P1L7

Question 1

importance of database security

Answer 1

• database stores sensitive data
• its structure influences how it’s accessed
• writen in language like SQL
• transactional nature (action done or not)

Question 2

database main threat is from hacker or insider?

Answer 2

insider

Question 3

database relations or tables is defined by

Answer 3

schema

Question 4

database relations or tables consists of

Answer 4

tuples

Question 5

what’s a key

Answer 5

value that uniquely define a tuple or a row

Question 6

SQL operations on relations

Answer 6

select, insert, update, join, and delete

Question 7

database access control

Answer 7

GRANT and REVOKE

Question 8

GRANT syntax

Answer 8

GRANT {privilege} [ON TABLE] TO {user} [password] [WITH GRANT OPTION]

Question 9

REVOKE syntax

Answer 9

REVOKE {privilege} [ON TABLE] FROM {user}

Question 10

SQL privilege

Answer 10

SELECT, INSERT, UPDATE, DELETE

Question 11

SQL injection can impact

Answer 11

confidentiality (extract data) and integrity (corrupt data)

Question 12

Can sql injection be craft by using web application vulnerability?

Answer 12

True

Question 13

inference attack

Answer 13

certain aggregate/stat queries can be allowed by all user, and hacker abuse that

Question 14

defense against attacks

Answer 14

• do not allow aggregate

- transform data by de-identification or anonymization