SQL Server Security Interview Questions

During the interview I always like to ask below security questions to DBA. I found that sometimes DBAs are not able to answer these questions.

Question 1: What will you do if you lost rights of your SQL Server instance?

We can use the below options

  1. Dedicated Administrator Connection
  2. BUILIN\Administrator Group (Incase its rights are not revoked)
  3. Final Option is to change the registry value
  4. You can change authentication mode via registry 

Question 2: – What is SQL Injection?

SQL Injection is developed where unhandled\unexpected SQL commands are passed to SQL Server in a malicious manner.  It is a problem because unknowingly data can be stolen, deleted, updated, inserted or corrupted. 

Question 3: – What is the Guest user account in SQL Server?  What login is it mapped to it?   

The Guest user account is created by default in all databases and is used when explicit permissions are not granted to access an object.  It is not mapped directly to any login, but can be used by any login.  Depending on your security needs, it may make sense to drop the Guest user account, in all databases except Master and TempDB 

Question 4: – What is the use of BUILTIN\Administrators Group in SQL Server?

Any Windows login in BUILTIN\Administrators group is by default a SQL Server system administrator. This single group can be used to manage administrators from a Windows and SQL Server perspective

Thanks for the comment, will get back to you soon... Jugal Shah

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s