Chapter 4 -- IT Security Part II: Auditing Database Systems organization wishes to capture data.

TRUE/FALSE ANS: F
1. The database approach to data management is sometimes 23. An ER diagram is a graphical representation of a data
called the flat file approach. model.
ANS: F ANS: T
2. The database management system provides a controlled 24. The term occurrence is used to describe the number of
environment for accessing the database. attributes or fields pertaining to a specific entity.
ANS: T ANS: F
3. To the user, data processing procedures for routine 25. Cardinality describes the number of possible occurrences in
transactions, such as entering sales orders, appear to be one table that are associated with a single occurrence in a
identical in the database environment and in the traditional related table.
environment. ANS: T
ANS: T MULTTPLE CHOTCE
4. An important feature associated with the traditional 1. All of the following are basic data management tasks except
approach to data management is the ability to produce ad a. data deletion
hoc reports. b. data storage
ANS: F c. data attribution
5. The data definition language is used to insert special
d. data retrieval
database commands into application programs.
ANS: F ANS: C
6. There is more than one conceptual view of the database. 2. The task of searching the database to locate a stored record for
ANS: F processing is called
7. In the database method of data management, access a. data deletion
authority is maintained by systems programming. b. data storage
ANS: F c. data attribution
8. The physical database is an abstract representation of the d. data retrieval
database. ANS: D
ANS: F 3. Which of the following is not a problem usually associated with
9. A customer name and an unpaid balance is an example of a the flat-file approach to data management?
one-to-many relationship. a. data redundancy
ANS: F b. restricting access to data to the primary user
10. In the relational model, a data element is called a relation.
ANS: F c. data storage
11. Subschemas are used to authorize user access privileges to d. currency of information
specific data elements. ANS: B
ANS: F 4. Which characteristic is associated with the database approach to
12. A recovery module suspends all data processing while the data management?
system reconciles its journal files against the database. a. data sharing
ANS: F b. multiple storage procedures
13. The database management system controls access to c. data redundancy
program files. d. excessive storage costs
ANS: F ANS: A
14. Examining programmer authority tables for information 5. Which characteristic is not associated with the database
about who has access to Data Definition Language approach to data management?
commands will provide evidence about who is responsible a. the ability to process data without the help of a programmer
for creating sub- schemas.
b. the ability to control access to the data
ANS: T
15. Data normalization groups data attributes into tables in c. constant production of backups
accordance with specific design objectives. d. the inability to determine what data is available
ANS: T ANS: D
16. Under the database approach, data is viewed as proprietary 6. The textbook refers to four interrelated components of the
or owned by users. database concept. Which of the following is not one of the
ANS: F components?
17. The data dictionary describes all of the data elements in the a. the database management system
database. b. the database administrator
ANS: T c. the physical database
18. A join builds a new table by creating links.
d. the conceptual database
ANS: F
19. A deadlock is a phenomenon that prevents the processing ANS: D
of transactions. 7. Which of the following is not a responsibility of the database
ANS: T management system?
20. Timestamping is a control that is used to ensure database a. provide an interface between the users and the physical database
partitioning. b. provide security against a natural disaster
ANS: F c. ensure that the internal schema and external schema are
21. A lockout is a software control that prevents multiple users consistent
from simultaneous access d. authorize access to portions of the database
to data. ANS: C
ANS: T 8. A description of the physical arrangement of records in the
22. An entity is any physical thing about which the database is
a. the internal view b. the user perceives that files are linked using pointers
b. the conceptual view c. data is represented on two-dimensional tables
c. the subschema d. data is represented as a tree structure
d. the external view ANS: C
ANS: A 18. In the relational database model all of the following are true
9. Which of the following may provide many distinct views of the except
database? a. data is presented to users as tables
a. the schema b. data can be extracted from specified rows from specified tables
b. the internal view c. a new table can be built by joining two tables
c. the user view d. only one-to-many relationships can be supported
d. the conceptual view
ANS: D
ANS: C 19. In a relational database
10. Users access the database a. the user's view of the physical database is the same as the
a. by direct query physical database
b. by developing operating software b. users perceive that they are manipulating a single table
c. by constantly interacting with systems programmers c. a virtual table exists in the form of rows and columns of a table
d. all of the above stored on the disk
ANS: A d. a programming language (COBOL) is used to create a user's
11. The data definition language view of the database
a. identifies, for the database management system, the names ANS: B
and relationships of all data elements, records, and files that 20. Which of the following is not a common form of conceptual
comprise the database database model?
b. inserts database commands into application programs to a. hierarchical
enable standard programs to interact with and manipulate b. network
the database c. sequential
c. permits users to process data in the database without the d. relational
need for conventional programs
ANS: C
d. describes every data element in the database
21. Which statement is false?
ANS: A
a. The DBMS is special software that is programmed to know
12. The data manipulation language
which data elements each user is authorized to access.
a. defines the database to the database management system
b. transfers data to the buffer area for manipulation b. User programs send requests for data to the DBMS.
c. During processing, the DBMS periodically makes backup copies
c. enables application programs to interact with and manipulate the
of the physical database.
database
d. The DBMS does not control access to the database.
d. describes every data element in the database
ANS: D
ANS: C 22. All of the following are elements of the DBMS which facilitate
13. Which statement is not correct? A query language like SQL user access to the database except
a. is written in a fourth-generation language a. query language
b. requires user familiarity with COBOL b. data access language
c. allows users to retrieve and modify data c. data manipulation language
d. reduces reliance on programmers d. data definition language
ANS: B ANS: B
14. Which duty is not the responsibility of the database 23. Which of the following is a level of the database that is defined
administrator? by the data definition language?
a. to develop and maintain the data dictionary a. user view
b. to implement security controls b. schema
c. to design application programs c. internal view
d. to design the subschema d. all are levels or views of the database
ANS: C ANS: D
15. In a hierarchical model 24. An example of a distributed database is
a. links between related records are implicit a. partitioned database
b. the way to access data is by following a predefined data path b. centralized database
c. an owner (parent) record may own just one member (child) c. networked database
record
d. all are examples of distributed databases
d. a member (child) record may have more than one owner (parent)
ANS: A
ANS: B
25. Data currency is preserved in a centralized database by
16. Which term is not associated with the relational database model?
a. partitioning the database
a. tuple
b. using a lockout procedure
b. attribute
c. replicating the database
c. collision
d. implementing concurrency controls
d. relation
ANS: B
ANS: C
26. Which procedure will prevent two end users from accessing the
17. In the relational database model
same data element at the same time?
a. relationships are explicit
 a. data redundancy 35. Which of the following is not an access control in a database
b. data replication system?
c. data lockout a. antivirus software
d. none of the above b. database authorization table
ANS: C c. passwords
27. The advantages of a partitioned database include all of the d. voice prints
following except ANS: A
a. user control is enhanced 36. Which of the following is not a basic database backup and
b. data transmission volume is increased recovery feature?
c. response time is improved a. checkpoint
d. risk of destruction of entire database is reduced b. backup database
ANS: B c. transaction log
28. A replicated database is appropriate when d. database authority table
a. there is minimal data sharing among information ANS: D
processing units 37. Audit objectives for the database management system include all
b. there exists a high degree of data sharing and no primary of the following except
user a. verifying that the security group monitors and reports on fault
c. there is no risk of the deadlock phenomenon tolerance violations
d. most data sharing consists of read-write transactions b. confirming that backup procedures are adequate
c. ensuring that authorized users access only those files they need
ANS: B
to perform their duties
29. What control maintains complete, current, and consistent data at
d. verifying that unauthorized users cannot access data files
all information processing units?
a. deadlock control ANS: A
38. All of the following tests of controls will provide evidence that
b. replication control
access to the data files is limited except
c. concurrency control a. inspecting biometric controls
d. gateway control b. reconciling program version numbers
ANS: C c. comparing job descriptions with access privileges stored in the
30. Data concurrency authority table
a. is a security issue in partitioned databases d. attempting to retrieve unauthorized data via inference queries
b. is implemented using timestamping ANS: B
c. may result in data lockout 39. Which of the following is not a test of access controls?
d. occurs when a deadlock is triggered a. biometric controls
ANS: B b. encryption controls
31. All of the following are advantages of a partitioned database c. backup controls
except d. inference controls
a. increased user control by having the data stored locally
ANS: C
b. deadlocks are eliminated 40. The database attributes that individual users have permission to
c. transaction processing response time is improved access are defined in
a. operating system.
d. partitioning can reduce losses in case of disaster
b. user manual.
ANS: B
c. database schema.
32. Which backup technique is most appropriate for sequential batch
systems? d. user view.
a. grandparent-parent-child approach e. application listing.
b. staggered backup approach ANS: D
c. direct backup
d. remote site, intermittent backup
ANS: A
33. When creating and controlling backups for a sequential batch
system,
a. the number of backup versions retained depends on the amount
of data in the file
b. off-site backups are not required
c. backup files can never be used for scratch files
d. the more significant the data, the greater the number of backup
versions
ANS: D
34. In a direct access file system
a. backups are created using the grandfather-father-son approach
b. processing a transaction file against a maser file creates a backup
file
c. files are backed up immediately before an update run
d. if the master file is destroyed, it cannot be reconstructed
ANS: C