Explore essential concepts of NoSQL security with this quiz covering authentication, authorization, and encryption. Enhance your understanding of data protection techniques and access control measures specific to NoSQL database environments.
Which process ensures that only legitimate users can access a NoSQL database by verifying their credentials?
Explanation: Authentication verifies user credentials to confirm their identity before granting access, forming the first layer of database security. Authorization refers to determining what an authenticated user is allowed to do. Anonymization is about removing personal identifiers from data, not verifying users. Abstraction involves hiding complex data details and is unrelated to user access control.
What does authorization determine once a user has been authenticated in a NoSQL system?
Explanation: Authorization defines the permissions and roles assigned to a user, specifying which actions or resources they can access. It does not check passwords—that is the function of authentication. Encryption deals with securing data, not user permissions. Session security relates to maintaining a user’s connection securely, not what actions they may perform.
Which type of encryption protects data as it moves between the database and clients in a NoSQL system?
Explanation: Encryption in transit secures data during transmission, preventing interception by unauthorized parties. Encryption at rest safeguards stored data but does not protect data while it travels across networks. Tokenization replaces sensitive data with non-sensitive equivalents rather than encrypting it. Obfuscation only disguises data rather than securing it with cryptographic means.
In NoSQL systems, what security approach assigns specific permissions based on the user’s job function, such as allowing only data analysts to read sensitive collections?
Explanation: Role-Based Access Control (RBAC) assigns permissions to users according to their roles, thus enforcing minimal privilege on the basis of job functions. Mandatory Access Restrictions is not a standard access management term in this context. Open Access Mode provides no restrictions at all. Password Rotation involves changing passwords, unrelated to role assignment.
What is a potential risk of using default usernames and passwords for a NoSQL database?
Explanation: Using default or weak credentials makes it easier for attackers to gain unauthorized access, as these are often publicly documented and easily guessed. Performance, encryption, and network speed are unaffected by account credentials. Only password strength and uniqueness contribute to access security in this context.
Which principle suggests that users in a NoSQL system should be granted only the minimum permissions required to perform their tasks?
Explanation: The Principle of Least Privilege means assigning users only the permissions they absolutely need, reducing security risks. Separation of Duties focuses on dividing responsibilities among users. Zero Trust is a broader framework emphasizing continuous verification. Full Access Control implies maximum permissions, which is not secure.
What does 'encryption at rest' mean in the context of NoSQL databases?
Explanation: Encryption at rest protects data files stored on storage media from unauthorized access, even if the storage device is compromised. It does not apply to data during login (that is transit). Obscuring data labels or compressing files are not encryption techniques and do not ensure confidentiality.
What is the main function of an Access Control List (ACL) in a NoSQL security context?
Explanation: ACLs specify access permissions for users or groups relating to certain resources, forming a central part of authorization. Login time records are managed elsewhere. Backups and redundancy are data management, not access control, and are unrelated to the primary function of ACLs.
How does enabling multi-factor authentication (MFA) enhance NoSQL database security?
Explanation: MFA increases account security by requiring users to provide two or more verification methods, such as a password plus a temporary code. It does not affect network bandwidth or data compression. Disabling passwords without providing alternatives would reduce security, not enhance it.
Which challenge is commonly associated with securing NoSQL databases compared to traditional systems?
Explanation: Many NoSQL databases originally prioritized speed and flexibility over built-in security, requiring administrators to configure security features themselves. Storage space is not a direct security concern, and processing queries and power outages are unrelated to security features.