Graded Quiz: Data Essentials and Vulnerabilities :Database Essentials and Vulnerabilities (IBM Cybersecurity Analyst Professional Certificate) Answers 2025
1. Question 1
ACID compliance ensures:
-
❌ Support for unstructured data
-
✅ Accuracy and consistency of data despite failures
-
❌ High availability & scalability
-
❌ Unlimited storage
Explanation:
ACID guarantees reliable, consistent, and fail-safe transactions.
2. Question 2
Advantage of NoSQL databases:
-
❌ Support ACID like relational DBs
-
❌ Strict fixed schema
-
❌ Use SQL for querying
-
✅ Handle large volumes of structured, semi-structured & unstructured data
Explanation:
NoSQL databases offer high scalability and flexibility for diverse data types.
3. Question 3
Purpose of a primary key:
-
❌ Variable-length storage
-
❌ Store text
-
✅ Uniquely identify each row and prevent duplicates
-
❌ Create table links
Explanation:
Primary keys ensure each row is uniquely identifiable.
4. Question 4
Who can grant/remove permissions?
-
✅ A user with ADMIN privilege or the object owner
-
❌ Any user
-
❌ Public role
-
❌ User with read access
Explanation:
Only privileged users or object owners control permissions.
5. Question 5
SQL command to define structure:
-
❌ DML
-
❌ DCL
-
✅ DDL
-
❌ DRL
Explanation:
DDL includes CREATE, ALTER, DROP → defines database structure.
6. Question 6
Difference between physical & logical backups:
-
❌ Logical is faster
-
❌ Physical = local only
-
✅ Physical = actual data files; Logical = database structure & data (SQL dump)
-
❌ Physical = last full backup only
Explanation:
Physical copies raw database files; logical exports schema + data.
7. Question 7
Securing trade secrets:
-
❌ Update DBMS only
-
❌ Store only in physical form
-
❌ Accessible to all
-
✅ Encrypt data + MFA + strong authentication
Explanation:
Sensitive data must be encrypted with strict access controls.
8. Question 8
Safeguarding bank customer data:
-
❌ Basic version control
-
✅ Encrypt data, implement access controls, perform audits
-
❌ Open access
-
❌ Store only physically
Explanation:
Security requires encryption + access control + monitoring.
9. Question 9
Protecting data at rest:
-
❌ Secure communication
-
❌ Integrity checks
-
❌ Secure coding
-
✅ Encrypting the data
Explanation:
Encryption protects data even if physical devices are stolen.
10. Question 10
Data sovereignty requirement:
-
❌ Geolocation monitoring
-
❌ Encrypt during processing
-
❌ Encrypt during transmission
-
✅ Comply with data protection laws where data is stored
Explanation:
Each country has unique data laws that organizations must follow.
11. Question 11
Benefit of encryption:
-
❌ Replaces data with fictional data
-
✅ Makes data unreadable to unauthorized users
-
❌ Original cannot be retrieved (not true for encryption)
-
❌ Produces fixed-size string (hashing does)
Explanation:
Encryption ensures confidentiality.
12. Question 12
Benefit of tokenization:
-
❌ Divides data into segments
-
❌ Makes data hard to understand
-
❌ Fixed-size string (hashing)
-
✅ Replaces sensitive data with non-exploitable tokens
Explanation:
Tokens have no usable value if stolen.
13. Question 13
Method for isolating sensitive data:
-
❌ Tokenization
-
❌ Obfuscation
-
❌ Permissions
-
✅ Segmentation
Explanation:
Segmentation restricts access to sensitive groups of data.
14. Question 14
Principle of least privilege:
-
❌ Give admin rights to all
-
❌ Grant access to all resources
-
✅ Assign permissions only as needed for job roles
-
❌ Share accounts
Explanation:
Users get only the minimum access required.
15. Question 15
Primary risk of OS command injection:
-
✅ Full system compromise
-
❌ DoS
-
❌ Unauthorized file access
-
❌ Encryption issues
Explanation:
OS command injection allows attackers to run arbitrary commands.
16. Question 16
Safe practice for handling filenames in apps:
-
❌ Ignore sanitization
-
❌ Run with high privileges
-
✅ Use built-in library functions
-
❌ Execute OS commands
Explanation:
Library functions avoid risky shell-based execution.
17. Question 17
Why avoid shell interpreters?
-
❌ Reduce number of commands
-
❌ Faster execution
-
❌ Simplify parameters
-
✅ To prevent command chaining & shell exploitation
Explanation:
Shell interpreters allow dangerous chaining like ;, &&, |.
18. Question 18
Prevent executable path attacks:
-
✅ Use explicit paths for all executables
-
❌ Allow user-specified paths
-
❌ Use relative paths
-
❌ Ignore path settings
Explanation:
Explicit paths prevent executing malicious files placed earlier in PATH.
19. Question 19
Why use functions that take string arrays?
-
❌ Fewer parameters
-
✅ They prevent command injection by separating parameters
-
❌ More flexible
-
❌ Faster
Explanation:
String arrays avoid shell parsing → safer.
20. Question 20
SQL injection method to bypass authentication:
-
❌ Encrypt SQL
-
❌ Additional parameters
-
❌ Modify structure
-
✅ Use a condition that always evaluates to TRUE
Example:' OR 1=1 --
Explanation:
This forces authentication queries to always return a valid user.
🧾 Summary Table
| Q | Correct Answer | Key Concept |
|---|---|---|
| 1 | Accuracy & consistency | ACID |
| 2 | Handles all data types | NoSQL advantage |
| 3 | Unique row identifier | Primary key |
| 4 | Admin/owner grants perms | DB permissions |
| 5 | DDL | Create/define structure |
| 6 | Physical vs logical backups | Backup types |
| 7 | Encryption + MFA | Trade secret security |
| 8 | Encrypt + access control + audits | Customer data protection |
| 9 | Encrypt data at rest | Data security |
| 10 | Comply with local laws | Data sovereignty |
| 11 | Unreadable to unauthorized users | Encryption |
| 12 | Replace with tokens | Tokenization |
| 13 | Segmentation | Data isolation |
| 14 | Minimum required access | Least privilege |
| 15 | Full system compromise | OS injection |
| 16 | Use library functions | Secure coding |
| 17 | Prevent command chaining | Avoid shells |
| 18 | Use explicit paths | Path safety |
| 19 | String array parameters | Injection prevention |
| 20 | TRUE condition injection | SQLi bypass |