SRM INSTITUTE OF SCIENCE AND TECHNOLOGY

Ramapuram Campus, Bharathi Salai, Ramapuram, Chennai - 600089

FACULTY OF ENGINEERING AND TECHNOLOGY

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

QUESTIONBANK

DEGREE / BRANCH: B.TECH/CSE

VII-SEMESTER

18CSE455T/ DATABASE SECURITY AND PRIVACY

Regulation–2018

Academic Year- 2022-2023

 SRM INSTITUTE OF SCIENCE AND TECHNOLOGY
Ramapuram Campus, Bharathi Salai, Ramapuram,
Chennai-600089

DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

QUESTIONBANK

SUBJECT: 18CSE455T/ DATABASE SECURITY AND PRIVACY

SEM/YEAR: VII/IV

Course Outcomes
CO1: Acquire the knowledge of information system and information security
CO2: Able to manage the security of information system as well as database
CO3: Able to design and develop the security model in database
CO4: Able to implement VPD in various
CO5: Able to audit the database activities, users, security
CO6: Apply the security mechanism in PPDM using various algorithms

UNIT-III
Database Application Security Models: Introduction-Types of Users-Security Models- Application
Types-Application Security Models-Data Encryption
Virtual Private Databases: Introduction-Overview of VPD-Implementation of VPD using Views,
Application Context in Oracle-Implementing Oracle VPD-Viewing VPD Policies and Application
contexts using Data Dictionary, Policy Manager Implementing Row and Column level Security with
SQL Server.
PART-A (Multiple Choice Questions)
Q. Questions Course Competence
No Outcom BT Level
e
1 ------------ is a program that performs a specific business CO3 BT1
function.
a. Information policy
b. Business cases
c. Application
d. Database functions.
2 ------------ is a collection of programs that maintains data files. CO3 BT1
a. Data center.
b. Data warehouse.
c. Database Administrator.
d. Database Management System.
3 ------------ has an access to the database through another CO3 BT1
database user account.
a. Schema owner
b. Proxy user
 c. Virtual user
d. Application user.
4 Who works on behalf of application user? CO3 BT1
a. Schema owner
b. Proxy user
c. Virtual user
d. Application user.
5 Identify access mode which grants Grant privilege to other CO3 BT2
subjects.
a. Delegate.
b. Grant
c. Grant-Grant
d. Abrogate
6 The function that adds and registers a VPD policy for a table is CO4 BT2
a. PROCEDURE ADD_POLICY
b. PROCEDURE ADD_POLICY_CONTEXT
c. PROCEDURE DROP_POLICY
d. PROCEDURE ENABLE_POLICY
7 The function that removes a VPD policy from a table is CO4 BT2
a. PROCEDURE ADD_POLICY
b. PROCEDURE ADD_POLICY_CONTEXT
c. PROCEDURE DROP_POLICY
d. PROCEDURE ENABLE_POLICY
8 ------------ Component contains the code that performs data CO3 BT1
validation and business rule implementation.
a. User Interface component.
b. Data access component.
c. Network access component.
d. Business logic component.
9 ------------ component is responsible for retrieving and CO3 BT1
manipulating data.
a. User Interface component.
b. Data access component.
c. Network access component.
d. Business logic component.
10 ------------ program allows users to navigate through web pages. CO3 BT1
a. Web server layer.
b. Web browser layer.
c. Application server.
d. Database server layer.
11 ------------ Software program implements business rules. CO3 BT1
a. Web server layer.
b. Business logic layer.
c. Application server.
d. Database server layer.
12 --------- is accessed by software application and reporting CO3 BT1
application in OLAP.
a. Data center.
b. Data warehouse.
c. Data store.
d. Database Management System.
13 OLAP ---------------- CO3 BT2
a. OnLine Analysis Policy
b. OnLine Assembly-language Processing
c. OnLine Analytical Processing.
d. OnLine Authentication Protocol
14 Identify the function which lists all contexts for the current CO4 BT2
session.
a. ALL_CONTEXT
b. SESSION_CONTEXT
c. VPD _POLICY
d. IN_SESSION_CONTEXT
15 Identify function which lists all context that user owns or has CO3 BT2
privileges to view.
a. ALL_CONTEXT
b. SESSION_CONTEXT
c. VPD _POLICY
d. NONE OF THE ABOVE
16 The policy that contains all policies owned by the current user is CO4 BT2
a. DBA_POLICIES
b. ALL_POLICIES
c. USER _POLICIES
d. VPD_POLICY
17 Identify the policy which contains all policies that bare created CO4 BT2
in the database and their attributes
a. DBA_POLICIES
b. ALL_POLICIES
c. USER _POLICIES
d. VPD_POLICY
18 The function that enables and disables a policy is CO3 BT1
a. PROCEDURE ADD_POLICY
b. PROCEDURE ADD_POLICY_CONTEXT
c. PROCEDURE DROP_POLICY
d. PROCEDURE ENABLE_POLICY
19 ------------ Software program stores and manages data. CO3 BT1
a. Web server layer.
b. Web browser layer.
c. Application server.
d. Database server layer.

20 VPD (virtual private database) provides authorization at the CO4 BT3

level of specific tuples, or rows, of a relation, and is therefore
said to be a mechanism…

a) row-level authorization
b) Column-level authentication
c) authentication
d) Authorization security
e) None of these
21 The ___________________ is a standard for exchanging CO4 BT2
authentication and authorization information between different
security domains, to provide cross-organization single sign-on.
 a) OpenID
b) Sign-on system
c) Security Assertion Markup Language (SAML)
d) Virtual Private Database (VPD)

22 What is level 3 access mode in dynamic mode? CO3 BT3

a. Virtual.
b. Delegate
c. Data store.
d. Revoke.
23 Which database allows a system administrator to associate a CO4 BT3
function with a relation the function returns a predicate that
must be added to any query that uses the relation…
a) OpenID
b) Security Assertion Markup Language
c) Single-site system
d) Virtual Private Database
24 Even with two-factor authentication, users are vulnerable to CO3 BT1
which attacks.
a) Man-in-the-middle
b) Cross attack
c) scripting
d) Radiant
e) None of these

25
_____________is a program that solves a problem or performs a
specific business function
a) Database
CO3 BT1
b) Application
c) Operating System
d) Editor

26
Access model is based on the _____________
a) Take-Give models
b) Take-Grant models CO3 BT1
c) Take-allow models
d) Take-stretch models
27
_____________ dynamic mode allows the subject to grant the
grant privileges to other subjects.
a) Delegate
CO3 BT2
b) Distribute
c) Disseminate
d) Dispense

28
Web application uses _____________ to connect and
communicate to the server.
a) SOAP protocol
CO3 BT2
b) TCP protocol
c) SMTP protocol
d) HTTP protocol

29
The Data Warehouse is accessed by software applications or
reporting applications called _____________
a) OnLine Logical Processing
CO3 BT2
b) OnLine Analytical Processing
c) OnLine Critical Processing
d) OnLine Systematic Processing

30
______________ contains the date and time when the record was
last updated.
a) CTL_UPLD_dtim
CO3 BT3
b) CTL_UPDATE_dtim
c) CTL_UPD_dtim
d) CTL_UPD_dtime

31
The architecture of a ________________ is based on application
roles and function.
a) Security data model
CO3 BT2
b) functional data model
c) Application data model
d) System data model

32
________________is a security method in which information is
encoded in such a way that only authorized user can read it.
a) Encryption
CO3 BT2
b) Encoding
c) Encapsulation
d) Hieroglyphics
 33 ________________ is shared database schema containing data
that belongs to any users, and each user can view or manipulate
the data the user owns.
a) Virtual Public Database CO4 BT2
b) Virtual Profile Database
c) Virtual Private Database
d) Virtual Perfect Database
34
The ____________ is used to apply the security policy,
implemented by security_package, to the relevant tables.
a) DBMS_RlM package CO3 BT3
b) DBMS_RlP package
c) DBMS_RlB package
d) DBMS_RlS package

PART B (4 Marks)
1 Draw the physical structure of web application. CO3 BT1
2 List the characteristics of security data model based on application CO3 BT1
roles.
3 Explain the architecture of security data model based on database CO3 BT3
roles.
4 List the characteristics of security data model based on application CO3 BT1
tables.
5 Illustrate the data model for small pharmacy store. CO3 BT3
6 Explain data encryption process. CO3 BT3
7 List the steps to create an Application role and drop an Application CO3 BT1
table using SQL server enterprise manager.
8 Command to display and hide current user in SQL using Oracle. CO3 BT1
PART C (12 Marks)
1 Describe how the oracle helps in implementing VPD using views. CO4 BT1
2 Explain in detail about security data model based on application CO3 BT3
functions with appropriate diagrams.
3 Implement the Oracle virtual database and explain its architecture. CO3 BT4
4 Explain VPD policy viewing and application context using data CO4 BT3
dictionary
5 Implement Row and Column level Security with SQL Server CO3 BT4

Note:

1. BT Level – Blooms Taxonomy Level

2. CO – Course Outcomes

BT1 –Remember BT2 – Understand BT3 – Apply BT4 – Analyze BT5 – Evaluate BT6 –
Create