The Real MCTS SQL Server 2008 Exam 70-432 Prep Kit: Database Implementation and Maintenance
Copyright Page
Technical Editor
Lead Authors
Contributing Authors
Contents
Chapter 1: MCTS SQL Server 2008 Exam 432 New Features in SQL Server 2008
Introduction
A Word About the Test
New Feature Overview
Installation
Compressed Backups
Enhanced Configuration and Management of Audits
New Table Value Parameter
FileStream Data Types
Sparse Column Support
Encryption Enhancements
Key Management and Encryption
High Availability
Performance
Performance Data Management
Resource Governor (similar to Query Governor)
Freeze Plan
SQL Server 2008 Declarative Management Framework
Development Improvements
LINQ Support
MERGE Statement
Spatial Data Type
Analysis Services Improvements
ETL/SSIS Enhancements
Reporting Services
No Longer Requires IIS
Better Graphing
Export to Word Support
Deprecated Features
Discontinued Features
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 2: MCTS SQL Server 2008 Exam 432 Installing SQL Server 2008
Introduction
SQL Versions, Requirements, Features, and Differences
Planning Your Installation
Upgrade Tools
Hardware Requirements: CPU, Memory, and Disk
Operating System Requirements
Software Requirements
Establishing Service Accounts
Upgrading vs. Side-by-Side Installation
Clustered Installation Considerations
Unattended Installations
Post-Upgrade Activity
Database Instances, Files, Locations, Filegroups, and Performance
Binary File Locations
Filegroups
Disk Planning Best Practices
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 3: MCTS SQL Server 2008 Exam 432 Configuring SQL Server 2008
Introduction
Instances vs. Default Instance
Instance Limitations
Performance Considerations
SQL Server Configuration Manager
Managing Services
Enabling FileStream
Managing Connections and Protocols
Shared Memory
Named Pipes
VIA
TCP/IP
Changing the TCP Port
Aliases
sp_configure and SQL Server Management Studio
Advanced Options
AWE
Setting the Maximum and Minimum Memory for SQL Server
Max Server Memory (MB)
Min Server Memory (MB)
Maximum Degree of Parallelism
Security Certifications
C2 Auditing
Common Criteria Compliance
New Features
Backup Compression Default
FileStream Access Level
Database Mail
Configuring Database Mail
Full-Text Indexing
Configuring Full-Text Indexing
Managing Full-Text Indexes
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 4: MCTS SQL Server 2008 Exam 432 Managing Security
Introduction
Principals
Roles
The “Principle of Least Privilege”
Users
Schemas
Users versus Logins
Authentication Mode
Permissions
Cross-Database Ownership Chaining
Object Permissions
Log-in Permissions (As Related to Roles)
Auditing
Change Data Capture (CDC)
Using DDL Triggers
The SQL Server Configuration Manager
Security and SQL Agent
Service Accounts and Permissions
Domain Service Accounts versus Local Service Accounts
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 5: MCTS SQL Server 2008 Exam 432 Managing Data Encryption
Introduction
Understanding Transparent Data Encryption
Requirements
Enabling TDE
How Data Is Encrypted
Encryption Keys
Key Management
Database Encryption Keys
Best Practices for Managing Database Keys
Cell- and Column-Level Encryption
EFS Encryption (Through the Operating System)
EFS in a Clustered Environment
Restoring Encrypted Backups to Another Server or Instance
Third-Party Encryption Tools
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 6: MCTS SQL Server 2008 Exam 432 Managing High Availability
Introduction
Defining High Availability
SQL High-Availability Options
Log Shipping
Mirroring
Clustering
Special Hardware Requirements
Special Software Requirements
Geo-Clustering
Replication
Recovery Model
Expandability
Hot Add CPU
Hot Add Memory
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 7: MCTS SQL Server 2008 Exam 432 Maintaining Your Database
Introduction
Understanding Data Collation
SQL Server Collations
Binary Collations
Using Collations
Collation Considerations for Backup and Restore
Maintaining Data Files
Implementing Data Compression
Row versus Page Compression
Estimating Space Savings Using sp_estimate_data_compression_savings
Using Sparse Columns
Maintaining Indexes
DBCC Explained
Using DBCC CHECKTABLE to Verify Table Integrity
Using the DBCC CHECKDB to Verify Database Integrity
Using the DBCC SHRINKFILE Option to Reclaim Database Space
Backing Up and Restoring Data
Understanding Database Recovery Models
Backup Types
Choosing a Database Backup Strategy
Restoring Databases
Performing Online Restore
Restoring Individual Pages
Performing Ongoing Maintenance
Using SQL Server Agent
Using Database Maintenance Plans
Policy-Based Management
Examples of Using Policy-Based Management
Using the Data Collector to Collect Performance Data
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 8: MCTS SQL Server 2008 Exam 432 ETL Techniques
Introduction
Understanding ETL
Bulk Copying Data
Using BCP
Using BCP Data File Types
Using Format Files
Using the BULK INSERT Statement
Recovery Model and Bulk Operations
Optimizing Bulk Load Performance
Distributed Queries
Understanding Fully Qualified Object Names
Enabling Ad Hoc Distributed Queries
Using the OPENROWSET Function
Querying Data with OPENROWSET
Modifying Data with OPENROWSET
Copying Data with OPENROWSET
Using OPENROWSET (BULK,…)
Using the OPENDATASOURCE Function
Using Linked Servers
Using the OPENQUERY Function
Using Distributed Transactions
SQL Server Integration Services
Creating SSIS Packages
Using the Copy Database Wizard
Using the Import and Export Wizard
Using Business Intelligence Development Studio
Using Package Configurations
Managing SSIS
Understanding SSIS Package Storage
Deploying SSIS Packages
Securing SSIS Packages
Using Package Protection Levels
MSDB Database Roles and SSIS Package Roles
Executing SSIS Packages
Logging Package Execution
Alternative ETL Solutions
Coding Solutions
Third-Party Solutions
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 9: MCTS SQL Server 2008 Exam 432 Managing Replication
Introduction
Replication Scenarios
Article
Publication
Subscription
Publisher
Distributor
Subscriber
Replication Types
Snapshot
Components
Transactional
Components
Updatable Subscription
Peer-to-Peer Replication
Merge
Components
Replication Configuration
Configuration of Distributor
Configuration of Publisher
Configuration of Subscriber(s)
Configuration of Peer-to-Peer Replication
Conflict Resolution
Conflict Resolution Mechanism in Peer-to-Peer Replication
DDL Replication
Security Considerations
Snapshot Agent
Connect to Publisher
Replication Performance
Monitoring
Replication Monitor
Tracer Tokens
Alerts
Performance Monitor
Replication Agents
Replication Distribution
Replication Logread
Replication Merge
Replication Snapshot
DMVs
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 10: MCTS SQL Server 2008 Exam 432 Monitoring and Troubleshooting
Introduction
Service Troubleshooting
Concurrency Issues
Agent Issues
Error Logs
Windows Event Log
SQL Server Log
SQL Server Profiler
Performance Monitor
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 11: MCTS SQL Server 2008 Exam 432 SQL Server XML Support
Introduction
Working with XML Data
Understanding XML Indexing
HTTP Endpoints
Http Endpoints Defined
Endpoint Can Interface to a Stored Procedure
How to Create the Endpoint
Web Services
XQuery Explained
XPath
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 12: MCTS SQL Server 2008 Exam 432 Service Broker
Introduction
The Queuing Concept Explained
Service Broker Defined
Message Types
Contracts
Queues
Services
Endpoints
Routes
Sending a Message
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 13: MCTS SQL Server 2008 Exam 432 Performance Tuning
Introduction
Tracing
Trace Templates
Trace Events
Trace Filters
Server-Side Tracing
Combining System Monitor and Profiler Traces
Replaying Traces
Using SQLDiag to Collect Performance Data
Locks, Blocking, and Deadlocks
Locking
Blocking
Deadlocks
Transaction Isolation Levels
Lock Escalation
Lock Compatibility
Detecting and Resolving Locking Problems
Guide to the DYNAMIC Management Views (DMVs)
Partitioning
Horizontal Partitioning
Vertical Partitioning
Filegroups
Selecting a Partition Key and Number of Partitions
Partition Function
Partition Scheme
Moving Data between Partitions
Performance Data Collection
Performance Data Collection Explained
Management Data Warehouse
Configuring MDW
Configuring Data Collection
Data Collection Caching
Management Data Warehouse Reports
Resource Governor
Resource Governor Concepts
Resource Pools
Workload Groups
Classification Function
Validate Configuration
Resource Governor Summary
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 14: MCTS SQL Server 2008 Exam 432 Implementing Objects
Introduction
Understanding DDL and DML Language Elements
Working with Tables and Views
Creating Tables
Creating User-Defined Data Types
Working with Constraints
Creating Indexes
Working with Full-Text Indexes
Viewing and Modifying Data
Creating Views
Creating Stored Procedures
Creating Functions
Creating Triggers
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Index
Appendix: The Real MCTS SQL Server 2008 Exam 432 Self Test
Appendix
Chapter 1: New Features in SQL Server 2008
Chapter 2: Installing SQL Server 2008
Chapter 3: Configuring SQL Server 2008
Chapter 4: Managing Security
Chapter 5: Managing Data Encryption
Chapter 6: Managing High Availability
Chapter 7: Maintaining Your Database
Chapter 8: ETL Techniques
Chapter 9: Managing Replication
Chapter 10: Monitoring and Troubleshooting
Chapter 11: SQL Server XML Support
Chapter 12: Service Broker
Chapter 13: Performance Tuning
Chapter 14: Implementing Objects
Nội dung
ManagingDataEncryption•Chapter5 187 Exam Objectives Frequently Asked Questions Q: What is DPAPI and how is it used in TDE architecture? A: DPAPI (Data Protection Application Programming Interface) is a set of cryptographic program interface introduced with Microsoft Windows 2000 and later Microsoft Windows operating systems. The API consists of two functions: CryptProtectData (used to encrypt data) and CryptUnprotectData (to decrypt data). DPAPI is the top level of the TDE encryption hierarchy and is used by SQL Server to protect the service master key (SMK) for the database instance. In TDE, the SMK is used to protect the next level of the SQL Server encryption hierarchy, specifically the database master key (DMK), and is stored in the master database. The last encryption level for TDE is the database encryption key (DEK). Using a certificate created for the DMK, the DEK is encrypted using the DMK certificate from the master database and then stored in the specified user database. Q: What is Transparent Data Encryption? A: Transparent Data Encryption (TDE) provides the ability to encrypt entire databases, data, and log files without the requirement of application changes and with minimal performance impact. Q: What edition of SQL Server is required to use TDE? A: TDE is only available on SQL Server 2008 Enterprise and Developer editions. Q: When is the Service Master Key created? A: The SMK is created during SQL Server setup of the instance. It uses the DPAPI and the SQL Server service credential to generate the SMK. Q: What is the Service Master Key used for? A: The SMK is at the core of SQL Server encryption. An SMK is generated on a SQL Server instance when an instance is first started. The SMK is used to encrypt various components on the database instance including linked server passwords, database master keys, and credentials. The SMK is encrypted by using the local computer. By default, the SMK is created by the Windows service account using the Windows data protection API and the local server key. 188 Chapter5•ManagingDataEncryption Q: Where are the certificates stored? A: By default all keys and certificates are stored in the SQL Server. With EKM and HSM vendors, keys can be stored outside of SQL Server. Q: What is the difference between cell- and column-level encryption? A: Cell- and column-level encryption require that the column to be encrypted in the table schema be stored as a varbinary object. The main difference between cell- and column-level encryption is that the expense of column-level encryption is magnified by the number of rows in the table. Managing Data Encryption • Chapter 5 189 Self Test 1. What level of protection does transparent data encryption (TDE) provide? A. Cell-level B. File-level C. Database-level D. Drive-level 2. Which of the following best describes transparent data encryption (TDE)? A. Data in specific columns is encrypted. B. Encrypts everything, such as indexes, stored procedures, functions, keys, etc, without sacrificing security or leaking information on the disk. C. Once data types have been changed to varbinary, everything will be encrypted. D. Once database schemas have been changed to accommodate data encryption, everything will be encrypted. 3. Which edition of SQL Server 2008 offers transparent data encryption (TDE)? A. SQL Server 2008 Express B. SQL Server 2008 Standard C. SQL Server 2998 Web D. SQL Server 2008 Enterprise 4. Which SQL Server permissions are required to enable transparent data encryption (TDE)? A. Permissions associated with creating the user database. B. Permissions associated with making server-level changes. C. Permissions associated with creating a database master key and certificate in the master database and control permissions on the user database. D. Permissions associated with the operating system administrator’s account. 5. The first step to enabling TDE on a database is to create a database master key (DMK). Which of the following is the correct syntax for creating a DMK? A. CREATE MASTER KEY ENCRYPTION BY PASSWORD = ‘somepassword’; 190 Chapter 5 • Managing Data Encryption B. ALTER DATABASE tdedatabase SET ENCRYPTION ON; C. CREATE CERTIFICATE tdeCert WITH SUBJECT = ‘tdeCertificate’; D. CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE tdeCert; 6. It is very important to back up the Certificate with the private key once it has been created and to copy it to a secure location other than on the server that it was created on. Which of the following is the correct syntax to back up a Certificate? A. CREATE CERTIFICATE tdeCert WITH SUBJECT = ‘tdeCertificate’; B. BACKUP CERTIFICATE tdeCert TO FILE = ‘path_to_file’ WITH PRIVATE KEY (FILE = ‘path_to_private_key_file’, ENCRYPTION BY PASSWORD = ‘cert password’); C. CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE tdeCert; D. ALTER DATABASE tdedatabase SET ENCRYPTION ON; 7. Which sys catalog view is used to monitor the progress of an encryption scan? A. Sys.configurations B. Sys.certificates C. Sys.key_encryptions D. Sys.dm_database_encryption_keys 8. When transparent data encryption (TDE) is enabled, which of the following system catalog views will the database show as encrypted? A. Sys.databases B. Sys.all_objects C. Sys.all_columns D. Sys.configurations 9. When transparent data encryption (TDE) is enabled, database backups are encrypted. If you cannot locate the associated Certificate and private key files, what happens to the data if you need to restore the encrypted database? A. Everything will be readable since the Certificate and private key can be recreated. Managing Data Encryption • Chapter 5 191 B. The data will not be readable since the Certificate and private key files are lost. C. Only encrypted columns will not be readable. D. Everything will be readable once the database encryption has been turned off in the master database. 10. In which edition of SQL Server 2008 is cell-level encryption available? A. Only in the Enterprise edition B. Only in the Web edition C. Only in the Workgroup edition D. All SQL Server 2008 editions 11. When using cell-level encryption which data type is required in order to encrypt the data? A. VARCHAR B. No special data type is necessary C. BINARY D. VARBINARY 12. What is the query performance impact when using cell-level encryption? A. There is a positive query performance impact since there are only specific columns that are encrypted. B. There is a negative query performance impact since data types have to be converted from varbinary to the correct data type and primary keys and indexes are not used, resulting in full table scans. C. There is a negative query performance impact unless TDE has been enabled. D. There is a positive query performance impact as long as TDE has been enabled. 13. Cell-level encryption is best used in which of the following? A. Performance sensitive situations B. All situations C. Limited access control through the use of passwords situations D. Situations when a password is not needed to access the encrypted data . edition of SQL Server 2008 offers transparent data encryption (TDE)? A. SQL Server 2008 Express B. SQL Server 2008 Standard C. SQL Server 2998 Web D. SQL Server 2008 Enterprise 4. Which SQL Server. is the Service Master Key created? A: The SMK is created during SQL Server setup of the instance. It uses the DPAPI and the SQL Server service credential to generate the SMK. Q: What is the. by SQL Server to protect the service master key (SMK) for the database instance. In TDE, the SMK is used to protect the next level of the SQL Server encryption hierarchy, specifically the database