Chapter 11 1 two users are trying to retrieve the same data

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-1

Last Update: November 14, 2011 — 10AM

Chapter 12: Database Control Issues: Security, Backup and Recovery, Concurrency

Multiple Choice

1. All of the following are types of data security breaches, except ____.

a. unauthorized data access

b. unauthorized data modification

c. unauthorized data indexing

d. unauthorized program modification

e. malicious mischief

2. All of the following are methods of breaching data security, except ____.

a. unauthorized computer access

b. intercepting data communications

c. stealing disks or computers

d. spreading computer viruses

e. using public key encryption

3. Of the following actions or events that can result in a breach of data security, the one

that is not necessarily deliberate is ____.

a. unauthorized computer access

b. intercepting data communications

c. spreading computer viruses

d. stealing disks or computers

e. damaging computer hardware

4. All of the following are true about computer viruses, except ____.

a. they can travel from one computer to another on electric power lines

b. they can travel from one computer to another on diskettes

c. they can travel from one computer to another on telecommunications lines

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-2

d. they are capable of copying themselves

e. some are capable of corrupting data

5. All of the following are types of data security (prevention) measures, except ____.

a. data encryption

b. wiretaps

c. antivirus software

d. passwords

e. firewalls

6. Of the following choices, the most advisable location for a mainframe computer or a

group of servers in a 20 story office building is ____.

a. the basement

b. the ground floor

c. floors two through eight

d. floors nine through nineteen

e. the top floor (floor twenty)

7. A biometric security system is associated with ____.

a. something a person knows

b. something a person has

c. some part of a person

d. some item of a person’s clothing

e. something a person selects

8. All of the following are rules of thumb regarding creating a password, except ____.

a. it should not be too long

b. it should not be too short

c. it should not be obvious

d. it should have to be written down

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-3

e. it should not be too difficult to remember

9. The combination of views and the SQL GRANT command can do all of the

following, except ____.

a. limit access to a table

b. limit access to part of a table

c. restrict access to a table to read-only access

d. restrict access to a table to create a new table

e. restrict access to a table to read-only and update access

10. A private key encryption algorithm ____.

a. can be used to encrypt data on a disk but not to encrypt data for transmission over

telecommunications lines

b. executes faster than a public key encryption algorithm

c. is asymmetric

d. requires one key for encryption and another key for decryption

e. allows its encryption key to be openly published

11. In a public key encryption algorithm ____.

a. the public key is used for encryption and the private key is used for decryption

b. the private key is used for encryption and the public key is used for decryption

c. a private key is used for both encryption and decryption

d. a public key is used for both encryption and decryption

e. a symmetric key is used for both encryption and decryption

12. In Secure Socket Layer (SSL) technology on the World Wide Web ____.

a. the server, using a random number generator, creates a “session key,” the key for the

private key algorithm with which the secure transaction (the actual online shopping)

will be conducted

b. the actual online shopping is conducted with a public key algorithm

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-4

c. the key with which the actual online shopping will be conducted is transmitted

with a private key algorithm

d. the client sends the server its public key for its public key algorithm

e. a public key algorithm is used to transmit the “session key” for a private key

algorithm with which the secure transaction (the actual online shopping) will be

conducted

13. All of the following are true about antivirus software, except ____.

a. they use known portions of virus code to recognize known viruses

b. they must continually update their files of known viruses

c. they monitor the computer system for unusual activity

d. they permit software with the proper signatures on file to execute

e. they prevent certain commands from executing without further authorization

14. A proxy server ____.

a. is a software firewall that runs on the Web server

b. is designed to use signatures to decide which messages from the World Wide

Web to allow to pass

c. is designed to test incoming messages from the World Wide Web and allow valid

ones to pass through in their entirety

d. takes apart an incoming message from the World Wide Web and allows only

legitimate pieces of data to go to the company’s mainframe or application server

e. is built entirely of hardware and does not require specialized software

15. All of the following are good rules for employees to follow for data security

purposes, except ____.

a. don’t take diskettes or other storage media out of the building

b. avoid using public key encryption because of the insecure nature of transmitting

keys

c. don’t write your computer password down anywhere

d. don’t respond to any unusual requests for information about the computer system

from anyone over the telephone

e. logoff your computer or at least lock your office door when you leave your office,

even for just a few minutes

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-5

16. Which of the following is true regarding a transaction log?

a. It keeps a record of the program that changed the data and all of the inputs that the

program used.

b. It records the value of a piece of data just before it is changed.

c. It records the value of a piece of data just after it is changed.

d. All of the above.

e. None of the above.

17. Recovering from a data entry error discovered a few minutes after it happened can

best be accomplished with ____.

a. forward recovery

b. backward recovery

c. mirrored databases

d. hot sites

e. versioning

18. All of the following are characteristics of forward recovery, except ____.

a. one of the inputs is the last database backup copy

b. one of the inputs is the log starting with the first change to the database after the

last backup copy was made

c. one of the inputs is the current database

d. the recovery program makes changes to the backup copy in the same order in

which the changes were originally made to the database

e. forward recovery is used to recover a destroyed table or database

19. All of the following are characteristics of backward recovery, except ____.

a. one of the inputs is the last database backup copy

b. one of the inputs is the log starting with the last change to the database

c. one of the inputs is the current database

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-6

d. the roll backward program works on a last-in, first-out basis

e. after rolling backward, an automated procedure can roll forward

20. All of the following are true about mirrored databases, except ____.

a. it is not a good idea to have both copies of the database on the same disk

b. two copies of the entire database are maintained and both are updated

simultaneously

c. the greater the distance between the two mirrored copies of the database, the greater

the security

d. it is a relatively expensive proposition, but allows continuous operation in the event

of a disk failure

e. it is an alternative to backward recovery

21. All of the following are disaster recovery tools or techniques, except ____.

a. totally mirrored systems

b. hot sites

c. cold sites

d. multiple versions

e. reciprocal agreements

22. The lost update problem can occur when ____.

a. two users are trying to retrieve the same data simultaneously

b. one user is trying to retrieve data and another user is trying to update the same

data simultaneously

c. two users are trying to update the same data simultaneously

d. All of the above.

e. None of the above.

23. All of the following are true about deadlock, except ____.

a. deadlock can be detected by a resource usage matrix

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-7

b. deadlock can be detected with a timeout

c. the use of locks to prevent the lost update problem can cause deadlock

d. deadlock prevention is difficult

e. locks should never be used because of the potential for deadlock

True/False

1. Unauthorized data access and unauthorized data modification are two types of data

security breaches.

2. Damaged hardware can result in unusable or unavailable data.

3. Controlled access to the computer system is a method of breaching security.

4. Stealing disks is a method of breaching computer security.

5. A computer virus attack is the computer version of the old concept of “wiretapping.”

6. A computer virus is a malicious piece of software that has the goal of damaging

hardware as a means of breaching data security.

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

7. Recommended places to locate a mainframe computer or a cluster of servers include a

building’s basement and ground floor.

8. Biometric systems limit personnel access to computer rooms based on something they

know, such as a secret code to be punched in.

9. Passwords should not be so difficult to remember that the person herself has to write

them down, which is security exposure in itself because someone else could potentially

see it.

10. Passwords should appear on the terminal screen when they are typed in.

11. The SQL GRANT command is used both to control access to the database and to

retrieve data.

12. With the combination of the logical view and the SQL GRANT command, users either

individually or in groups can be restricted to accessing only certain database tables or

only certain data within a database table.

11-9

13. Using an option of the SQL GRANT command, this person with access to data can in

turn grant other people access to the same data.

14. The only use for data encryption is when data is transmitted on a telecommunications

line.

15. Data that has been encrypted has to be decrypted to be used again.

16. In public key encryption, one key is used to encrypt the data and another key is used

to decrypt the data.

17. In public key encryption, the private key is used for encrypting the data and the public

key is used for decrypting it.

18. In Secure Socket Layer (SSL) technology on the World Wide Web, a public key

encryption algorithm is used to securely transfer a key for a private key encryption

algorithm.

19. A signature is a portion of a computer virus’ code that is used by antivirus software to

identify it.

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-10

20. A proxy server is firewall software that resides in the Web server.

21. A transaction log records the value of a piece of data just before it is changed and the

value just after it is changed.

22. A basic backup and recovery task is maintaining a disk log or journal of all database

data retrieval operations.

23. Forward recovery is used to recreate a table that was destroyed.

24. Forward recovery uses as inputs the log and the last backup taken.

25. Backward recovery is an alternative to forward recovery for recreating a table that

was destroyed.

26. Backward recovery uses as inputs the log (starting with the last change to the

database) and the last backup taken.

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-11

27. In the “mirrored databases” backup and recovery technique, two copies of the entire

database are maintained and both are updated simultaneously.

28. A hot site consists of hardware similar to yours so that you can be up and running again

quickly after a disaster.

29. The lost update problem can occur when two people attempt to update the same data

simultaneously.

30. The usual solution to the lost update problem is to introduce what are known as

hardware “locks.”

31. Deadlock cannot happen if locks are used to prevent concurrent update problems.

32. Locks should never be used because of the possibility of deadlock.

33. Deadlock is usually handled by detection rather than by prevention.

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-12

34. Versioning is a way of dealing with concurrent updates without using locks.

Problems

1. The Central Zoo maintains a modest information systems environment with a server and

a LAN that connects all of the zoo’s departments. It maintains a relational database that

includes data about its animals, employees, members, and about a variety of

infrastructure entities including the animals’ enclosures.

a. Devise a data security strategy for the Central Zoo, incorporating appropriate data

security measures.

b. Devise a backup and recovery strategy for the Central Zoo.

c. While Central Zoo’s database is not subject to heavy update activity, it is possible

that two employees could try to update the same record at the same time. Devise

a strategy that will avoid data problems when this happens.

Answer

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-13

2. Grand Travel Airlines has a centralized, mainframe-based information systems

environment at its headquarters with telecommunications links to a server at each airport

that it services. Each server, in turn, controls a LAN that includes a microcomputer at

each check-in counter and gate. Check-in and other data taken in at the counters and

gates is immediately transmitted to the mainframe at headquarters. Grand Travel

maintains a relational database that includes data about its airplanes, pilots, flights,

passengers, and reservations. It takes reservations over the Internet from travel agents

and directly from passengers.

a. Devise a data security strategy for Grand Travel Airlines, incorporating

appropriate data security measures.

b. Devise a backup and recovery strategy for Grand Travel Airlines. Bear in mind

that its reservation system must be constantly operational so that it can check

passengers in for flights and so that it does not lose future business.

c. Grand Travel does not wish to overbook its flights. Consider a situation in which

there are 23 seats left on a particular flight on a particular date. Reservations

agent Miller begins talking to a customer about the flight and reads the record

showing 23 seats left. Two minutes later, agent Thompson begins talking to a

customer about the very same flight and also reads that there are 23 seats left.

Then, agent Miller’s customer decides to book 4 seats on the flight, then agent

Thompson’s customer decides to book 7 seats on the flight.

i. What will happen in the absence of locks?

ii. What can happen in the presence of locks if the two agents are each trying to

book multiple flights (or multiple legs of trips) for the two customers and

access and lock the flights in different orders? What can be done about this?

iii. How would versioning handle these situations?

Answer

Chapter 11 Database Control Issues: Security, Backup and Recovery, Concurrency

11-14