Rollback is incorrect because the rollback statement terminates a transaction and cancels all changes to the database, including data or schema changes. This returns the database to the previous consistent state.

Commit is incorrect because the commit statement terminates a transaction and commits all changes to the database, including both data and schema changes. This makes the changes available to other applications. If a commit statement cannot complete a transaction successfully, for example, a constraint is not met, an exception is raised, and an implicit rollback is performed.

Savepoint is incorrect because the savepoint feature enables a user to mark points in a transaction, creating subtransactions. With this feature, a user can roll back portions of a transaction without affecting other subtransactions.

91. The structured query language (SQL) server enables many users to access the same database simultaneously. Which of the following locks is held until the end of the transaction?

a. Exclusive lock

b. Page lock

c. Table lock

d. Read lock

91. a. It is critical to isolate transactions being done by various users to ensure that one user does not read another user’s uncommitted transactions. Exclusive locks are held until the end of the transaction and used only for data modification operations.

The SQL server locks either pages or entire tables, depending on the query plan for the transactions. Read locks are usually held only long enough to read the page and then are released. These are ways to prevent deadlocks when several users simultaneously request the same resource.

92. Which of the following is an example of the last line-of-defense?

a. Perimeter barriers

b. Property insurance

c. Separation of duties

d. Integrity verification software

92. b. Property insurance against natural or manmade disasters is an example of the last line-of-defense, whereas the other three choices are examples of the first line-of-defense mechanisms. The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

93. Which of the following is an example of second line-of-defense?

a. System isolation techniques

b. Minimum security controls

c. Penetration testing

d. Split knowledge procedures

93. c. Penetration testing (e.g., blue team or red team testing) against circumventing the security features of a computer system is an example of the second line-of-defense.

The other three choices are examples of the first line-of-defense mechanisms. Penetration testing follows vulnerability scanning and network scanning, where the latter are first line-of-defenses. Penetration testing either proves or disproves the vulnerabilities identified in vulnerability/network scanning.

The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy.

94. Which of the following is an example of last line-of-defense?

a. Quality assurance

b. System administrators

c. Physical security controls

d. Employee bond coverage

94. d. Employee bond coverage is a form of insurance against dishonest behavior and actions and is an example of the last line-of-defense. The other three choices are examples of the first line-of-defense mechanisms. The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems.

95. In a public cloud computing environment, which of the following provides server-side protection?

a. Encrypted network exchanges

b. Plug-ins and add-ons

c. Keystroke loggers

d. Virtual firewalls

95. d. Virtual firewalls can be used to isolate groups of virtual machines from other hosted groups, such as the production system from the development system or the development system from other cloud-resident systems. Hardening of the operating system and applications should occur to produce virtual machine images for deployment. Carefully managing virtual machine images is also important to avoid accidentally deploying images under development or containing vulnerabilities.

Plug-ins, add-ons, backdoor Trojan viruses, and keystroke loggers are examples of client-side risks or threats to be protected from. Encrypted network exchanges provide client-side protection.

96. Which of the following is not a core part of defense-in-depth strategy?

a. Least functionality

b. Layered protections

c. System partitioning

d. Line-of-defenses

96. a. Least functionality or minimal functionality means configuring an information system to provide only essential capabilities and specifically prohibiting or restricting the use of risky (by default) and unnecessary functions, ports, protocols, and/or services. However, it is sometimes convenient to provide multiple services from a single component of an information system, but doing so increases risk over limiting the services provided by any one component. Where feasible, IT organizations limit component functionality to a single function per device (e.g., e-mail server or Web server, not both). Because least functionality deals with system usability, it cannot support the defense-in-depth strategy (i.e., protecting from security breaches).

The concepts of layered protections, system partitioning, and line-of-defenses form a core part of security-in-depth or defense-in-depth strategy. By using multiple, overlapping protection mechanisms, the failure or circumvention of any individual protection approach will not leave the system unprotected. Through user training and awareness, well-crafted policies and procedures, and redundancy of protection mechanisms, layered protections enable effective protection of IT assets for the purpose of achieving its objectives. System partitioning means system components reside in separate physical domains. Managed interfaces restrict network access and information flow among partitioned system components. The line-of-defenses are security mechanisms for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems.

97. Most spyware detection and removal utility software specifically looks for which of the following?

a. Encrypted cookies

b. Session cookies