You are the SQL administrator of your company. The network contains a default instance of SQL Server 2008that was upgraded from SQL Server 2005.
You discover that several unwanted settings and features are configured on the SQL server.
You want to reducethe SQL server surface area to prevent the server from attacks by malicious users.
To achieve this, you want toconfigure the connection, protocols, and startup options for the SQL server.
What should you use to perform this task?
A.
SQL Server Management Studio
B.
SQL Server Configuration Manager
C.
a SET statement
D.
the sys.configurations view
Explanation:
You should use SQL Server Configuration Manager. When you perform a new installation of SQL Server, severalfeatures are not enabled by default. This reduces the surface area to prevent malicious users from attacking theserver. But when you upgrade the SQL server from a previous version, all services, settings, and features remainenabled that were enabled before upgrading the server. This provides additional surface area to malicious users. You can reduce the surface area by disabling or turning off unnecessary services and settings on the SQL server.SQL Server 2008 provides various tools to achieve this. You can use the SQL Server Configuration Manager toconfigure protocols, services, connection, and startup options. You will need to use an account that is a memberof the sysadmin fixed server role to be able to perform tasks such as stopping or configuring the SQL Server orSQL Server Agent services. You can use SQL Server Management Studio to configure Database Enginefeatures. You can use the Invoke-PolicyEvaluation PowerShell cmdlet to invoke Surface Area Configurationpolicies. You should not use SQL Server Management Studio because it does not allow you to configure the connection,protocols, and startup options for the SQL server. You can use SQL Server Management Studio to configureDatabase Engine features. You should not use a SET statement because it does not allow you to configure the connection, protocols, andstartup options for the SQL server. SET statements are used to change the current session handling of specificinformation. You should not use the sys.configurations
view because it does not allow you to configure the connection,protocols, and startup options for the SQL server. The sys.configurations view is a catalog view that containsinformation about server-wide configuration options.Objective:
Managing SQL Server SecuritySub-Objective:
Configure surface area.References:
MSDN > MSDN Library > Servers and Enterprise Development > SQL Server > SQL Server 2008 > ProductDocumentation > SQL Server 2008 Books Online > Database Engine > Security and Protection > SecureDeployment > Understanding Surface Area Configuration MSDN > MSDN Library > Servers and Enterprise Development > SQL Server > SQL Server 2008 > ProductDocumentation > SQL Server 2008 Books Online > Getting Started > Initial Installation > SQL Server Setup UserInterface Reference > Minimize SQL Server 2008 Surface Area