Database_Forensics

Question 1

NAME?

Answer 1

is used for trusted connections

Question 2

-e

Answer 2

is used to echo the input

Question 3

NAME?

Answer 3

is used for column separation

Question 4

Database and log file (MSSQL)

Answer 4

\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\DATA*.MDF | *.LDF

Question 5

DBCC BUFFER

Answer 5

Returns the buffer headers and pages from the SQL server buffer cache where the results are stored

Question 6

DBCC DBINFO

Answer 6

Returns information related to the database metadata

Question 7

DBCC DBTABLE

Answer 7

Returns structure of selected database table

Question 8

dbcc loginfo and go

Answer 8

to obtain the VLF allocations for the moviescope database:

Question 9

DBCC PAGE

Answer 9

Returns the data page structure of the selected database

Question 10

DBCC PROCBUF

Answer 10

returns the contents of the SQL Server procedure buffer. Buffer contains SQL server cached executable statements such as stored procedures and SQL queries

Question 11

DBCC SHOWFILESTATUS

Answer 11

Returns information related to the space occupied by the data files in an active database.

Question 12

sp_helpdb moviescope and go

Answer 12

to determine the locations of the transaction log files associated with moviescope database (moviescope is the database for demonstration purposes)

Question 13

sp_helpdb

Answer 13

command outputs the information related to a specific database.

Question 14

SQL Server error logs

Answer 14

\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\LOG\ERRORLOG

Question 15

Trace files

Answer 15

\Microsoft SQL Server\MSSQL14.MSSQLSERVER \MSSQL\ LOG\LOG_#.TRC

Question 16

Identify the SQL server function that allows investigators to retrieve the active portion of a transaction log file, such as the target database object, specific columns, SPID, and date/time range.

Answer 16

fn_dblog ()

Question 17

DBCC Commands

Answer 17

Database Consistency Checker commands may give the investigator valuable insight into what is happening within the Server system.

Question 18

Pslist commands

Answer 18

displays elementary information about all the processes running on a system.

Question 19

net session commands

Answer 19

Command is used for managing server computer connections

Question 20

select * from sys.dm_exec_cached_plans

Answer 20

To view one row per plan attribute for the plan specified by the plan handle.

Question 21

Select * from ::fn_dblog(NULL, NULL)

Answer 21

Displays the active portion of the transaction log file. Assigning NULL values imply that the start and end points for log sequence numbers (LSNs) are not specified.

Question 22

select * from sys.dm_exec_cached_plans cross apply sys.dm_exec_sql_text(plan_handle)

Answer 22

Retrieve the SQL text of all cached entries.

Question 23

select * from sys.dm_exec_query_stats

Answer 23

To collect additional plan cache specifics from the database, like viewing the aggregate performance statistics.

Question 24

select * from sys.dm_exec_query_stats

Answer 24

To collect additional plan cache specifics from the database, like viewing the aggregate performance statistics.

Question 25

Select * from ::fn_dblog(NULL, NULL)

Answer 25

Displays the active portion of the transaction log file. Assigning NULL values imply that the start and end points for log sequence numbers (LSNs) are not specified.

Question 26

DBCC LOG(,

)

Answer 26

command allows investigators to view and retrieve the active transaction log files for a specific database.

Question 27

Offset in Row

Answer 27

In row data offset of modification

Question 28

LOP_BEGIN_XACT

Answer 28

Indicates the beginning of a transaction

Question 29

LOP_COMMIT_XACT

Answer 29

Indicates the end of a transaction

Question 30

LOP_MODIFY_ROW

Answer 30

Indicates the type of transaction performed

Question 31

RowLog Contents 1

Answer 31

Value of the row after modification

Question 32

RowLog Contents 0

Answer 32

Value of the row before modification

Question 33

Slot ID

Answer 33

On data page row location of record

Question 34

Connection Pool

Answer 34

handles all the client connection needs such as user authentication, memory checks, thread processing, caches, etc.

Question 35

MyISAM

Answer 35

Provides unlimited data storage, Well-known for storing and retrieving huge volumes of seldom-accessed archival or historical data

Question 36

ARCHIVE

Answer 36

Provides unlimited storage limit in compressed format

Question 37

BLACKHOLE

Answer 37

Allows systems to write data: however, these data are never saved

Question 38

SQL Interface

Answer 38

User interface that accepts SQL syntax and transmits the results to the user.

Question 39

Query Cache

Answer 39

Caches the query structure and query results that are unique to MySQL

Question 40

Cache and Buffers

Answer 40

They ensure that the commonly used data are provided in an efficient way.

Question 41

Parser

Answer 41

validates the SQL queries entered by a user

Question 42

Query Optimizer

Answer 42

Excludes known-bad conditions in the query before executing the join expression

Question 43

Error log (HOSTNAME.err)

Answer 43

It contains the information associated with the start-up and shutdown events as well as the errors.

Question 44

General query log (HOSTNAME.log)

Answer 44

It contains logs regarding the client connections and activities

Question 45

Relay log (HOSTNAMErelay-bin.n)

Answer 45

It contains the events that describe the changes that occurred in the database.

Question 46

Master info file (master.info)

Answer 46

It is created by a replication slave server that contains the essential parameters used for connecting to the master slave.

Question 47

lbdata1

Answer 47

lbdata1 data file stores the permanent table records of InnoDB

Question 48

PID

Answer 48

The server's process ID (PID) file, which stores the MySQL server’s process ID

Question 49

auto.cnf

Answer 49

file containing the server_uuid which is used to uniquely identify a server

Question 50

[tablename].myd

Answer 50

Contains the table data of MyISAM Storage Engine

Question 51

mysqldump

Answer 51

Take a backup of the database using

Question 52

mysqlexport

Answer 52

To export metadata or data, or both from one or more databases

Question 53

mysqlbinlog

Answer 53

To display the content of bin logs (mysql-bin.nnnnnn) in text format.

Question 54

myisamlog

Answer 54

To process the MyISAM log file and perform recovery operation, display version information, etc., depending on the situation. The default operations of this utility include update(-u) and recovery(-r).