MCQ

For database Security

All the Quiz’s:

Q1: Mandatory Access Control (MAC) systems are enforced by a central
authority, and access is ______ based on ______.
Options:
a) security labels and user roles.
b) The resource owner determines access permissions.
c) Access is determined by the user role and responsibilities.
d) Users can modify their access permissions.
Correct Answer: (a) security labels and user roles.

Q2: Which of the following are primarily types of Mandatory Access Control?
Options:
a) data security systems.
b) logical security systems.
c) information security systems.
d) Multilevel security systems.
Correct Answer: (d) Multilevel security systems.

Q3: When a user attempts to access a system, mandatory access control (MAC)
systems check ______.
Options:
a) the security label assigned to both the user and the resource.
b) The Password of the user.
c) The Account of the user.
d) The Database.
Correct Answer: (a) the security label assigned to both the user and the resource.

Q4: Which of the following are phases of Database Life Cycle (DBLC)?
Options:
a) prototype applications.
b) Database initial study.
c) Structures.
d) Periodic security audits.
Correct Answer: (b) Database initial study.

Q5: Which of the following are Business view of data within system in database
design?
Options:
a) The physical storage of data.
Correct Answer: (a) The physical storage of data.

Q1: What is a password include?

Options:
a) letters, numbers, and most symbols.
b) Spaces.
c) contain actual words.
d) contact numbers.
Correct Answer: (a) letters, numbers, and most symbols.

Q2: Intellectual Search : In this attacker tries password that may have relation
with?
Options:
a) A login ID.
b) vehicle registration no, contact numbers.
c) A personal email address.
d) A profile picture.
Correct Answer: (b) vehicle registration no, contact numbers.

Q3: Which of the following is physical attribute of the user that positively
identifies the user?
Options:
a) Signature.
b) Voice.
c) finger print recognition.
d) Keystroke.
Correct Answer: (c) finger print recognition.
Q4: in RBAC The administrator sets permissions for the Nurse role, such as?
Options:
a) viewing medications.
b) ordering tests.
c) prescribing medications.
d) Diagnosing.
Correct Answer: (a) viewing medications.

Q5: Which of the following is not a Goals of access control?

Options:
a) Granting access
b) Limiting access
c) Revolving access
d) Data access.
Correct Answer: (c) Revolving access.

Q1: Which of the following is Types of Access Control Policies?

Options:
a) information as resource.
b) implement policies that prevent unauthorized access.
c) technical or logical access control policies.
d) authorized personnel have access to the information needed.
Correct Answer: (c) technical or logical access control policies.

Q2: Which of the following is primarily types of Mandatory Access Control?

Options:
a) label security.
b) information security systems.
c) data security systems.
d) Multilateral security systems.
Correct Answer: (a) label security.

Q3: If the user's clearance level matches the security label of the resource ______.
Options:
a) systems check the security labels.
b) Data as information source.
c) Restrict users.
d) access is granted.
Correct Answer: (d) access is granted.

Q4: Which of the following are phases of Database Life Cycle (DBLC)?
Options:
a) Implementation and loading
b) Goals access control.
c) reducing the risk of data breaches.
d) objectives.
Correct Answer: (a) Implementation and loading.

Q5: The Database Initial Study Overall purpose is ______.

Options:
a) define data.
b) define information.
c) Define security labels.
d) Analyze company situation.
Correct Answer: (d) Analyze company situation.

Q1: Which of the following is Types of Access Control Policies?

Options:
a) information as resource.
b) implement policies that prevent unauthorized access.
c) technical or logical access control policies.
d) authorized personnel have access to the information needed.
Correct Answer: (c) technical or logical access control policies.

Q2: Which of the following is primarily types of Mandatory Access Control?

Options:
a) label security.
b) information security systems.
c) data security systems.
d) Multilateral security systems.
Correct Answer: (a) label security.
Q3: If the user's clearance level matches the security label of the resource ______.
Options:
a) systems check the security labels.
b) Data as information source.
c) Restrict users.
d) access is granted.
Correct Answer: (d) access is granted.

Q4: Which of the following are phases of Database Life Cycle (DBLC)?
Options:
a) Implementation and loading
b) Goals access control.
c) reducing the risk of data breaches.
d) objectives.
Correct Answer: (a) Implementation and loading.

Q1: What is a username?

Options:
a) A password used to secure an account
b) A login ID.
c) A personal email address
d) A profile picture
Correct Answer: (b) A login ID.

Q2: Which of the following is a type of password attacks?

Options:
A) Replay Attack
B) Brute Force Attack
C) SQL Injection
D) Man-in-the-Middle Attack
Correct Answer: (B) Brute Force Attack.

Q3: Which of the following is behavioral characteristics?

Options:
a) Face
b) Plam
c) Signature
d) Fingerprint
Correct Answer: (c) Signature.

Q4: What a security analyst can configure?

Options:
a) a firewall
b) a personal information
c) a customer data
d) a customer’s account
Correct Answer: (a) a firewall.

Q5: Which of the following is not a primary rule of RBAC?

Options:
a) Role assignment
b) Role authorization
c) Permission authorization
d) Role administrator
Correct Answer: (d) Role administrator.

Q3: Which of the following is Types of Access Control Policies?

Options:
a) information as resource.
b) technical or logical access control policies.
c) implement policies that prevent unauthorized access.
d) authorized personnel have access to the information needed.
Correct Answer: (b) technical or logical access control policies.

Q4: Which of the following is phases of Database Life Cycle (DBLC)?

Options:
a) protection data.
b) backup and recovery.
c) Maintenance and evolution
d) operating system.
Correct Answer: (c) Maintenance and evolution.

Q5: The Database Initial Study Overall purpose is ______.

Options:
a) Analyze company situation
b) define information.
c) Define security labels.
d) define data.
Correct Answer: (a) Analyze company situation.

Q1: An example of mandatory access control might involve an organization

______.
Options:
a) that restricts employees’ access to data based on their roles
b) determined by the relevant stakeholders such as security teams.
c) administrative policies are a combination of the other two policies.
d) They reduce security risks.
Correct Answer: (a) that restricts employees’ access to data based on their roles.

Q2: Which of the following is primarily types of Mandatory Access Control?

Options:
a) Multilateral security systems.
b) information security systems.
c) data security systems.
d) label security.
Correct Answer: (d) label security.

Q3: Which of the following is Types of Access Control Policies?

Options:
a) information as resource.
b) technical or logical access control policies.
c) implement policies that prevent unauthorized access.
d) authorized personnel have access to the information needed.
Correct Answer: (b) technical or logical access control policies.
Q1: Which of the following is considered a strong password?
Options:
A) password123
B) abcdefggg
C) 11111223
D) G#8dPz9!wA
Correct Answer: (D) G#8dPz9!wA.

Q2: Which of the following is an example for the authorization?

Options:
a) Granting access to a files, database, or system.
b) Showing an id card to entering building.
c) Ensures that user is who they claim to be.
d) Logging into account using a password.
Correct Answer: (a) Granting access to a files, database, or system.

Q3: which of the following is Goals of access control?

Options:
a) Data access.
b) Network access.

c) Revoking access

d) User access
Correct Answer: (a) Data access.

Q4: RBAC roles determine access rights. This process makes it easier for
organizations?
Options:
a) to onboard or offboard employees and update job functions.
b) To Allowing managers to bypass security policies.
c) To Reducing the need for complex passwords.
d) To Giving employees complete control.
Correct Answer: (a) to onboard or offboard employees and update job functions.
 Q5: which of the following is not models of RBAC?
Options:
a) Core RBAC.
b) Hierarchical RBAC.
c) Constrained RBAC.
d) User RBAC.
Correct Answer: (d) User RBAC.

the Midterm B:
1. What happens in the operation phase of the DBLC?
Options:
A. The database is tested and refined.
B. The database is actively used, and adjustments are made as needed.
C. The database model is designed.
D. Data security audits are conducted.
Correct Answer: (B) The database is actively used, and adjustments are made as
needed.

2. What is Role-Based Access Control (RBAC)?

Options:
A. A method for encrypting data in databases
B. A system where users assign their own permissions and privileges
C. A model where access is granted based on predefined user roles
D. A protocol for network security
Correct Answer: (C) A model where access is granted based on predefined user
roles.

3. Why are Access Control Policies important?

Options:
A. They help organizations meet compliance requirements
B. They reduce security risks by restricting data access
C. They help identify the causes of security breaches
D. All of the above
Correct Answer: (D) All of the above.
4. What are the two main types of MAC?
Options:
A. Role-based security and time-based security.
B. Multilevel security and multilateral security.
C. Open access control and closed access control.
D. Digital certificates and biometric authentication.
Correct Answer: (B) Multilevel security and multilateral security.

5. What is the key difference between Authentication and Authorization?

Options:
A. Authentication is more important than authentication while Authorization is
less important than authentication
B. Authentication confirms identity, while Authorization grants access
C. Authentication is optional, while Authorization is mandatory
D. Authentication assigns user roles, while Authorization verifies passwords
Correct Answer: (B) Authentication confirms identity, while Authorization
grants access.

6. What is an Access Control Policy?

Options:
A. A system where users assign their own permissions
B. A list of users and their permissions
C. A guideline for physical security in the workplace
D. A set of rules that define how data can be accessed
Correct Answer: (D) A set of rules that define how data can be accessed.

7. What is Mandatory Access Control (MAC)?

Options:
A. A system where users control access to their own data.
B. A cybersecurity system where access is enforced by a central authority.
C. A method of encrypting data in transit.
D. A protocol for network security.
Correct Answer: (B) A cybersecurity system where access is enforced by a
central authority.
8. Separation of Duties (SoD) is enforced in which RBAC model?
Options:
A. Core RBAC
B. Hierarchical RBAC
C. Constrained RBAC
D. Symmetric RBAC
Correct Answer: (C) Constrained RBAC.

9. Which of the following is an example of Authorization?

Options:
A. A user logging into their email account.
B. A user is granted access to specific files based on their role.
C. A user resetting their password.
D. A user receiving a verification email.
Correct Answer: (B) A user is granted access to specific files based on their role.

10. Which of the following best describes an RBAC system?

Options:
A. Users request dynamic access without predefined roles.
B. Users have unrestricted access to all system resources.
C. Permissions are assigned randomly.
D. Access permissions are granted based on the user’s assigned role.
Correct Answer: (D) Access permissions are granted based on the user’s
assigned role.

11. Which of the following is NOT a goal of access control?

Options:
A. Granting access
B. Limiting access
C. Preventing access
D. Deleting data
Correct Answer: (D) Deleting data.
12. Which of the following best describes authorization?
Options:
A. Confirming a user’s identity
B. Determining what resources a user can access
C. Encrypting passwords
D. Generating usernames
Correct Answer: (B) Determining what resources a user can access.