nerdexam
Isaca

CDPSE · Question #295

Which of the following is the BEST way to prevent dangerous SQL write statements from being executed on data?

The correct answer is D. Create a read-only data warehouse.. A read-only data warehouse prevents SQL write statements architecturally by design, making it the strongest control against dangerous write operations on data.

Privacy Architecture

Question

Which of the following is the BEST way to prevent dangerous SQL write statements from being executed on data?

Options

  • ARestrict access to row-specific data.
  • BCreate encrypted versions of the data.
  • CExclude access to specific tables or columns of data.
  • DCreate a read-only data warehouse.

How the community answered

(40 responses)
  • A
    5% (2)
  • B
    15% (6)
  • C
    3% (1)
  • D
    78% (31)

Why each option

A read-only data warehouse prevents SQL write statements architecturally by design, making it the strongest control against dangerous write operations on data.

ARestrict access to row-specific data.

Row-level security restricts which rows a user can see or access, but does not prevent write statements on the rows that are accessible.

BCreate encrypted versions of the data.

Encryption protects data confidentiality in transit and at rest, but does not restrict the ability to execute write statements against the database.

CExclude access to specific tables or columns of data.

Excluding access to specific tables or columns limits the scope of accessible data, but write statements can still be executed against the tables and columns that remain accessible.

DCreate a read-only data warehouse.Correct

A read-only data warehouse is configured to disallow INSERT, UPDATE, and DELETE operations at the database or connection level, meaning no SQL write statement can be executed regardless of user permissions or application vulnerabilities. This is an architectural control that eliminates the attack surface for destructive write operations entirely. Other controls reduce scope but do not prevent writes on the data they do allow access to.

Concept tested: Preventing SQL write operations via read-only architecture

Source: https://learn.microsoft.com/en-us/azure/synapse-analytics/sql/data-load-overview

Topics

#SQL Security#Data Access Control#Data Integrity#Read-Only Systems

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice