Term
| How are endpoints similar to firewalls? |
|
Definition
| by filtering out any traffic that does not meet allowed formats. ch11,1 |
|
|
Term
| List the 2 endpoint transports. |
|
Definition
|
|
Term
| List the payloads for each endpoint transport. |
|
Definition
TCP: TSQL, DATABASE_MIRRORING, SERVICE_BROKER
HTTP: SOAP ch11.1 |
|
|
Term
| List the 3 endpoint states and their definitions. |
|
Definition
Started: Actively listening for connections & will reply.
Stopped: Actively listening but returns an error.
Disabled: does not listen & does not respond. Ch11.1 |
|
|
Term
| Default LISTENER_PORT for a TSQL endpoint. |
|
Definition
|
|
Term
| Default LISTENER_PORT for a DATABASE_MIRRORING endpoint. |
|
Definition
|
|
Term
| What is the endpoint argument LISTENER_IP used for? |
|
Definition
| default = ALL, can specify an IP address which locks down the endpoint to a single IP address. Ch11.1 |
|
|
Term
| Which TCP payloads provide options to specify authentication & encryption? |
|
Definition
| DATABASE_MIRROR & SERVICE_BROKER Ch11.1 |
|
|
Term
| Best Practice: When should RC4 encryption be used VS AES? |
|
Definition
RC4 - Minimum strength, & best performance.
AES - more strength & overhead.
(Advanced Encryption Standard) Ch11.1 |
|
|
Term
| List the valid values for the TCP DATABASE_MIRROR endpoint argument ROLE. |
|
Definition
| Partner, Witness, ALL Ch11.1 |
|
|
Term
| What is the recommended number of TCP DATABASE_MIRROR endpoints to create per instance? |
|
Definition
| You can specify only one DATABASE_MIRROR endpoint per instance. If multiple instances exist on a single server, then each must have a unique port number. Ch11.1 |
|
|
Term
| When is SERVICE_BROKER traffic encrypted? |
|
Definition
| Only when data will be transmitted outside the instance. Ch11.1 |
|
|
Term
| What is meant by reducing the SQL Server Surface Area? |
|
Definition
| Minimizing the number of possible attack points by minimizing the feature set that is enabled. Ch11.2 |
|
|
Term
| What SP is used to enable/disable features? |
|
Definition
|
|
Term
| In which editions of SQL Server 2008 is the Surface Area Configuration Manager available? |
|
Definition
| Does not exist in 2008. Offered in SS 2005. Ch11.2 |
|
|
Term
| List the features that should be disabled unless needed. |
|
Definition
Ad Hoc Distributed Queries, CLR, CDOC, Database Mail, , SQL Mail External Key Management, Filestream Access Level, OLE Automation, Remote Admin Connections, xp_cmdshell Ch11.2
{hawk, clear sky, dropping CD's, into 2 mailboxes, keys burst out, into a stream of files, Ollie robot, remote control, X-wing exploding} |
|
|
Term
| What feature is disabled to prevent remote connections? |
|
Definition
|
|
Term
| SQL to alter a fixed server role. |
|
Definition
| You cannot alter a FIXED server role. Ch11.3 |
|
|
Term
| SQL Mail VS Database Mail |
|
Definition
SQL Mail: Deprecated in SS2005, less secure, used MAPI, required Outlook
Database Mail: Introduced in SS2005, uses SMTP, can be encrypted. Ch11.2 |
|
|
Term
| Fixed Server Role: processadmin |
|
Definition
| Manage connections, start/pause an instance. p.265 |
|
|
Term
| Fixed Server Role: securityadmin |
|
Definition
| Create, alter, and drop logins, but can't change passwords. p.265 |
|
|
Term
| Fixed Server Role: serveradmin |
|
Definition
| Same as diskadmin & processadmin, plus manage endpoints, change instance settings and shut down instance. p.265 |
|
|
Term
| Fixed Server Role: setupadmin |
|
Definition
| manage linked servers p.266 |
|
|
Term
| Fixed Server Role: sysadmin |
|
Definition
| Perform any action withing the instance. Members cannot be prevented from accessing any object, nor performing any action. p.266 |
|
|
Term
| What is the principle of "no access by default"? |
|
Definition
| If you haven't explicitly been granted permission, you cannot perform an action. p.266 |
|
|
Term
|
Definition
| A valid user, but not mapped to a login. Designed to replace application roles. Users still authenticate to the instance with their own creds, but switch users when changing database context. Provides a better audit trail. p.266 |
|
|
Term
| Permissions in a sentence. |
|
Definition
| You GRANT/REVOKE/DENY Permissions ON Securables TO Principals. p.271 |
|
|
Term
A database role is a _____ that contains one or more users.
A login
B principal
C securable
D permission |
|
Definition
|
|
Term
Which are valid examples of securables?
A: instance
B: database
C: tables
D: views
E: procedures |
|
Definition
|
|
Term
All objects have a
A: permission
B: securable
C: principal
D: owner |
|
Definition
|
|
Term
| Fixed database roles: db_accessadmin |
|
Definition
| Add/removed users in a database. p.267 |
|
|
Term
| Fixed database roles: db_backupoperator |
|
Definition
| Backup the database but cannot restore a database or view any information in the database. p.267 |
|
|
Term
| Fixed database roles: db_datareader |
|
Definition
| SELECT against all tables, views, and functions within the database. |
|
|
Term
The fixed database roles db_datareader grants SELECT against which objects within a database?
A: tables
B: views
C: functions
D: procedures |
|
Definition
|
|
Term
| Fixed database roles: db_datawriter |
|
Definition
| INSERT/UPDATE/DELETE & MERGE against all tables. |
|
|
Term
| Fixed database roles: db_owner |
|
Definition
| Has control over the database and all objects contained within. p.267 |
|
|
Term
| Fixed database roles: db_securityadmin |
|
Definition
| Manage membership of roles & permissions, but cannot manage membership for the db_owner role. p.267 |
|
|
Term
Who can manage members of the db_owner role? Members of:
A: sysadmin
B: db_owner
C: db_securityadmin
D: db_accessadmin |
|
Definition
|
|
Term
| Fixed database roles: public |
|
Definition
| Default group in every database that all users belong to. p.267 |
|
|
Term
| GRANT SELECT ON SCHEMA:ahammer to
A: user can view all tables in instance
B: user can view all tables in database
C: user can view all tables in ahammer schema
D: user can view all tables in cluster |
|
Definition
| C: user can view all tables in ahammer schema p.273 |
|
|
Term
| What permission is required to view metadata? |
|
Definition
GRANT VIEW DEFINITION
Ch11.4 |
|
|
Term
| What permission is required to view execution statistics? |
|
Definition
GRANT VIEW SERVER STATE (sys.db_exec_requests)
Ch11.4 |
|
|
Term
| Who owns each object in a database? |
|
Definition
|
|
Term
|
Definition
| Obj A calls Obj B & Obj B calls Obj C. All Objects have the same owner. Ch.11.4 |
|
|
Term
| What is used to bridge a broken ownership chain? |
|
Definition
|
|
Term
|
Definition
| Display or changes global configuration settings for the current server. |
|
|
