Free CISSP Exam Sample Questions
3170) By developing and implementing security policies, procedures, and standards and shows that a company has taken responsibility for the activities that take place within the corporation and has taken the necessary steps to help protect the company, its resources, and employees from possible threats, it’s the definition of;
-
Due diligence
-
due care
-
Due liability
-
Customer satisfaction strategy
-
A & B
Answer: B
Explanation: due care states that, developing and implementing security policies, procedures, and standards and shows that a company has taken responsibility for the activities that take place within the corporation.
Answer: D
Explanation: The high demand for computer technology and different types of software increased the demand for programmers, system designers, administrators, and engineers. This demand brought in a wave of people who had little experience. Thus, the lack of experience, the high change rate of technology, and the race to market added problems to security measures.
3171) If an application fails for any reason, it should go directly to a secure state. The usual trend of software being released to the market and how security is dealt with is a stepwise process and is as follows:
A. Websites post vulnerabilities first and guide the vendors to develop the security system
B. Hackers find the problem and then figure out the solution
C. Administrators make the security system and then install it
D. Analysts are hired to figure out the problem
E. Buggy software is released, hackers find the weaknesses
Answer: E
Explanation: Buggy software is released, hackers find the weaknesses in software , websites post these vulnerabilities, vendors fix them through developing patches then administrators test and install them.
3172) Today, network and security administrators are in an overwhelming position of having to integrate different applications and computer systems to
A. Meet the consumers demand
B. Beet the market competition
C. Enhance the security
D. Keep up with their company’s demand for expandable functionality and components that executives buy and demand quick implementation
E. To increase the sale of their products
Answer: D
Explanation: Today, network and security administrators are in an overwhelming position of having to integrate different applications and computer systems to keep up with their company’s demand for expandable functionality and the new gee-whiz components that executives buy into and demand quick implementation of.
3173)
Network and security
administrators are in an overwhelming position of having to integrate
different applications and computer systems to keep up with their
company’s demand .Due to integration now companies require to
manage:
A. Extension of products
B. Presence on internet
C. Up gradation of software
D. More research work
E. All of the above
Answer: B
Explanation: This integration of applications and systems require a well-known presence on the Internet by implementing web sites with the capabilities of taking online orders, storing credit card information, and setting up extranets with partners.
3174) The days of developing a simple web page and posting it on the Internet to illustrate your products and services are long gone. Now days a web page illustrating a company’s products and services further requires development of:
A. Front end
B. Middle ware
C. Back end
D. Three tiered architecture
E. Options A, B & D
Answer E:
Explanation: Today, the customer front-end, complex middleware and three-tiered architectures must be developed and work seamlessly to beet the market competition.
3175)
____________architecture enables an application
system to be divided across multiple platforms that vary in operating
systems and hardware. The
server handles the data-processing services and provides the processed
result to the client. The client performs the front-end portion of an
application, and the server performs the back-end portion, which is
usually more labor intensive.
A. Data base model
B. Web base model
C. Client server model
D. Client to client model
E. Domain main server
Answer: C
Explanation: the client/server architecture enables an application system to be divided across multiple platforms that vary in operating systems and hardware.
3176)
The server handles the data-processing services and provides the
processed result to the client. The ________ performs the
front-end portion of an application, and the ________ performs the
back-end portion, which is usually more labor intensive
A. Server & client
B. Client & database
C. Client & server
D. User & system
E. User & administrator
Answer: C
Explanation:
The client performs the front-end portion of an application, and
the server performs the back-end portion, which is usually more labor
intensive. The front end
usually includes the user interface and local data-manipulation
capabilities, and provides the communications mechanisms that can
request services from the server portion of the application.
3177)
One downside to relying mainly on operating system controls is that
although they can control a subject’s access to different objects and
restrict the actions of that subject within the system . Software
controls are implemented by:
A. Operating system
B. Application
C. Database management
D. Options A, B & C
E. Environment
Answer: D
Explanation:
Software controls can be implemented by the operating system, by the application, or through database management controls—and usually a combination of all three is used.
3178) If an application has a security compromise within its own programming code, it is hard for the operating system to predict and control this vulnerability One draw back of relying on an operating system control is that:
A. They can control a subject’s access to different objects
B. Do not restrict the actions of that subject within the application
C. Do not restrict the subject’s actions within an system
D. Do not allow certain types of input
E. Do not restrict the subject’s action within the client server model
Answer: B:
Explanation: One draw back of relying on an operating system control is that it do not restrict the actions of that subject within the application. If an application has a security compromise within its own programming code, it is hard for the operating system to predict and control this vulnerability.
3179) Application controls and database management controls are very specific to their needs and in the security compromises they understand. An application might be able to protect data by allowing only certain types of input and , it cannot prevent the user
A. From inserting bogus data into the Address Resolution Protocol (ARP) table
B. Permitting certain users to view data kept in sensitive database fields
C. Access to all kinds of data
D. Options A & B
E. None of the above
Answer: A
Explanation: it cannot prevent the user from inserting bogus data into the Address Resolution Protocol (ARP) table—this is the responsibility of the operating system and its network stack.
3180)
Security has been mainly provided by security products and perimeter
devices rather than controls built into applications.
_________&__________mechanisms can provide a level of protection by
preventing attackers from gaining access to be able to exploit buffer
overflows
A. Fire walls
B. Routers
C. Antivirus software
D. Access control
E. Options A & E
Answer: E
Explanation: Firewalls and access control mechanisms can provide a level of protection by preventing attackers from gaining access to be able to exploit buffer overflows.
3181) Programming is a complex trade—the code itself, routine interaction, global and local variables, input received from other programs. When you limit the functionality and scope of an application:
A. The market share is reduced
B. Potential profitability of that program could be reduced.
C. Demand is reduced
D. Both A & B
E. Both B & C
Answer: D
Explanation: As you limit the functionality and scope of an application, the market share and potential profitability of that program could be reduced. A balancing act always exists between functionality and security, and in the development world, functionality is usually deemed the most important.
3182)
More than one road may lead to enlightenment, but as these roads
increase in number, it is hard to know if a path will eventually lead
you to bliss or to fiery doom in the underworld. Many programs accept
data from different parts of the program. The functionality of
application is checked through:
A. Installing the application
B. Running the module
C. Testing of inputs
D. Compatibility of selected module with other modules
E. Both C & D
Answer: E
Explanation: inputs must be thoroughly tested and each module be capable of being tested individually and in concert with other modules
3183)
Vulnerabilities pertaining to buffer overflows, as if they were new to
the programming world. They are not new, but they
are being exploited
nowadays on a recurring basis. Attacks are carried out when the
software code does not check the________ of input that is actually being
accepted.
A. Characters
B. Length
C. Magnitude
D. Quality
E. Timing
Answer: B
Explanation: attacks are carried out when the software code does not check the length of input that is actually being accepted. Extra instructions could be executed in a privileged mode that would enable an attacker to take control of the system.
3184)
Data at the different points within acceptable data ranges should be
inputted. Perform
bounds checking to look for buffer overflows. Conduct data validation to
ensure the software is only accepting the type of data it should (that
is, numbers and not letters, ASCII and not Unicode, and so on).
Data needs to be right in :
A. Length
B. Type
C. Format
D. All of the above
E. Quality
Answer: D
Explanation: the acceptable data also needs to be in the right format and data type
3185)
If a programmer wrote a program that expected the input length to be
5KB, then this needs to be part of the code so the right amount of
buffer space is available to hold these data when they actually come in.
Data input requirements needed to be met for:
A. Functionality purpose
B. Standardization
C. Security purpose
D. Both A & B
E. Both B & C
Answer: D
Explanation: software needs to be developed to accept the correct data types, format, and length of input data for security and functionality purposes.
3186)
A
fine balance exists between security, functionality, and
user-friendliness. If an application is extremely user friendly, it is
probably not as secure. When a security application or device is
installed, it should default to “No Access.” This statement
means:
A. When a packet-filter firewall is installed, it should not allow any packets to pass into the network that were not specifically granted access.
B. When a packet-filter firewall is installed, it should not allow any programmers to pass into the network that were not specifically granted access.
C. All types of data inputs have been granted an access
D. Security application is highly recommended
E. Security application is not suitable for the system
Answer A
Explanation: When a security application or device is installed, it should default to “No Access.” This means that when some one a packet-filter firewalls, it should not allow any packets to pass into the network that were not specifically granted access.
3187) For an application to be user-friendly, it usually requires a lot of extra coding for potential user errors, dialog boxes, wizards, and step-by-step instructions. This extra coding can result in bloated code that can create unforeseeable compromises. An application must be ideally:
A. Securitized
B. User friendly
C. Functional
D. All of the above
E. Both B & C
Answer: D
Explanation: A fine balance should exist between security, functionality, and user-friendliness of an application.
3188)
When a security application or device is installed, it should default to
“No Access.” This means that when Laurel installs a packet-filter
firewall, it should not allow any packets to pass into the network that
were not specifically granted access. For an application to be
_____________, it usually requires a lot of extra coding for potential
user errors, dialog boxes, wizards, and step-by-step instructions
A. Functional
B. Well designed
C. User friendly
D. Secured
E. Vulnerable
Answer: C
Explanation: For an application to be user-friendly, it usually requires a lot of extra coding for potential user errors, dialog boxes, wizards, and step-by-step instructions
3189)
Later versions of Windows have services turned off and require the user
to turn them on as needed. This is a step closer to “default with no
access,” It is not realized that various services are________
when a system is installed
A. Disabled
B. Not applicable
C. Susceptible
D. Suspended
E. Functional
Answer: E
Explanation: Many people do not realize that various services are enabled when a system is installed. These services can provide evildoers with information that can be used during an attack.
3190)
Many people do not realize that various services are enabled when a
system is installed. These services can provide evildoers with
information that can be used during an attack. Many services provide an
actual way into the environment itself. NetBIOS services can be
enabled to permit:
A. Sharing resources in Telnet services
B. Sharing resources in Windows environments, and Telnet services
C. Does not permit any sharing
D. None of the above
E. FTP services
Answer : B
Explanation: NetBIOS services can be enabled to permit sharing resources in Windows environments, and Telnet services, which let remote users run command shells, and other services can be enabled with no restrictions.
3191)
The
reasons for this vary: administrators may not keep up-to-date on the
recent security vulnerabilities and patches, they may not fully
understand the importance
of these patches, or they may be afraid the patches will cause other
problems. One of the reasons in implementation and security of
system is:
A. No. of unpatched systems
B. FTP
C. SNMP
D. Internet Relay Chart (IRC)
E. Net BIOS
Answer : A
Explanation: Another problem in implementation and security is the number of unpatched systems.
Once security issues are identified, vendors develop patches or updates to address and fix these security holes.
3192) To fix the security holes vendors develop updates(or patches) but these do not get installed in cases when:
A. Administrators may not keep up-to-date on the recent security vulnerabilities and patches
B. Administrators may not fully understand the importance of these patches
C. Administrators may be afraid the patches will cause other problems.
D. All of the above
E. Both B & C
Answer : D
Explanation: The reasons for this vary: administrators may not keep up-to-date on the recent security vulnerabilities and patches, they may not fully understand the importance of these patches, or they may be afraid the patches will cause other problems.
3193) The patches should be tested before their application to production servers and work stations to avoid:
A. Service disruption
B. Signal disruption
C. Data corruption
D. Attacks
E. Failure of fire walls
Answer A
Explanation: The patches should be tested for these types of activities before they are applied to production servers and workstations, to help prevent service disruptions that can affect network and employee productivity.
3194) If an application fails for any reason, it should return to a __________ and more____________ state
A. Active and secure
B. Passive and unreceptive
C. Safe and secure
D. Receptive and accessible
E. Operational and functional
Answer: C
Explanation: If an application fails for any reason, it should return to a safe and more secure state.
3195)
Many circumstances are unpredictable and are therefore hard to plan for.
However, unpredictable situations can be planned for in a general sense,
instead of trying to plan and code for every situation.
Application failure requires _________ of operating system and systems
________ its memory
A. Shut down, destroy
B. Restart, dump
C. Saving the programs, maintain
D. Reinstallation, retain
E. None of the above
Answer B
Explanation: when there is a system failure this could require the operating system to restart and present the user with a logon screen to start the operating system from its initialization state. This is why some systems “blue-screen” and/or restart. When this occurs, something is going on within the system that is unrecognized or unsafe, so the system dumps its memory contents and starts all over.
3196) If an application fails and is executing in a privileged state, these processes require:
A. Proper shutting down of programs
B. Activation of programs
C. Resumption of running programs
D. Installation of new programs
E. Does not require any handling
Answer A
Explanation: If an application fails and is executing in a privileged state, these processes should be shut down properly and if a privileged process does not shut down properly and instead stays active, an attacker can figure out how to access the system, using this process, in a privileged state.
3197)
Something is going on within the system that is unrecognized or unsafe,
so the system dumps its memory contents and starts all over. The
information in databases is ___________to every user
A. Accessible
B. Open
C. Not accessible
D. User friendly
E. Susceptible
Answer C
Explanation:
Explanation: Databases have a long history of storing important intellectual property and items Because of this, they usually live in an environment of mystery to all but the database and network administrators. The less anyone knows about the databases, the better.
3198) Databases have a long history of storing important intellectual property and items that are considered valuable and proprietary to companies. Because of this, they usually live in an environment of mystery to all but the database and network administrators. Users access information indirectly from databases through:
A. Client server interface
B. Client and database
C. User and system
D. Domain main server
E. Internet
Answer A:
Explanation: Users usually access databases indirectly through a client interface.
3199)
Databases have a long history of storing important intellectual property
and items that are considered valuable and proprietary to companies.
The users of databases should take care of information in terms
of its
A. Availability
B. Integrity
C. Confidentiality
D. All of the above
E. Updating
Answer D:
Explanation: the actions of users are restricted to ensure the confidentiality, integrity, and availability of the data held within the database and the structure of the database itself.
3200) ____________is a suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users
A. SQL server
B. Database management system
C. Operating system
D. Relational DBMS
E. Oracle
Answer B:
Explanation: A database management system (DBMS) is a suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. These can also control the security parameters of the database.
3201)
Many companies allow their customers to access data in their databases
through a browser. The browser makes a connection to the company’s
middleware, which then connects them to the back-end database. A
large risk faced by companies in connecting networks to internet and
users access to external entities
is :
A. Easy access to front end
B. Indirect access to back end
C. Accessibility of data
D. Both A & B
E. Access to programming
Answer B:
Explanation: The risks are increasing as companies run to connect their networks to the Internet, allow remote user access, and provide more and more access to external entities. A large risk to understand is that these activities can allow indirect access to a back-end database.
3202)
The risks are increasing as companies run to connect their networks to
the Internet, allow remote user access, and provide more and more access
to external entities. Today, many companies allow their customers
to access data in their databases through
A. Browser
B. Ethernet
C. Programming
D. Employees
E. Analysts
Answer A:
Explanation: Today, many companies allow their customers to access data in their databases through a browser.
3203)
The risks are increasing as companies run to connect their networks to
the Internet, allow remote user access, and provide more and more access
to external entities. ____________makes a connection to the
company’s middleware, which then connects them to the back-end database.
A. Search engine
B. DBMS
C. Browser
D. OS
E. None of the above
Answer C:
Explanation: The browser makes a connection to the company’s middleware, which then connects them to the back-end database. This adds levels of complexity, and the database will be accessed in new and unprecedented ways.
3204)
Access control can be restricted by only allowing roles to interact with
the database. Access control to DBMS can be done through:
A. Assigning roles to users having rights and permissions
B. Administrators only
C. Management of the company
D. Does not require any permission
E. Both A & B
Answer A:
Explanation: The database administrator can define specific roles that are allowed to access the database. Each role will have assigned rights and permissions, and customers and employees are then ported into these roles.
3205) If an attacker compromises the firewall and other perimeter network protection mechanisms, and then is able to make requests to the database, if he is not _______________, the database is still safe.
A. Expert
B. Administrator
C. System analyst
D. Programmer
E. In predefined role
Answer E:
Explanation: if an attacker compromises the firewall and other perimeter network protection mechanisms, and then is able to make requests to the database, if he is not in one of the predefined roles, the database is still safe.
3206)
A
database is a collection of data stored in a meaningful way that
enables multiple users and applications to access, view, and modify data
as needed. Databases are managed with
A. Programming
B. Software
C. Hardware
D. Roles
E. None of the above
Answer B:
Explanation: Databases are managed with software that provides these types of capabilities i.e. collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed.
3207)
A
database is a collection of data stored in a meaningful way that
enables multiple users and applications to access, view, and modify data
as needed. Data bases not only stores information but also:
A. Presents data
B. Process data
C. Presents data in logical manner
D. Updates the data
E. Both B & C
Answer E:
Explanation: Data bases store data, but may also process data and represent it in a more usable and logical form.
3208) The actual specifications of the structure for databases may be ________per database implementation for various organizations and departments due to their diverse needs
A. Standardized
B. Different
C. Customized
D. Mass produced
E. Similar
Answer B:
Explanation: The actual specifications of the structure may be different per database implementation, because different organizations or departments work with different types of data and need to perform diverse functions upon that information.
3209) Databases are managed with software that provides these types of capabilities i.e. collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed. Any type of database should have the following characteristics:
A. Centralization of data
B. Transaction persistence
C. Recovery and fault tolerance
D. Sharing data with multiple users
E. All of the above
Answer E:
Explanation: the database should posses the all of above properties including access control and confidentiality.
3210) The database administrator can define specific roles that are allowed to access the database. Each role will have assigned rights and permissions, and customers and employees are then ported into these roles. Transaction persistence means
A. Transactions are durable
B. Transactions are reliable Giovanni-Book
C. Transactions are sustainable
D. Transactions are not vulnerable
E. Both A & B
Answer E:
Explanation: Transaction persistence means the database procedures carrying out transactions are durable and reliable.
3211) ____________provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database,
A. Operating system
B. Domain main server
C. Database models
D. Client server model
E. Web base model
Answer C:
Explanation: A database model provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database.
3212)
The database model defines the relationships between different data
elements, dictates how data can be accessed, and defines acceptable
operations, the type of integrity offered, and how the data is
organized. Databases come in different types of models as:
A. Relational and object oriented
B. Hierarchical
C. Network and object relational
D. B2B
E. A,B & C
Answer E:
Explanation: Databases come in several types of models, as listed: Relational, Hierarchical, Network, Object-oriented & Object-relational
3213) A relational database model uses ________and ________to contain and organize information
A. Records and fields
B. Columns and rows
C. Image, audio, documents etc
D. Foreign key
E. Data dictionary
Answer B:
Explanation: A relational database model uses attributes (columns) and tuples (rows) to contain and organize information.
3214)
A
database is a collection of data stored in a meaningful way that
enables multiple users and applications to access, view, and modify data
as needed. Databases are managed with software that provides these types
of capabilities. The most widely used model is:
A. Hierarchical
B. Relational
C. Network
D. Object oriented
E. Object relational
Answer B:
Explanation: The relational database model is the most widely used model today. It presents information in the form of tables.
3215) A _______ is a field that links all the data within a record to a unique value
A. Primary key
B. Foreign key
C. Cell
D. Tupple
E. Attribute
Answer A:
Explanation: A primary key is a field that links all the data within a record to a unique value.
3216) A hierarchical data model (see Figure 11-4) combines records and fields that are related in:
A. Logical manner
B. Cross structure
C. Tree structure
D. Relational structure
E. None of the above
Answer C:
Explanation: A hierarchical data model combines records and fields that are related in a logical tree structure.
3217) The paths for creating relationships between data elements in hierarchical data model are not flexible as that of:
A. Network model
B. Object relational
C. Relational
D. Object oriented
E. None of the above
Answer C:
Explanation: These databases have well-defined, pre specified access paths, but are not as flexible in creating relationships between data elements as a relational database.
3218)
A
database is a collection of data stored in a meaningful way that
enables multiple users and applications to access, view, and modify data
as needed. Databases are managed with software that provides these types
of capabilities. Hierarchical databases are useful for mapping
A. One to one relations
B. One to many
C. Many to many
D. All of the above
E. Both B and C
Answer B:
Explanation: Hierarchical databases are useful for mapping one-to-many relationships.
3219) Hierarchical databases do not use __________ as relational databases do for searching procedures.
A. Primary key
B. Foreign key
C. Indexes
D. Database dictionary
E. Rows and columns
Answer C:
Explanation: It does not use indexes as relational databases do for searching procedures.
3220)
The hierarchical structured database is one of the first types of
database model created, but is not as common as relational databases. To
be able to access a certain data entity within a hierarchical database
requires the knowledge of which branch to start with and which route to
take through each layer until the data are reached. The most
commonly used implementation of the hierarchical model is in
A. Client server model
B. Lightweight Directory Access Protocol (LDAP) model
C. B2C model
D. C2C model
E. B2E model
Answer B:
Explanation: The most commonly used implementation of the hierarchical model is in the Lightweight Directory Access Protocol (LDAP) model. This model also used in the Windows registry structure and different file systems, but it is not commonly used in newer database products.
3221) Most databases have a data definition language (DDL), a data manipulation language (DML), a query language (QL), and a report generator. The network database model is built upon
A. Hierarchical
B. Relational
C. Network
D. Object oriented
E. Object relational
Answer A:
Explanation: The network database model is built upon the hierarchical data model.
3222)
The most commonly used implementation of the hierarchical model is in
the Lightweight Directory Access Protocol (LDAP) model. The
network database model allows each data element to have
A. Single parent record
B. Multiple parents records
C. Multiple parent and child records
D. Multiple children records
E. Both A and D
Answer C:
Explanation: Instead of being constrained by having to know how to go from one branch to another and then from one parent to a child to find a data element, the network database model allows each data element to have multiple parent and child records.
3223)
This model uses the constructs of records and sets. A record contains
fields, which may lay out in a hierarchical structure. Sets define the
one-to-many relationships between the different records. The
network database model uses
A. Rows and fields
B. Records and sets
C. Keys
D. Data dictionary
E. Data elements
Answer B:
Explanation: This model uses the constructs of records and sets. A record contains fields, which may lay out in a hierarchical structure.
3224)
A
database management system (DBMS) is the software that controls the
access restrictions, data integrity, redundancy, and the different types
of manipulation available for a database
A
___________ is designed to handle a variety of data (images,
audio, documents, video).
A. Hierarchical
B. Relational
C. Network
D. Object oriented
E. Object relational
Answer D:
Explanation: An object-oriented database is designed to handle a variety of data (images, audio, documents, video).
3225) An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database, because
A. Objects can be created when needed
B. Application has to use its own procedures to obtain data from the database
C. Database does not actually provide procedures
D. Data and procedure (called method)does not go with the object when it is requested
E. All of the above
Answer A:
Explanation: An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database, because objects can be created when needed and the data and procedure (called method) go with the object when it is requested.
3226) In object-oriented databases, when your application queries for some data, what is returned is:
A. data only
B. output
C. codes
D. data and code
E. objects and classes
Answer D
Explanation: in object-oriented databases, when your application queries for some data, what is returned is not only the data but the code to carry out procedures on this data.
3227)
In object-oriented databases, when your application queries for some
data, what is returned is not only the data but the code to carry out
procedures on this data.
Record is :
A. A collection of records of the same type
B. A row in a two-dimensional database
C. A collection of related data items
D. An attribute of one table that is related to the primary key of another table
E. Defines the structure of the database
Answer C:
Explanation: Record is a collection of related data items
3228) An attribute of one table that is related to the primary key of another table is:
A. Record
B. Attribute
C. Data dictionary
D. Primary key
E. Foreign key
Answer E
Explanation: Foreign key is an attribute of one table that is related to the primary key
of another table.
3229) A virtual relation defined by the database administrator in order to keep subjects from viewing certain data is:
A. Data dictionary
B. Primary key
C. View
D. Cell
E. Attribute
Answer C:
Explanation: View is a virtual relation defined by the database administrator in order to keep subjects from viewing certain data.
3230) An object-oriented database also does not depend upon __________for interactions
A. SQL
B. Oracle
C. DBMS
D. Data dictionary
E. Index
Answer A:
Explanation: An object-oriented database also does not depend upon SQL for interactions, so applications that are not SQL clients can work with these types of databases.
3231) ____________is a standard programming language used to allow clients to interact with a database.
A. C++
B. Object Pascal
C. Visual basic
D. SQL
E. Common Lisp
Answer D:
Explanation: Structured Query Language (SQL) is a standard programming language used to allow clients
to interact with a database. Many database products support SQL.
3232) ___________is a database with a software front end that is written in an object-oriented programming language
A. DBMS
B. Relational database
C. Hierarchical database
D. Object relational
E. Network database
Answer D:
Explanation: An
object-relational database (ORD) or object-relational database
management system (ORDBMS) is a relational database with a software
front end that is written in an object-oriented programming language.
3233) Open Database Connectivity (ODBC) is an application programming interface (API) that allows:
A. Separates data into components that run as middleware on a client or server.
B. A set of COM-based interfaces that provide applications with uniform access to data stored in diverse data sources
C. An application to communicate with a database either locally or remotely.
D. Applications to access back-end database systems
E. Allows a Java application to communicate with a database
Answer C:
Explanation: Open Database Connectivity (ODBC) An application programming interface (API) that allows an application to communicate with a database either locally or remotely.
3234) _________provides a low level interface to link information across different databases and provides access to data no matter where it is located or how it is formatted.
A. Open Database Connectivity (ODBC)
B. ActiveX Data Objects (ADO)
C. Java Database Connectivity (JDBC)
D. Extensible Markup Language (XML)
E. Object Linking and Embedding Database (OLE DB)
Answer E:
Explanation: Object Linking and Embedding Database (OLE DB) provides a low level interface to link information across different databases and provides access to data no matter where it is located or how it is formatted.
3235) A set of COM-based interfaces that provide applications with uniform access to data stored in diverse data sources; is a feature of :
A. Open Database Connectivity (ODBC)
B. Object Linking and Embedding Database (OLE DB)
C. ActiveX Data Objects (ADO)
D. Java Database Connectivity (JDBC)
E. Extensible Markup Language (XML)
Answer B
3236) __________uses the OLEDB interface to connect with the database and can be developed with many different scripting languages.
A. Open Database Connectivity (ODBC)
B. Object Linking and Embedding Database (OLE DB)
C. ActiveX Data Objects (ADO)
D. Java Database Connectivity (JDBC)
E. Extensible Markup Language (XML)
Answer B:
Explanation: ADO uses the OLEDB interface to connect with the database and can be developed with many different scripting languages.
3237) the XML tags to illustrate to the user how the developer wanted the data to be presented are interpreted by:
A. SQL
B. Java
C. XHTML
D. Browser
E. None of the above
Answer D:
Explanation: The web browser interprets the XML tags to illustrate to the user how the developer wanted the data to be presented.
3238) Database languages include a data definition language (DDL), which defines:
A. Schema
B. how the data can be manipulated within the database
C. enable users to access the data
D. defines the internal organization of the database
E. enables Java programs to execute SQL statements
Answer A:
Explanation: Most database languages include a data definition language (DDL), which defines the schema The
schema describes the type of data that will be held and manipulated, and its properties
3239) Language which defines the internal organization of the database is:
A. Data definition language (DDL)
B. Data control language (DCL)
C. Data manipulation language (DML)
D. Report generator
E. Query language (QL)
Answer B:
Explanation: a data control language (DCL), defines the internal organization of the database.
3240) Produces printouts of data in a user-defined manner.
A. Query language (QL)
B. Report generator
C. DML
D. DCL
E. None of the above
Answer B:
Explanation: Report generator- Produces printouts of data in a user-defined manner
3241)
A
data dictionary is a central collection of data element
definitions, schema objects, and reference keys. A
data dictionary is a central collection of:
A. data element definitions
B. schema objects
C. reference keys
D. Primary keys
E. Options A, B & C
Answer E:
Explanation: A data dictionary is a central collection of data element definitions, schema objects, and reference keys
3242) Data dictionary is a tool used to centrally manage parts of a database by controlling___________ within the database
A. Metadata
B. Portion of data
C. Figures
D. Programming
E. Keys
Answer A:
Explanation: It is a tool used to centrally manage parts of a database by controlling data about the data (referred to as metadata) within the database.
3243) The database management software creates and reads the data dictionary to ascertain what ___________ exist and checks to see if specific users have the proper access rights to view them
A. Schema objects
B. Reference keys
C. Meta data
D. Data element definitions
E. All of the above
Answer A:
Explanation: The database management software creates and reads the data dictionary to ascertain what schema objects exist and checks to see if specific users have the proper access rights to view them.
3244)
The database management software creates and reads the data dictionary
to ascertain what schema objects exist and checks to see if specific
users have the proper access rights to view them. __________
settings for each user are held within the data dictionary
A. Language
B. View
C. Data manipulation
D. Schema object
E. Browser
Answer B:
Explanation: When users look at the database, they can be restricted by specific views. The different view settings for each user are held within the data dictionary.
3245) When new rows and schema objects are added the data dictionary is__________
A. Reinstalled
B. Finished
C. Updated
D. Remains the same
E. Require new programming
Answer C:
Explanation: When new tables, new rows, or new schema are added, the data dictionary is updated to reflect this.
3246)
When users look at the database, they can be restricted by specific
views. The different view settings for each user are held within the
data dictionary. ________ sets a relationship between the two
tables that has a matching or same attribute.
A. Primary key
B. Foreign key
C. Data dictionary
D. Report generator
E. Schema objects
Answer B:
Explanation: If an attribute in one table has a
value matching the primary key in another table and there is a
relationship set up between the two of them, this attribute is
considered a
foreign
key.
3247)
A
primary key is different from a foreign key, although they are closely
related. If an attribute in one table has a value matching the primary
key in another table and there is a relationship set up between the two
of them, This foreign key is not necessarily ________ in its
current table
A. Primary key
B. Foreign key
C. Data dictionary
D. Report generator
E. Schema objects
Answer A:
Explanation: This foreign key is not necessarily the primary key in its current table. It only has to contain the same information that is held in another table’s primary key and be mapped to the primary key in this other table.
3248)
A
primary key is different from a foreign key, although they are closely
related. If an attribute in one table has a value matching the primary
key in another table and there is a relationship set up between the two
of them, this attribute is considered a
foreign
key. This is another way for the database to track
relationships between data that it houses.
A. Reference keys
B. Web browser
C. Anti virus
D. Fire walls
E. Foreign key
Answer E:
Explanation: foreign key is another way for the database to track relationships between data that it houses.
3249) __________is a problem/issue when there is a piece of software that will be accessed at the same time by different users and/or applications.
A. Malware
B. Virus and spasm
C. Trojan horse
D. Concurrency
E. None of the above
Answer D:
Explanation: Concurrency issues come up when there is a piece of software that will be accessed at the same time by different users and/or applications.
3250)
Thing happens in databases. If controls are not in place, two users can
access and modify the same data at the same time, which can be
detrimental to a dynamic environment.
To overcome this problem
processes can:
A. Lock tables within a database
B. Make changes
C. Release the software lock.
D. All of the above
E. Allow limited access
Answer D:
Explanation: To ensure that concurrency problems do not cause problems, processes can lock tables within a database, make changes, and then release the software lock.
3251)
To ensure that concurrency problems do not cause problems, processes can
lock tables within a database, make changes, and then release the
software lock. Locking means:
A. One table is not accessible
B. Data in one table is not transferable
C. Two processes can not access the same table at the same time
D. Two processes can not transfer the same table at the same time
E. User cannot access the important data
Answer C:
Explanation: Locking ensures that two processes do not access the same table at the same time.
3252)
A
semantic integrity
mechanism makes sure structural and semantic rules are enforced. These
rules pertain to data types, logical values, uniqueness constraints, and
operations that could adversely affect the structure of the database.
Database software performs _________ main types of integrity
services
A. 2
B. 3
C. 4
D. 5
E. 6
Answer B:
Explanation: Database software performs three main types of integrity services.
3253)
Database software performs three main types of integrity services:
semantic, referential, and entity. A________________
mechanism makes sure structural and semantic rules are enforced.
A. Semantic
B. Referential
C. Entity
D. Self service
E. Assisted password
Answer: A:
Explanation: semantic integrity mechanism makes sure structural and semantic rules are enforced.
3254) A database has_________ integrity if all foreign keys reference existing primary keys
A. Semantic
B. Referential
C. Entity
D. Self service
E. Assisted password
Answer: B:
Explanation: A database has referential integrity if all foreign keys reference existing primary keys
3255) Other configurable operations are available to help protect the integrity of the data within a database. These operations are:
A. Rollbacks
B. Commits
C. Save points
D. Checkpoints
E. All of the above
Answer E:
Explanation: Other configurable operations are available to help protect the integrity of the data within a database. These operations are rollbacks, commits, save points, and checkpoints.
3256) _________________allow changes that could have taken place with the data itself or with schema changes that were typed in.
A. Commits
B. Save points
C. Checkpoints
D. Rollbacks
E. All of the above
Answer D:
Explanation: The rollback is an operation that ends a current transaction and cancels the current changes to the database.
3257) When a rollback operation is executed, the changes are cancelled, and the database returns to
A. New phase
B. Previous state
C. Updated state
D. Subsequent state
E. Both C & D
Answer: When a rollback operation is executed, the changes are cancelled, and the database returns to its previous state. Instead of transmitting and posting partial or corrupt information, the database will roll back to its original state and log these errors and actions so they can be reviewed later.
3258) ___________are used to make sure that if a system failure occurs, or if an error is detected, the database can attempt to return to a point before the system crashed or hiccupped.
A. Rollbacks
B. Commits
C. Save points
D. Checkpoints
E. All of the above
Answer C:
Explanation: Save points are used to make sure that if a system failure occurs, or if an error is detected, the database can attempt to return to a point before the system crashed or hiccupped.
3259) Having too many save points can:
A. Improve the performance
B. Degrade the performance
C. Integrate the performance
D. Does not have any affect
E. Both A & C
Answer B:
Explanation: Having too many save points can degrade the performance, whereas not having enough save points runs the risk of losing data and decreasing user productivity because the lost data would have to be reentered.
3260) A save point restores data by enabling the user
A. Go back in time before the system crashed
B. Getting help through an analyst
C. User and database interact at the same time
D. Making another copy of data for user
E. None of the above
Answer A:
Explanation: a save point restores data by enabling the user to go back in time before the system crashed or hiccupped.
3261) When the database software fills up a certain amount of memory, ___________is initiated; this saves the data from the memory segment to a temporary file. If a glitch is experienced, the software will try to use this information to restore the user’s working environment to its previous state.
A. Rollback
B. Commit
C. Save point
D. Checkpoint
E. None of the above
Answer: D:
Explanation: When the database software fills up a certain amount of memory, a checkpoint is initiated; this saves the data from the memory segment to a temporary file. If a glitch is experienced, the software will try to use this information to restore the user’s working environment to its previous state.
3262) _____________mechanism is yet another control that is used in databases to ensure the integrity of the data held within the database.
A. One phase commit
B. Two phase commit
C. Three phase commit
D. Four phase commit
E. Multiple phase commit
Answer B:
Explanation: A two-phase commit mechanism is yet another control that is used in databases to ensure the integrity of the data held within the database. Databases commonly carry out transaction processes, which means the user and the database, interact at the same time.
3263) When a database change is submitted by the user, the different databases initially, these changes temporarily are:
A. Stored
B. Dumped
C. Updated
D. Transferred
E. Changed
Answer: A:
Explanation: When a database change is submitted by the user, the different databases initially store these changes temporarily.
3264) A transaction monitor will send out a “pre-commit” command to each database. If all the right databases respond with an acknowledgment, then the monitor sends out a
A. Print command
B. Save command
C. Commit command
D. Delete command
E. No command
Answer C:
Explanation: the monitor sends out a “commit” command to each database. This ensures that all of the necessary information is stored in all the right places at the right time.
3265) The main database security issues concerned are:
A. Aggregation
B. Viruses
C. Data corruption
D. Interference
E. Both A & D
Answer E:
Explanation: The two main database security issues this section addresses are aggregation and inference.
3266) _________ is the act of combining information from separate sources. The combination of the data forms new information, which the subject does not have the necessary rights to access.
A.
Aggregation
B.
Interference
C.
Integration
D.
Networking
E.
Transformation
Answer: A
Explanation: Aggregation is the act of combining information from separate sources.
3267) To prevent aggregation, the subject, and any application or process acting on the subject’s behalf, needs to be prevented from gaining access to
A. Whole data including individual components
B. Individual components
C. Specific information
D. Programming
E. Both A & C
Answer: A
Explanation: To prevent aggregation, the subject, and any application or process acting on the subject’s behalf, needs to be prevented from gaining access to the whole collection, including the independent components.
3268) Interference issue is seen when data at a ________security level indirectly portrays data at a ________level.
A. Higher , lower
B. Lower , higher
C. Individual , group
D. Simple , complex
E. Networked, system
Answer B:
Explanation: inference is seen when data at a lower security level indirectly portrays data at a higher level.
3269) The trick (in interference) is to prevent the subject, or any application or process acting on behalf of that subject, from:
A. Gaining access to back end
B. Gaining access to front end
C. Gaining access to programming
D. Indirect access to inferable information
E. Direct access to information
Answer: D:
Explanation: The trick is to prevent the subject, or any application or process acting on behalf of that subject, from indirectly gaining access to the inferable information.
3270) Interference problem is dealt through:
A. Content dependent access control
B. Context dependent access control
C. Context independent access control
D. Content independent access control
E. Both A & B
Answer: E:
Explanation: This problem is usually dealt with in the development of the database by implementing content- and context-dependent access control rules.
3271) The more sensitive the data, the_____________ the subset of individuals who can gain access to the data.
A. Larger
B. Smaller
C. Complex
D. Specific
E. Unlimited
Answer: B:
Explanation: The more sensitive the data, the smaller the subset of individuals who can gain access to the data.
3272) The software must keep track of previous access attempts by the user and understand what sequences of access steps are allowed in:
A. Content dependent access control
B. Context dependent access control
C. Context independent access control
D. Content independent access control
E. None of the above
Answer: B
Explanation: Context-dependent access control means the software must keep track of previous access attempts by the user and understand what sequences of access steps are allowed.
3273) Common attempts to prevent inference attacks are:
A. Cell suppression
B. Partitioning the database
C. Noise
D. Perturbation
E. All of the above
Answer: E
Explanation: Common attempts to prevent inference attacks are cell suppression, partitioning the database, and noise and perturbation.
3274) __________involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered.
A. Cell suppression
B. Partitioning the database
C. Noise
D. Perturbation
E. Both C and D
Answer B:
Explanation: Partitioning a database involves dividing the database into different parts, which makes it much harder for an unauthorized individual to find connecting pieces of data that can be brought together and other information that can be deduced or uncovered.
3275) Databases can permit one group, or a specific user, to see certain information while restricting another group from viewing it altogether. This functionality happens through:
A. Database keys
B. Database server
C. Database views
D. Database dictionary
E. Report generator
Answer C:
Explanation: This
functionality happens through the use of
database views.
3276) Views can be displayed according to:
A. Group membership
B. User rights
C. Security labels
D. Patents
E. Options A, B & C
Answer E:
Explanation: Views can be displayed according to group membership, user rights, or security labels.
3277) If a discretionary access control DAC system was employed, then groups and users could be granted access through views based on their:
A. Identity
B. Authentication
C. Authorization
D. All of the above
E. Data classification
Answer D:
Explanation: If a DAC system was employed, then groups and users could be granted access through views based on their identity, authentication, and authorization.
3278) _____________is a process of interactively producing more detailed versions of objects by populating variables with different values or other variables. It is often used to prevent inference attacks.
A. Discretionary access control DAC
B. Mandatory access control (MAC)
C. Polyinstantiation
D. Transmission
E. Diffusion
Answer: C:
Explanation: Polyinstantiation is a process of interactively producing more detailed versions of objects by populating variables with different values or other variables.
3279) If a process stops functioning, the monitor mechanisms within ________ can detect this and attempt to restart the process. If the process cannot be restarted, then the transaction taking place will be rolled back to ensure no data is corrupted.
A. Online transaction processing (OLTP)
B. Polyinstantiation
C. Discretionary access control (DAC)
D. Database views
E. None of the above
Answer: A:
Explanation: if a process stops functioning, the monitor mechanisms within OLTP can detect this and attempt to restart the process.
3280) Any erroneous or invalid transactions detected should be written to a
A. Lock
B. Transaction log
C. Register
D. Memory
E. Operating system
Answer:
Explanation: B Any erroneous or invalid transactions detected should be written to a transaction log. Data is written to the log before and after a transaction is carried out so a record of events exists.
3281) Transaction processing usually means:
A. individual indivisible operations are taking place independently
B. operations are taking place collectively
C. operations are taking place efficiently
D. transactions are managed
E. transactions are stream lined
Answer A:
Explanation: Transaction processing usually means
that individual indivisible operations are taking place independently.
If one of the operations fails, the rest of the operations needs to be
rolled back to ensure that only accurate data is entered into the
database.
3282) If requests to update databases increase, and the performance of one system decreases because of the large volume, OLTP can
A. Handle all the requests
B. Does not handle any request
C. Process half requests
D. Transfer some of the requests
E. No action is taken
Answer: D
Explanation: OLTP can move some of these requests to other systems. This makes sure all requests are handled and that the user, or whoever is making the requests, does not have to wait a long time for the transaction to complete.
3283) OLTP records transactions as they occur (in real time), which usually updates more than one database in a distributed environment. This type of complexity introduce threats and require:
A. ACID test
B. CAID test
C. DAIC test
D. CAAD test
E. SAPM test
Answer A:
Explanation: his type of complexity can introduce many integrity threats, so the database software should implement the characteristics of what’s known as the ACID test.
3284) Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back, this is known as
A. Atomicity
B. Isolation
C. Consistency
D. Durability
E. Mining
Answer D
Explanation: Durability- Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back.
3285) _______________combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis.
A. Data ware house
B. Data mining
C. Data dictionary
D. Data base
E. All of the above
Answer A
Explanation: Data warehousing combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis.
3286) The data sources the warehouse is built from are used for
A. Operational purposes
B. Functional purposes
C. Accounting purposes
D. Storing purposes
E. Retrieval purposes
Answer A: The data sources the warehouse is built from are used for operational purposes.
3287) Data in data warehouse is normalized which means:
A. Data is formatted
B. Data is updated
C. Information is striped out & formatted as expected by ware house
D. Information is extracted
E. Information is stored
Answer C
Explanation: The data is normalized, which means redundant information is stripped out and data are formatted in the way the data warehouse expects it. This enables users to query one entity rather than accessing and querying different databases.
3288) The analysis in data warehouse is carried for:
A. Business forecasting decisions
B. Identify marketing effectiveness
C. Business trends
D. Fraudulent activities
E. All of the above
Answer E
Explanation: The analysis can be carried out to make business forecasting decisions, identify marketing effectiveness, business trends, and even fraudulent activities.
3289) Data in ware house before presentation to user is:
A. Stored only
B. Summarized
C. Customized
D. Correlated
E. B, C & D
Answer E
Explanation: Related data is summarized and correlated before it is presented to the user. Instead of having every piece of data presented, the user is given data in a more abridged form that best fits her needs.
3290) Security of ware house is necessary as
A. Access to data is easy
B. Data is available
C. All data is at one place
D. Requires no security measures
E. Data corruption is easy
Answer C
Explanation: Although their is easier access and control, because the data warehouse is in one place, it also requires more stringent security. If an intruder got into the data warehouse, he could access all of the company’s information at once.
3291) Data mining is the process of massaging the data held in the_________ into more useful information.
A. Ware house
B. Back end
C. Front end
D. Programming
E. Dictionary
Answer
Explanation: Data mining is the process of massaging the data held in the data warehouse into more useful information.
3292) Data-mining tools are used to find an association and correlation in data to produce
A. Data reports
B. Security
C. Meta data
D. Output
E. Data networks
Answer C
Explanation: Data-mining tools are used to find an association and correlation in data to produce metadata. Metadata can show previously unseen relationships between individual subsets of information.
3293) The goal of data warehouses and data mining is
A. Extract information to gain knowledge about the activities and trends within the organization
B. Detect deficiencies
C. Ways to optimize operations
D. All of the above
E. A& C only
Answer D
Explanation: The goal of data warehouses and data mining is to be able to extract information to gain knowledge about the activities and trends within the organization. With this knowledge, people can detect deficiencies or ways to optimize operations.
3294) Data mining and warehousing activities are carried out for:
A. Comparative decision making
B. Workflow automation
C. Competitive advantage
D. Enhancing business value & employee’s productivity
E. All of the above
Answer E
Explanation: So we would carry out these activities if we want to harness organization-wide data for comparative decision making, workflow automation, and/or competitive advantage. It is not just information-aggregation; management’s goals in understanding different aspects of the company are to enhance business value and help employees work more productively.
3295) Data mining is also known as knowledge discovery in database (KDD), and is a combination of techniques to identify valid and useful patterns. The following are approaches used in KDD systems
A. Classification
B. Probabilistic
C. Consistency
D. Statistical
E. A,B &D
Answer E
Explanation:
Classification, Probabilistic &
Statistical.
3296) ________Identifies relationships between data elements and uses rule discovery.
A. Classification
B. Probabilistic
C. Consistency
D. Statistical
E. A,B &D
Answer D:
Explanation: Statistical- Identifies relationships between data elements and uses rule discovery.
3297) Security is most effective if it is planned and managed throughout
A. Data entry
B. Programming
C. Data retrieval
D. Life cycle of application/system
E. None of the above
Answer D
Explanation: Security is most effective if it is planned and managed throughout the life cycle of a system or application versus applying a third-party package as a front end after the development.
3298) If security is added at the end of project development this results in
A. Addition of cost
B. Wastage of time
C. Additional resources
D. Upgrading problems
E. Both A & B
Answer E: security when added at the end of a project development rather than at each step of the life cycle, the cost and time of adding security increases dramatically.
3299) Good project management keeps the project:
A. Right direction
B. Allocates the necessary resources
C. Provides the necessary information
D. Plans for the worst
E. All of the above
Answer E
Explanation: Many developers know that good project management keeps the project moving in the right direction, allocates the necessary resources, provides the necessary information, and plans for the worst yet hopes for the best.
3300) ___________is an important part of product development, and security management is an important part of project management.
A. Project management
B. Product management
C. Project development
D. Security development
E. Security management
Answer A
Explanation: Project management is an important part of product development, and security management is an important part of project management.
3301) A security plan should be drawn up at the beginning of a development project and integrated into the functional plan to ensure that security is not overlooked and the plan includes:
A. broad, covers
B. a wide base
C. refers to documented references
D. All of the above
E. RFCs, IEEE standards ,and best practices
Answer D
Explanation: The first plan is broad, covers a wide base, and refers to documented references for more detailed information.
3302) The____________ must accurately reflect how the system or product was built and how it operates once implemented into an environment.
A. Rules
B. Standards
C. Documentation
D. Privacy policy
E. Guarantee
Answer C
Explanation: The documentation must accurately reflect how the system or product was built and how it operates once implemented into an environment.
3303) The different models integrate the following life cycle phases:
A. Project initiation , Functional design analysis and planning
B. System design specifications
C. Software development , Installation/implementation
D. Operational/maintenance , Disposal
E. All of the above
Answer E
Explanation: Project initiation
• Functional design analysis and planning
• System design specifications
• Software development
• Installation/implementation
• Operational/maintenance
• Disposal
3304) Security comes under the following phase
A. Project initiation , Functional design analysis and planning
B. System design specifications
C. Software development , Installation/implementation
D. Operational/maintenance , Disposal
E. All of the above
Answer E
Explanation: security is embedded throughout all phases
3305) ___________is the phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails
A. Project development
B. Project initiation
C. Project completion
D. Project proposal
E. Project documentation and standards
Answer B
Explanation: project initiation is the phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails.
3306) Conceptual definition of project is initiated in:
A. Project development
B. Project completion
C. Project proposal
D. Project initiation
E. Project documentation and standards
Answer D
Explanation: A conceptual definition of the project should be initiated and developed during initiation stage to ensure everyone is on the right page and that this is a proper product to develop and will be, hopefully, profitable.
3307) Project initiation requires the following steps:
A. an initial study of the product needs to be started,
B. a high-level proposal should be drafted that outlines the necessary resources for the project and the predicted timeline of development.
C. The estimated profit expected from the product also needs to be conducted.
D. This information is submitted to senior management, who will determine whether the next phase should begin or further information is required.
E. All of the above
Answer E
Explanation: because this is for a specific client or market, an initial study of the product needs to be started, and a high-level proposal should be drafted that outlines the necessary resources for the project and the predicted timeline of development. The estimated profit expected from the product also needs to be conducted. This information is submitted to senior management, who will determine whether the next phase should begin or further information is required.
3308) The first step of risk management is:
A. Identifying the solution
B. Identify the threats and vulnerabilities
C. Calculating economic feasibility
D. Calculating level of risk involved
E. Both B & D
Answer: E
Explanation: The first step in risk management is to identify the threats and vulnerabilities and to calculate the level of risk involved.
3309) ______________should also address security threat scenarios and solutions during their tasks.
A. Programmers
B. Software engineers
C. Analysts
D. Program developers
E. None of the above
Answer: B
Explanation: It is not just the programmer who should be thinking about coding in a secure manner, but the design of the product should have security integrated and layered throughout the project. Software engineers should address security threat scenarios and solutions during their tasks.
3310) Software risk analysis involves the following concerns of customers
A. Type of business that requires this product
B. Need of encryption & its type
C. Vulnerability of products against denial of service
D. Type and strength encryption needed
E. All of the above
Answer E
Explanation: all are the concerns of customers
3311) If a product will only be used to produce word documents, a lower level of security countermeasures and tests would be needed compared with
A. A product that is low on credit ratings
B. Maintain a credit card data
C. High on credit ratings
D. Maintain a debit card data
E. Both C & D
Answer B
Explanation: If a product will only be used to produce word documents, a lower level of security countermeasures and tests would be needed compared with a product that maintains credit card data.
3312) Once the threats are identified by the project team members then:
A. The probability of their occurrence is estimated
B. Their consequences are calculated
C. The risks can be listed in order of criticality.
D. All of the above
E. Develop a solution directly
Answer D
Explanation: Once the threats are identified by the project team members, the probability of their occurrence is estimated, and their consequences are calculated, the risks can be listed in order of criticality.
3313) If the possibility of a DoS taking place is high and could devastate a customer then the security concerns are
A. At highest priority
B. At medium priority
C. Is transferred to the concern department
D. At lowest priority
E. Is of no concern
Answer A: If the possibility of a DoS taking place is high and could devastate a customer, then this is at the high end of importance. If the possibility of fraud is low, then this is pushed down the priority list.
3314) _______________may do a risk analysis pertaining to the risk of the project failing.
A. Security risk analysis team
B. Project risk analysis team
C. Risk analysts
D. Program developers
E. Vendors
Answer B
Explanation: The project team may do a risk analysis pertaining to the risk of the project failing. This is much different from the security risk analysis, which has different threats and issues.
3315) Functional design analysis and planning requires:
A. Only documentation
B. A test plan
C. Evaluation criteria
D. Standards
E. Both B & D
Answer: B
Explanation: A test plan is developed, which will be updated through each phase to ensure all issues are properly tested in functional design analysis and planning.
3316) Security requirements can be derived from several different sources which are:
A. Export restrictions
B. National, international, or organizational standards and guidelines
C. Relevant security policies
D. Project analysis
E. Options A,B& C
Answer E: Export restrictions, National, international, or organizational standards and guidelines
Relevant security policies are some of the sources from which security requirements can be derived.
3317) A design document is usually drawn up by_____________
A. Analysts
B. Engineers
C. Architects
D. Customer.
E. A,B&C
Answer E:
Explanation: A design document is usually drawn up by analysts, with the guidance of engineers and architects, and presented to the customer.
3318) Many companies skip the functional design phase and jump right into developing specifications for the product and if the customers are not involved during that stage. This causes:
A. Major delays
B. Retooling efforts
C. Difference in company’s and customer’s perception
D. Wastage of time
E. All of the above
Answer E
Explanation: Many companies skip the functional design phase and jump right into developing specifications for the product. Or a design document is not shared with the customer. This can cause major delays and retooling efforts, because a broad vision of the product needs to be developed before looking strictly at the details. If the customer is not involved at this stage, the customer will most likely think the developers are creating a product that accomplishes X, while the development team thinks the customer wants Y. A lot of time can be wasted developing a product that is not what the customer actually wants, so clear direction and goals must be drawn up before the beginning of coding. This is usually an important function of the project management team.
3319) which technology is one in which a device cannot put data on the network wire without having possession of a token, a control frame that travels in a logical circle and is “picked up” when a system needs to communicate. This is different from Ethernet, in which all the devices attempt to communicate at the same time.
1. Token passing technology
2. Fibre passing technology
3. Ethernet passing technology
4. None of the abve
5. Nano technology
Ans: A token-passing technology is one in which a device cannot put data on the network
wire without having possession of a token, a control frame that travels in a logical circle
and is “picked up” when a system needs to communicate
3320): Token Ring employs a couple of mechanisms to deal with problems that can occur
on this type of network. Which mechanism removes frames that are continually
circulating on the network. This can occur if a computer locks up or is taken
offline for one reason or another and cannot properly receive a token destined for it.
- Passive monitor
- Active monitor
- Double monitor
- Ring monitor
- None of the above
Ans: Token Ring employs a couple of mechanisms to deal with problems that can occur
on this type of network. The active monitor mechanism removes frames that are continually
circulating on the network. This can occur if a computer locks up or is taken
offline for one reason or another and cannot properly receive a token destined for it.
3321): A packet may need to be sent to only one workstation, to a set of workstations, or to all
workstations on a particular subnet. If a packet needs to go from the source computer to
one particular system, which transmission method is used.
- Broadcast
- Multicast
- Telecast
- Unicast
- Datacast
Ans: A packet may need to be sent to only one workstation, to a set of workstations, or to all
workstations on a particular subnet. If a packet needs to go from the source computer to
one particular system, a unicast transmission method is used.
3322): which method is an access method
in which each computer signals its intent to transmit data before it actually does so.
This tells all other computers on the network not to transmit data right now because
doing so could cause a collision. Basically, a system listens to the shared medium to
determine whether it is busy or free.
1. CSMA/CA
2. GSMA/CA
3. CSMA/GA
4. GSM/CA
5. GSM/GA
ANS: Carrier sense multiple access with collision avoidance (CSMA/CA) is an access method
in which each computer signals its intent to transmit data before it actually does so.
This tells all other computers on the network not to transmit data right now because
doing so could cause a collision.
3323): It makes sniffing the network and obtaining useful information more difficult for
an intruder as he traverses the network. A useful tactic for attackers is to install a Trojan
horse that sets up a network sniffer on the compromised computer. The sniffer is usually
configured to look for a specific type of information, such as usernames and passwords. This is the benefit of ?
- Collision domains
- Colliding domains
- Restricting and controlling broadcast
- Both a and c
- None of the above
Ans: Another benefit of restricting and controlling broadcast and collision domains is
that it makes sniffing the network and obtaining useful information more difficult for
an intruder as he traverses the network. A useful tactic for attackers is to install a Trojan
horse that sets up a network sniffer on the compromised computer. The sniffer is usually
configured to look for a specific type of information, such as usernames and passwords.
3324): which protocol is a standard that outlines how
routers exchange routing table data and is considered a distance-vector
protocol, which means it calculates the shortest distance between the
source and destination. It is considered a legacy protocol, because of its
slow performance and lack of functionality. It should only be used in small
networks.
- Routing information protocol
- Interior gateway routing protocol
- Interior information protocol
- Internet security protocol
- Routing security protocol
Ans: RIP is a standard that outlines how
routers exchange routing table data and is considered a distance-vector
protocol, which means it calculates the shortest distance between the
source and destination. It is considered a legacy protocol, because of its
slow performance and lack of functionality. It should only be used in small
networks.
3325): which protocol is a distance-vector routing
protocol that was developed by, and is proprietary to, Cisco Systems.
Whereas other protocol uses one criterion to find the best path between the source and
destination, it uses five criteria to make a “best route” decision. A network
administrator can set weights on these different metrics so that the protocol
works best in that specific environment.
- Routing information protocol
- Interior gateway routing protocol
- Interior information protocol
- Internet security protocol
- Routing security protocol
Ans: IGRP is a distance-vector routing
protocol that was developed by, and is proprietary to, Cisco Systems.
Whereas RIP uses one criterion to find the best path between the source and
destination, IGRP uses five criteria to make a “best route” decision. A network
administrator can set weights on these different metrics so that the protocol
works best in that specific environment.
3326): it is a LAN device used to connect LAN segments. It works at the data link
layer and therefore works with MAC addresses. A repeater does not work with addresses;
it just forwards all signals it receives. When a frame arrives at it, it
determines whether or not the MAC address is on the local network segment. If the
MAC address is not on the local network segment, it forwards the frame to the
necessary network segment. What is it?
- Bridge
- Hub
- Network
- Segment
- trough
ans: A bridge is a LAN device used to connect LAN segments. It works at the data link
layer and therefore works with MAC addresses. A repeater does not work with addresses;
it just forwards all signals it receives. When a frame arrives at a bridge, the bridge
determines whether or not the MAC address is on the local network segment. If the
MAC address is not on the local network segment, the bridge forwards the frame to the
necessary network segment.
3327): A type of bridge that is needed if the two LANs being connected are different
types and use different standards and protocols. For example, consider a connection
between a Token Ring network and an Ethernet network. The frames on each network
type are different sizes, the fields contain different protocol information, and the two
networks transmit at different speeds.
1. Local bridge
2. Remote bridge
3. Translation bridge
4. Evaluation bridge
5. LAN bridge
Ans: A translation bridge is needed if the two LANs being connected are different
types and use different standards and protocols. For example, consider a connection
between a Token Ring network and an Ethernet network. The frames on each network
type are different sizes, the fields contain different protocol information, and the two
networks transmit at different speeds.
3328): A device that splits up a network into collision domains and broadcast domains. It
gives more of a clear-cut division between network segments than repeaters or bridges.
It should be used if an administrator wants to have more defined control of where
the traffic goes, because more sophisticated filtering is available with these, and when
it is used to segment a network, the result is more controllable sections.
1. Router
2. Adopter
3. Translator
4. Transformer
5. bridge
Ans: A router splits up a network into collision domains and broadcast domains. A router
gives more of a clear-cut division between network segments than repeaters or bridges.
A router should be used if an administrator wants to have more defined control of where
the traffic goes, because more sophisticated filtering is available with routers, and when
a router is used to segment a network, the result is more controllable sections.
3329): device that combine the functionality of a repeater and the functionality of a bridge.
It amplifies the electrical signal, like a repeater, and has the built-in circuitry and
intelligence of a bridge. It is a multiport connection device that provides connections
for individual computers or other hubs. What is it ?
- router
- switch
- bridge
- repeater
- adopter
ans: Switches combine the functionality of a repeater and the functionality of a bridge.
A switch amplifies the electrical signal, like a repeater, and has the built-in circuitry and
intelligence of a bridge. It is a multiport connection device that provides connections
for individual computers or other hubs.
3330): what is the use of these types of tags that
not only allows for faster routing, but also addresses service requirements for the different
packet types. Some time-sensitive traffic (such as video conferencing) requires a
certain level of service (QoS) that guarantees a minimum rate of data delivery to meet
the requirements of a user or application.
- Multiprotocol Label Switching (MPLS)
- Uniprotocol label switching
- Transprotocol label switching
- Single protocol label switching
- None of the above
Ans: The use of these types of tags, referred to as
Multiprotocol Label Switching (MPLS),
not only allows for faster routing, but also addresses service requirements for the different
packet types. Some time-sensitive traffic (such as video conferencing) requires a
certain level of service (QoS) that guarantees a minimum rate of data delivery to meet
the requirements of a user or application.
3331): a technology that enable administrators to separate and group computers logically
based on resource requirements, security, or business needs instead of the standard
physical location of the systems. When using repeaters, bridges, and routers, systems
and resources are grouped in a manner dictated by their physical location. What is it?
- VLAN
- WLAN
- MAN
- WAN
- VAN
Ans: VLANs enable administrators to separate and group computers logically
based on resource requirements, security, or business needs instead of the standard
physical location of the systems. When using repeaters, bridges, and routers, systems
and resources are grouped in a manner dictated by their physical location.
3332): it is a private telephone switch that is located on a company’s
property. This switch performs some of the same switching tasks that take place at the
telephone company’s central office. It has a dedicated connection to its local telephone
company’s central office, where more intelligent switching takes place. What is it ?
- Private branch exchange
- Public branch exchange
- Hub branch exchange
- Server linkage exchange
- Network transport exchange
Ans: Private Branch Exchange (PBX) is a private telephone switch that is located on a company’s
property. This switch performs some of the same switching tasks that take place at the
telephone company’s central office. The PBX has a dedicated connection to its local telephone
company’s central office, where more intelligent switching takes place.
3333): A device that may be a router, server, or specialized hardware device. It monitors packets
coming into and out of the network it is protecting. It filters out the packets that do
not meet the requirements of the security policy. What is it ?
- Firewall
- Hub
- Network
- Server
- switch
Ans: A firewall may be a router, server, or specialized hardware device. It monitors packets
coming into and out of the network it is protecting. It filters out the packets that do
not meet the requirements of the security policy.
3334): It is a security method of controlling what data can flow into and out
of a network. Packet filtering takes place by using ACLs, which are developed and applied
to a device. ACLs are lines of text, called rules, that the device applies to each
packet it receives. The lines of text provide specific information pertaining to what
packets can be accepted and what packets must be denied. What is it ?
- packet picking
- packet filtering
- packet transporting
- addressing
- none of the above
ans: Packet filtering is a security method of controlling what data can flow into and out
of a network. Packet filtering takes place by using ACLs, which are developed and applied
to a device. ACLs are lines of text, called rules, that the device applies to each
packet it receives. The lines of text provide specific information pertaining to what
packets can be accepted and what packets must be denied.
3335): which one is like a nosy neighbor who gets into people’s business and conversations.
She keeps track of who said what and when. This can be annoying until your
house is burglarized. Then you and the police will want to talk to the nosy neighbor,
because she knows everything going on in the neighborhood and would be the one
most likely to know something unusual happened.
- Stateful filtering
- Simple filtering
- Stateful addressing
- Stateful disrupting
- All of above
Ans: Stateful filtering is like a nosy neighbor who gets into people’s business and conversations.
She keeps track of who said what and when. This can be annoying until your
house is burglarized. Then you and the police will want to talk to the nosy neighbor,
because she knows everything going on in the neighborhood and would be the one
most likely to know something unusual happened.
3336): it is like a middleman. It intercepts and inspects messages before delivering them
to the intended recipients. Suppose you need to give a box and a message to the president
of the United States. You couldn’t just walk up to the president and hand over
these items. Instead, you would have to go through a middleman, likely the Secret Service,
who would accept the box and message and thoroughly inspect the box to ensure
nothing dangerous was inside. What is it ?
- Proxy
- Server
- Switch
- Hub
- LAN
ANS: A proxy is a middleman. It intercepts and inspects messages before delivering them
to the intended recipients. Suppose you need to give a box and a message to the president
of the United States. You couldn’t just walk up to the president and hand over
these items. Instead, you would have to go through a middleman, likely the Secret Service,
who would accept the box and message and thoroughly inspect the box to ensure
nothing dangerous was inside.
3337): type of proxies that inspect the packet up through the application layer
and make access decisions based on the content of the packet. They understand various
services and protocols and the commands that are used by them. This
proxy can distinguish between an FTP GET command and an FTP PUT command.
- Application level proxy
- Circuit level proxy
- Firewall proxy
- SOCKS
- None of above
Ans: Application-level proxies inspect the packet up through the application layer
and make access decisions based on the content of the packet. They understand various
services and protocols and the commands that are used by them. An application-level
proxy can distinguish between an FTP GET command and an FTP PUT command.
3338): it creates a circuit between the client computer and the server and
provides protection at the session layer. It does not understand or care about the higher-
level issues an application-level proxy deals with. It knows the source and destination
addresses and makes access decisions based on this type of header information. What is it ?
- Application level proxy
- Circuit level proxy
- Firewall proxy
- SOCKS
- None of above
Ans: A circuit-level proxy creates a circuit between the client computer and the server and
provides protection at the session layer. It does not understand or care about the higher-
level issues an application-level proxy deals with. It knows the source and destination
addresses and makes access decisions based on this type of header information.
3339): A type of proxy firewall that is considered a fifth-generation firewall. It differs from all the
previously discussed firewall technologies because it creates dynamic, customized TCP/
IP stacks when a packet needs to be evaluated. What is it ?
1. Kernel proxy firewall
2. Circuit proxy firewall
3. Application proxy firewall
4. SOCKS
5. None of above
Ans : A kernel proxy firewall is considered a fifth-generation firewall. It differs from all the
previously discussed firewall technologies because it creates dynamic, customized TCP/
IP stacks when a packet needs to be evaluated.
3340): A device that is usually a highly exposed device, because it is the front line in
a network’s security and its existence is known on the Internet. This means the device
must be extremely secure—no unnecessary services should be running, unused subsystems
must be disabled, vulnerabilities must be patched, unnecessary user accounts
must be disabled, and any unneeded ports must be closed.
1. Bastion host
2. Dual homed firewall
3. Screened host
4. Screened subnet
5. firewall
ans: A bastion host is usually a highly exposed device, because it is the front line in
a network’s security and its existence is known on the Internet. This means the device
must be extremely secure—no unnecessary services should be running, unused subsystems
must be disabled, vulnerabilities must be patched, unnecessary user accounts
must be disabled, and any unneeded ports must be closed.
3341): a device that has two interfaces: one
facing the external network and the other facing the internal network. If firewall software
is installed on a dual-homed device, and it usually is, the underlying operating
system should have packet forwarding and routing turned off, for security reasons. What is it ?
1. Bastion host
2. Dual homed firewall
3. Screened host
4. Screened subnet
5. Firewall
Ans: Dual-homed refers to a device that has two interfaces: one
facing the external network and the other facing the internal network. If firewall software
is installed on a dual-homed device, and it usually is, the underlying operating
system should have packet forwarding and routing turned off, for security reasons.
3342): A architecture adds another layer of security to
the screened-host architecture. The external firewall screens the data entering the DMZ
network. However, instead of the firewall then redirecting the traffic to the internal network, an interior firewall also filters the traffic. The use of these two physical firewalls
creates a DMZ.
1. Bastion host
2. Dual homed firewall
3. Screened host
4. Screened subnet
5. Firewall
Ans: A screened-subnet architecture adds another layer of security to
the screened-host architecture. The external firewall screens the data entering the DMZ
network. However, instead of the firewall then redirecting the traffic to the internal network, an interior firewall also filters the traffic. The use of these two physical firewalls
creates a DMZ.
3343): Which system is a computer that usually sits in the screened subnet, or DMZ,
and attempts to lure attackers to it instead of to actual production computers. To make
a honeypot system lure attackers, administrators may enable services and ports that are
popular to exploit.
- Honeypot
- Keypot
- Switchpot
- Hubpot
- Screenpot
Ans: A honeypot system is a computer that usually sits in the screened subnet, or DMZ,
and attempts to lure attackers to it instead of to actual production computers. To make
a honeypot system lure attackers, administrators may enable services and ports that are
popular to exploit.
3344): it is special software designed to control network resource
access and provide the necessary services to enable a computer to interact with
the surrounding network. A NOS is different from a single-user operating system.
1. Network operating system
2. System operating system
3. LAN operating system
4. Device operating system
5. None of above
Ans: A network operating system (NOS) is special software designed to control network resource
access and provide the necessary services to enable a computer to interact with
the surrounding network. A NOS is different from a single-user operating system.
3345) Application system controls come in various flavors with many different goals. They can control input, processing, number-crunching methods, inter process communication, access, output, and interfacing to the system and other programs The goal of application system is
A. To prevent malwares
B. To prevent security compromises
C. To prevent system failure
D. To prevent possibility of data corruption.
E. Both B & D
Answer: E: The goal of application system is to prevent security compromises and to reduce vulnerabilities and the possibility of data corruption.
3346) Application’s system control can be:__________________ They can come in the form of administrative and physical controls, but are usually more technical in this context
A. Preventive
B. Preventive, detective or corrective
C. Detective or corrective
D. Security
E. Security & corrective
Answer: B: Application system controls come in various flavor & these can be preventive, detective, or corrective
3347) The specific application controls depend upon the application itself, its objectives, the security goals of the application security policy, the type of data and processing it is to carry out, and the environment the application will be placed in. Applications and computer systems are best developed at the same time for:
A. Security & functionality
B. Development & application
C. Control & processing
D. Data mining & warehousing
E. None of the above
Answer: A: the security and functionality of applications and computer systems would have to be developed at the same time for best results.
3348) Fewer security controls may be needed for an application that __________________.The trick is to understand the security needs of an application, implement the right controls and mechanisms, thoroughly test the mechanisms and how they integrate into the application
A. Connect businesses over internet
B. Involving financial transactions
C. Purely proprietor in nature
D. Do not involve complex financial transactions
E. Large corporations
Answer : C: If an application is purely proprietary and will run only in closed trusted environments, fewer security controls may be needed than those required for applications that will connect businesses over the Internet and provide financial transactions.
3349) Our perimeter security is fortified and solid, but our internal environment and software are easy to exploit once access has been obtained. The flaws within ________cause a majority of the vulnerabilities in the security of the application system at the first place:
A. Hard ware
B. Software
C. Firewalls
D. Antivirus soft wares
E. All of the above
Answer: B: In reality, the flaws within the software cause a majority of the vulnerabilities in the first place.
3350) The high demand for computer technology and different types of software increased the demand for programmers, system designers, administrators, and engineers. This demand brought in a wave of people who had little experience Following are the reasons that added problems to the security measures:
A. Lack of awareness only
B. High competition only
C. Increase in demand & latest technology
D. lack of experience, the high change rate of technology, and the race to market
E. Lack of education only
Answer: D : The high demand for computer technology and different types of software increased the demand for programmers, system designers, administrators, and engineers. This demand brought in a wave of people who had little experience. Thus, the lack of experience, the high change rate of technology, and the race to market added problems to security measures.
3351) It is an attempt to show how to address security at its source, which is at the software and development level. This requires a shift from reactive to proactive actions toward security problems to ensure they do not happen in the first place, or at least happen to a smaller extent The usual trend of software being released to the market and how security is dealt with is a stepwise process and is as follows:
F. Websites post vulnerabilities first and guide the vendors to develop the security system
G. Hackers find the problem and then figure out the solution
H. Administrators make the security system and then install it
I. Analysts are hired to figure out the problem
J. Buggy software is released, hackers find the weaknesses in software , websites post these vulnerabilities, vendors fix them through developing patches then administrators test and install them.
Answer: E
3352) Today, network and security administrators are in an overwhelming position of having to integrate different applications and computer systems to____________________ for expandable functionality and the new gee-whiz components that executives buy into and demand quick implementation of.
F. Meet the consumers demand
G. Beet the market competition
H. Enhance the security
I. Keep up with their company’s demand for expandable functionality and components that executives buy and demand quick implementation
J. To increase the sale of their products
Answer: D : Today, network and security administrators are in an overwhelming position of having to integrate different applications and computer systems to keep up with their company’s demand for expandable functionality and the new gee-whiz components that executives buy into and demand quick implementation of.
3353) Due to integration now companies require to manage:____________________ by implementing web sites with the capabilities of taking online orders, storing credit card information, and setting up extranets with partners
F. Extension of products
G. Presence on internet
H. Up gradation of software
I. More research work
J. All of the above
Answer: B : This integration of applications and systems require a well-known presence on the Internet by implementing web sites with the capabilities of taking online orders, storing credit card information, and setting up extranets with partners.
3354) As the complexity of this type of environment grows, tracking down errors and security compromises
becomes an awesome task. Now days a web page illustrating a company’s products and services further requires development of:
F. Front end
G. Middle ware
H. Back end
I. Three tiered architecture
J. Options A, B & D
Answer E: Today, the customer front-end, complex middleware and three-tiered architectures must be developed and work seamlessly to beet the market competition.
3355) ____________architecture enables an application system to be divided across multiple platforms that vary in operating systems and hardware. The front end usually includes the user interface and local data-manipulation capabilities, and provides the communications mechanisms that can request services from the server portion of the application
F. Data base model
G. Web base model
H. Client server model
I. Client to client model
J. Domain main server
Answer: C: the client/server architecture enables an application system to be divided across multiple platforms that vary in operating systems and hardware.
3356) The ________ performs the front-end portion of an application, and the ________ performs the back-end portion, which is usually more labor intensive. This architecture enables an application system to be divided across multiple platforms that vary in operating systems and hardware
F. Server & client
G. Client & database
H. Client & server
I. User & system
J. User & administrator
Answer: C: The client performs the front-end portion of an application, and the server performs the back-end portion, which is usually more labor intensive.
3357) Software controls are implemented by:______________________ Each has its strengths and weaknesses, but if they are all understood and programmed to work in a concerted effort, then many different scenarios and types of compromises can be thwarted
F. Operating system
G. Application
H. Database management
I. Options A, B & C
J. Environment
Answer: D: Software controls can be implemented by the operating system, by the application, or through database management controls—and usually a combination of all three is used.
3358) If an application has a security compromise within its own programming code, it is hard for the operating system to predict and control this vulnerability. One draw back of relying on an operating system control is that:
F. They can control a subject’s access to different objects
G. Do not restrict the actions of that subject within the application
H. Do not restrict the subject’s actions within an system
I. Do not allow certain types of input
J. Do not restrict the subject’s action within the client server model
Answer: B: One draw back of relying on an operating system control is that it do not restrict the actions of that subject within the application. If an application has a security compromise within its own programming code, it is hard for the operating system to predict and control this vulnerability.
3359) Application controls and database management controls are very specific to their needs and in the security compromises they understand. An application might be able to protect data by allowing only certain types of input and it cannot prevent the user
F. From inserting bogus data into the Address Resolution Protocol (ARP) table
G. Permitting certain users to view data kept in sensitive database fields
H. Access to all kinds of data
I. Options A & B
J. None of the above
Answer: A: it cannot prevent the user from inserting bogus data into the Address Resolution Protocol (ARP) table—this is the responsibility of the operating system and its network stack.
3360) The security products can cover a wide range of applications, can be controlled by a centralized management console, and are further away from application control._________&__________mechanisms can provide a level of protection by preventing attackers from gaining access to be able to exploit buffer overflows
F. Fire walls
G. Routers
H. Antivirus software
I. Access control
J. Options A & E
Answer: E: Firewalls and access control mechanisms can provide a level of protection by preventing attackers from gaining access to be able to exploit buffer overflows.
3361) Many times, trying to account for all the ifs and programming on the side of caution can reduce the overall functionality of the application. As when you limit the functionality and scope of an application,:
F. The market share is reduced
G. Potential profitability of that program could be reduced.
H. Demand is reduced
I. Both A & B
J. Both B & C
Answer: D: As you limit the functionality and scope of an application, the market share and potential profitability of that program could be reduced. A balancing act always exists between functionality and security, and in the development world, functionality is usually deemed the most important.
3362) A balancing act always exists between functionality and security, and in the development world, functionality is usually deemed the most important.
The functionality of application is checked through:
F. Installing the application
G. Running the module
H. Testing of inputs
I. Compatibility of selected module with other modules
J. Both C & D
Answer: E: inputs must be thoroughly tested and each module be capable of being tested individually and in concert with other modules
3363) We have all heard about the vulnerabilities pertaining to buffer overflows, as if they were new to the programming world. They are not new, but they are being exploited nowadays on a recurring basis Attacks are carried out when the software code does not check the________ of input that is actually being accepted.
F. Characters
G. Length
H. Magnitude
I. Quality
J. Timing
Answer: B: attacks are carried out when the software code does not check the length of input that is actually being accepted. Extra instructions could be executed in a privileged mode that would enable an attacker to take control of the system.
3364) The accepted value also needs to be reasonable. Length is not the only thing programmers need to be worried about when it comes to accepting input data. Data needs to be right in :
F. Length
G. Type
H. Format
I. All of the above
J. Quality
Answer: D: the acceptable data also needs to be in the right format and data type
3365) When a security application or device is installed, it should default to “No Access.” This statement means: __________However, this requires user to know how to configure the firewall for it to ever be useful. A fine balance exists between security, functionality, and user-friendliness
F. When a packet-filter firewall is installed, it should not allow any packets to pass into the network that were not specifically granted access.
G. When a packet-filter firewall is installed, it should not allow any programmers to pass into the network that were not specifically granted access.
H. All types of data inputs have been granted an access
I. Security application is highly recommended
J. Security application is not suitable for the system
Answer A: When a security application or device is installed, it should default to “No Access.” This means that when some one a packet-filter firewalls, it should not allow any packets to pass into the network that were not specifically granted access.
3366) For an application to be user-friendly, it usually requires a lot of extra coding for potential user errors, dialog boxes, wizards, and step-by-step instructions. This extra coding can result in bloated code that can create unforeseeable compromises. An application must be ideally:
F. Securitized
G. User friendly
H. Functional
I. All of the above
J. Both B & C
Answer: D: A fine balance should exists between security, functionality, and user-friendliness of an application.
3367) Most security has to be configured and turned on after installation not being aware of this can be dangerous for the inexperienced security person. For an application to be _____________, it usually requires a lot of extra coding for potential user errors, dialog boxes, wizards, and step-by-step instructions
F. Functional
G. Well designed
H. User friendly
I. Secured
J. Vulnerable
Answer: C: For an application to be user-friendly, it usually requires a lot of extra coding for potential user errors, dialog boxes, wizards, and step-by-step instructions
3368) Implementation errors and misconfigurations are common issues that cause a majority of the security issues in networked environments
It is not realized that various services are________when a system is installed
F. Disabled
G. Not applicable
H. Susceptible
I. Suspended
J. Functional
Answer: E: Many people do not realize that various services are enabled when a system is installed. These services can provide evildoers with information that can be used during an attack.
3369) These services can provide evildoers with information that can be used during an attack. Many services provide an actual way into the environment itself
.NetBIOS services can be enabled to permit:
F. Sharing resources in Telnet services
G. Sharing resources in Windows environments, and Telnet services
H. Does not permit any sharing
I. None of the above
J. FTP services
Answer : B : NetBIOS services can be enabled to permit sharing resources in Windows environments, and Telnet services, which let remote users run command shells, and other services can be enabled with no restrictions.
3370) Because vendors have user-friendliness and user functionality in mind, the product will usually be installed with defaults that provide no, or very little, security protection. One of the reasons in implementation and security of system is:
F. No. of unpatched systems
G. FTP
H. SNMP
I. Internet Relay Chart (IRC)
J. Net BIOS
Answer : A : Another problem in implementation and security is the number of unpatched systems.
Once security issues are identified, vendors develop patches or updates to address and fix these security holes.
3371) Another problem in implementation and security is the number of unpatched systems. Once security issues are identified, vendors develop patches or updates to address and fix these security holes To fix the security holes vendors develop updates(or patches) but these do not get installed in cases when:
F. Administrators may not keep up-to-date on the recent security vulnerabilities and patches
G. Administrators may not fully understand the importance of these patches
H. Administrators may be afraid the patches will cause other problems.
I. All of the above
J. Both B & C
Answer : D : The reasons for this vary: administrators may not keep up-to-date on the recent security vulnerabilities and patches, they may not fully understand the importance of these patches, or they may be afraid the patches will cause other problems.
3372) Much vulnerabilities that are exploited today have had patches developed and released months or years ago. It is unfortunate that adding security (or service) patches can adversely affect other mechanisms within the system The patches should be tested before their application to production servers and work stations to avoid:
F. Service disruption
G. Signal disruption
H. Data corruption
I. Attacks
J. Failure of fire walls
Answer A: The patches should be tested for these types of activities before they are applied to production servers and workstations, to help prevent service disruptions that can affect network and employee productivity.
3373) Many circumstances are unpredictable and are therefore hard to plan for. However, unpredictable situations can be planned for in a general sense, instead of trying to plan and code for every situation If an application fails for any reason, it should return to a __________ and more____________ state
F. Active and secure
G. Passive and unreceptive
H. Safe and secure
I. Receptive and accessible
J. Operational and functional
Answer: C : If an application fails for any reason, it should return to a safe and more secure state.
3374) Failure state could require the operating system to restart and present the user with a logon screen to start the operating system from its initialization state. Application failure requires _________ of operating system and systems ________ its memory
F. Shut down, destroy
G. Restart, dump
H. Saving the programs, maintain
I. Reinstallation, retain
J. None of the above
Answer B:. When this occurs, something is going on within the system that is unrecognized or unsafe, so the system dumps its memory contents and starts all over.
3375) If an application fails and is executing in a privileged state, these processes require:____________ If a privileged process does perform the task properly and instead stays active, an attacker can figure out how to access the system, using this process, in a privileged state.
F. Proper shutting down of programs
G. Activation of programs
H. Resumption of running programs
I. Installation of new programs
J. Does not require any handling
Answer A: If an application fails and is executing in a privileged state, these processes should be shut down properly.
3376) Databases have a long history of storing important intellectual property and items that are considered valuable and proprietary to companies.
The information in databases is ___________to every user
F. Accessible
G. Open
H. Not accessible
I. User friendly
J. Susceptible
Answer C: Databases have a long history of storing important intellectual property and items Because of this, they usually live in an environment of mystery to all but the database and network administrators. The less anyone knows about the databases, the better.
3377) The risks are increasing as companies run to connect their networks to the Internet, allow remote user access, and provide more and more access to external entities
Users access information indirectly from databases through:
F. Client server interface
G. Client and database
H. User and system
I. Domain main server
J. Internet
Answer A: Users usually access databases indirectly through a client interface.
3378) Attacker could have administrative or root access to a system, which opens the door for more severe destruction. So security concern becomes important here. The users of databases should take care of information in terms of its
F. Availability
G. Integrity
H. Confidentiality
I. All of the above
J. Updating
Answer D: the actions of users are restricted to ensure the confidentiality, integrity, and availability of the data held within the database and the structure of the database itself.
3379) ____________is a suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. These can also control the security parameters of the database
F. SQL server
G. Database management system
H. Operating system
I. Relational DBMS
J. Oracle
Answer B: A database management system (DBMS) is a suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. These can also control the security parameters of the database.
3380) The risks are increasing as companies run to connect their networks to the Internet, allow remote user access, and provide more and more access to external entities large risk faced by companies in connecting networks to internet and users access to external entities is :
F. Easy access to front end
G. Indirect access to back end
H. Accessibility of data
I. Both A & B
J. Access to programming
Answer B: The risks are increasing as companies run to connect their networks to the Internet, allow remote user access, and provide more and more access to external entities. A large risk to understand is that these activities can allow indirect access to a back-end database.
3381) In the past, employees accessed customer information held in databases instead of customers accessing it themselves. Today, many companies allow their customers to access data in their databases through_________This adds levels of complexity, and the database will be accessed in new and unprecedented ways
F. Browser
G. Ethernet
H. Programming
I. Employees
J. Analysts
Answer A: Today, many companies allow their customers to access data in their databases through a browser.
3382) Many times, components in the business application tier are used to extract data from the databases and process the customer requests.
Access control to DBMS can be done through:
F. Assigning roles to users having rights and permissions
G. Administrators only
H. Management of the company
I. Does not require any permission
J. Both A & B
Answer A: The database administrator can define specific roles that are allowed to access the database.
Each role will have assigned rights and permissions, and customers and employees are then ported into these roles.
If an attacker compromises the firewall and other perimeter network protection mechanisms, and then is able to make requests to the database, if he is not _______________, the database is still safe. This process streamlines access control and ensures that no users or evildoers can access the database directly, but must access it indirectly.
F. Expert
G. Administrator
H. System analyst
I. Programmer
J. In predefined role
Answer E: if an attacker compromises the firewall and other perimeter network protection mechanisms, and then is able to make requests to the database, if he is not in one of the predefined roles, the database is still safe.
3383) A database is a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed.
Databases are managed with
F. Programming
G. Software
H. Hardware
I. Roles
J. None of the above
Answer B: Databases are managed with software that provides these types of capabilities i.e. collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed.
3384) It also enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data manipulation. This software is referred to as a database management system (DBMS) and is usually controlled by a database administrator. Data bases not only stores information but also:
F. Presents data
G. Process data
H. Presents data in logical manner
I. Updates the data
J. Both B & C
Answer E: Data bases store data, but may also process data and represent it in a more usable and logical form.
3385) A database is the mechanism that provides structure for the data collected. The actual specifications of the structure for databases may be ________per database implementation for various organizations and departments due to their diverse needs
F. Standardized
G. Different
H. Customized
I. Mass produced
J. Similar
Answer B: The actual specifications of the structure may be different per database implementation, because different organizations or departments work with different types of data and need to perform diverse functions upon that information.
3386) There may be different workloads, relationships between the data, platforms, performance requirements, and security goals
Any type of database should have the following characteristics:
F. Centralization of data
G. Transaction persistence
H. Recovery and fault tolerance
I. Sharing data with multiple users
J. All of the above
Answer E: the database should posses the following properties including access control and confedintiality
3387) Transaction persistence means______________________.The state of the database’s security should be the same after a transaction has occurred and the integrity of the transaction needs to be ensured.
F. Transactions are durable
G. Transactions are reliable
H. Transactions are sustainable
I. Transactions are not vulnerable
J. Both A & B
Answer E: Transaction persistence means the database procedures carrying out transactions are durable and reliable.
3388) ____________provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database. A model provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database
F. Operating system
G. Domain main server
H. Database models
I. Client server model
J. Web base model
Answer C: A database model provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database.
3389) Databases are managed with software that provides these types of capabilities i.e. collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed. Databases come in different types of models as:
F. Relational and object oriented
G. Hierarchical
H. Network and object relational
I. B2B
J. A,B & C
Answer E: Databases come in several types of models, as listed: Relational, Hierarchical, Network, Object-oriented & Object-relational
3390) A relational database model uses ________and ________to contain and organize information. Each cell contains only one data value that represents a specific attribute value within a given tuple. These data entities are linked by relationships
F. Records and fields
G. Columns and rows
H. Image, audio, documents etc
I. Foreign key
J. Data dictionary
Answer B: A relational database model uses attributes (columns) and tuples (rows) to contain and organize information.
3391) The relationships between the data entities provide the framework for organizing data.
Among the database models the most widely used model is______________
F. Hierarchical
G. Relational
H. Network
I. Object oriented
J. Object relational
Answer B: The relational database model is the most widely used model today. It presents information in the form of tables.
3392) A _______ is a field that links all the data within a record to a unique value. For example, in the tablet these keys are Product G345 and Product G978. When an application or another record refers to this primary key, it is actually referring to all the data within that given row.
F. Primary key
G. Foreign key
H. Cell
I. Tupple
J. Attribute
Answer A: A primary key is a field that links all the data within a record to a unique value.
3393) A hierarchical data model combines records and fields that are related in_________________.
The structure and relationship between the data elements are different from those in a relational database.
F. Logical manner
G. Cross structure
H. Tree structure
I. Relational structure
J. None of the above
Answer C: A hierarchical data model combines records and fields that are related in a logical tree structure.
3394) Databases are managed with software that provides these types of capabilities i.e. collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed. The paths for creating relationships between data elements in hierarchical data model are not flexible as that of:
F. Network model
G. Object relational
H. Relational
I. Object oriented
J. None of the above
Answer C: These databases have well-defined, pre specified access paths, but are not as flexible in creating relationships between data elements as a relational database.
3395) In the hierarchical database the parents can have one child, many children, or no children. The tree structure contains branches, and each branch has a number of leaves, or data fields Hierarchical databases are useful for mapping
F. One to one relations
G. One to many
H. Many to many
I. All of the above
J. Both B and C
Answer B: Hierarchical databases are useful for mapping one-to-many relationships.
3396) To be able to access a certain data entity within a hierarchical database requires the knowledge of which branch to start with and which route to take through each layer until the data are reached. Hierarchical databases do not use __________ as relational databases do for searching procedures.
F. Primary key
G. Foreign key
H. Indexes
I. Database dictionary
J. Rows and columns
Answer C: It does not use indexes as relational databases do for searching procedures.
3397) The most commonly used implementation of the hierarchical model is in_____________. You can find this model also used in the Windows registry structure and different file systems, but it is not commonly used in newer database products.
F. Client server model
G. Lightweight Directory Access Protocol (LDAP) model
H. B2C model
I. C2C model
J. B2E model
Answer B: The most commonly used implementation of the hierarchical model is in the Lightweight Directory Access Protocol (LDAP) model. This model also used in the Windows registry structure and different file systems, but it is not commonly used in newer database products.
3398) The network database model is built upon___________. Instead of being constrained by having to know how to go from one branch to another and then from one parent to a child to find a data element, this database model allows each data element to have multiple parent and child records.
F. Hierarchical
G. Relational
H. Network
I. Object oriented
J. Object relational
Answer A: The network database model is built upon the hierarchical data model.
3399) This forms a redundant network-like structure instead of a strict tree structure. (The name does not indicate it is on or distributed throughout a network, it just describes the data element relationships.)
The network database model uses
F. Rows and fields
G. Records and sets
H. Keys
I. Data dictionary
J. Data elements
Answer B: This model uses the constructs of records and sets. A record contains fields, which may lay out in a hierarchical structure.
3400) Databases are managed with software that provides these types of capabilities i.e. collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed.
A ___________ is designed to handle a variety of data (images, audio, documents, video).
F. Hierarchical
G. Relational
H. Network
I. Object oriented
J. Object relational
Answer D: An object-oriented database is designed to handle a variety of data (images, audio, documents, video).
3401) An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database, because________________where as in a relational database, the application has to use its own procedures to obtain data from the database and then process the data for its needs
F. Objects can be created when needed
G. Application has to use its own procedures to obtain data from the database
H. Database does not actually provide procedures
I. Data and procedure (called method)does not go with the object when it is requested
J. All of the above
Answer A: An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database, because objects can be created when needed and the data and procedure (called method) go with the object when it is requested.
3402) An object-oriented database is designed to handle a variety of data (images, audio, documents, video). An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database In object-oriented databases, when your application queries for some data, what is returned is:
F. data only
G. output
H. codes
I. data and code
J. objects and classes
Answer D: in object-oriented databases, when your application queries for some data, what is returned is not only the data but the code to carry out procedures on this data.
3403) Database records the information about different kinds of data. It allows limited access and the users require to understand certain database terminologies. Tupple, record, keys, cells are some examples of its jargons. Record is :
F. A collection of records of the same type
G. A row in a two-dimensional database
H. A collection of related data items
I. An attribute of one table that is related to the primary key of another table
J. Defines the structure of the database
Answer C: Record is a collection of related data items
3404) Reference keys are one of the important terminologies of database. These are used for linking the data and saves user time and energy. He does not need to explore the entire database to access a certain piece of information. An attribute of one table that is related to the primary key of another table is:
F. Record
G. Attribute
H. Data dictionary
I. Primary key
J. Foreign key
Answer Foreign key is an attribute of one table that is related to the primary key
of another table.
3405) As explained earlier the world of data base is full of jargons .record, file, tupple, attribute ,key are some of the database key terms.
A virtual relation defined by the database administrator in order to keep subjects from viewing certain data is:
F. Data dictionary
G. Primary key
H. View
I. Cell
J. Attribute
Answer C: View is a virtual relation defined by the database administrator in order to keep subjects from viewing certain data.
3406) An object-oriented database also does not depend upon __________for interactions. The goal of creating this type of model was to address the limitations that relational databases encountered when large amounts of data must be stored and processed.
F. SQL
G. Oracle
H. DBMS
I. Data dictionary
J. Index
Answer A: An object-oriented database also does not depend upon SQL for interactions, so applications that are not SQL clients can work with these types of databases.
3407) ____________is a standard programming language used to allow clients to interact with a database. Many database products support this language. It allows clients to carry out operations such as inserting, updating, searching, and committing data.
F. C++
G. Object Pascal
H. Visual basic
I. SQL
J. Common Lisp
Answer D: Structured Query Language (SQL) is a standard programming language used to allow clients to interact with a database. Many database products support SQL.
3408) ODBMSs are not as common as relational databases, but are used in niche areas such as engineering and biology, and for some financial sector needs.___________is a database with a software front end that is written in an object-oriented programming language
F. DBMS
G. Relational database
H. Hierarchical database
I. Object relational
J. Network database
Answer D: An
object-relational database (ORD) or object-relational database
management system (ORDBMS) is a relational database with a software
front end that is written in an object-oriented programming language.
3409) Data are useless if you can’t get to them and use them. Applications need to be able to obtain and interact with the information stored in databases. Open Database Connectivity (ODBC) is an application programming interface (API) that allows:
F. Separates data into components that run as middleware on a client or server.
G. A set of COM-based interfaces that provide applications with uniform access to data stored in diverse data sources
H. An application to communicate with a database either locally or remotely.
I. Applications to access back-end database systems
J. Allows a Java application to communicate with a database
Answer C: Open Database Connectivity (ODBC) An application programming interface (API) that allows an application to communicate with a database either locally or remotely.
3410) _________provides a low level interface to link information across different databases and provides access to data no matter where it is located or how it is formatted. A replacement for ODBC, extending its feature set to support a wider variety of non relational databases, such as object databases and spreadsheets that do not necessarily implement SQL.
F. Open Database Connectivity (ODBC)
G. ActiveX Data Objects (ADO)
H. Java Database Connectivity (JDBC)
I. Extensible Markup Language (XML)
J. Object Linking and Embedding Database (OLE DB)
Answer E: Object Linking and Embedding Database (OLE DB) provides a low level interface to link information across different databases and provides access to data no matter where it is located or how it is formatted.
3411) A set of COM-based interfaces that provide applications with uniform access to data stored in diverse data sources. It provides a low level interface to link information across different databases and provides access to data no matter where it is located or how it is formatted; is a feature of :
F. Open Database Connectivity (ODBC)
G. Object Linking and Embedding Database (OLE DB)
H. ActiveX Data Objects (ADO)
I. Java Database Connectivity (JDBC)
J. Extensible Markup Language (XML)
Answer B
3412) __________uses the OLEDB interface to connect with the database and can be developed with many different scripting languages.
A developer accesses OLE DB services through ActiveX data objects
F. Open Database Connectivity (ODBC)
G. Object Linking and Embedding Database (OLE DB)
H. ActiveX Data Objects (ADO)
I. Java Database Connectivity (JDBC)
J. Extensible Markup Language (XML)
Answer B: ADO uses the OLEDB interface to connect with the database and can be developed with many different scripting languages.
3413) Extensible Markup Language (XML) A standard for structuring data so it can be easily shared by applications using web technologies.XML tags to illustrate to the user how the developer wanted the data to be presented is interpreted by:
F. SQL
G. Java
H. XHTML
I. Browser
J. None of the above
Answer D: The web browser interprets the XML tags to illustrate to the user how the developer wanted the data to be presented.
3414) Like all software, databases are built with programming languages. There are several different kinds of languages. Most database languages include a Database languages include a data definition language (DDL), which defines:
F. Schema
G. how the data can be manipulated within the database
H. enable users to access the data
I. defines the internal organization of the database
J. enables Java programs to execute SQL statements
Answer A: Most database languages include a data definition language (DDL), which defines the schema The schema describes the type of data that will be held and manipulated, and its properties
3415)
Like all software, databases are built
with programming languages. Most database languages include a
data definition language
(DDL).
Language which defines the internal organization of the database is:
F. Data definition language (DDL)
G. Data control language (DCL)
H. Data manipulation language (DML)
I. Report generator
J. Query language (QL)
Answer B: a data control language (DCL), defines the internal organization of the database.
3416) Each type of database model may have many other differences, which vary from vendor to vendor. Most, however, contain the several basic core functionalities._____________ Produces printouts of data in a user-defined manner.
F. Query language (QL)
G. Report generator
H. DML
I. DCL
J. None of the above
Answer B: Report generator- Produces printouts of data in a user-defined manner
3417) A data dictionary is a central collection of_______________________.It contains the default values for columns, integrity information, the names of users, the privileges and roles for users, and auditing information.
F. data element definitions
G. schema objects
H. reference keys
I. Primary keys
J. Options A, B & C
Answer E: A data dictionary is a central collection of data element definitions, schema objects, and reference keys
3418) Data dictionary is a tool used to centrally manage parts of a database by controlling___________ within the database. The database management software creates and reads the data dictionary to ascertain what element exist and checks to see if specific users have the proper access rights to view them.
F. Metadata
G. Portion of data
H. Figures
I. Programming
J. Keys
Answer A: It is a tool used to centrally manage parts of a database by controlling data about the data (referred to as metadata) within the database.
3419) The database management software creates and reads the data dictionary to ascertain what ___________ exist and checks to see if specific users have the proper access rights to view them. When users look at the database, they can be restricted by specific views.
F. Schema objects
G. Reference keys
H. Meta data
I. Data element definitions
J. All of the above
Answer A: The database management software creates and reads the data dictionary to ascertain what schema objects exist and checks to see if specific users have the proper access rights to view them.
3420) __________ settings for each user are held within the data dictionary
Where a data dictionary is a central collection of data element definitions, schema objects, and reference keys.
F. Language
G. View
H. Data manipulation
I. Schema object
J. Browser
Answer B: When users look at the database, they can be restricted by specific views. The different view settings for each user are held within the data dictionary.
3421) The database management software creates and reads the data dictionary to ascertain what schema objects exist and checks to see if specific users have the proper access rights to view them When new rows and schema objects are added the data dictionary is__________
F. Reinstalled
G. Finished
H. Updated
I. Remains the same
J. Require new programming
Answer C: When new tables, new rows, or new schema are added, the data dictionary is updated to reflect this.