|
发信人: reynolds(雷龙.DBA中) 整理人: reynolds(2002-03-18 10:18:42), 站内信件 |
| 96. You are the administrator of a SQL Server 2000 computer. The server is used to store information for your company's finance department. The permissions on the FinanceData table are configured as shown below:
Users/Database Role Select Insert Update Delete Accountants Grant Grant Grant Deny Administrators Grant Grant Grant Grant Reporters Grant Deny Deny Deny Sales Managers Grant Blank Blank Grant Guest Blank Blank Blank Blank Ryan is a member of the Accountants, Administrators, and public groups. He reports that he is unable to delete information from the FinanceData table. You need to allow him to delete information from the table. Which Transact-SQL statement should you execute? A. EXEC sp_droprolemember 'Accountants', 'Ryan' B. EXEC sp_droprolemember 'Administrators', 'Ryan' C. EXEC sp_addrolemember 'db_datawriter', 'Ryan' D. EXEC sp_addrolemember 'db_owner', 'Ryan' Answer: A Reason: 因为Accounts角色被显式禁止删除。 ====================================================================== sp_addrolemember 将安全帐户作为当前数据库中现有 Microsoft SQL Server 数据库角色的成员进行添加。 sp_droprolemember 从当前数据库中的 Microsoft® SQL Server™ 角色中删除安全帐户。 ====================================================================== 97. You are the administrator of a SQL Server 2000 computer. Peter is an employee in your company's marketing department. Peter has a SQL Server login named Peter, and he has access to a database named MarketingData. Peter has been assigned to a research project and needs to view and edit information stored in a database named ResearchData. The database is contained on the same server as the MarketingData database. You need to configure the appropriate permissions for Peter on the ResearchData database. Which Transact-SQL statement should you execute? A. GRANT ALL ON ResearchData TO 'Peter' B. GRANT SELECT ON ResearchData TO 'Peter' GRANT INSERT ON ResearchData TO 'Peter' GRANT UPDATE ON ResearchData TO 'Peter' C. EXEC sp_addrolemember 'db_datareader','Peter' EXEC sp_addrolemember 'db_datawriter','Peter' D. EXEC sp_grantdbaccess 'Peter',' PeterU' GO EXEC sp_addrolemember 'db_datareader',' PeterU' EXEC sp_addrolemember 'db_datawriter',' PeterU' Answer: D Reason: 98. You are the administrator of two Microsoft Windows 2000 computers. One computer is running Internet Information Services (IIS), and the other is running SQL Server 2000. Company partners need to connect by means of the Internet and query data stored on the SQL Server computer. Some of these partners have computers that do not use Microsoft operating systems or Web browsers. You need to configure the IIS and SQL Server 2000 computers to allow access to data by means of the IIS virtual directory. IIS uses Basic Authentication to allow access to the virtual directory. Only company partners should have access to the SQL Server computer by means of the Internet. The partners should be allowed to make ad hoc queries. You want to be able to audit successful and failed logins to the SQL Server computer. You want to allow the partners access to the SQL Server computer while keeping your security scheme as simple as possible. Which two actions should you take? (Each correct answer represents part of the solution. Choose two.) A. Configure the IIS virtual directory to allow URL queries. B. Configure the IIS virtual directory to allow template queries. C. Create a new Windows user account. Create a corresponding Windows Authenticated login on the SQL Server computer. Configure the IIS virtual directory to always use this login when connecting to the SQL Server computer. D. Create a Windows Authenticated login on the SQL Server computer for the IIS Internet Guest Account. Configure the IIS virtual directory to always use the Internet Guest Account when connecting to the SQL Server computer. E. Create a Windows Authenticated login for each company partner on the SQL Server computer. Configure the IIS virtual directory to use Windows Integrated Authentication when connecting to the SQL Server computer. Answer: A E Reason: 99. You are the administrator of a SQL Server 2000 computer. The server is used to store information for your company's sales department. The permissions on the SalesFigures table are configured as shown below: Users/Database Role Select Insert Update Delete Accountants Grant Grant Deny Deny Managers Grant Blank Grant Grant Salespeople Grant Blank Blank Blank Guest Blank Blank Blank Blank Lilly is a user in the sales department. She needs to review the data in the SalesFigures table. She also needs to add new items to the table. You need to allow Lilly to perform these tasks without giving her additional permissions to the database. What should you do? (Each correct answer represents part of the solution. Choose all that apply.) A. Add Lilly to the Managers database role. B. Add Lilly to the Salespeople database role. C. Grant Lilly INSERT permissions on the table. D. Grant Lilly UPDATE permissions on the table. E. Revoke UPDATE permissions on the table for Lilly. F. Revoke DELETE permissions on the table for Lilly. Answer: B C Reason: 100. You are the administrator of a SQL Server 2000 computer. The server will be used to contain data from your company's accounting, engineering, and production departments. Each department is contained in a Microsoft Windows domain users group. The groups are named Accounting, Engineering, and Production. Members of each department need to read and modify their data. However, users in one department should not have access to data in other departments. You want to configure the database so that it meets your company's security requirements. You also want to minimize administration time and the consumption of server resources. Which three actions should you take? (Each correct answer represents part of the solution. Choose three.) A. Create a database for each department. B. Create a database for all departments. C. Create a Windows-Authenticated login for each department. D. Create a named instance of SQL Server 2000 for each department. E. Map each domain users group to the processadmin role. F. Map each domain users group to the db_datareader and db_datawriter database roles. G. Grant each domain users group SELECT, INSERT, UPDATE, and DELETE permissions on the database objects that are used by that department. Answer: A C F Reason: 一个数据库是不能满足几个部门不能相互访问数据的要求,所以B排除。建立命名实例也太夸张了吧,太费资源了,排除!E中赋予的权限简直是胡来,排除!F和G是很类似的,但是F所赋予的权限是包含G的,所以F比G来得更合理。 ---- / <>< o /| / <>< (o / |/| ) ) <@ < ( O )( \ |\| <>< ) <>< () \| \ \ 每天在网易游水的鱼 |
|
[关闭][返回] |