Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-1
Last Update: November 14, 2011 10AM
Chapter 12: Database Control Issues: Security, Backup and Recovery, Concurrency
Multiple Choice
1. All of the following are types of data security breaches, except ____.
a. unauthorized data access
b. unauthorized data modification
c. unauthorized data indexing
d. unauthorized program modification
e. malicious mischief
2. All of the following are methods of breaching data security, except ____.
a. unauthorized computer access
b. intercepting data communications
c. stealing disks or computers
d. spreading computer viruses
e. using public key encryption
3. Of the following actions or events that can result in a breach of data security, the one
that is not necessarily deliberate is ____.
a. unauthorized computer access
b. intercepting data communications
c. spreading computer viruses
d. stealing disks or computers
e. damaging computer hardware
4. All of the following are true about computer viruses, except ____.
a. they can travel from one computer to another on electric power lines
b. they can travel from one computer to another on diskettes
c. they can travel from one computer to another on telecommunications lines
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-2
d. they are capable of copying themselves
e. some are capable of corrupting data
5. All of the following are types of data security (prevention) measures, except ____.
a. data encryption
b. wiretaps
c. antivirus software
d. passwords
e. firewalls
6. Of the following choices, the most advisable location for a mainframe computer or a
group of servers in a 20 story office building is ____.
a. the basement
b. the ground floor
c. floors two through eight
d. floors nine through nineteen
e. the top floor (floor twenty)
7. A biometric security system is associated with ____.
a. something a person knows
b. something a person has
c. some part of a person
d. some item of a person’s clothing
e. something a person selects
8. All of the following are rules of thumb regarding creating a password, except ____.
a. it should not be too long
b. it should not be too short
c. it should not be obvious
d. it should have to be written down
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-3
e. it should not be too difficult to remember
9. The combination of views and the SQL GRANT command can do all of the
following, except ____.
a. limit access to a table
b. limit access to part of a table
c. restrict access to a table to read-only access
d. restrict access to a table to create a new table
e. restrict access to a table to read-only and update access
10. A private key encryption algorithm ____.
a. can be used to encrypt data on a disk but not to encrypt data for transmission over
telecommunications lines
b. executes faster than a public key encryption algorithm
c. is asymmetric
d. requires one key for encryption and another key for decryption
e. allows its encryption key to be openly published
11. In a public key encryption algorithm ____.
a. the public key is used for encryption and the private key is used for decryption
b. the private key is used for encryption and the public key is used for decryption
c. a private key is used for both encryption and decryption
d. a public key is used for both encryption and decryption
e. a symmetric key is used for both encryption and decryption
12. In Secure Socket Layer (SSL) technology on the World Wide Web ____.
a. the server, using a random number generator, creates a “session key,the key for the
private key algorithm with which the secure transaction (the actual online shopping)
will be conducted
b. the actual online shopping is conducted with a public key algorithm
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-4
c. the key with which the actual online shopping will be conducted is transmitted
with a private key algorithm
d. the client sends the server its public key for its public key algorithm
e. a public key algorithm is used to transmit the “session key” for a private key
algorithm with which the secure transaction (the actual online shopping) will be
conducted
13. All of the following are true about antivirus software, except ____.
a. they use known portions of virus code to recognize known viruses
b. they must continually update their files of known viruses
c. they monitor the computer system for unusual activity
d. they permit software with the proper signatures on file to execute
e. they prevent certain commands from executing without further authorization
14. A proxy server ____.
a. is a software firewall that runs on the Web server
b. is designed to use signatures to decide which messages from the World Wide
Web to allow to pass
c. is designed to test incoming messages from the World Wide Web and allow valid
ones to pass through in their entirety
d. takes apart an incoming message from the World Wide Web and allows only
legitimate pieces of data to go to the company’s mainframe or application server
e. is built entirely of hardware and does not require specialized software
15. All of the following are good rules for employees to follow for data security
purposes, except ____.
a. don’t take diskettes or other storage media out of the building
b. avoid using public key encryption because of the insecure nature of transmitting
keys
c. don’t write your computer password down anywhere
d. don’t respond to any unusual requests for information about the computer system
from anyone over the telephone
e. logoff your computer or at least lock your office door when you leave your office,
even for just a few minutes
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-5
16. Which of the following is true regarding a transaction log?
a. It keeps a record of the program that changed the data and all of the inputs that the
program used.
b. It records the value of a piece of data just before it is changed.
c. It records the value of a piece of data just after it is changed.
d. All of the above.
e. None of the above.
17. Recovering from a data entry error discovered a few minutes after it happened can
best be accomplished with ____.
a. forward recovery
b. backward recovery
c. mirrored databases
d. hot sites
e. versioning
18. All of the following are characteristics of forward recovery, except ____.
a. one of the inputs is the last database backup copy
b. one of the inputs is the log starting with the first change to the database after the
last backup copy was made
c. one of the inputs is the current database
d. the recovery program makes changes to the backup copy in the same order in
which the changes were originally made to the database
e. forward recovery is used to recover a destroyed table or database
19. All of the following are characteristics of backward recovery, except ____.
a. one of the inputs is the last database backup copy
b. one of the inputs is the log starting with the last change to the database
c. one of the inputs is the current database
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-6
d. the roll backward program works on a last-in, first-out basis
e. after rolling backward, an automated procedure can roll forward
20. All of the following are true about mirrored databases, except ____.
a. it is not a good idea to have both copies of the database on the same disk
b. two copies of the entire database are maintained and both are updated
simultaneously
c. the greater the distance between the two mirrored copies of the database, the greater
the security
d. it is a relatively expensive proposition, but allows continuous operation in the event
of a disk failure
e. it is an alternative to backward recovery
21. All of the following are disaster recovery tools or techniques, except ____.
a. totally mirrored systems
b. hot sites
c. cold sites
d. multiple versions
e. reciprocal agreements
22. The lost update problem can occur when ____.
a. two users are trying to retrieve the same data simultaneously
b. one user is trying to retrieve data and another user is trying to update the same
data simultaneously
c. two users are trying to update the same data simultaneously
d. All of the above.
e. None of the above.
23. All of the following are true about deadlock, except ____.
a. deadlock can be detected by a resource usage matrix
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-7
b. deadlock can be detected with a timeout
c. the use of locks to prevent the lost update problem can cause deadlock
d. deadlock prevention is difficult
e. locks should never be used because of the potential for deadlock
True/False
1. Unauthorized data access and unauthorized data modification are two types of data
security breaches.
2. Damaged hardware can result in unusable or unavailable data.
3. Controlled access to the computer system is a method of breaching security.
4. Stealing disks is a method of breaching computer security.
5. A computer virus attack is the computer version of the old concept of “wiretapping.
6. A computer virus is a malicious piece of software that has the goal of damaging
hardware as a means of breaching data security.
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
7. Recommended places to locate a mainframe computer or a cluster of servers include a
building’s basement and ground floor.
8. Biometric systems limit personnel access to computer rooms based on something they
know, such as a secret code to be punched in.
9. Passwords should not be so difficult to remember that the person herself has to write
them down, which is security exposure in itself because someone else could potentially
see it.
10. Passwords should appear on the terminal screen when they are typed in.
11. The SQL GRANT command is used both to control access to the database and to
retrieve data.
12. With the combination of the logical view and the SQL GRANT command, users either
individually or in groups can be restricted to accessing only certain database tables or
only certain data within a database table.
11-9
13. Using an option of the SQL GRANT command, this person with access to data can in
turn grant other people access to the same data.
14. The only use for data encryption is when data is transmitted on a telecommunications
line.
15. Data that has been encrypted has to be decrypted to be used again.
16. In public key encryption, one key is used to encrypt the data and another key is used
to decrypt the data.
17. In public key encryption, the private key is used for encrypting the data and the public
key is used for decrypting it.
18. In Secure Socket Layer (SSL) technology on the World Wide Web, a public key
encryption algorithm is used to securely transfer a key for a private key encryption
algorithm.
19. A signature is a portion of a computer virus’ code that is used by antivirus software to
identify it.
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-10
20. A proxy server is firewall software that resides in the Web server.
21. A transaction log records the value of a piece of data just before it is changed and the
value just after it is changed.
22. A basic backup and recovery task is maintaining a disk log or journal of all database
data retrieval operations.
23. Forward recovery is used to recreate a table that was destroyed.
24. Forward recovery uses as inputs the log and the last backup taken.
25. Backward recovery is an alternative to forward recovery for recreating a table that
was destroyed.
26. Backward recovery uses as inputs the log (starting with the last change to the
database) and the last backup taken.
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-11
27. In the “mirrored databases” backup and recovery technique, two copies of the entire
database are maintained and both are updated simultaneously.
28. A hot site consists of hardware similar to yours so that you can be up and running again
quickly after a disaster.
29. The lost update problem can occur when two people attempt to update the same data
simultaneously.
30. The usual solution to the lost update problem is to introduce what are known as
hardware “locks.”
31. Deadlock cannot happen if locks are used to prevent concurrent update problems.
32. Locks should never be used because of the possibility of deadlock.
33. Deadlock is usually handled by detection rather than by prevention.
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-12
34. Versioning is a way of dealing with concurrent updates without using locks.
Problems
1. The Central Zoo maintains a modest information systems environment with a server and
a LAN that connects all of the zoo’s departments. It maintains a relational database that
includes data about its animals, employees, members, and about a variety of
infrastructure entities including the animals’ enclosures.
a. Devise a data security strategy for the Central Zoo, incorporating appropriate data
security measures.
b. Devise a backup and recovery strategy for the Central Zoo.
c. While Central Zoo’s database is not subject to heavy update activity, it is possible
that two employees could try to update the same record at the same time. Devise
a strategy that will avoid data problems when this happens.
Answer
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-13
2. Grand Travel Airlines has a centralized, mainframe-based information systems
environment at its headquarters with telecommunications links to a server at each airport
that it services. Each server, in turn, controls a LAN that includes a microcomputer at
each check-in counter and gate. Check-in and other data taken in at the counters and
gates is immediately transmitted to the mainframe at headquarters. Grand Travel
maintains a relational database that includes data about its airplanes, pilots, flights,
passengers, and reservations. It takes reservations over the Internet from travel agents
and directly from passengers.
a. Devise a data security strategy for Grand Travel Airlines, incorporating
appropriate data security measures.
b. Devise a backup and recovery strategy for Grand Travel Airlines. Bear in mind
that its reservation system must be constantly operational so that it can check
passengers in for flights and so that it does not lose future business.
c. Grand Travel does not wish to overbook its flights. Consider a situation in which
there are 23 seats left on a particular flight on a particular date. Reservations
agent Miller begins talking to a customer about the flight and reads the record
showing 23 seats left. Two minutes later, agent Thompson begins talking to a
customer about the very same flight and also reads that there are 23 seats left.
Then, agent Miller’s customer decides to book 4 seats on the flight, then agent
Thompson’s customer decides to book 7 seats on the flight.
i. What will happen in the absence of locks?
ii. What can happen in the presence of locks if the two agents are each trying to
book multiple flights (or multiple legs of trips) for the two customers and
access and lock the flights in different orders? What can be done about this?
iii. How would versioning handle these situations?
Answer
Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency
11-14