13.4

Question 1

Security Requirements Guides (SRGs)

Answer 1

Collections of requirements applicable to a given technology family.

Question 2

4 Core SRGs

Answer 2

Application
Network Infrastructure
Operating System
Policy

Question 3

Bind Account

Answer 3

Common type of account used to connect an application to its database.

• Must have full admin access to the database, in order for the application to function properly.
• Disables users after 35 days of inactivity

Question 4

Database Management System (DBMS)

Answer 4

Controls all database resources in order to secure dataset access

Question 5

Password Complexity

Answer 5

Measure of the effectiveness of a password in resisting attempts at guessing and brute force attacks.

Question 6

How to Use Password Complexity

Answer 6

Minimum length
Number of upper and lower case characters
Number of numeric characters
Number of special characters
Password reuse

Question 7

RBAC

Answer 7

Access control used to limit exposure.

Question 8

Least Privilege

Answer 8

Processes operate at privilege levels no higher than necessary to accomplish required
organizational missions and functions.

Question 9

Databases limit DoS attacks by.

Answer 9

Limiting number of connections a user can be opened by a single user.
Database Clustering

Question 10

SQL Injection

Answer 10

Attack in which malicious code is inserted into strings that are later passed to a SQL Server for execution