| A1: | DB2 relies on operating system security and does not store user IDs and passwords in the database. |
| A2: | DB2 also supports Kerberos security service. Starting with DB2 Version 8.2, you can also write your own security service as plug-in. The plug-in will be loaded at instance startup. |
| A3: | When a new package is bound to the database, for example, when creating an SQL stored procedure, BINDADD is required. |
| A4: | He must have CONNECT privileges to connect to the database and CREATETAB privileges to create a new table in the database. Because he is trying to create a table that has a different schema than the authorization ID (i.e., bob), he must have IMPLICIT_SCHEMA privileges if schema mary does not already exist. If it does exist, then CREATEIN privileges on the schema mary is needed. In addition to all of the above, bob also needs to have USE privileges on the table space ts1. |
| A5: | DB2 SYS* authorities must be set to a user group. The command will be executed successfully, but bob will not receive the authority. It must be set to the group dba like this: update dbm cfg using sysctrl dba
|
| A6: | First, a local group, for example, called db2dba, defined on the DB2 server is required. Second, add the global group glbgrp as a member of the local group db2dba. Third, update the Database Manager Configuration parameter to set SYSADM to db2dba. |
| A7: | The first type is called untrusted clients, which do not have a reliable security facility. The second type is called trusted clients, which have a reliable security facility. The third type is called DRDA clients, which are clients on host systems with reliable security facility. |
| A8: | CREATETAB is granted to PUBLIC implicitly when a database is created. To allow only bob to create tables in the database, you must first revoke CREATETAB from PUBLIC and GRANT CREATETAB to bob. REVOKE CREATETAB FROM PUBLIC; GRANT CREATETAB TO USER bob;
|
| A9: | Regardless of the SQL statements performed in the program, bob only needs EXECUTE privileges on the package. Mary needs the associated privileges to perform all the SQL statements in the program. In addition, BINDADD is required to bind the new package to the database. |
| A10: | Since TRUST_ALLCLNTS is set to NO, only trusted clients can be authenticated on the client. Windows ME is not a trusted client, so users from this OS must be authenticated on the server. |
| A11: | B. The default authentication takes place on the server, so in this case the user ID will be authenticated on the DBX1 server. |
| A12: | C. The SERVER_ENCRYPT authentication type encrypts only the user ID and password that is sent during an authentication request; it does not encrypt the data. |
| A13: | A. Since TRUST_ALLCLNTS is set to YES, users are authenticated on the client to see if they do exist. |
| A14: | A and D. Both SYSADM and DBADM authorities allow read/write access to tables. |
| A15: | D. If you choose, you can encrypt the user ID and password as it is passed from the client to the server. In Version 8.2 you can also encrypt the data for more security. |
| A16: | A. The user who wants to create or drop an event monitor must hold either SYSADM or DBADM authority. |
| A17: | B. Only SYSMON does not have the ability to take a DB2 trace. |
| A18: | C. When a privilege is revoked from a user, it does not cascade to users who received privileges from this user. Therefore, be careful who you give WITH GRANT OPTION permission to. In this example, Barney, Wilma, and Betty will have the privileges. |
| A19: | D. By default, PUBLIC is granted use of a table space when it is created. Therefore, to ensure only the group grp1 can use the table space you must revoke use of the table space from PUBLIC. |
| A20: | C. CREATETAB is a database level privilege; therefore, information about its grantee is stored in the SYSCAT.DBAUTH table. |
