0-470-04744-5 Instructor Materials

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443)

Bonus Exam 2

1. Which of the followings are reasons to consolidate servers? A. Reduced cost of operation B. Better security C. Reduced impact of one database on another D. Faster backup times Answer: A and B Consolidating servers can reduce costs associated with both hardware and administrative costs as well as provide better security since the surface area is lower. Databases will have more impact on each other since server resources are shared and backup times are unaffected. 2. Which versions of SQL Server can be consolidated onto a new SQL Server 2005 instance? A. v6.5 B. v7.0 C. v2000 D. v2005 Answer: B, C, D SQL Server 7 and later can be simulated with SQL Server 2005. Earlier versions must be upgraded before they can be consolidated. 3. Which of the following might prevent two SQL Server instances from being consolidated together?

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials A. Both require the same database name for an application. B. Both require 4GB of memory C. Both require separate network protocols for client connections. D. One requires SQL Server authentication and the other does not. Answer: A Since database names in an instance must be unique, this can prevent two databases from being consolidated if they have the same name. A single instance can use more than 4GB of RAM and multiple network protocols can be enabled. Authentication is not an issue unless there are requirements a database not allow SQL authentication. 4. When considering consolidation of two instances, which of the following would you check? A. Length of time required for a backup of each database B. Performance counters for CPU, memory, and disk. C. Location of each server in the data center D. Number of users on each server. Answer: B, D The length of time for backups and the physical location of a server are not usually considered when analyzing consolidation possibilities. The performance counters and user load are issues to take into account when planning a consolidation. 5. Which database below would be cause for concern if two applications make heavy use of it? A. master B. model C. tempdb D. msdb Answer: C Of these databases, tempdb is a concern if two applications

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials make heavy use of it since it is a shared workspace for many queries. Typically master, model, or msdb do not cause issues with a consolidation. 6. If you determine that two instances have different SLAs for availability, how can you reconcile this to allow a consolidation to proceed? A. Use the SLA with the lowest uptime. B. Use the SLA with the highest uptime. C. Use the median uptime of the two SLA D. Negotiate an uptime between the two SLAs with business owners. Answer: B If you can provide more uptime than is required by an SLA, usually this is not an issue, however, having less uptime is a problem. Therefore the SLA that requires the highest uptime, and lowest downtime, is the one to adhere to in a consolidation effort. 7. The first production servers consolidated as a test are called a what? A. Initial consolidation B. Test consolidation C. Pilot consolidation D. Live consolidation Answer: C The first production server consolidated is the pilot. 8. If you are choosing to consolidate a large number of server instances onto one physical server and require more than 32GB of RAM, what options do you have? A. Use clustered servers B. Use a SAN C. Use a 64-bit platform D. You cannot consolidate instances if you have this requirement. Answer: C

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials Only a 64-bit platform will allow you to use more than 32GB of RAM. The other answers will not help and it is certainly possible to use more than 32GB of RAM on a 64-bit platform. 9. You are concerned about one of your newly consolidated instances affecting other instances because of a memory leak in one of the applications that affects the operating system. What can you do to mitigate this and limit the problems with availability of the other instances? A. Set a restart for that instance every 4 hours. B. Implement the fast reboot feature of the host Windows servers C. Use a windows cluster to ensure automatic failover of the other instances if needed. D. Limit the amount of memory available to that instance. Answer: C A cluster can initiate a failover and allow additional memory to be used. Combined with a restart of SQL Server or even Windows, this can allow the memory leak to be managed. A restart alone does not limit the impact on other instances and limiting memory does not mitigate the leak. 10. Which type of requirements should be most important to protect yourself from legal problems? A. Company requirements B. Industry standards C. Regulatory requirements D. Department guidelines. Answer: C Not adhering to Corporate, industry or department requirements may cost your job, but usually will not cause you legal problems. Regulatory requirements, however, are usually enforced through legal penalties. 11. In analyzing security scope, at which level do logins come into play? A. Server level B. Database level

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials C. Schema level D. Service level Answer: A Logins operate on the SQL Server level. 12. At which security scope does the permissions on a set of CLR objects come into play? A. Server level B. Database level C. Schema level D. Service level Answer: C A CLR object is contained in a schema and at that level is where it’s permissions will be enforced. 13. Against which of the following do you need to weight security decisions? A. Cost B. Time required to comply C. Penalties from regulatory agencies for non-compliance D. Risk of data compromise Answer: A, B, C, D All of these are important items whose cost you must weigh against the benefits for security purposes. 14. What are your choices for network authentication that can integrate into SQL Server? A. Windows authentication B. RADIUS authentication C. NDS authentication D. Smart Cart Support Answer: A Only Windows authentication can be integrated into SQL Server 2005. The others can be integrated into Windows, but not SQL Server.

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials 15. If you allow one user to use the EXECUTE AS statement, what type of security construct is this? A. Execution B. Impersonation C. Delegation D. Substitution Answer: B When an EXECUTE AS statement is run, the use is impersonating another user (and requires the Impersonate permission). 16. Which high availability technologies require your security policy to span instances? A. Failover clustering B. Database mirroring C. Log shipping D. Replication Answer: A, B, C, D In most cases a high availability policy will span instances to protect from that instance crashing. Therefore your security policy needs to span instances and likely servers. In rare cases you might failover from one database to another on the same instance, but this is out of the ordinary. 17. How can you prevent SQL Server Injection attacks? A. Use stored procedures and validate parameters B. Disable SQL Injection on the server C. Disable mutli-statement batch processing on the server D. Turn off SQL Server authentication Answer: A The easiest way to prevent SQL Injection attacks is through stored procedures. There is no setting to disable this and neither batch processing or authentication have an impact on injection vulnerabilities. 18. Which password policy can be set differently for each instance?

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials A. The decision to enforce password policy B. The length of time for password expiration C. The required length of each password D. The complexity of a password Answer: A Only the setting to enforce password policy can be set differently on different instances. The other options will match the settings on the Windows host and will be the same for all instances on the server. 19. You wish to ensure the best performance and strong security for encrypted data . How should you set your encryption policy? A. Symmetric keys for data secured by symmetric keys B. Symmetric keys for data secured by asymmetric keys C. Asymmetric keys for data secured by symmetric keys D. Asymmetric keys for data secured by asymmetric keys Answer: B The best performance is with symmetric keys and the best security is with asymmetric keys. The best balance is using fast symmetric keys to encrypt data and secure them with strong asymmetric keys. 20. Which is the first encryption key created? A. Database Master Key B. Service Master Key C. Schema Master Key D. Login Master Key Answer: B The Service Master key is created when the server is installed. The Database Master Key must be manually created for each database and the others keys do not exist in SQL Server 2005. 21. Which algorithm is used to encrypt certificates? A. DES

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials B. Triple-DES C. AES D. None of the above Answer: D Certificates are created with a public key algorithm (RSA). They are not secured with any algorithm. 22. Asymmetric keys use which type of keys? A. Public keys B. Private keys C. Unbalanced keys D. Login keys Answer: A, B An asymmetric key uses a different key for encryption and decryption operations. These keys are paired and referred to as public keys and private keys. 23. Which type of key expires? A. AES symmetric key B. RSA asymmetric key C. certificate D. master key Answer: C A certificate is the only type of key that has an expiration. 24. Of the ten SQL Server 2005 services, how many are instance aware? A. 1 B. 4 C. 8 D. 10 Answer: B Only 4 of the ten SQL Server 2005 services are instance aware. They are the database server, SQL Server Agent, Analysis Services, and Reporting Services.

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials 25. Which type of user account is best suited for the SQL Server Agent service if the service will be running backups on the local SQL Server instance as well as copying those backup files to a remote server? A. Local System B. Local Service C. Local Administrator D. Domain User Answer: D In order to gain rights to a remove server and have permissions properly applied, a domain user is the best choice. The other accounts are limited to rights on the local server only. 26. Which network ports should be enabled on local firewalls to ensure named pipes communications can take place? A. 80 B. 1433 C. 445 D. 1434 Answer: C Named pipes uses TCP port 445. 27. Which types of security is used when granting access to a Windows group of users? A. Windows authentication B. SQL Server authentication C. Private Keys D. Groups cannot be granted access to log into SQL Server Answer: A Only Windows authentication can grant rights to a group. SQL Server authentication requires a separate login for each user. 28. Which server role should be granted to a login that needs to terminate processes only? Follow best practices of assigning the least rights required.

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials A. Serveradmin B. Sysadmin C. ProcessAdmin D. SecurityAdmin Answer: C The ProcessAdmin server role allows the member to kill processes but nothing else. 29. If a login is not mapped to a user in a database, what rights would the login receive? A. No rights B. Any rights granted to the public user only. C. Any rights granted to the guest user only D. Any rights granted to the default user only Answer: C If a login attempts to access a database and there is no user mapped, that login is mapped to the guest user in that database and receives their rights. If there is no guest user access is denied. 30. The schema in SQL Server 2005 replaces which classification from SQL Server 2000? A. Owner B. Database C. Server D. Schema Answer: A The schema replaces the owner in the four part naming in SQL Server 2005. 31. If Bob is granted select, insert, and update rights on the Customers table and is a member of the db_denydatawriter database group, what are his rights on the Customers table? A. All rights B. select and update C. select, insert, and update

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials D. select only Answer: D The db_denydatawriter is the same as denying insert, update, and delete permissions to all objects in the database. The only right Bob would have left is SELECT. 32. You restore a new database on a SQL Server 2005 instance and some users are not mapped to logins. What are these users called? A. Lost users B. Orphaned users C. Unmapped users D. Open Users Answer: B If you restore a database on a new instance where it has never existed before, the users in the database will not be mapped to logins and referred to as “orphaned users.” 33. If you wanted to allow a login to shut down the SQL Server instance, which server wide roles could you grant? A. Sysadmin B. ServerAdmin C. SecurityAdmin D. InstanceAdmin Answer: A, B Both the Sysadmin and ServerAdmin server roles in SQL Server 2005 can shut down the instance. 34. How are application roles secured? A. Users are assigned the INVOKE right to access the application role B. Users must enter a password when invoking the application role C. Users must have a certificate assigned to them that provides access to the Application Role D. Application Roles are not secured.

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials Answer: B Application roles are security with a password that must be supplied by the user to invoke the role. 35. If you create a SOAP endpoint secured with Integrated security, which types of authentication can be used? A. Kerberos B. NTLM C. Digest D. Basic Answer: A and B Both the Kerberos and NTLM security mechanisms can be used with Integrated security. The Digest and Basic mechanisms require a name and password to be supplied. 36. Sue is a member of the HR role, which has rights to update salary information. You want to prevent Sue from updating salary information. Which statement should you execute? A. sp_droprolemember ‘Sue’, ‘HR’ B. REVOKE UPDATE on SALARY FROM Sue C. GRANT UPDATE on SALARY TO Sue D. DENY UPDATE ON SALARY TO Sue Answer: D To prevent SUE from only updating, the DENY statement is the one to use. Dropping her from the role removes all permissions and the REVOKE will not work since she was not explicitly granted the permissions; she receives them from the role membership. 37. Which permission allows a user to change their execution context to that of another user? A. DELEGATE B. IMPERSONATE C. SUBSTITUE D. TRANSFORM Answer: B

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials The Impersonate permission allows a user to execute commands under the other login’s or user’s context. 38. If you wanted to be sure that the uspUpdateAddress stored procedure was always executed under the context of Bob, the owner, which statement would be used when creating this stored procedure ? A. CREATE PROCEDURE uspUpdateAddress WITH EXECUTE AS SELF B. CREATE PROCEDURE uspUpdateAddress WITH EXECUTE AS OWNER C. CREATE PROCEDURE uspUpdateAddress WITH EXECUTE AS SCHEMA D. CREATE PROCEDURE uspUpdateAddress WITH EXECUTE AS Bob Answer: D To ensure that the procedure always executes as Bob, the “AS BOB” option is used. If you always wish to execute as the owner, even if it changes, then B would be the correct choice. 39. In your application, users change context to that of another user when retrieving sensitive data. You want to prevent them from changing their execution context back to themselves. How can you do this? A. Once a user changes execution context in SQL Server 2005, they cannot change back. B. Use the NO REVERT option when changing context. C. Use the PERMANENT option when changing context. D. You cannot prevent this in SQL Server 2005 Answer: B To prevent changes in context back to the previous user, the NO REVERT option is used. 40. You want to encrypt the data in the SALARY column of a table with a symmetric key and then secure that key with an asymmetric key. Which key do you create first? A. The symmetric key B. The asymmetric key

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials C. The certificate D. The Table Master Key Answer: B The general rule of thumb for encrypting data is to use a symmetric key to encrypt data and an asymmetric key to secure that key. 41. You have a series of statements to execute in a batch and want to be sure that they are run under the context of Jim, which command would you use? A. SET CONTEXT B. EXECUTE AS C. SET LOGIN D. IMPERSONATE Answer: B The EXECUTE AS statement will cause all future statements in the batch and subsequent batches under the same connection to run under the context specified. 42. You have been given a CLR function by a developer that updates the registry based on certain actions in the application. How should you assign security for this function? A. Assign the SAFE level of security. B. Assign the UNSAFE level of security C. Assign the EXTERNAL_ACCESS level of security D. Assign the LOCAL_ACCESS level of security. Answer: C To just update the registry, the EXTERNAL_ACCESS permissions will suffice. There is no indication the UNSAFE permissions are needed, though they would allow registry access. SAFE permissions would not allow registry access. 43. You have two CLR assemblies that need to call each other. What attribute should you set on each assembly? A. AllowCLRAccess B. AllowLocalCallers C. AllowPartiallyTrustedCallers

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials D. AllowLocalExecution Answer: C When two CLR assemblies need to call each other, the AllowPartiallyTrustedCallers attribute should be set. 44. For two assemblies to discover each other at runtime through reflection, where must they be loaded? A. In the same database B. In the same schema C. In the same application domain D. By the owner Answer: C In order to discover each other, two assemblies need to be loaded into the same application domain in SQL Server 2005. 45. Which of the following technologies support automatic failover? (choose all that apply) A. Failover clustering B. Database mirroring C. Log shipping D. Replication Answer: A, B Only failover clustering and database mirroring support automatic failover. All technologies support manual failover. 46. Which RAID level cannot tolerate a single disk failure? (choose all that apply) A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 0+1 Answer: A Of these levels, only striping, RAID 0, does not tolerate a disk failure.

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials 47. Which high availability technology supports multiple secondary nodes? (choose all that apply) A. Failover clustering B. Database mirroring C. Log shipping D. Replication Answer: A, C, D Failover clustering, log shipping, and replication can all support multiple secondary nodes. Database mirroring only supports one secondary node. 48. What is the name of the third server in a database mirroring setup that can determine when to failover? A. Monitor B. Witness C. Watcher D. Auxiliary Answer: B The third server in database mirroring that helps form a quorum is the Witness server. 49. Which high availability technology allows the secondary node to be accessed for queries? (choose all that apply) A. Failover clustering B. Database mirroring C. Log shipping D. Replication Answer: C, D Only in Log shipping or replication scenarios can a secondary node be used for queries. 50. Which high availability technology has the disk subsystem as a single point of failure? A. Failover clustering B. Database Mirroring

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials C. Log shipping D. Replication Answer: A In failover clustering there is a shared disk architecture which means the disk subsystem is a single point of failure. 51. What type of replication is suitable for high availability situations? (choose all that apply) A. Snapshot replication B. Transactional replication C. Bi-directional transaction replication D. Merge replication Answer: B, C, D Transactional or merge replication are the only two types of replication suitable for HA situations. Bi-directional transactional replication is a subset of transactional replication. 52. Which RAID level provides the highest performance at the highest price? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 0+1 Answer: D The highest performance in RAID technologies is from a combination of striping and mirroring, or RAID 10. This also has the highest price associated with hardware. 53. How many drives are required at a minimum for RAID 5? A. 2 B. 3 C. 4 D. 5 Answer: B

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved. 0-470-04744-5 Instructor Materials A RAID 5 array requires 3 drives at a minimum; two for data and one for parity information. 54. Which high availability technology requires special hardware? A. Failover clustering B. Database mirroring C. Log shipping D. Replication Answer: A Failover clustering requires special hardware that is on the cluster HCL and can support a shared disk subsystem.

MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design Study Guide (70-443) © Wiley Publishing, Inc.2006. All Rights Reserved.