{"id":434,"date":"2021-01-17T05:33:26","date_gmt":"2021-01-16T17:59:48","guid":{"rendered":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0426\/"},"modified":"2021-01-17T05:44:15","modified_gmt":"2021-01-17T05:44:15","slug":"systems-security-certified-practitioner-sscp-question0426","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/ISC\/SSCP\/systems-security-certified-practitioner-sscp-question0426\/","title":{"rendered":"Systems Security Certified Practitioner &#8211; SSCP &#8211; Question0426"},"content":{"rendered":"<div class=\"question\">In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? <br \/><strong><br \/>A.<\/strong> The transactions should be dropped from processing. <br \/><strong>B.<\/strong> The transactions should be processed after the program makes adjustments. <br \/><strong>C.<\/strong> The transactions should be written to a report and reviewed. <br \/><strong>D.<\/strong> The transactions should be corrected and reprocessed.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>C<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nIn an online transaction processing system (OLTP) all transactions are recorded as they occur. When erroneous or invalid transactions are detected the transaction can be recovered by reviewing the logs.<br \/>\nAs explained in the ISC2 OIG: OLTP is designed to record all of the business transactions of an organization as they occur. It is a data processing system facilitating and managing transaction-oriented applications. These are characterized as a system used by many concurrent users who are actively adding and modifying data to effectively change real-time data.<br \/>\nOLTP environments are frequently found in the finance, telecommunications, insurance, retail, transportation, and travel industries. For example, airline ticket agents enter data in the database in real-time by creating and modifying travel reservations, and these are increasingly joined by users directly making their own reservations and purchasing tickets through airline company Web sites as well as discount travel Web site portals. Therefore, millions of people may be accessing the same flight database every day, and dozens of people may be looking at a specific flight at the same time.<br \/>\nThe security concerns for OLTP systems are concurrency and atomicity.<br \/>\nConcurrency controls ensure that two users cannot simultaneously change the same data, or that one user cannot make changes before another user is finished with it. In an airline ticket system, it is critical for an agent processing a reservation to complete the transaction, especially if it is the last seat available on the plane.<br \/>\nAtomicity ensures that all of the steps involved in the transaction complete successfully. If one step should fail, then the other steps should not be able to complete. Again, in an airline ticketing system, if the agent does not enter a name into the name data field correctly, the transaction should not be able to complete.<br \/>\nOLTP systems should act as a monitoring system and detect when individual processes abort, automatically restart an aborted process, back out of a transaction if necessary, allow distribution of multiple copies of application servers across machines, and perform dynamic load balancing.<br \/>\nA security feature uses transaction logs to record information on a transaction before it is processed, and then mark it as processed after it is done. If the system fails during the transaction, the transaction can be recovered by reviewing the transaction logs.<br \/>\nCheckpoint restart is the process of using the transaction logs to restart the machine by running through the log to the last checkpoint or good transaction. All transactions following the last checkpoint are applied before allowing users to access the data again.<br \/>\nWikipedia has nice coverage on what is OLTP: Online transaction processing, or OLTP, refers to a class of systems that facilitate and manage transaction-oriented applications, typically for data entry and retrieval transaction processing. The term is somewhat ambiguous; some understand a &#8220;transaction&#8221; in the context of computer or database transactions, while others (such as the Transaction Processing Performance Council) define it in terms of business or commercial transactions.<br \/>\nOLTP has also been used to refer to processing in which the system responds immediately to user requests. An automatic teller machine (ATM) for a bank is an example of a commercial transaction processing application.<br \/>\nThe technology is used in a number of industries, including banking, airlines, mailorder, supermarkets, and manufacturing. Applications include electronic banking, order processing, employee time clock systems, e-commerce, and eTrading.<br \/>\nThere are two security concerns for OLTP system: Concurrency and Atomicity<br \/>\nATOMICITY In database systems, atomicity (or atomicness) is one of the ACID transaction properties. In an atomic transaction, a series of database operations either all occur, or nothing occurs. A guarantee of atomicity prevents updates to the database occurring only partially, which can cause greater problems than rejecting the whole series outright.<br \/>\nThe etymology of the phrase originates in the Classical Greek concept of a fundamental and indivisible component; see atom.<br \/>\nAn example of atomicity is ordering an airline ticket where two actions are required: payment, and a seat reservation. The potential passenger must either:<br \/>\nboth pay for and reserve a seat; OR neither pay for nor reserve a seat.<br \/>\nThe booking system does not consider it acceptable for a customer to pay for a ticket without securing the seat, nor to reserve the seat without payment succeeding.<br \/>\nCONCURRENCY Database concurrency controls ensure that transactions occur in an ordered fashion.<br \/>\nThe main job of these controls is to protect transactions issued by different users\/applications from the effects of each other. They must preserve the four characteristics of database transactions ACID test: Atomicity, Consistency, Isolation, and Durability. Read <a href=\"http:\/\/en.wikipedia.org\/wiki\/ACID\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/en.wikipedia.org\/wiki\/ACID<\/a> for more details on the ACID test.<br \/>\nThus concurrency control is an essential element for correctness in any system where two database transactions or more, executed with time overlap, can access the same data, e.g., virtually in any general-purpose database system. A well established concurrency control theory exists for database systems: serializability theory, which allows to effectively design and analyze concurrency control methods and mechanisms.<br \/>\nConcurrency is not an issue in itself, it is the lack of proper concurrency controls that makes it a serious issue.<br \/>\nThe following answers are incorrect:<br \/>\nThe transactions should be dropped from processing. Is incorrect because the transactions are processed and when erroneous or invalid transactions are detected the transaction can be recovered by reviewing the logs.<br \/>\nThe transactions should be processed after the program makes adjustments. Is incorrect because the transactions are processed and when erroneous or invalid transactions are detected the transaction can be recovered by reviewing the logs.<br \/>\nThe transactions should be corrected and reprocessed. Is incorrect because the transactions are processed and when erroneous or invalid transactions are detected the transaction can be recovered by reviewing the logs.<br \/>\nReferences:<br \/>\nHernandez CISSP, Steven (2012-12-21). Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 12749-12768). Auerbach Publications. Kindle Edition. and <a href=\"http:\/\/en.wikipedia.org\/wiki\/Online_transaction_processing\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/en.wikipedia.org\/wiki\/Online_transaction_processing<\/a> and <a href=\"http:\/\/databases.about.com\/od\/administration\/g\/concurrency.htm\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/databases.about.com\/od\/administration\/g\/concurrency.htm<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1078,429,3],"class_list":["post-434","post","type-post","status-publish","format-standard","hentry","category-systems-security-certified-practitioner-sscp","tag-choices","tag-question-0426","tag-systems-security-certified-practitioner-sscp"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/434","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/comments?post=434"}],"version-history":[{"count":1,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/434\/revisions"}],"predecessor-version":[{"id":1510,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/posts\/434\/revisions\/1510"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/media?parent=434"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/categories?post=434"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/ISC\/SSCP\/wp-json\/wp\/v2\/tags?post=434"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}