QUESTIONS WITH ANSWERS GRADED A+
◍ Caesar cipher.
Answer: an ancient cryptographic technique based on transposition; involves
shifting each letter of a plaintext message by a certain number of letters
(historically 3)
◍ Protocol issues, unauthenticated access, arbitrary code execution, and
privilege escalation.
Answer: Name the 4 main categories of database security issues
◍ FRR (false rejection rate).
Answer: the rate at which we reject legitimate users when we should have
accepted them
◍ Gets data from the right table that's not in the left table..
Answer: Right Outer Join
◍ Runs on multiple computers connected by a WAN.
Answer: Distributed Database
◍ Created by a database designer when no suitable single-column or
composite primary key exists..
Answer: Artificial Key
◍ Database designer specifies a function on the column value consistent with a
WHERE clause. Can be applied to any index type. Considered when the
WHERE clause format is different than the storage format..
Answer: Function Index
◍ regulatory compliance.
Answer: Regulations mandated by law usually requiring regular audits and
assessments
,◍ Represents an intersection of the data sets.
Answer: AND
◍ network segmentation.
Answer: The act of dividing a network into multiple smaller networks, each
acting as its own small network (subnet)
◍ AKA: Solid State Drive. Less expensive and higher capacity than main
memory. Groups data in pages, usually between 2 kb and 16 kb per page..
Answer: Flash Memory
◍ industry compliance.
Answer: Regulations or standards designed for specific industries that may
impact ability to conduct business (e.g. PCI DSS)
◍ CA (certificate authority).
Answer: a trusted entity that handles digital certificates
◍ Biba model.
Answer: Primarily concerned with protecting the integrity of data, even at
the expense of confidentiality. - 2 security rules: the simple integrity axiom
and the * integrity axiom
◍ Information Security.
Answer: protects information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction
◍ biometrics.
Answer: Unique physical characteristics of an individual, such as the color
patterns in an iris, fingerprints, or handprints
◍ authorization attack.
Answer: A type of attack that can occur when we fail to use authorization
best practices for our applications
◍ clickjacking (user interface redressing).
Answer: client-side attack that involves the attacker placing an invisible
layer over something on a website that the user would normally click on in
, order to execute a command differing from what a user thinks they are
performing- takes advantage of some of the page rendering features that are
available in newer browsers
◍ Computes the bucket containing the row from the value of the indexed
column..
Answer: Hash Function
◍ An unordered collection of elements enclosed in braces..
Answer: Set
◍ SSL (secure sockets layer).
Answer: a protocol that uses the RSA algorithm (an asymmetric algorithm)
to secure web and email traffic
◍ Specifies an expression on one or more columns of a table. Violated when
the expression is false and satisfied when the expression is true or null..
Answer: Check
◍ race conditions.
Answer: A type of software development vulnerability that occurs when
multiple processes or multiple threads within a process control or share
access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions
◍ logging.
Answer: A process that provides a history of the activities that have taken
place in the environment
◍ Range of partition expression values (VALUES LESS THAN,
MAXVALUE).
Answer: Range Partition
◍ possession/control.
Answer: the physical disposition of the media on which the data is stored
◍ FISMA (Federal Information Security Modernization Act).
Answer: this law provides a framework for ensuring the effectiveness of
, information security controls in federal government- changed from
Management (2002) to Modernization in 2014
◍ software firewall.
Answer: This type of firewall generally contains a subset of the features on a
large firewall appliance but is often capable of similar packet filtering and
stateful packet inspection activities
◍ confused deputy problem.
Answer: A type of attack that is more common in systems that use ACLs
rather than capabilities; - when software has greater permissions than user,
the user can trick the software into misusing authority
◍ The table specified in the view query's FROM clause..
Answer: Base Table
◍ IDS (intrusion detection system).
Answer: a monitoring tool that alerts when an attack or other undesirable
activity is taking place
◍ A database offered as a PaaS cloud service..
Answer: Cloud Database
◍ Volatile- Used to conduct daily business -Changes in real time -Detailed
Designed for specific business function -Concerned primarily with current
data.
Answer: Operational Data
◍ Every determinate is also a candidate key during normalization. Optimal
normal form for frequent inserts, updates, and deletes. One key is a super
key. If Column A depends on Column B, then B must be unique..
Answer: Boyce-Codd Normal Form
◍ FAR (false acceptance rate).
Answer: the rate at which we accept users whom we should actually have
rejected
◍ input validation.