing a procedure
  • logging into SQL Server
  • modifying a view

Actually, look again. Connecting to a database, reading data from a table, and modifying a view are all examples of actions that require a permission. Database-level permissions apply to all objects in a database. For example, if the EXECUTE permission is granted to a user on a database, the user will be able to execute any procedure within that database. Review Module 5 again, and specifically, Page II.

1/1

Question 4

Which of the following is true about database permissions?

  • Connecting to a database does not require permissions, as long as the user is logged into the server.
  • Selected: Permissions can be granted on a schema.This answer is correct.
  • Permissions can be granted only to the database as a whole.
  • Tables are securables that group together a collection of objects.

Correct! Because permissions can be granted on a schema to a user or role, they can be used to simplify management of a particular segment of the database.

1/1

Question 5

Which type of encryption uses public and private keys?

  • symmetric
  • Selected: asymmetricThis answer is correct.
  • point-to-point
  • digital

Correct! Asymmetric keys (also known as public keys) use a public key to encrypt data and a different, private key to decrypt data.

1/1

Question 6

What should you reduce in a system to limit the number of security vulnerabilities?

  • password complexity
  • Selected: surface areaThis answer is correct.
  • the number of logins
  • antivirus programs

Correct! The potential number of security vulnerabilities, sometimes referred to as surface area, can be significantly reduced by enabling only the SQL Server functionality that is needed to satisfy the business requirements.

1/1

Question 7

Which of the following is a reason why Windows authentication is considered more secure than combining Windows and SQL Server authentication?

  • Selected: Multiple sets of credentials are not required.This answer is correct.
  • SQL Server allows for password complexity.
  • Windows authentication uses the MS-CHAPv2 protocol.
  • Windows has a limited range of password policies.

Correct! With Windows authentication, a user does not need to keep track of and enter multiple usernames and passwords.

0/1

Question 8

Which of the following is a method for securing client/server connections that uses certificates for identification?

  • Selected: IPSecThis answer is incorrect.
  • MS-CHAPv2
  • PPTP
  • SSLÂ

Actually, look again. Secure Sockets Layer (SSL) is a protocol designed to encrypt data inside messages to secure client/server connections over the Internet and is suited for communications beyond the LAN. SSL is configured within SQL Server using the SQL Server Configuration Manager. SQL Server can either generate a self-signed certificate to encrypt the data, or use a certificate from a certificate authority—an external entity that issues and verifies digital certificates—which has been registered on the local computer. Review Module 5 again, and specifically, Page I.

1/1

Question 9

Which of the following is NOT a type of security principal that may request access to a SQL Server instance?

  • Selected: Windows contactThis answer is correct.
  • Windows group
  • Windows account
  • SQL Server Login

Correct! Three types of security principals may request access to a SQL Server instance: Windows account, Windows group, and SQL Server Login.

1/1

Question 10

Which SQL function that allows you to choose the encryption algorithm should you use to encrypt an individual data item in a column?

  • EncryptByPhrase
  • EncryptSymmetric
  • EncryptColumn
  • Selected: EncryptByKeyThis answer is correct.

Correct! EncryptByK

 

 

Top of Form

uestion 1

Which of the following is NOT true about roles?

  • There are several predefined database level roles.
  • A single user can be assigned to a role.
  • Selected: The scope of a role is confined to each table in a database.This answer is correct.
  • Roles are used to manage permissions for groups of users.

Correct! Roles are database-wide in their scope.

1/1

Question 2

Which of the following is an authentication mode supported by SQL Server 2012?

  • server instance authentication mode
  • hybrid authentication mode
  • system level authentication mode
  • Selected: mixed authentication modeThis answer is correct.

Correct! SQL Server 2012 supports two types of authentication modes: Windows authentication mode and mixed authentication mode.

1/1

Question 3

Which method of securing client/server connections used by SQL Server 2012 requires implementing a policy on the server and client computers?

  • SSL
  • Selected: IPSecThis answer is correct.
  • PPTP
  • L2TP

Correct! Internet Protocol Security (IPSec) is a protocol that has been integrated with the Windows operating system to secure client/server connections on an Internet Protocol (IP)–based network. The implementation of IPSec is transparent to an application such as SQL Server. Beyond implementing an IPSec policy on the server and client computers, no configuration is required.

1/1

Question 4

Which of the following actions requires the user to provide credentials?

  • decryption of data
  • reading a data record
  • Selected: system loginThis answer is correct.
  • shutting down a system

Correct! Authentication is performed during login when a user requests access to a system. The user provides credentials, and the host system authenticates the identity of the user against an authentication database.

1/1

Question 5

Which type of encryption uses public and private keys?

  • symmetric
  • Selected: asymmetricThis answer is correct.
  • point-to-point
  • digital

Correct! Asymmetric keys (also known as public keys) use a public key to encrypt data and a different, private key to decrypt data.

1/1

Question 6

Which predefined server-level role allows a user to create or alter any database?

  • security admin
  • database auditor
  • Selected: dbcreatorThis answer is correct.
  • sysroot

Correct! dbcreator may create or alter any database.

1/1

Question 7

Which of the following is a method for securing client/server connections that uses certificates for identification?

  • IPSec
  • MS-CHAPv2
  • PPTP
  • Selected: SSL This answer is correct.

Correct! Secure Sockets Layer (SSL) is a protocol designed to encrypt data inside messages to secure client/server connections over the Internet and is suited for communications beyond the LAN. SSL is configured within SQL Server using the SQL Server Configuration Manager. SQL Server can either generate a self-signed certificate to encrypt the data, or use a certificate from a certificate authority—an external entity that issues and verifies digital certificates—which has been registered on the local computer.

1/1

Question 8

Which of the following is true about database access control?

  • Selected: To access a database, the SQL Server login must be mapped to a database user.This answer is correct.
  • Once a user logs into the SQL Server, they have automatic access to underlying database objects.
  • Members of the sysadmin server role do not have access to databases by default.
  • The database user login name must be different from the server login name.

Correct! To access a database, the SQL Server login must first be mapped to a database user, which is a database-level security principal.

1/1

Question 9

Which environments must use SQL Server authentication because Windows authentication cannot be used?

  • Active Directory domains
  • Selected: web applicationsThis answer is correct.
  • Windows-only networks
  • multi-domain forests

Correct! Windows authentication cannot be used on networks with mixed operating system environments and web applications, or for clients that reside in unknown or untrusted domains.

1/1

Question 10

Which of the following is true about asymmetric encryption algorithms?

  • They use a secret key                .
  • Selected: The performance is slower than with symmetric algorithms.This answer is correct.
  • The same key is used to encrypt and decrypt data.
  • It is the most commonly used form of encryption.

Correct! Asymmetric algorithms generally offer stronger encryption than symmetric algorithms with the same length key, but their performance is slower.

Leave a Reply

Your email address will not be published. Required fields are marked *