CBDB3403

TAKE HOME EXAMINATION

JANUARY 2022

CBDB3403

DATABASE

MATRICULATION NO : 881221495119001
IDENTITY CARD NO. : 881221495119

1
 CBDB3403
CONTENT
PART A......................................................................................................................................3
Question 1 A........................................................................................................................3
Question 1 B........................................................................................................................4
Question 2 A........................................................................................................................5
Question 2 B........................................................................................................................7
PART B......................................................................................................................................9
Question 1...........................................................................................................................9
Question 2 A......................................................................................................................11
Question 2 B......................................................................................................................12

2
 CBDB3403
PART A

Question 1 A
a) Five common features of Database Management System (DBMS) is;
i. Database Definition
- Entity that is stored in table (an entity is defined as group of data that is
usually represent single item or object that can be accessed) and relationship
that indicate the connection among tables must be specified. This can be
manipulated using most commonly industry ready language such as SQL.
ii. Non procedural Access
- The ability to answer queries. Non procedural access allow users to submit
queries by specifying what parts of a database to retrieve. For example, to
retrieve all table in database, SELECT * FROM () will retrieve all attributes
associated with that table.
iii. Application Development.
- Database related with application development very close. The database
features allow application to be enhanced in utilising database. For example,
the usage of form and the ability to store user record subsequently display it
when needed is one of vital features that can be implemented in developing
an application just to name a few.
iv. Transaction Processing
- Processing a transaction should be free from interruption and must be
consistent. DBMS features enable this to happen even when multiple users
accessing the database in same period of time. For example, a transaction
that happen when we book transportation using ride hailing application.
v. Database Tuning
- Database tuning features is a important features that maintain database in
ensuring the database is free from redundancy, corruption, integrity fault,
and subsequently improving the database performance. Ideally, higher
throughput with lower response time. This feature is also critical in
supporting multiple users simultaneously accessing large database. Tuning
the database involved many method such as configuring the database,
optimising memory allocation, increasing size of cache to allow faster

3
 CBDB3403
response, and many more.

Question 1 B
b) Generally, there are four type of individuals that is involved in database environment.
i) Database Designer
- Logical Database Designer
 Typically, database engineer are the individual that responsible in
maintaining the database. Database engineers create and manage databases,
expand data storage capacity, and fix database operation problems. In
addition, they evaluate database performance and user feedback. This
require extensive knowledge and thorough understanding of the data that
the organisation have.
- Physical Database Designer
 The work of implementing a logical data model utilising real choices
concerning tables, data types, indexes, and other optimisation is known as
physical database design. The individual will be responsible in developing
the database in real life such as determining the size of storage, computing
power required, security measures undertaken, and many more. This
primarily contributed to the fact that database schemas mirror actual storage
architectures, and as things become larger, they become exceedingly harder
to maintain if the design is not updated.
ii) Database Administrator
- Database administrator is the individual that is responsible in maintaining the
data in the DBMS environment. Database administrator roles are varies from
maintaining the integrity and optimised data entry of the company database and
ensure data that were stored is secured just to name a few.
iii) Application Developers
- Application developers is responsible to provide any implementation or database
enhancement to the end users. Generally, system analyst will advice on what
work that needed to be done to the developers. The application can sometimes
inherit different programming language that progress over time that the
developers can manipulate to improve the application.
iv) End Users

4
 CBDB3403
- Naive Users are the users that have limited knowledge in Data Manipulation
Language. Often than not, naive users are the users that able to use simple
command or selection of fixed option that is available from developers in an
application.
- Sophisticated Users are users that have extensive knowledge of Data
Manipulation Language that is offered by DBMS. These users able to manipulate
high-level query language to access the database.

Question 2 A
a) Below diagram is an illustration of known possible threat on how attacker or saboteur
can inflict damage towards database structure.

To elaborate illustration above, possible threat that exist towards data security can be surmise
as following.

5
 CBDB3403
Hardware
Physical damage that can cause disruption to the server. This includes natural or unnatural
disaster such as fire or floods, electrical interference, electrical surges that could fries the
board, data corruption caused by loss of power, physical damage caused by theft or sabotage,
and failure of security measures.

Database and Application Software

Threat that exist in the database is broad and general therefore require special attention to the
structure. Possible threat that exist in the database and software is the failure of security
mechanism could allow saboteur or hacker damaging the database, program can be stolen and
exploited, data leaks, privilege of access goes to the wrong person, and subsequently bring
down the entire database rendering it disabled.

Communication Network
Threat caused by communication such as wire tapping, loss of communication from network
cable disconnection, and electrical or radiation interference. This type of threat could cause
many days of repair, effectively disconnecting end users from accessing the database.

From above explanation, the threat towards data security can be categorised to 4 security
dimension.
Physical: Workstation or computer must be made almost impossible to access for those
without authorisation.
Personnel: Users that is hired to maintain database must go through strict background check
to ensure right qualification or sufficient credential is achieved to ensure database secured.
Procedural: Proper standard operating procedure or management system must take in place
to ensure right person knows what he or she is doing with the database.
Technical: Storage facility, means of access, data transmission, and manipulation of data
language must be complemented with relevant technology to ensure the data is controlled.

6
 CBDB3403

Question 2 B
b) To protect the database from security issues, five method of computer-based control can
be deployed.
i) Backup and recovery
- This method will periodically takes a copy of database and log the file to an off-
line media storage. Four basic facilities that involved in this process is Backup
Facility, Journalising Facility, Checkpoint Facility, and Recovery Manager.
 Backup facility: Consist of three type of backup which is regular backup
(database is shut-down during backup), cold backup (database is shut-down
while backup happening), and hot backup (selective backup where the
target portion is shut-down during backup).
 Journalising facility: Maintain an audit trail of transaction and changes
allowing backup and recovery using information that is journalled.
 Checkpoint facility: Periodically suspend all the process and sync its file to
establish a recovery point. This is best illustrated as below.

 Recovery manager: Allowing the DBMS to restore to a point of last

working state subsequently restarting the program.
ii) Authorisation
- A method where privilege is granted to the relevant users that allowed to access
the database. Users access can come in form of read and write access but does
not necessarily both.
iii) Access Control
- Privilege that is granted to users allowing them to modify or manipulate the
database object or execute the DBMS facility.
iv) Views

7
 CBDB3403
- This is a method that resultant from querying one or more of the base tables. This
method does not actually exist in the database but merely virtual representation
that is produced from request by the end users. By deploying this method,
certain portion of database can be protected from users visibility therefore
limiting the data exposure.
v) Encryption
- Process of encoding the data with certain algorithm rendering the data
unreadable without decoding using the decryption key. There are two form of
encryption which is One Key and Two Key.
 One key: DES or Data Encryption Standard. Sender and receiver need to
know the key in order to decode the data.
 Two key: Asymmetric encryption which employs private key and public
key.

8
 CBDB3403
PART B

Question 1
a) CREATE TABLE IF NOT EXISTS Employee (
EmpNo int NOT NULL AUTO_INCREMENT,
EmpName varchar(255),
DateBirth date,
Salary decimal (6, 2),
DeptCode varchar(3),
PRIMARY KEY (EmpNo)
);
ALTER TABLE Employee AUTO_INCREMENT = 100;

b) INSERT INTO DatabaseName.Employee (

EmpName, DateBirth, Salary, DeptCode
)
VALUES
(
'Ali Hassan', 19710201, 1200, 'HRM'
),
(
'Mohd Anwar Ali', 19720201, 2500, 'HRM'
);

c) SELECT EmpName, Salary, DeptCode FROM Employee

ORDER BY DeptCode, Salary Desc;

9
 CBDB3403

d) CREATE VIEW Human_Resources_Employee AS

SELECT * FROM Employee
WHERE DeptCode = 'HRM';
SELECT * FROM Human_Resources_Employee;

e) DROP TABLE Employees;

10
 CBDB3403

Question 2 A
a)

11
 CBDB3403

Question 2 B
b)

12