###BeginCaseStudy###
Case Study 1
Litware, Inc
Overview
You are a database administrator for a company named Litware, Inc. Litware is a book
publishing house.
Litware has a main office and a branch office.
You are designing the database infrastructure to support a new web-based application that is
being developed. The web application will be accessed at www.litwareinc.com. Both internal
employees and external partners will use the application.
You have an existing desktop application that uses a SQL Server 2008 database named
App1_DB. App1_DB will remain in production.
Requirements
Planned Changes
You plan to deploy a SQL Server 2014 instance that will contain two databases named
Database1 and Database2. All database files will be stored in a highly available SAN.
Database1 will contain two tables named Orders and OrderDetails. Databasel will also
contain a stored procedure named usp_UpdateOrderDetails. The stored procedure is used to
update order information. The stored procedure queries the Orders table twice each time the
procedure executes. The rows returned from the first query must be returned on the second
query unchanged along with any rows added to the table between the two read operations.
Database1 will contain several queries that access data in the Database2 tables.
Database2 will contain a table named Inventory. Inventory will contain over 100 GB of data.
The Inventory table will have two indexes: a clustered index on the primary key and a
nonclustered index. The column that is used as the primary key will use the identity property.
Database2 will contain a stored procedure named usp_UpdateInventory.
Usp_UpdateInventory will manipulate a table that contains a self-join that has an unlimited
number of hierarchies.
All data in Database2 is recreated each day and does not change until the next data creation
process.
Data from Database2 will be accessed periodically by an external application named
Application1. The data from Database2 will be sent to a database named App1_Db1 as soon
as changes occur to the data in Database2.
Litware plans to use offsite storage for all SQL Server 2014 backups.
Business Requirements
You have the following requirements:
• Costs for new licenses must be minimized.
• Private information that is accessed by Application must be stored in a secure format.
• Development effort must be minimized whenever possible.
• The storage requirements for databases must be minimized.
• System administrators must be able to run real-time reports on disk usage.
• The databases must be available if the SQL Server service fails.
• Database administrators must receive a detailed report that contains allocation errors
and data corruption.
• Application developers must be denied direct access to the database tables.
Applications must be denied direct access to the tables.
• You must encrypt the backup files to meet regulatory compliance requirements. The
encryption strategy must minimize changes to the databases and to the applications.
###EndCaseStudy###
You need to recommend a solution for Application1 that meets the security requirements.
What should you include in the recommendation?
A.
Signed stored procedures
B.
Certificate Authentication
C.
Encrypted columns
D.
Secure Socket Layer (SSL)
Explanation:
* Scenario:
/ Data from Database2 will be accessed periodically by an external application named
Application1
/ Application developers must be denied direct access to the database tables. Applications
must be denied direct access to the tables.
Shouldn’t this be C, Encrypted Columns?
i agree, meeting the security requirement “Private information that is accessed by Application must be stored in a secure format.” you should use Encrypted columns! therefore C is the right awnser
the Explanation “Application developers must be denied direct access to the database tables. Applications must be denied direct access to the tables.” doesn’t require signed procedures….this need a structured authorization concept.
What is denying direct access to tables if not a security requirement?
I agree C is correct
facepalm