SQL Server: Database Security Interview Questions and Answers (Day-1)

What do you mean by Database Security?

Database security refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks. It is a broad term that includes a multitude of processes, tools and methodologies that ensure security within a database environment.

What is Data Masking?

Database Theory: What is a Data Masking ?

What is Data Theft?

Data theft is the act of stealing computer-based information from an unknowing victim with the intent of compromising privacy or obtaining confidential information. Data theft is increasingly a problem for individual computer users, as well as big corporate firms.

Data must be stored and transmitted securely, so that information such as credit card numbers cannot be stolen. Over the Internet and Wide Area Network (WAN) environments, both public carriers and private network owners often route portions of their network through insecure landlines, extremely vulnerable microwave and satellite links, or a number of servers.

What are the different types of Security levels?

  • Physical
  • Human
  • Operating System
  • Network
  • Database System

What does Database Encryption and Decryption mean?

Database encryption is the process of converting data, within a database, in plain text format into a meaningless cipher text by means of a suitable algorithm.

Database decryption is converting the meaningless cipher text into the original information using keys generated by the encryption algorithms.

Database encryption can be provided at the file or column level.

What is SQL injection?

SQL injection is an attack by malicious users in which malicious code can be inserted into strings that can be passed to an instance of SQL server for parsing and execution. All statements have to checked for vulnerabilities as it executes all syntactically valid queries that it receives.

Even parameters can be manipulated by the skilled and experienced attackers.

What are the methods used to protect against SQL injection attack?

Following are the methods used to protect against SQL injection attack:

  • Use Parameters for Stored Procedures
  • Filtering input parameters
  • Use Parameter collection with Dynamic SQL
  • In like clause, user escape characters

How can SQL Server instances be hidden?

To hide a SQL Server instance, we need to make a change in SQL Server Configuration Manager.

To do this launch SQL Server Configuration Manager and do the following:

select the instance of SQL Server, right click and select Properties. After selecting properties you will just set Hide Instance to “Yes” and click OK or Apply.

After the change is made, you need to restart the instance of SQL Server to not expose the name of the instance.

What are Orphaned Users?

A database user for which the corresponding SQL Server login is undefined or is incorrectly defined on a server instance cannot log in to the instance. Such a user is said to be an orphaned user of the database on that server instance.

  • A database user can become orphaned if the corresponding SQL Server login is dropped.
  • A database user can become orphaned after a database is restored or attached to a different instance of SQL Server.
  • Orphaning can happen if the database user is mapped to a SID that is not present in the new server instance.

Would you please describe any five server role with its permission?

  • bulkadmin: Granted – ADMINISTER BULK OPERATIONS
  • dbcreator: Granted – CREATE ANY DATABASE
  • diskadmin: Granted – ALTER RESOURCES
  • securityadmin: Granted – ALTER ANY LOGIN
  • setupadmin: Granted – ALTER ANY LINKED SERVER
  • sysadmin: Granted with GRANT option – CONTROL SERVER

Which authentication mode is more secured?

Windows authentication is definitely more secure as it’s controlled and authenticated by Active Directory policies.

What is a Symmetric key in Data encryption process?

In Symmetric cryptography system, the sender and the receiver of a message share a single, common key that is used to encrypt and decrypt the message. This is relatively easy to implement, and both the sender and the receiver can encrypt or decrypt the messages.

What is a Asymmetric key in Data encryption process?

Asymmetric cryptography, also known as Public-key cryptography, is a system in which the sender and the receiver of a message have a pair of cryptographic keys – a public key and a private key – to encrypt and decrypt the message. This is a relatively complex system where the sender can use his key to encrypt the message but he cannot decrypt it. The receiver, on the other hand, can use his key to decrypt the message but he cannot encrypt it.

What Secure Socket Layer (SSL) with SQL Server and can we enable it?

Yes: We can enable SSL with SQL Server

Microsoft SQL Server can use Secure Sockets Layer (SSL) to encrypt data that is transmitted across a network between an instance of SQL Server and a client application. Enabling SSL encryption increases the security of data transmitted across networks between instances of SQL Server and applications.

What are basic steps to configure SSL for SQL Server?

Install a certificate in the Windows certificate store of the server computer.

Click Start, in the Microsoft SQL Server program group, point to Configuration Tools, and thenclick SQL Server Configuration Manager.

Expand SQL Server Network Configuration, right-click the protocols for the server you want, and then click Properties.

On the Certificate tab, configure the Database Engine to use the certificate.

On the Flags tab, view or specify the protocol encryption option. The login packet will always be encrypted.

What are the built-In Schemas?

  • dbo
  • guest
  • sys

Are you agree with User-Schema Separation in SQL Server?

Yes: User-schema separation allows for more flexibility in managing database object permissions. A schema is a named container for database objects, which allows you to group objects into separate namespaces.

Please share your ideas and opinions about this topic with me, your contribution will add true value to this topic.
If anyone has doubts on this topic then please do let me know by leaving comments or send me an email.

If you like this post, then please share it with others.
Please follow dbrnd.com, I will share my experience towards the success of Database Research and Development Activity.

I put up a post every day, please keep reading and learning.
Discover Yourself, Happy Blogging !
Anvesh M. Patel.

More from dbrnd.com

Leave a Reply

Be the First to Comment!

Notify of