Term
|
Definition
Endpoints are a layer of security at the border between
applications and a SQL Server instance |
|
|
Term
|
Definition
traffic must be authorized before it reaches SQL
Server |
|
|
Term
| Note that endpoints are used for ________connections only |
|
Definition
|
|
Term
| two basic parts of endpoints |
|
Definition
|
|
Term
| Any attempt to use a different payload on a defined endpoint will be _______, without needing to authenticate the request |
|
Definition
|
|
Term
|
Definition
| In addition to correctly matching transport and payload, access must be granted on the endpoint to allow a connection |
|
|
Term
| Two layers of endpoint access: |
|
Definition
Endpoint state
Permission |
|
|
Term
|
Definition
STARTED: endpoint is actively listening for connections and will reply to an application
STOPPED: endpoint is actively listening but rejects and closes new connections
DISABLED: endpoint does not listen and does not respond to any connection that is attempted |
|
|
Term
|
Definition
application must have a login created in SQL
Server with CONNECT permission granted on the endpoint
By default, all PUBLIC groups have permission to use the default TCP connection |
|
|
Term
| Administrators have a “master switch” to shut off access immediately by setting the endpoint state to ______ |
|
Definition
|
|
Term
| TCP endpoints can be created for 3 different payloads: |
|
Definition
TSQL
DATABASE_MIRRORING
SERVICE_BROKER |
|
|
Term
|
Definition
required; defaults to 1433 for TSQL or the
alternate port number for the instance |
|
|
Term
|
Definition
|
|
Term
| Encryption methods available: |
|
Definition
Microsoft Windows-based authentication
Certificates |
|
|
Term
For __________ endpoints, you can specify the authentication method and the encryption
setting |
|
Definition
| Database Mirroring and Service Broker |
|
|
Term
| To specify Windows-based authentication, select __________ |
|
Definition
| NTLM, KERBEROS, or NEGOTIATE option |
|
|
Term
| Best practices, For DB Mirroring and Service Broker instances residing within a single domain or across trusted domains, use ________ |
|
Definition
|
|
Term
| best practices, For instances that span non-trusted domains, use ____________ |
|
Definition
| certificate-based authentication |
|
|
Term
|
Definition
can be specified for all communications
between endpoints
Default is RC4; AES also available |
|
|
Term
| Best Practices for Encryption: |
|
Definition
Use RC4 for minimal encryption and best performance
Use AES if strong encryption is required, but be aware that it requires more calculation overhead and will affect performance |
|
|
Term
|
Definition
PARTNER: endpoint can only participate as the principal or as the mirror
WITNESS: endpoint can participate only as a witness
ALL: endpoint can function in any role |
|
|
Term
| SQL Server Service Broker |
|
Definition
provides native support for messaging and
queuing applications |
|
|
Term
|
Definition
enables messages destined for a different broker instance to be forwarded to a specified
forwarding address
Values are ENABLED and DISABLED |
|
|
Term
| Can determine whether the instance will accept remote connections by _____________ |
|
Definition
| by enabling the TCP/IP network provider for remote access |
|
|
Term
|
Definition
exists for interoperability with previous
versions |
|
|
Term
|
Definition
| exist for backwards compatibility |
|
|
Term
| Cross Database Ownership Chaining (CDOC): |
|
Definition
| allows you to transfer execution authority across databases |
|
|
Term
|
Definition
the means by which you authenticate and are
identified within an instance or database |
|
|
Term
| Two major categories of principals: |
|
Definition
|
|
Term
| 5 types of logins in SQL Server 2008: |
|
Definition
Standard SQL Server login
Windows login
Windows group
Certificate
Asymmetric key |
|
|
Term
|
Definition
provide a means to group multiple users with the
same permissions (same functionality as groups in Windows) |
|
|
Term
|
Definition
a set of instance-only roles that ship
with SQL Server
You cannot modify permissions on those roles
You cannot create additional roles at an instance level |
|
|
Term
| User Database Roles, best practices |
|
Definition
create database roles, add users to the role,
and then grant permissions to the role |
|
|
Term
|
Definition
have a special position within
the SQL Server security structure |
|
|
Term
|
Definition
the objects to which you assign permissions for
security principals
Every object within SQL Server, including the entire instance, is a securable |
|
|
Term
|
Definition
container which own all of the objects within a
database; a schema is owned by a database owner |
|
|
Term
|
Definition
allow you to trap and respond to login events
Can be at instance or database level
Use ON clause to set the scope
Can execute a ROLLBACK TRANSACTION within the DDL
trigger to undo any DDL statement executing within the
context of a transaction
DDL statements that make changes to the file structure of the
DB are not transactional; can only audit, not prevent |
|
|
Term
|
Definition
allow you to group DDL events within an
instance, and apply triggers to groups |
|
|
Term
|
Definition
a combination of several elements into a single
package for a specific group of server actions or DB actions
Is at the instance level
Can have multiple audits per instance |
|
|
Term
|
Definition
an object that collects server or DB
audit actions and groups of actions to monitor; at instance level |
|
|
