Module 3: Introduction to Databases 

by
Contents hide
1 INTRODUCTION – Introduction to Databases
2 TYPES OF DATA
3 SECURING DATABASES
4 A DATA PROTECTION SOLUTION EXAMPLE, IBM SECURITY GUARDIUM USE CASES
5 INTRODUCTION TO DATABASES
6 CONCLUSION – Introduction to Databases
Spread the love

INTRODUCTION – Introduction to Databases

This module enables the learner to understand the classification of data sources and data models, different types of data types, and best practices to protect organizational data. The module has finally ended, and the real-world scenario is exploring using IBM Security Guardium as an example of a practical Data Protection solution.

Learning Outcomes:

  • Configure the systems to monitor cybersecurity events.
  • Identify critical event characteristics to be logged.
  • Learn how to generate metrics for logging and audit reports.
  • Understand the importance of real-time alerts for policy violations and activity blocking.
  • Understand key components of data logging and monitoring.
  • Explore how each step of the data security process affects the broad IT and data security space.
  • Assess the security controls needed to safeguard data against threats and the hosting model used.
  • Know how to read a vulnerability assessment test report.
  • Understand normal configuration for accessing databases.
  • Recognize trusted sources for best practices in data security.
  • Understand activities entailed in each phase of the data security process.
  • Differentiate flat-file from relational databases.
  • Learn structured, semi-structured, and unstructured data.
  • Understand different data sources found in an organization.
  • Identify different types of data sources in an organization.

TYPES OF DATA

1. True or False: If all of your organization’s data is centralized in a small number of data centers, than focusing security on perimiter defense is adequate to assure your data is safe.

  • True 
  • False (CORRECT)

Correct, It is not adequate to secure your data even if all your organization’s data can be found in a limited number of data centers, and hence, your security infrastructure should not be perimeter-based alone. The data must also undergo thorough monitoring with respect to the internal accesses, data storage, and stringent access controls that apply to the data centers themselves. On top of this, other concerns, such as encryption, vulnerability management, and continuous monitoring, must be implemented to mitigate threats from inside and outside the network perimeter.

2. Which two (2) of the following data source types are considered structured data?

  • Data warehouses (CORRECT)
  • Big data databases
  • Distributed databases (CORRECT)
  • File Shares

Correct,This is regarded as structured.

3. Data that has not been organized into a specialized repository, but does have associated information, such as metadata that makes it more amenable to processing than raw data, is an example of which data model type?

  • Raw data
  • Structured data
  • Unstructured data
  • Semi-structured data (CORRECT)

Correct, structured data.

4. How are the tables in a relational database linked together?

  • Tables are organized in a hierarchical manner so Table 2 always follows Table 1 and so forth.
  • Through the use of primary and foreign keys. (CORRECT)
  • Table connection diagrams are defined in the database configuration settings.
  • By adding a pointer as the last field of each record in a table that points to the first field in the next table.

Correct, through the use of primary and foreign keys.

SECURING DATABASES

1. In the video Securing the Crown Jewels, the “Identification and Baseline” phase contains which three (3) of the following items?

  • Blocking & Quarantine
  • Activity Monitoring
  • Discovery & Classification (CORRECT)
  • Vulnerability Assessment (CORRECT)
  • Entitlements Reporting (CORRECT)

Partially correct, this is one of the three.

2. In the video Leveraging Security Industry Best Practices, which US Government agency is a co-publisher of the Database Security Requirements Guide (SRG)?

  • Federal Bureau of Investigation (FBI)
  • Central Intelligence Agency (CIA)
  • Department of Defense (DoD) (CORRECT)
  • Center for Internet Security (CIS)

3. For added security, a firewall is often placed between which of these?

  • The client and the application.
  • The database and the hardened data repository. (CORRECT)
  • The database administrator and the database.
  • The application and the database.

Correct, The data store and the secured data set repository.

4. True or False: In a vulnerability assessment test, a new commercial database installed on a new instance of a major operating system should pass 80-90% of the vulnerability tests out-of-the-box unless there is a major flaw or breach.

  • True
  • False (CORRECT)

5. Which of these hosting environments requires the enterprise to manage the largest number of different data sources?

  • PaaS
  • On Premises (CORRECT)
  • SaaS
  • IaaS

Correct, on premises.

6. While data security is an ongoing process, what is the correct order to consider these steps?

  • Discover, Monitor & Protect, Harden, Repeat
  • Discover, Harden, Monitor & Protect, Repeat (CORRECT)
  • Harden, Discover, Monitor & Protect, Repeat
  • Monitor & Protect, Discover, Harden, Repeat

7. The following series of codes are in a sequence from left to right. There is a repeating pattern that you will notice. Determine the pattern and decide which code should come next.

Fill in the blank: A1, B3, C5, D7, E9, F11, G13, _____

  • H15 (Correct)
  • D17
  • J15
  • H16

Correct: The continuing sequences in this sequence are alphabet letters arranged in the order of the English alphabet and numbers increasing by two for every new set. Therefore, applying this logic, the next code would be H15.

A DATA PROTECTION SOLUTION EXAMPLE, IBM SECURITY GUARDIUM USE CASES

1. In setting up policy rules for data monitoring, what is the purpose of “exclude” rules?

  • To exclude certain commands from being executed.
  • To exclude individual accounts from accessing data.
  • To exclude certain applications or safe activities from being logged. (CORRECT)
  • To exclude someone from accessing certain database tables.

Correct, For excluding certain applications or keeping specific activities from being logged.

2. True or False: Data monitoring products such as IBM Guardium can send access alerts to syslog for manual intervention by a security analyst but must be connected to addition applications if automated interventions are desired.

  • True
  • False (CORRECT)

3. To created auditable reports of data access using the IBM Guardium product, the administrator would do which of the following?

  • All standard reports are considered auditable.
  • Develop a custom report and turn on Audit Locking to assure the results cannot be tampered with.
  • Use the Audit Process Builder feature to automate the reporting process. (CORRECT)
  • Export standard access logs to Excel or another reporting tool for sorting and processing.

Correct, The categorization of all types of standard reports is that they are “auditable.”

4. True or False: The IBM Guardium monitoring applications is capable of monitoring activities in non-relational databases such as Hadoop, Cognos, and Spark.

  • True (CORRECT)
  • False

5. At a minimum, which 3 entities should be captured in any event log?

  • When the activity took place. (CORRECT)
  • Which database tables were associated with the activity.
  • Who or what committed the activity. (CORRECT)
  • Whether the attempted activity was completed successfully.
  • What activity took place. (CORRECT)

Partially correct, you answered one of the three.

6. True of False: In the IBM Guardium data monitoring tool, the number of failed login attempts that would trigger an alert are always counted since the last successful login.

  • True
  • False (CORRECT)

7. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?

  • A known user attempts to run invalid SQL statements against data his ID is authorized to access.
  • A user routinely enters the incorrect password once or twice before entering the correct password for his account.
  • Data accessed by an accounting application dramatically increases in the last few days of every month.
  • Attempts are made to access data using nonstandard tools, such as MS Excel or MS Access, rather than through the application the data belongs to. (CORRECT)

Correct, Using another application, like MS Excel or MS Access, people are trying to access the data that the application has, bypassing it, which is not using the application it is associated with.

8. Which two (2) activities should be considered suspicious and warrant further investigation?

  • owner. (CORRECT)
  • An authorized user attempts to run SQL statements with invalid syntax.
  • Use of an Application ID from a hostname that is different from what has been specified by the application owner. (CORRECT)
  • It takes an authorized user 3 attempts to enter the correct password.

Partially correct, this is one of the correct answers.

INTRODUCTION TO DATABASES

1. Distributed databases, data warehouses, big data, and File shares are all classified as what?

  • Data models
  • Database types
  • Data source types (CORRECT)
  • Data center types

2. Hadoop, MongoDB, and BigTable are all examples of which data source type?

  • Data warehouses
  • Big data databases (CORRECT)
  • Distributed databases
  • File Shares

3. Data that has been organized into a formatted repository, typically a database, so its elements can be made addressable, is an example of which data model type?

  • Structureless data
  • Semi-structured data
  • Unstructured data
  • Structured data (CORRECT)

4. Which of the following is the primary difference between a flat file database and a relational database?

  • All the data in a relational database is stored in a single table.
  • All the data in a flat file database is stored in a single table. (CORRECT)
  • Flat file databases consist of a table that references internally stored files.
  • Flat file databases consist of a table that references externally stored files.

5. In the video Leveraging Security Industry Best Practices, where would you turn to look for help on establishing security benchmarks for your database?

  • Common Vulnerability and Exposures (CVE).
  • Center for Internet Security (CIS). (CORRECT)
  • Department of Defense/Defence Information Systems Agency (DoD/DISA).
  • Central Intelligence Agency (CIA).

6. Most of the time, how do users access data?

  • Through an application. (CORRECT)
  • Through a database client.
  • Directly from a hardened repository.
  • Directly from a database.

7. True or False: In a vulnerability assessment test, it is not uncommon to fail more than 50% of the tests before the operating system and database are hardened.

  • True (CORRECT)
  • False

8. What distinguishes structured data from unstructured data? 

  • Structured data is associated with metadata, while unstructured data relies on specialized repositories such as databases. 
  • Structured data is harder to access and process than unstructured data. 
  • Structured data is data organized into a formatted repository, making it easily addressable, whereas unstructured data lacks any form of organization. (CORRECT)
  • Structured data is the least organized and hardest to understand, while unstructured data is the most formatted. 

9. While data security is an ongoing process, what is the correct order to consider these steps?

  • Real-time Monitor & Protection, Identification & Baseline, Raise the Bar
  • Identification & Baseline,Real-time Monitor & Protection,  Raise the Bar
  • Identification & Baseline, Raise the Bar, Real-time Monitor & Protection (CORRECT)
  • Raise the Bar, Identification & Baseline, Real-time Monitor & Protection

10. To automatically terminate a session if an attempt is made to access data in a sensitive table, such as Social Security (SSN) ID numbers, you would set up which type of rule?

  • An Aggregator rule.
  • An Access rule. (CORRECT)
  • An Exception rule.
  • An Exclude rule.

11. True or False: Data monitoring products such as IBM Guarduim are fully capable of blocking access to sensitive data based upon access parameters configured in policy rules. 

  • True (CORRECT)
  • False

12. True or False: Data monitoring tools such as IBM Guardium are designed to monitor activities within a database, but external products, such as a privileged identity management (PIM) tool would be required to monitor changes to the data monitoring tool itself, such as the addition of new users or the alteration of existing user accounts.

  • True
  • False (CORRECT)

13. True or False: In the IBM Guardium data monitoring tool, it is possible to create a report that shows not only how many SQL unauthorized access attempts were made by an individual, but also exactly which SQL statements were disallowed.

  • True (CORRECT)
  • False

14. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?

  • A known user attempts to run invalid SQL statements against data his ID is authorized to access.
  • Data accessed by an accounting application dramatically increases in the last few days of every month.
  • A user routinely enters the incorrect password once or twice before entering the correct password for his account.
  • Attempts are made to SELECT lists of usernames and passwords by a non-administrator account. (CORRECT)

CONCLUSION – Introduction to Databases

This module thus provides you with data sources and model types, knowledge of different data types, best practice application in securing organizational data, and understanding practical application through an in-depth investigation into IBM Security Guardium as a Data Protection Solution.

Leave a Comment