Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

DBMS > Midterm > Flashcards

Midterm Flashcards

(83 cards)

Start Studying
1
Q

Define Database Security:

A

Protecting the database from unauthorized access, modification, or destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is a database designers responsibility with data security?

A

To protect the privacy of individuals about whom data is kept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is privacy?

A

Privacy is the right of individuals to have some control over information about themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the CIA model of security and what is stands for?

A

Confidentiality, which requires that only select authorized users have access to information. Integrity, which requires that only select authorized users be allowed to modify data(maintaining consistency and trustworthiness). Availability, which requires that information be available to select authorized users when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name 2 of the 6 important laws and standards requiring control on access, disclosure and modifications.

A
  • The Federal Information Security Manage Act(FISMA)
  • The European General Data Protection Regulation(DGPR)
  • The US Health Insurance Portability and Accountability Act(HIPAA)
  • The US Sarbanes-Oxley(SOX) Act
  • The US Gramm-Leach-Bliley Act(GLBA)
  • The Worldwide Payment Card Industry Data Security Standard(PCIDSS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the two types of security threats?

A

Accidental and deliberate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List some example accidental security threats.

A

An unauthorized user may unintentionally request and be granted an object for which they are not authorized.
etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List some example deliberate security threats.

A

Writing application programs with code that preforms unauthorized operations.
etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How should access control methods be defined?

A

To restrict access to company resources as well as employee and client data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is authorization?

A

Authorization requires defining who has access to the system and the specific data they are allowed to access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is user authorization?

A

A method by which users are assigned rights to use database objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is another phrase for data control language and/or what does it do?

A

Authorization language, they specify users rights by means of authorization rules. these dictate what information and operations they have access to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the development of an information system access control entail?

A

Authorization, identification, authentication and accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a common way users are identified?

A

A user ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is authentication and how is it often done?

A

The process of verifying the identity of a user through the use of a password or question verification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is accountability?

A

The need to capture and maintain user log files that can be used to retrace a users operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a security log?

A

A journal or record of all attempted security violations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is an audit trail?

A

A record of all access to the database included users, operations, locations used and objects interacted with.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is often used to set up an audit trail?

A

Triggers

CREATE OR REPLACE TRIGGER EnrollAuditTrail
	BEFORE UPDATE OF grade ON Enroll
	FOR EACH ROW
	BEGIN
		INSERT INTO EnrollAudit
		VALUES(SYSDATE, USER, :OLD.stuId, :OLD.ClassNumber, : OLD,grade,  
\:NEW.grade);
END;
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a privilege?

A

An action that a user is permitted to preform on a database object such as create or read.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the SQL statement to grant a privilege to a user?

A

GRANT {ALL PRIVILEGES | privilege list}
ON {object-name}
TO {PUBLIC | user-list | role-list} [WITH GRANT OPTION};

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How would someone grant multiple privileges to multiple users with the grant option?

A

GRANT SELECT, INSERT, UPDATE ON Student TO U101, U102 WITH GRANT OPTION;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

In a grant diagram or authorization graph, what does a node represent? Double arrowhead? Solid outline?

A

Each node represents a new combination of privilege and user. A solid outline means a user has received a grant option for that privilege. A double arrowhead means with grant, one means without.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a role?

A

A role can be thought of as a set of operations that should be preformed by an individual or a group of individuals as part of a job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What is the SQL statement to create a role? How could a privilege be granted to a role?
CREATE ROLE AdvisoryRole; GRANT SELECT ON Student TO AdvisorRole;
26
What is the SQL statement to revoke a privilege?
REVOKE INSERT ON Student FROM U101;
27
How can a privilege revoke cascade?
If a user has a privilege or grant option revoke on a privilege they granted, those subsequent privileges are also revoked.
28
What is database recovery?
The process of restoring the database to a correct state in the event of a failure.
29
What is concurrency control?
The ability to manage simultaneous processes involving a database concurrently.
30
What is a transaction?
An indivisible(atomic) unit of work that contains one or more SQL statements. It is the entire series of steps necessary to accomplish work in order to bring the database to a new consistent state.
31
What are the two ways a transaction can end/terminate?
The transaction can be committed if successful or aborted and then rolled back if unsuccessful. A committed transaction cannot be rolled back.
32
How is committed transaction undone?
A compensating transaction(the opposite transaction) is committed.
33
What is the process of a transaction?
It begins with a begin transaction statement until it reaches an end transaction statement. The dbms then confirms that no concurrency protocol or constraints are violated during the partially committed stage. Then the transaction is committed. An entry log is made of the transaction.
34
What is the purpose of ACID properties?
They are used to ensure that the database maintains a correct state, despite transaction concurrency or system failure.
35
What is Atomicity, in ACID?
The restriction that a transaction be a single unity of work that can be rolled back in the event of failure, using a log of all transactions.
36
What is Consistency, in ACID?
The restriction that a transaction leave the database in a consistent state.
37
What is Isolation, in ACID?
The restriction that a transaction be isolated from other transactions until the operations have been committed. This is governed by the concurrency control system.
38
What is Durability, in ACID?
If a transaction satisfies concurrency protocol and constraints, its effect are recorded in the database even if the system crashes before all the writes are made to the database.(All committed transactions are recoverable)
39
If transactions are committed serially, are they are committed sequentially?(T/F)
True, they begin, end and are committed one after another.
40
What is the objective of a concurrency control system?
To allow as much simultaneous processing as possible to be done, while maintaining isolation of each transaction.
41
What is multiprogramming, in concurrency?
When two or more transactions are processing at the same time. This is not necessary with reading from a database, but is used for two transactions writing to the same database.
42
What are some problems cause by concurrency?
- The lost update - Uncommitted update - Inconsistent analysis - Non-repeatable problem - The phantom data problem
43
What is a schedule?
A log of actions that a set of transactions preforms, that are time stamped. This allows for interleaving steps.
44
What is the lost update problem?
When a WRITE to statement is applied to an object before it can be updated by a previous WRITE to statement and only one of the statements takes effect.
45
What is the uncommitted update problem?
When a transaction preforms on operation based on a modification to an object that is rolled back only after it has been read by the transaction. This is also called a dirty read. The data is called dirty data before it is rolled back.
46
What is the uncommitted update problem?
When a transaction preforms on operation based on a modification to an object that is rolled back only after it has been read by the transaction. This is also called a dirty read. The data is called dirty data before it is rolled back.
47
What is the problem of inconsistent analysis?
When a transaction retains a read from an object during the process of execution that is inconsistent during the course of it's execution.
48
What is the phantom data problem?
when data is inserted into a database after an audit of that data, and the new data then conflicts with that audit.
49
What is the non repeatable read problem?
When a transaction writes a new value to an object in between two read operations on that item creating two different reads.
50
What is serial execution?
when transactions are preformed sequentially.
51
Does the order matter in a serial execution of transactions?
No, the order does not matter because the final result will produce a consistent state of the database.
52
What is throughput?
The amount of work(in units of transactions) preformed in a period of time while still maintaining database consistency.
53
How do we determine if a schedule is serializable?
If transactions contain operations that conflict, they are not serializable. Conflicting operations: belong to different transactions AND access the same data object AND at least one of them writes to the data object.
54
What is conflict serializability?
Executing conflicting transactions in serial order so that concurrent execution of other transactions can occur.
55
What is the purpose of a precedence graph?
To determine whether a schedule is serializable. I schedule is serializable if the graph has no cycles.
56
What does it mean for a transaction to 'lock' a data object?
The transaction prevents another transaction from accessing or modifying the object. A locked object can be a single data item or an entire database. The size of the locked object determines the granularity of the lock.
57
What are the types of locks?
A shared lock where a transaction can read the data object but not update it. Many transactions can read a data object with a shared lock. An exclusive lock on a data object allows for a transaction to update an item but only that transaction can operate on the data object to prevent inconsistencies.
58
What does a lock compatibility matrix do?
It shows which types of lock requests can be granted simultaneously on a data object.
59
What is a deadlock?
When two transactions are waiting for locks held by the other to be released.
60
How are deadlocks handled?
Deadlock prevention is when a a system preemptively anticipates when a deadlock will occur and prevents it. Deadlock detection and recovery allows deadlocks and then actively breaks them after the fact.
61
What is a wait-for graph/ resource request graph and how is it used to detect deadlocks?
A graph that shows which transactions are waiting for the data objects locked by other transactions using nodes to represent transactions and edges to represent a lock dependency. A cycle in this graph indicates a deadlock.
62
How is a deadlock broken?
A victim transaction is selected and forcefully undone/rolled back so that the other transaction can occur. This transaction is not chosen again after the lock is broken so that it may complete(and not starve).
63
What occurs during two-phase locking protocol?
A transaction goes through a growing phase where it locks all data objects that it needs to execute and a shrinking phase in which it releases its locks.
64
What are the rules for the standard two-phase locking protocol?
A transaction must acquire a lock on a data object before operating on the time. Once a transaction releases a single lock, it cannot acquire new locks.
65
What is cascading rollback?
When a transaction reads data that was updated by another transaction that is in the process of being rolled back, that transaction must also be rolled back, and so on.
66
What is the distinguishing rule for the strict two-phase locking protocol?
A transaction must hold all exclusive locks until the transaction commits, to prevent cascading rollbacks.
67
What is the distinguishing rule for the rigorous two-phase locking protocol?
A transaction must hold all locks until the transaction commits, to prevent cascading rollbacks.
68
What is lock upgrading?
A transaction may request that a lock be upgraded from shared to exclusive during the growing phase or may request a lock to be downgraded from exclusive to shared during the shrinking phase.
69
Does Oracle support row-level locking?
Yes, row-level locking is supported.
70
How can a system keep track of locking?
Locking is tracked through a tree graph that locks all children of a locked node, in which the node represents the granularity of the lock.
71
What is timestamping and does it permit deadlocking?
Timestamping is the assigning of a time value to transaction and data objects. This assigns a serial order to transactions. It does not allow for deadlocks.
72
What are the two timestamps on data objects?
Read-Timestamp gives the timestamp of the last transaction to read the object. Write-Timestamp gives the timestamp of the last transaction to write/update the item.
73
What are some problems that can arise with timestamping?
A late read or late write can occur when an item is read/updated after already being read/updated y a younger transaction.
74
What is the basic unit of recovery for a database?
Transactions that are atomic and durable. (All transactions)
75
What are backups and how are they stored?
Copies of the database as it appears at certain points in time are made in stable storage(non-volatile and safe). Typically these storage devices are RAIDs(disks)
76
What is a recovery log?
A file that contains information about all updates to the database. Writes are done to the recovery log before committing so that the transaction can survive a system failure.
77
What is the procedure in the event of a system failure?
All logged transactions are redone by the redo procedure. This protocol is called redo/no undo because no aborted transactions are attempted and no transaction has to be undone.
78
What are checkpoints?
Predetermined intervals of time at which modified pages of data, log files are force written to stable-storage and the log file is updated.
79
Does serial execution support checkpoints?
Any earlier transaction would have been committed at checkpoint and all active transactions are recorded at each checkpoint.
80
What is a database buffer?
A temporary storage area in the main memory that allows storing data when moving from one place to another.
81
How does shadow paging work?
A page table contains pointers to all current database pages. When a modification to a table if made a copy shadow table is left unchanged.
82
What is write-ahead logging?
When a log record is written before the update to the database.
83
What is an LSN?
A log sequence number is a number assigned to a log to record it chronologically.

DBMS (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions