1.

Explain any two threats to database integrity and suggest how these threats can be
mitigated. (Max 80 words) [6]

Web-Search

Poe

Two threats to database integrity are insider threats and SQL/NoSQL injection attacks.

1. Insider Threats:
o Insider threats refer to security risks posed by individuals within an organization
who have privileged access to the database.
o Mitigation:
 Implement strict access controls and limit privileges to only those
necessary for job functions.
 Regularly monitor and audit user activities to detect any suspicious
behavior.
 Educate employees about the importance of data security and the
consequences of unauthorized access or misuse.
2. SQL/NoSQL Injection Attacks:
o These attacks involve inserting malicious code into database queries, exploiting
vulnerabilities in the application layer.
o Mitigation:
 Use parameterized queries or prepared statements to prevent attackers
from injecting malicious code.
 Implement input validation and sanitization techniques to ensure that user
input is properly validated before being used in database queries.
 Regularly update and patch the database management system to address
any known vulnerabilities.

Learn more:

1. What is Database Security | Threats & Best Practices | Imperva

2. Data Integrity: Types, Threats, and Countermeasures
3. Major Database Security Threats & How You Can Prevent Them | Tripwire

2. Outline the difference between authentication and authorization. Explain the importance
of each in ensuring database security. (Max 80 words) [6]

Web-Search
Poe

Authentication and authorization are two essential components of ensuring database security.
Here's an outline of the difference between authentication and authorization and the importance
of each:

Difference between Authentication and Authorization:

1. Authentication:
o Authentication is the process of verifying the identity of a user or entity accessing
a system or database.
o It ensures that the user is who they claim to be by validating their credentials,
such as username and password, biometric data, or digital certificates.
o Authentication establishes trust and grants access to the system based on the
user's identity.
2. Authorization:
o Authorization is the process of granting or denying access rights and permissions
to authenticated users or entities.
o It determines what specific applications, files, and data a user can access based on
their role, privileges, or security levels.
o Authorization ensures that users have appropriate access privileges and prevents
unauthorized access to sensitive data.

Importance of Authentication and Authorization in Database Security:

1. Authentication:
o Authentication prevents unauthorized access to the database by verifying the
identity of users.
o It ensures that only authorized individuals can access the database, reducing the
risk of data breaches and unauthorized modifications.
o By implementing strong authentication measures, organizations can protect
sensitive data and maintain the integrity of their databases.
2. Authorization:
o Authorization ensures that users have the appropriate level of access to perform
their assigned tasks.
o It helps enforce data privacy and confidentiality by restricting access to sensitive
information to only authorized personnel.
o By implementing granular authorization controls, organizations can minimize the
risk of data leaks, unauthorized modifications, and insider threats.

Learn more:

1. Authentication vs Authorization - Article - SailPoint

2. Difference between Authentication and Authorization - GeeksforGeeks
 3. Authentication vs. Authorization: What’s the Difference? | OneLogin

4. Describe the 3-layer ANSI-SPARC architecture. Describe two advantages of this

architecture. How does this architecture address the issue of data independence for a
database system? (Max: 100 words) [9]

Web-Search

Poe

The 3-layer ANSI-SPARC architecture, also known as the three-level architecture, was
introduced by ANSI-SPARC in 1975. It consists of three layers: the external level, the
conceptual level, and the internal level.

1. External Level:
o This layer represents the user's view of the database.
o It allows for customized user views, where each user can access the same data but
have a different personalized view [1].
o Different users can have different ways of representing and accessing the data,
providing flexibility and customization.
2. Conceptual Level:
o This layer represents the community view of the database.
o It describes the overall structure of the database, including entities, attributes, and
relationships [2].
o It focuses on the logical structure of the database, independent of any storage
considerations.
o It represents the complete view of the database that the organization requires.
3. Internal Level:
o This layer represents the physical implementation of the database.
o It deals with the physical storage and optimization of the database [2].
o It interacts with the operating system to manage storage files, data retrieval, and
other physical aspects.

Advantages of the 3-layer ANSI-SPARC architecture:

1. Data Independence:
o The architecture provides data independence, separating the user's view from the
physical structure of the database [1].
o Changes made at the conceptual level, such as modifying the structure or adding
new entities, do not affect the external views or the internal implementation.
o This allows for easier maintenance, scalability, and adaptability of the database
system.
2. Customized User Views:
o The architecture allows for multiple customized user views of the same data [1].
 o Different users can have different perspectives and requirements, and the external
level provides the flexibility to cater to those needs.
o Users can access and manipulate the data in a way that makes sense to them,
enhancing usability and productivity.

Learn more:

1. ANSI-SPARC Architecture - Wikipedia

2. The Three-Level ANSI-SPARC Architecture - GeeksforGeeks
3. DBMS Three schema Architecture - javatpoint

5. The object-oriented data model (OODM) represents the real world more closely that the
relational model. Discuss the relational model and object-oriented model in detail (Max:
150 words) [10]

Web-Search

Poe

The relational model and the object-oriented model are two different approaches to representing
and managing data in databases.

Relational Model:

 The relational model is based on the concept of tables, where data is organized into rows
and columns. Each table represents an entity, and the relationships between entities are
established through keys and foreign keys.
 Relationships between tables are not explicitly defined in the relational model, but rather
implied by the values stored in the tables [1].
 The relational model uses Structured Query Language (SQL) for defining, manipulating,
and querying data [3].
 It is widely used in traditional database management systems (DBMS) like MySQL,
Oracle, and SQL Server [2].
 The relational model is known for its scalability, data integrity, and support for complex
queries involving multiple tables [2].

Object-Oriented Model:

 The object-oriented model represents data as objects, similar to how objects are used in
object-oriented programming. Each object has attributes (data) and methods (operations)
that can act upon the data.
  Relationships between objects are explicitly defined in the database structure, and these
relationships are not implied by the object's contents [1].
 Object-oriented databases (OODBs) use Object Query Language (OQL) for data retrieval
[2].
 OODBs are suitable for storing complex data structures, such as objects that can contain
other objects, arrays, and multimedia types [3].
 OODBs provide flexibility and performance advantages for applications dealing with
complex data and objects [3].

Comparison:

 The object-oriented model represents the real world more closely than the relational
model because it allows for direct representation of complex data structures and supports
inheritance [3].
 The relational model is more suitable for applications where relationships between
different data entities need to be efficiently organized and queried [2].
 The relational model has a long history, extensive documentation, and a wide community
of experts and users, making it a mature and well-supported choice [2].
 OODBs offer scalability, flexibility, and performance advantages for applications dealing
with complex data and objects [3].

Learn more:

1. ADVANTAGES OF OBJECT-ORIENTED OVER RELATIONAL ...

2. Difference between RDBMS and OODBMS - GeeksforGeeks
3. Object-Oriented DB vs. Relational DB | Medium

6. A local university is considering subscribing for a Database as a Service. What is

Database as a service? Outline any 4 risks that are associated with database as a service
that the university may encounter. [9]

Web-Search

Poe

Database as a Service (DBaaS) is a cloud computing service that allows organizations to access
and utilize a database without the need for installing, maintaining, and storing data on local
database servers. Instead, the database is hosted and managed by a third-party provider in the
cloud. This service offers several benefits, such as ease of management, scalability, and cost-
effectiveness. However, there are also risks associated with using DBaaS that the university
should consider before subscribing. Here are four risks:
 1. Security Risks: When using DBaaS, the university's data is stored and managed by a
third-party provider. This introduces potential security vulnerabilities, such as
unauthorized access, data breaches, and data loss. It is crucial for the university to
thoroughly evaluate the security measures and certifications of the DBaaS provider to
ensure the protection of sensitive data [1].
2. Data Privacy and Compliance: The university may have specific data privacy and
compliance requirements, such as GDPR or HIPAA. When using DBaaS, the data is
stored and processed by the provider, which may be located in a different jurisdiction.
This raises concerns about data privacy, compliance, and the ability to meet regulatory
requirements. The university should carefully assess the provider's data handling
practices and ensure they align with the necessary regulations [1].
3. Vendor Lock-in: Moving to DBaaS may result in vendor lock-in, where the university
becomes heavily dependent on the specific DBaaS provider's infrastructure, tools, and
services. This can make it challenging to switch to a different provider or bring the
database back in-house if needed. The university should consider the long-term
implications and potential difficulties associated with vendor lock-in [2].
4. Loss of Control and Latency: By using DBaaS, the university relinquishes some control
over the database infrastructure and management. They rely on the provider for efficient
infrastructure management and addressing any system failures. Additionally, accessing
the database over the internet may introduce latency issues, which can impact the
performance and responsiveness of the database [2].

Learn more:

1. Security Considerations and Challenges of DBaaS

2. Security Considerations When Moving to Database as a Service - The New Stack
3. 7 risks associated with migrating a database to the cloud (DBaaS) | Spiria

3. Draw an ERD for the description below

UPS prides itself on having up-to-date information on the processing and current location
of each shipped item. To do this, UPS relies on a company-wide information system.
Shipped items are the heart of the UPS product tracking information system. Shipped
items can be characterized by item number (unique), weight, dimensions, insurance
amount, destination, and final delivery date. Shipped items are received into the UPS
system at a single retail center. Retail centers are characterized by their type, uniqueID,
and address. Shipped items make their way to their destination via one or more standard
UPS transportation events (i.e., flights, truck deliveries). These transportation events are
characterized by a unique scheduleNumber, a type (e.g, flight, truck), and a
deliveryRoute. [10]

Web-Search
Poe

I apologize, but as an AI text-based assistant, I'm unable to draw an ERD directly. However, I
can describe the ERD based on the provided description:

The ERD for the given description would include the following entities and their relationships:

1. Entity: Shipped Item

o Attributes: item number (unique), weight, dimensions, insurance amount,
destination, final delivery date
2. Entity: Retail Center
o Attributes: type, uniqueID, address
3. Entity: Transportation Event
o Attributes: scheduleNumber (unique), type, deliveryRoute

Relationships:

 Shipped Item and Retail Center: One-to-many relationship, as a retail center can receive
multiple shipped items, but each shipped item is received at a single retail center.
 Shipped Item and Transportation Event: One-to-many relationship, as a shipped item can
go through multiple transportation events, but each transportation event is associated with
a single shipped item.

Please note that the ERD would include the entities and relationships described above, but the
actual diagram representation would require a visual tool or software.