COURSE 4 – NETWORK SECURITY & DATABASE VULNERABILITIES

Module 3: Introduction to Databases 

IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE

Complete Coursera Study Guide

Enroll in Coursera IBM Cybersecurity Analyst Professional Certificate Here

TABLE OF CONTENT

INTRODUCTION – Introduction to Databases 

Within this module, you’ll gain proficiency in defining data source and model classifications, along with various data types. Additionally, you’ll examine best practices for safeguarding organizational data. Towards the conclusion, you’ll delve into real-world scenarios, exploring an exemplar Data Protection solution, IBM Security Guardium, in detail.

Learning Objectives

  • Explain how to configure systems to monitor for cybersecurity events
  • Describe the event attributes to include in logging
  • Explain how to generate metrics for logging and audit reporting
  • Explain the value of real-time policy violation alerts and activity blocking
  • Describe the key components of data logging and monitoring
  • Discuss how each step in the data security process applies to the entire IT and data security landscape
  • Determine the security controls required to protect data given the potential sources of threats and the hosting model used
  • Describe a vulnerability assessment test report, including its contents and how to read it
  • Discuss a typical database access setup
  • Identify sources to consult for data security best practices
  • Describe the activities typically contained in each step of the data security process
  • Differentiate between a flat-file database and a relational database
  • Describe structured data, semi-structured data, and unstructured data
  • Identify the many data sources present in a typical organization
  • Identify various data source types

TYPES OF DATA

1. True or False: If all of your organization’s data is centralized in a small number of data centers, than focusing security on perimiter defense is adequate to assure your data is safe.

  • True 
  • False (CORRECT)

Correct, If all of your organization’s data is centralized in a small number of data centers, than focusing security on perimiter defense is not adequate to assure your data is safe.

2. Which two (2) of the following data source types are considered structured data?

  • Data warehouses (CORRECT)
  • Big data databases
  • Distributed databases (CORRECT)
  • File Shares

Correct, this is considered structured.

3. Data that has not been organized into a specialized repository, but does have associated information, such as metadata that makes it more amenable to processing than raw data, is an example of which data model type?

  • Raw data
  • Structured data
  • Unstructured data
  • Semi-structured data (CORRECT)

Correct, structured data.

4. How are the tables in a relational database linked together?

  • Tables are organized in a hierarchical manner so Table 2 always follows Table 1 and so forth.
  • Through the use of primary and foreign keys. (CORRECT)
  • Table connection diagrams are defined in the database configuration settings.
  • By adding a pointer as the last field of each record in a table that points to the first field in the next table.

Correct, through the use of primary and foreign keys.

SECURING DATABASES

1. In the video Securing the Crown Jewels, the “Identification and Baseline” phase contains which three (3) of the following items?

  • Blocking & Quarantine
  • Activity Monitoring
  • Discovery & Classification (CORRECT)
  • Vulnerability Assessment (CORRECT)
  • Entitlements Reporting (CORRECT)

Partially correct, this is one of the three.

2. In the video Leveraging Security Industry Best Practices, which US Government agency is a co-publisher of the Database Security Requirements Guide (SRG)?

  • Federal Bureau of Investigation (FBI)
  • Central Intelligence Agency (CIA)
  • Department of Defense (DoD) (CORRECT)
  • Center for Internet Security (CIS)

3. For added security, a firewall is often placed between which of these?

  • The client and the application.
  • The database and the hardened data repository. (CORRECT)
  • The database administrator and the database.
  • The application and the database.

Correct, the database and the hardened data repository.

4. True or False: In a vulnerability assessment test, a new commercial database installed on a new instance of a major operating system should pass 80-90% of the vulnerability tests out-of-the-box unless there is a major flaw or breach.

  • True
  • False (CORRECT)

5. Which of these hosting environments requires the enterprise to manage the largest number of different data sources?

  • PaaS
  • On Premises (CORRECT)
  • SaaS
  • IaaS

Correct, on premises.

6. While data security is an ongoing process, what is the correct order to consider these steps?

  • Discover, Monitor & Protect, Harden, Repeat
  • Discover, Harden, Monitor & Protect, Repeat (CORRECT)
  • Harden, Discover, Monitor & Protect, Repeat
  • Monitor & Protect, Discover, Harden, Repeat

A DATA PROTECTION SOLUTION EXAMPLE, IBM SECURITY GUARDIUM USE CASES

1. In setting up policy rules for data monitoring, what is the purpose of “exclude” rules?

  • To exclude certain commands from being executed.
  • To exclude individual accounts from accessing data.
  • To exclude certain applications or safe activities from being logged. (CORRECT)
  • To exclude someone from accessing certain database tables.

Correct, To exclude certain applications or safe activities from being logged.

2. True or False: Data monitoring products such as IBM Guardium can send access alerts to syslog for manual intervention by a security analyst but must be connected to addition applications if automated interventions are desired.

  • True
  • False (CORRECT)

3. To created auditable reports of data access using the IBM Guardium product, the administrator would do which of the following?

  • All standard reports are considered auditable.
  • Develop a custom report and turn on Audit Locking to assure the results cannot be tampered with.
  • Use the Audit Process Builder feature to automate the reporting process. (CORRECT)
  • Export standard access logs to Excel or another reporting tool for sorting and processing.

Correct, All standard reports are considered auditable.

4. True or False: The IBM Guardium monitoring applications is capable of monitoring activities in non-relational databases such as Hadoop, Cognos, and Spark.

  • True (CORRECT)
  • False

5. At a minimum, which 3 entities should be captured in any event log?

  • When the activity took place. (CORRECT)
  • Which database tables were associated with the activity.
  • Who or what committed the activity. (CORRECT)
  • Whether the attempted activity was completed successfully.
  • What activity took place. (CORRECT)

Partially correct, you answered one of the three.

6. True of False: In the IBM Guardium data monitoring tool, the number of failed login attempts that would trigger an alert are always counted since the last successful login.

  • True
  • False (CORRECT)

7. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?

  • A known user attempts to run invalid SQL statements against data his ID is authorized to access.
  • A user routinely enters the incorrect password once or twice before entering the correct password for his account.
  • Data accessed by an accounting application dramatically increases in the last few days of every month.
  • Attempts are made to access data using nonstandard tools, such as MS Excel or MS Access, rather than through the application the data belongs to. (CORRECT)

Correct, Attempts are made to access data using nonstandard tools, such as MS Excel or MS Access, rather than through the application the data belongs to.

8. Which two (2) activities should be considered suspicious and warrant further investigation?

  • owner. (CORRECT)
  • An authorized user attempts to run SQL statements with invalid syntax.
  • Use of an Application ID from a hostname that is different from what has been specified by the application owner. (CORRECT)
  • It takes an authorized user 3 attempts to enter the correct password.

Partially correct, this is one of the correct answers.

INTRODUCTION TO DATABASES

1. Distributed databases, data warehouses, big data, and File shares are all classified as what?

  • Data models
  • Database types
  • Data source types (CORRECT)
  • Data center types

2. Hadoop, MongoDB, and BigTable are all examples of which data source type?

  • Data warehouses
  • Big data databases (CORRECT)
  • Distributed databases
  • File Shares

3. Data that has been organized into a formatted repository, typically a database, so its elements can be made addressable, is an example of which data model type?

  • Structureless data
  • Semi-structured data
  • Unstructured data
  • Structured data (CORRECT)

4. Which of the following is the primary difference between a flat file database and a relational database?

  • All the data in a relational database is stored in a single table.
  • All the data in a flat file database is stored in a single table. (CORRECT)
  • Flat file databases consist of a table that references internally stored files.
  • Flat file databases consist of a table that references externally stored files.

5. In the video Leveraging Security Industry Best Practices, where would you turn to look for help on establishing security benchmarks for your database?

  • Common Vulnerability and Exposures (CVE).
  • Center for Internet Security (CIS). (CORRECT)
  • Department of Defense/Defence Information Systems Agency (DoD/DISA).
  • Central Intelligence Agency (CIA).

6. Most of the time, how do users access data?

  • Through an application. (CORRECT)
  • Through a database client.
  • Directly from a hardened repository.
  • Directly from a database.

7. True or False: In a vulnerability assessment test, it is not uncommon to fail more than 50% of the tests before the operating system and database are hardened.

  • True (CORRECT)
  • False

8. What distinguishes structured data from unstructured data? 

  • Structured data is associated with metadata, while unstructured data relies on specialized repositories such as databases. 
  • Structured data is harder to access and process than unstructured data. 
  • Structured data is data organized into a formatted repository, making it easily addressable, whereas unstructured data lacks any form of organization. (CORRECT)
  • Structured data is the least organized and hardest to understand, while unstructured data is the most formatted. 

9. While data security is an ongoing process, what is the correct order to consider these steps?

  • Real-time Monitor & Protection, Identification & Baseline, Raise the Bar
  • Identification & Baseline,Real-time Monitor & Protection,  Raise the Bar
  • Identification & Baseline, Raise the Bar, Real-time Monitor & Protection (CORRECT)
  • Raise the Bar, Identification & Baseline, Real-time Monitor & Protection

10. To automatically terminate a session if an attempt is made to access data in a sensitive table, such as Social Security (SSN) ID numbers, you would set up which type of rule?

  • An Aggregator rule.
  • An Access rule. (CORRECT)
  • An Exception rule.
  • An Exclude rule.

11. True or False: Data monitoring products such as IBM Guarduim are fully capable of blocking access to sensitive data based upon access parameters configured in policy rules. 

  • True (CORRECT)
  • False

12. True or False: Data monitoring tools such as IBM Guardium are designed to monitor activities within a database, but external products, such as a privileged identity management (PIM) tool would be required to monitor changes to the data monitoring tool itself, such as the addition of new users or the alteration of existing user accounts.

  • True
  • False (CORRECT)

13. True or False: In the IBM Guardium data monitoring tool, it is possible to create a report that shows not only how many SQL unauthorized access attempts were made by an individual, but also exactly which SQL statements were disallowed.

  • True (CORRECT)
  • False

14. Which activity should be considered suspicious and might indicate inappropriate activity is being attempted?

  • A known user attempts to run invalid SQL statements against data his ID is authorized to access.
  • Data accessed by an accounting application dramatically increases in the last few days of every month.
  • A user routinely enters the incorrect password once or twice before entering the correct password for his account.
  • Attempts are made to SELECT lists of usernames and passwords by a non-administrator account. (CORRECT)

CONCLUSION – Introduction to Databases 

In conclusion, this module equips you with the skills to define data source and model types, understand different data classifications, implement best practices for securing organizational data, and explore practical applications through an in-depth examination of IBM Security Guardium as a Data Protection solution.

Previous Week
Next Week

Subscribe to our site

Get new content delivered directly to your inbox.

Quiztudy Top Courses

Popular in Coursera

Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!

Subscribe