©2023 TVET CDACC

061205T4CYB
CYBER SECURITY TECHNICIAN LEVEL 5
SECURE DATABASES
SEC/OS/CS/CR/05/5/A
Nov. / Dec. 2023

TVET CURRICULUM DEVELOPMENT, ASSESSMENT AND CERTIFICATION

COUNCIL (TVET CDACC)

WRITTEN ASSESSMENT

TIME: 3 HOURS

INSTRUCTIONS TO CANDIDATES
1. This paper has three sections A, B and C.
2. You are provided with a separate answer booklet.
3. Marks for each question are as indicated.
4. Do not write on the question paper.

This paper consists of 7 printed pages

Candidates should check the question paper to ascertain that all pages
are printed as indicated and that no questions are missing

Page 1 of 7
 ©2023 TVET CDACC

SECTION A: (20 MARKS)

Answer all questions in this section.
Each question carries one Mark.
1. When configuring a database firewall according to the expected operation, which aspect of
the database environment is typically influenced?
A. Data availability
B. Database backup frequency
C. Data retention policies
D. Database performance and security
2. Which type of database is best suited for handling complex queries and large volumes of data
with a focus on data warehousing and business intelligence?
A. Relational Database
B. NoSQL Database
C. Graph Database
D. Columnar Database
3. Why is it essential to adhere to the ICT policy when monitoring and applying database
patches?
A. It has no impact on the database
B. It reduces database performance
C. It ensures compliance with regulations and security best practices.
D. It minimizes the need for database backups.
4. Which of the following is a key criterion for classifying databases based on data model?
A. Data storage capacity
B. Data consistency
C. Data structure and organization
D. Data processing speed
5. Which of the following is a key consideration when configuring a database firewall in line
with the expected database operation?
A. Network latency optimization.
B. Protection against SQL injection attacks.
C. Efficient load balancing for database queries.
D. Enhancing database naming conventions.

Page 2 of 7
 ©2023 TVET CDACC

6. How do the following manufacturer's guide affect the overall security of the database
environment when checking for misconfigurations?
A. It has no impact on database security.
B. It strengthens database security by addressing vulnerabilities
C. It only affects physical security.
D. It increases the risk of security breaches.
7. Which of the following is not a type of database model?
A. Hierarchical
B. Network
C. Distributed
D. Decentralized
8. Which risks can be mitigated by monitoring and applying database patches according to the
ICT policy?
A. Data breaches and unauthorized access
B. Physical security issues.
C. Server power consumption.
D. Data retention policies.
9. What is a common industry best practice for securing database backups?
A. Storing backups in an unprotected folder on the database server
B. Using strong encryption to protect backup files
C. Keeping backup files in plain text format
D. Regularly sharing backups with external partners
10. What is the primary purpose of conducting cost evaluation when identifying database types?
A. To prioritize the use of the most expensive databases.
B. To optimize database query performance.
C. To ensure that the selected database type aligns with organizational budget
constraints and efficiency requirements.
D. To increase licensing costs

Page 3 of 7
 ©2023 TVET CDACC

11. Data integrity means:

A. Providing first access to stored data
B. Ensuring correctness and consistency of data
C. Providing data sharing
D. Ensuring data replication
12. Which aspect of data management is most influenced by following the organization's policy
when identifying and managing backup solutions?
A. Data color scheme.
B. Data retention policies.
C. Data availability and recoverability.
D. Data server location.
13. Authentication refers to:
A. Methods of restricting user access to system
B. Controlling access to portions of database
C. Controlling the operation on the data
D. Method of preventing data from being manipulated
14. Which of the following is NOT a key principle of managing user access control in
accordance with the least privilege principle?
A. Granting users maximum access rights by default.
B. Assigning permissions based on job roles and responsibilities.
C. Regularly reviewing and adjusting user permissions.
D. Implementing role-based access control (RBAC).
15. What is the primary purpose of adhering to the organization's ICT policy and regulations
when scheduling automatic backups?
A. To increase data vulnerability.
B. To reduce backup frequency.
C. To ensure that data remains recoverable, protected, and retained in compliance with
organizational and regulatory requirements.
D. To maximize network bandwidth usage.
16. Which of the following best describe the term database?
A. Organized collection of information that cannot be accessed, updated, and managed
B. Collection of data or information without organizing

Page 4 of 7
 ©2023 TVET CDACC

C. Organized collection of data or information that can be accessed, updated, and

managed
D. Organized collection of data that cannot be updated.
17. What role does hardware sizing play in disaster recovery planning for a secured database?
A. It has no impact on disaster recovery planning.
B. It determines the database security policies.
C. It ensures the hardware can support backup and recovery requirements.
D. It automates the disaster recovery process.
18. Which type of database is designed to handle massive amounts of data, often in the petabyte
or exabyte range, and is commonly used for data analytics and processing?
A. Small-scale database
B. Medium-scale database
C. Large-scale database
D. Big Data database
19. Which of the following is NOT a typical step in deploying database patches in a test
environment?
A. Backing up the production database.
B. Running patch tests on a non-replica database.
C. Evaluating the patch's impact on performance and functionality.
D. Directly applying patches to the production environment.
20. When sizing hardware for a secured database, which of the following factors is most
important to consider?
A. Storage capacity.
B. CPU clock speed.
C. Network bandwidth.
D. Monitor size.

Page 5 of 7
 ©2023 TVET CDACC

SECTION B: (40 MARKS)

Answer all questions in this section.

21. Explain TWO key factors to consider when testing a database (4marks)
22. Give FOUR for reasons for conducting an assessment of security vulnerabilities, risks, and
threats in a database. (4marks)
23. Why is it important to monitor and apply database patches in accordance with the
organization’s ICT policy? (5marks)
24. Outline FIVE advantages for performing database backup. (5marks)
25. Distinguish between threat and vulnerability as applied in database security. (4marks)
26. State FOUR methods applied for monitoring database patches as per organization’s ICT
Policy. (4marks)
27. Discuss TWO main types of logs that are critical for database security. (4marks)
28. Outline THREE benefits of using database auditing system. (3marks)
29. Explain the significance of deploying database patches in a test environment as per the
organization's quality assurance policy (4marks)
30. Give THREE ways of managing database access controls. (3marks)

Page 6 of 7
 ©2023 TVET CDACC

SECTION C: (40 MARKS)

Attempt TWO questions in this section.

31. When identifying a database based on its operation model, several factors are considered to
determine which database system is most suitable for a particular use case.
a) Discuss FIVE factors to be considered in determining which database system is most
suitable for a particular use case. (10marks)
b) Explain FIVE key considerations when evaluating the operational costs of a database
system. (10marks)
32. Leo Company is using the traditional file-based system in their daily routines to record and
manage business transactions.
a) Describe FIVE Security threats that the company is experiencing. (10marks)
b) Discuss any FIVE database backup strategies that you could advice the company to
employ in case they opted to install and use a server-based architecture. (10marks)
33. a) Define the term hardware sizing and explain the process of hardware sizing in the context
of database deployment. (10marks)
b) Justify why hardware sizing process is essential for the performance, scalability, and cost-
effectiveness of a database system. (10marks)

END

Page 7 of 7