Skill Check Securing MySQL
Examine this command and output: SHOW STATUS LIKE ‘Connection_control%’; | Variable_name | Value | | Connection_control_delay_generated | 7 | 1 row in set (#.## sec) Which is true?
MySQL server added a delay for failed connection attempts seven times.
The maximum possilbe added delay is seven milliseconds.
A seven millisecond delay is added for each consecutive connection failure.
Seven successive failures are permitted before adding a delay.
Which command displays the name of the file containing a server’s digital certificate?
mysql> SHOW GLOBAL VARIABLES LIKE ‘ssl_cipher’;
mysql> SHOW SESSION STATUS LIKE ‘Ssl_cipher%’\G
mysql> SHOW GLOBAL VARIABLES LIKE ‘ssl_%’;
mysql> SHOW SESSION STATUS LIKE ‘Ssl_version’;
Which command registers the appuser@apphost account for firewall training?
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘PROTECTING’)
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘OFF’)
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘RECORDING’)
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘RESET’)
Which statements are true about Brute Force attacks? (Choose two)
They are slow as they require lots of CPU.
They perform hashing operations on combinations of dictionary words and characters.
They match target password hashes against rainbow tables.
They perform hashing operations on the characters to find matching hashes.
They compare password hashes against the stored hashes in the MySQL database.
After firewall training is complete, which modes will make the statement digest persistent in the account’s whitelist cache? (Choose two)
RECORDING
PROTECTING
OFF
DETECTING
RESET
The -ssl-mode option in your configuration is VERIFY_CA. What does this do?(Choose two)
It establishes secure connections or fails if unable to do so.
It checks whether host names match the Common Name value in the server certificate.
It establishes secure connections if it can but if not then unsecure connections are eastablished.
It verifies server digital certificates with the Certificate Authority.
It verifies that server digital certificates match the MySQL server hosts.
Skill Check Securing MySQL
Examine this command and output: SHOW STATUS LIKE ‘Connection_control%’; | Variable_name | Value | | Connection_control_delay_generated | 7 | 1 row in set (#.## sec) Which is true?
MySQL server added a delay for failed connection attempts seven times.
The maximum possilbe added delay is seven milliseconds.
A seven millisecond delay is added for each consecutive connection failure.
Seven successive failures are permitted before adding a delay.
答案: MySQL server added a delay for failed connection attempts seven times.
说明:
• Inspects the value of the Connection_control_delay_generated status variable – Counts the number of times the server added a delay for a failed connection attempt – Example: • Considers installing the CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugin – Creates a table in the Information Schema to maintain more detailed information about failed connection attempts — The Connection-Control plugin populates the table.
Which command displays the name of the file containing a server’s digital certificate?
mysql> SHOW GLOBAL VARIABLES LIKE ‘ssl_cipher’;
mysql> SHOW SESSION STATUS LIKE ‘Ssl_cipher%’\G
mysql> SHOW GLOBAL VARIABLES LIKE ‘ssl_%’;
mysql> SHOW SESSION STATUS LIKE ‘Ssl_version’;
答案: mysql> SHOW GLOBAL VARIABLES LIKE ‘ssl_%’;
说明:
The following is an example displaying the current name of the file in the data directory that contains the list of trusted Certificate Authorities: mysql> SHOW GLOBAL VARIABLES LIKE ‘ssl_ca’; +—————+——–+ | Variable_name | Value | +—————+——–+ | ssl_ca | ca.pem | +—————+——–+ 1 row in set (0.00 sec)
Which command registers the appuser@apphost account for firewall training?
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘PROTECTING’)
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘OFF’)
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘RECORDING’)
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘RESET’)
答案:
CALL mysql.sp_set_firewall_mode(‘appuser@apphost’, ‘RECORDING’)
说明: Registering Accounts with the Firewall Register an account by setting its initial firewall mode. • The account name is in the full user@host format, stored as a single string. • To register an account that is not initially controlled by the firewall, set the mode to OFF. • To register an account for firewall training, set the initial mode to RECORDING. – If you set an initial mode of PROTECTING, the account cannot execute any statements because its whitelist is empty.
Which statements are true about Brute Force attacks? (Choose two)
They are slow as they require lots of CPU.
They perform hashing operations on combinations of dictionary words and characters.
They match target password hashes against rainbow tables.
They perform hashing operations on the characters to find matching hashes.
They compare password hashes against the stored hashes in the MySQL database.
答案: They are slow as they require lots of CPU. They perform hashing operations on the characters to find matching hashes.
说明: CHow Attackers Derive Passwords Attackers can derive plain text passwords from hashed passwords by using the following techniques: • Brute force algorithms perform the hashing algorithm on many combinations of characters to find matching hashes. – These attacks are very slow and require large amounts of computation. • Dictionary attacks perform hashing operations on combinations of dictionary words and other characters. – These are fast if the password is not secure. • Rainbow tables are made up of the first and last hashes in long chains of repeatedly hashed and reduced passwords. – When you run a target password hash through the same algorithm chain and find a match to the end of a stored chain, you can derive the password by replaying that chain
After firewall training is complete, which modes will make the statement digest persistent in the account’s whitelist cache? (Choose two)
RECORDING
PROTECTING
OFF
DETECTING
RESET
答案: OFF PROTECTING
说明: Training the Firewall • Register the account in RECORDING mode. • The firewall creates a normalized statement digest for each statement and places the digest in the account’s whitelist cache. • Switch the mode to PROTECTING or OFF when training is complete to persist the whitelist. – The firewall persists the cache when you change the account’s mode. – If you restart the mysqld process while in RECORDING mode, any changes to that account’s whitelist cache are lost. • Return to RECORDING mode to learn new statements if the application changes. – Changing mode from OFF or PROTECTING to RECORDING does not clear the account’s whitelist.
The -ssl-mode option in your configuration is VERIFY_CA. What does this do?(Choose two)
It establishes secure connections or fails if unable to do so.
It checks whether host names match the Common Name value in the server certificate.
It establishes secure connections if it can but if not then unsecure connections are eastablished.
It verifies server digital certificates with the Certificate Authority.
It verifies that server digital certificates match the MySQL server hosts.
答案: It establishes secure connections or fails if unable to do so. It verifies server digital certificates with the Certificate Authority.
说明: Setting Client Options for Secure Connections Use the –ssl-mode option, which accepts the following values: • PREFERRED: Establishes a secure connection if possible or falls back to an unsecure connection. This is the default if –ssl-mode is not specified. • DISABLED: Establishes an insecure connection • REQUIRED: Establishes a secure connection if possible or fails if unable to establish a secure connection • VERIFY_CA: As for REQUIRED, but also verifies the server digital certificate with the Certificate Authority • VERIFY_IDENTITY: As for VERIFY_CA, but also verifies that the server digital certificate matches the MySQL server host
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.