Deck 5: Database and Cloud Security

A view cannot provide restricted access to a relational database so it cannotbe used for security purposes.

To create a relationship between two tables, the attributes that define theprimary key in one table must appear as attributes in another table, where they are referred to as a foreign key.

SQL Server allows users to create roles that can then be assigned accessrights to portions of the database.

Site security of the data center itself includes barriers to entry, coupled withauthentication techniques for gaining physical access.

A foreign key value can appear multiple times in a table.

Encryption becomes the last line of defense in database security.

Security specifically tailored to databases is an increasingly importantcomponent of an overall organizational security strategy.

The database management system makes use of the database descriptiontables to manage the physical database.

A query language provides a uniform interface to the database.

A data center generally includes backup power supplies.

Two disadvantages to database encryption are key management andinflexibility.

Network security is extremely important in a facility in which such a largecollection of assets is concentrated in a single place and accessible by external network connections.

A single countermeasure is sufficient for SQLi attacks.

Fixed server roles operate at the level of an individual database.

With ___________ administration the owner (creator) of a table may grant and revoke access rights to the table.

In addition to granting and revoking access rights to a table, in a ___________ administration the owner of the table may grant and revoke authorization rights to other users, allowing them to grant and revoke access rights to the table.

A __________ is a suite of programs for constructing and maintaining the database and for offering ad hoc query facilities to multiple users and applications.

__________ is a standardized language that can be used to define schema, manipulate, and query data in a relational database.

In a relational database columns are referred to as _________.

In a discretionary access control environment database users are classified into three broad categories: administrator, end user other than application owner, and __________.

The __________ attack typically works by prematurely terminating a text string and appending a new command.

The information transfer path by which unauthorized data is obtained is referred to as an ___________ channel.

A _________ is the result of a query that returns selected rows and columns from one or more tables.

In a ___________ administration a small number of privileged users may grant and revoke access rights.

The __________ form of attack injects code in one or more conditional statements so they always evaluate to true.

_________, out-of-band, and inferential are the three main categories of SQLi attack types.

The Telecommunications Industry Association standard _________ specifies the minimum requirements for telecommunications infrastructure of data centers.

A __________ language provides a uniform interface to the database for users and applications.

A __________ is an enterprise facility that houses a large number of servers, storage devices, and network switches and equipment.