Chapter 12 Flashcards

1
Q

How does ineffective data administration lead to poor data quality?

A
  • Multiple data defintions, causing data integration problems
  • Missing data elements, causing reduction in data value
  • Inappropriate data sources and timing, cuasing lowered reliability
  • Inadequate familitary, causing ineffective use of data for planning and strategy
  • Poor response time and excessive downtime
  • Damaged, sabotage, and stolen data
  • Unauthorized access leading to embarassment to organization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is data administration?

A

A high-level function that is responsible for the overall management of data resources in an organization, including maintaining corporte-wide definitions and standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Database Administration?

A

A technical function that is responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are traditional data administration functions?

A
  • Data policies, procedures, standards
  • Planning
  • Data conflict (ownership) resolution
  • Managing the information repository
  • Internal marketing of DA concepts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are traditional database administration functions?

A
  • Analyzing and designing databases
  • Selecting DBMS and software tools
  • Intalling/Upgrading DBMS
  • Tuning database performace
  • Improving query processing performace
  • Managing data security, privacy, and integrity
  • Data backup and recovery
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is data warehouse administration?

A

New role that is coming with the growth in data warehouses.

Similar to DA/DBA roles but with an emphasis on integrations and coordination of metadata/data across many data sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the specific roles of Data warehouse administration?

A
  • Support decision support applications
  • Build a stable architecture - corporate information factory
  • Establish service level agreements regarding data warehouses and data marts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Open Source DBMS?

A

An alternative to propriertary packages such as Oracle, Microsoft SQL Server, or DB2

Examples: MySQL, PostgreSQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the advantages of Open Source DB Management?

A
  • Pool of volunteer developers and testers
  • Less expensive than proprietary packages
  • Source code available, for modification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the disadvantages of Open Source DB Management?

A
  • Absence of complete documentation
  • Ambiguous licensing concerns
  • Not as feature-rich as proprietary DBMSs
  • Vendors may not have certification programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some considerations when selecting an open source DBMS?

A
  • Features
  • Support
  • Ease of use
  • Stability
  • Speed
  • Training
  • Licensing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is database security?

A

Protection of the data against accidental or intentional loss, destruction, or misuse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What makes database security tougher?

A

There is increased difficulty due to Internet access and client/server technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are threats to data security?

A
  • Accidental losses attributed to Human error, Software failure, Hardware failure
  • Theft and fraud
  • Loss of privacy (personal data) and confidentiality(corporate data)
  • Loss of data integrity
  • Loss of availability (sabotage, etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Static HTML are easy to secure, how can you secure them?

A
  • Standard database access controls
  • Place Web files in protected directories on server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Dynamic pages are harder to secure, what can be done to secure them?

A
  • User authentication
  • Session security
  • SSL for encryption
  • Restrict number of users and open ports
  • Remove unnecessary programs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

For the W3C Web privacy standard, what is P3P?

A

Platform for Privacy Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does P3P address?

A
  • Who collects data
  • What data is collected and for what purpose
  • Who is data shared with
  • Can users control access to their data
  • How are disputes resolved
  • Policies for retaining data
  • Where are policies kept and how can they be accessed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are features of database software security?

A
  • Views or subschemas
  • Integrity controls
  • Authorization rules
  • User-defined procedures
  • Encryption
  • Authentication schemas
  • Backup, journalizing, and checkpointing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are views?

A
  • Subset of the database that is presented to one or more users
  • User can be given access privilage to view without allowing access privilege to underlying tables
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are integrity controls?

A
  • Protect data from unauthorized use
  • Domains - set allowable values
  • Assertions - Enforce database conditions
  • Triggers - prevent innapropriate actions, invoke special handling procedures, write to log files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are authorization rules?

A

Controls incorporated in the data management system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What do authorization rules restrict?

A
  • Access to data
  • Actions that people can take on data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What does the authorization matrix for authorization rules include that expresses the rules in the form of a table?

A
  • Subjects
  • Objects
  • Actions
  • Constraints
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Some DBMS also provide capabilities for what to customize the authorization process?

A

User-defined procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is encryption?

A

The coding or scrambling of data so that humans cannot read them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the goal of authentication schemes?

A

To obtain a positve identification of the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the first line of defense in authentication?

A

Passwords

They should:

  • Be at least 8 characters long
  • Combine alphabetic and numeric data
  • Not be complete words or personal information
  • Be changed frequently
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Why are passwords flawed?

A
  • Users share them with each other
  • They get written down, could be copied
  • Automatic logon scripts remove need to explicitly type them in
  • Unencrypted passwords travel the Internet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are some solutions to provide stronger authentication in addition to passwords?

A
  • Two factor authentication (Smart care plus PIN)
  • Three factor authentication (Smart care, biometric, PIN)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the purpose of the Sarbanes-Oxley (SOX) act?

A
  • Requires companies to audit the access to sensitive data
  • Designed to ensure integrity of public companies’ financial statements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What do SOX audits involve?

A
  • IT change management
  • Locical access to data
  • IT operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is IT change management?

A

The process by which changes to operational systems and databases are authorized

34
Q

What are the most common type of changes to databases?

A

Schema, Database configuration, updates to DBMS software

35
Q

What three areas are required to be segragated in IT change management?

A

Development, test, production

36
Q

What are two types of security policies and procedures for logical access to data?

A

Personnel controls

Physical Acces controls

37
Q

What are personnel controls?

A
  • Hiring practices, employee monitoring, security training, separation of duties
38
Q

What are physical access controls?

A

Swipe cards, equipment locking, check-out procedures, screen placement, laptop protection

39
Q

What are IT operations?

A

Policies and procedures for day-to-day management of infrastructure applications, and databases in an organization.

40
Q

What is also involved in IT operations?

A

Vendor Management

41
Q

What are responsibilies of vendor management?

A
  • Review external maintenance agreements
  • Access source code? (If vendor goes out of business)
42
Q

What is database recovery?

A

A mechanism for restoring a database quickly and accurately after loss or damage

43
Q

What are some recovery facilities for database recovery?

A
  • Backup facilities
  • Journalizing facilities
  • Checkpoint facility
  • Recovery manager
44
Q

What should a DBMS provide that produces a backup copy (or save) of the entire database plus conrol files and journals?

A

Back-up facilities

45
Q

How often should back-up facilities back up databases?

A

Periodically (nighty, weekly, etc.)

46
Q

What is a cold backup?

A

Database is shut down during backup

47
Q

What is a hot backup?

A

Selected portion is shut down and backed up at a given time

48
Q

Where should backups be stored?

A

Secure, off-site location

49
Q

What do journalizing facilities do?

A

Provide audit trail of transactions and database updates

50
Q

What is a transaction log?

A

Record of essential data for each transaction processed against the database.

51
Q

What is a database change log?

A

Contains before and after images of updated data

52
Q

What are checkpoint facilities?

A

DBMS periodically refuses to accept new transactions.

This means the system is in a quite state.

In this time the Database and transaction logs are synchronized.

53
Q

How do checkpoint facilities help the recovery manager?

A

It allows the recovery manager to resume processing from short period, instead of repeating the entire day.

54
Q

What is the Recovery Manager?

A

DBMS module that restores the database to a correct condition when a failure occurs and then resumes processing user requests.

55
Q

What are the Recovery and Restart Procedures?

A
  • Disk Mirroring
  • Restore/Run
  • Transaction Integrity
  • Backward Recovery (Rollback)
  • Forward Recovery (Roll Forward)
56
Q

What is disk mirroring?

A

Switching between identical copies of databases

57
Q

What is restore/rerun?

A

Reprocess transactions against the backup (only done as a last resort)

58
Q

What is transaction integrity?

A

Commit or Abort all transaction changes.

59
Q

What is backward recovery (Rollback)?

A

Apply before images

60
Q

What is Forward recovery (Roll forward)?

A

Apply after images (preferable to restore/run)

61
Q

What are the transaction ACID properties?

A
  • Atomic - Transaction cannot be subdivided
  • Consistent - Constraints don’t change from before transaction to after transaction
  • Isolated - Database changes not revealed to users until after transaction has completed
  • Durable - Database changes are permanent
62
Q

Types of failure and their recommended actions

A
63
Q

What is a problem with controlling concurrent access?

A

In a multi-user environment, simultaneous access to data can result in interference and data loss (lost update problem)

64
Q

What is the solution to the lost update problem?

A

Concurrency Control

The process of managing simultaneous operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multi-user evironment

65
Q

What happens to updates if there is simultaneous access to a database?

A

Updates cancel each other.

66
Q

What is serializability?

A

Finish one transaction before starting another

67
Q

What is a locking mechanism?

A
  • The most common way of achieving serialization
  • Data that is retrieved for the purpose of updating is locked for the updater
  • No other user can perform update until unlocked
68
Q

What are the locking levels?

A

Database - used during database updates

Table - used for bulk updates

Block or Page - very commonly used

Record - only requested row; fairly commonly used

Field - requires significant overhead; impractical

69
Q

What are the types of locks?

A

Shared lock

Exclusive lock

70
Q

What is a shared lock?

A

Read but no update permitted. Used when just reading to prevent another user from placing an exclusive lock on the record.

71
Q

What is an exclusive lock?

A

No access permitted. Used when preparing to update.

72
Q

What is a deadlock?

A

An impasse that results when two or more transactions have locked common resources, and each waits for the other to unlock their resources.

73
Q

How do you prevent a deadlock?

A
  • Lock all records required at the beginning of a transaction
  • Two-phase locking protocol (Growing phase, Shrinking phase)
  • Maybe be difficult to determine all needed resources in advance
74
Q

How do you resolve a deadlock?

A
  • Allow deadlocks to occur
  • Mechanisms for detecting and breaking them (Resource usage matrix)
75
Q

What is versioning?

A

An optimistic approach to concurrency control instead of locking

76
Q

What is the assumption with versioning?

A

That simultaneous updates will be infrequent

77
Q

How does versioning work?

A
  • Each transaction can attempt an update as it wishes
  • The system will create a new verison of a record instead of replacing the old one
78
Q

What happens if a conflict occurs during versioning?

A

It accepts one user’s update and informs the other user that its update needs to be tried again.

79
Q

What is a data dictionary?

A

Documents data elements of a database

80
Q

What is a system catalog?

A

Systems-created database that describes all database objects

81
Q

What is an information repository?

A

Stores metadata describing data and data processing resources