Harvard University

AUDIT 111

Chapter 4-IT Security Part II: Auditing Database Systems

TRUE/FALSE

1)The database approach to data management is sometimes called the flat file approach.

2. The database management system provides a controlled environment for accessing the database.

3. To the user, data processing procedures for routine transactions, such as entering sales orders, appear to be identical in the database environment and in the traditional environment.

4. An important feature associated with the traditional approach to data management is the ability to produce ad hoc reports.

5. The data definition language is used to insert special database commands into application programs.

6. There is more than one conceptual view of the database.

7. In the database method of data management, access authority is maintained by systems programming.

8. The physical database is an abstract representation of the database.

9. A customer name and an unpaid balance is an example of a one-to-many relationship.

10. In the relational model, a data element is called a relation.

11. Subschemas are used to authorize user access privileges to specific data elements.

12. A recovery module suspends all data processing while the system reconciles its journal files against the database.

13. The database management system controls access to program files.

14. Examining programmer authority tables for information about who has access to Data Definition Language commands will provide evidence about who is responsible for creating sub- schemas.

15. Data normalization groups data attributes into tables in accordance with specific design objectives.

16. Under the database approach, data is viewed as proprietary or owned by users.

17. The data dictionary describes all of the data elements in the database.

18. A join builds a new table by creating links.

19. A deadlock is a phenomenon that prevents the processing of transactions.

20. Timestamping is a control that is used to ensure database partitioning.

21. A lockout is a software control that prevents multiple users from simultaneous access

to data.

22. An entity is any physical thing about which the organization wishes to capture data.

23. An ER diagram is a graphical representation of a data model.

24. The term occurrence is used to describe the number of attributes or fields pertaining to a specific entity.

25. Cardinality describes the number of possible occurrences in one table that are associated with a single occurrence in a related table.

MULTIPLE CHOICE

1. All of the following are basic data management tasks except

2. The task of searching the database to locate a stored record for processing is called

3. Which of the following is not a problem usually associated with the flat-file approach to data management?

4. Which characteristic is associated with the database approach to data management?

5. Which characteristic is not associated with the database approach to data management?

6. The textbook refers to four interrelated components of the database concept. Which of the following is not one of the components?

7. Which of the following is not a responsibility of the database management system?

8. A description of the physical arrangement of records in the database is

9. Which of the following may provide many distinct views of the database?

10. Users access the database

11. The data definition language

12. The data manipulation language

13. Which statement is not correct? A query language like SQL

14. Which duty is not the responsibility of the database administrator?

15. In a hierarchical model

16. Which term is not associated with the relational database model?

17. In the relational database model

18. In the relational database model all of the following are true except

19. In a relational database

20. Which of the following is not a common form of conceptual database model?

21. Which statement is false?

22. All of the following are elements of the DBMS which facilitate user access to the database except

23. Which of the following is a level of the database that is defined by the data definition language?

24. An example of a distributed database is

25. Data currency is preserved in a centralized database by

26. Which procedure will prevent two end users from accessing the same data element at the same time?

27. The advantages of a partitioned database include all of the following except

28. A replicated database is appropriate when

29. What control maintains complete, current, and consistent data at all information processing units?

30. Data concurrency

31. All of the following are advantages of a partitioned database except

32. Which backup technique is most appropriate for sequential batch systems?

33. When creating and controlling backups for a sequential batch system,

34. In a direct access file system

35. Which of the following is not an access control in a database system?

36. Which of the following is not a basic database backup and recovery feature?

37. Audit objectives for the database management system include all of the following

except

38. All of the following tests of controls will provide evidence that access to the data files is limited except

39. Which of the following is not a test of access controls?

40. The database attributes that individual users have permission to access are defined in

SHORT ANSWER

Use the following words to complete the sentences in questions 1 through 5.

1.                                                               occurs when a specific file is reproduced for each user who needs access to the file.

2. The conceptual view of the database is often called                                              .

3. The                                                  allows users to retrieve and modify data easily.
4. The                                                                 authorizes access to the database.

5. The                                                                 describes every data element in the database.

6. How does the database approach solve the problem of data redundancy?

7. Describe two tests of controls that would provide evidence that the database management system is protected against unauthorized access attempts.

8. What is a database authorization table?

9. What are two types of distributed databases?

10. Describe an environment in which a firm should use a partitioned database.

11. Why are the hierarchical and network models called navigational databases?

12. What is a database lockout?

13. What is the partitioned database approach and what are its advantages?

14. What is a replicated database and what are the advantages of this approach?

15. What is a legacy system?

16. What is the flat-file model?

17. What are the four primary elements of the database approach?

18. What types of problems does data redundancy cause?
19. What flat-file data management problems are solved as a result of using the database concept?

20. What are four ways in which database management systems provide a controlled environment to manage user access and the data resources?

21. Explain the relationship between the three levels of the data definition language. As a user, which level would you be most interested in?

22. What is the internal view of a database?

23. What is DML?

24. What is a data dictionary, and what purpose does it serve?

25. Discuss and give an example of one-to-one, one-to-many, and many-to-many record associations.

ESSAY

1. What are the four elements of the database approach? Explain the role of each.

2. Explain the three views of a database.

3. Explain a database lockout and the deadlock phenomenon. Contrast that to concurren- cy control and the timestamping technique. Describe the importance of these items in relation to database integrity.

4. One purpose of a database system is the easy sharing of data. But this ease of sharing can also jeopardize security. Discuss at least three forms of access control designed to reduce this risk.