PREVIOUS YEAR SOLUTION : 2021

2.(a) List five responsibilities of the database manager. For each

responsibility, explain the problem that would arise if the
responsibility were not discharged.

Ans:- The five Responsibilities of the database manager are as follows.

1.Data Security and privacy
2. Database Performance and Optimization
3. Data Integrity and Consistency
4. Database Design and Schema Management
5. Backup and Recovery

om
1. Data Security and Privacy: Responsibility: A database manager is

.c
responsible for ensuring the security and privacy of the data stored in

i ty
the database. This includes implementing access controls, encryption

rs
mechanisms, and backup and recovery procedures.
ve
ni
Problem: If this responsibility is not discharg
discharged, the database becomes
gu

vulnerable to unauthorized access, data breaches, and privacy violations.

rin

Sensitive information could be exposed, leading to legal and reputational

ee

consequences for the organization.

in
ng

2. Database Performance and Optimization: Responsibility: The

database manager is responsible for monitoring and optimizing the
re

performance of the database system. This involves tuning database

ha

configurations, indexing data, and optimizing queries to ensure

bi

efficient and fast data retrieval.

Problem: If this responsibility is neglected, the database performance may

suffer, resulting in slow response times, increased latency, and degraded
user experience. Inefficient queries and lack of optimization can also lead to
excessive resource consumption, affecting overall system performance.

3. Data Integrity and Consistency: Responsibility: Maintaining data

integrity and consistency is crucial for a database manager. They
ensure that data is accurate, valid, and consistent by enforcing
 integrity constraints, implementing validation rules, and performing
data quality checks.

Problem: If data integrity and consistency are not upheld, it can lead to
incorrect and unreliable information. Inaccurate data can result in poor
decision-making, operational inefficiencies, and loss of trust in the database
system.

4. Database Design and Schema Management: Responsibility: The

database manager is responsible for database design and schema
management. They define the database structure, create tables,
establish relationships, and
nd manage schema changes as needed.

om
Problem: If this responsibility is not fulfilled properly, it can result in poor
database design, inefficient data storage, and difficulties in data retrieval.

.c
ty
Inconsistent or inappropriate schema changes may lead to dat data corruption,

i
data loss, and compatibility issues with applications.

rs
ve
5. Backup and Recovery: Responsibility: The database manager is
ni

responsible for establishing backup and recovery strategies to ensure

gu

data availability and business continuity. This includes regularly

rin

backing up the database and testing the recovery procedures.

ee
in

Problem: If backup and recovery procedures are neglected, the

ng

organization becomes vulnerable to data loss due to hardware failures,

software glitches, natural disasters, or malicious activities. Without proper
re

backups, recovering from such incidents becomes extremely challenging,

ha

potentially leading to significant data loss and operational disruptions.

bi

2.(b) Consider a two dimensional integer array of size name that

is to be used in your programming language. Using the array as
an example, illustrate the difference (i) between the three levels
data abstraction and (ii) between a schema and instances.
Ans:- (i) Difference between the three levels of data abstraction using a
two-dimensional integer array as an example:

1. Physical Level: This level deals with the actual storage and
organization of data in the system. In the case of a two-dimensional
integer array, the physical level would involve the representation of
 the array in memory, specifying how the elements are stored, their
addresses, and the low-level details of accessing and manipulating
the array.
2. Logical Level: The logical level focuses on the conceptual
representation of data and the relationships between different
elements. For the array, the logical level would define the structure
and meaning of the array. It would specify the size, dimensions, and
indexing scheme of the array, allowing programmers to access and
manipulate the elements based on their logical properties rather than
the physical storage details.
3. View Level: The view level provides a customized or simplified
representation of the data for specific users or applications. It allows
users to see a subset of the data or a different perspective based on

om
their needs. In the case of the array, different views might be created

.c
to display specific rows or columns, filter elements based on certain

ty
conditions, or present the data in a specific format.

i
rs
ve
(ii) Difference between a schema and instances using a two
two-dimensional
ni
integer array as an example:
gu

1. Schema: A schema is a blueprint or a formal definition that describes

rin

the structure, organization, and constraints of a database or data

ee

model. It defines the logical and physical design aspects of the data.
in

In the case of the array, the schema would specify the number of
ng

rows and columns, the data type of the elements, any constraints or
re

rules on the values, and other metadata related to the array.

ha

2. Instances: An instance refers to the actual data that conforms to the

bi

schema. It represents a specific snapshot or set of values stored in the

database or data structure. In the context of the array, an instance
would be an actual array created in memory or stored in a database,
containing the specific integer values in each cell according to the
defined schema. Instances can change over time as data is inserted,
updated, or deleted.

In summary, the three levels of data abstraction (physical, logical, and view)
represent different perspectives or layers of understanding and
manipulating data. The schema defines the structure and constraints of the
data, while instances are the actual data conforming to the schema,
representing specific snapshots or values at a given time.
:3. Construct an E-R diagram for a car insurance company that
has a set of customers , each of whom owns one or more cars.
Each cars has associated with it zero to any number of recorded
accidents.
Ans:- Customers entity represents the customers of the insurance
company. It has attributes like CustomerID (primary key), Name,
Address, Phone, and Email.
Cars entity represents the cars owned by the customers. It has
attributes like CarID (primary key), Model, Year, and OwnerID

Accidents entity represents the recorded accidents associated with

the cars. It has attributes like AccidentID (primary key), Date, Location,

om
and Description.
Relationships:

.c
The relationship between Customers and Cars is a one one-to-many

ty
relationship, as a customer can own one or more cars.

i
rs
ve
The relationship between Cars and Accidents is also a one
one-to-
ni
many relationship, as a car can have zero to many recorded
gu

accidents.
rin

This E-R
R diagram represents the basic structure and
ee

relationships between customers, cars, and accidents in the car

in

insurancee company.
ng
re
ha
bi
The E-R Diagram for given Question are as follows.

Name

Address
CustomerId

Email CUSTOMER Phone

om
.c
Owns

tyi
rs
CarId M ve OwnerId
ni
gu

CAR
C AR Model
rin

Year
ee

1
in
ng
re

Has
ha

Date
bi

Description
M

AccidentId ACCIDENT Location

4.(a). What are DDL and DML? Explain with the help of
examples.
Ans:- DDL and DML are two subsets of SQL (Structured Query Language) used for
managing databases. They serve different purposes in manipulating the database schema and
data, as explained below:

1. DDL (Data Definition Language): DDL is used to define and modify the structure of
the database schema. It includes commands for creating, altering, and deleting
database objects such as tables, indexes, views, and constraints. DDL statements are
used to define the structure and properties of the database.

Examples of DDL statements:

om
CREATE TABLE: Used to create a new table in the database. For example

.c
CREATE TABLE Customers (

ty
CustomerID INT PRIMARY KEY,

i
Name VARCHAR(50),

rs
Address VARCHAR(100) ve
);:
ni
ALTER TABLE: Used to modify the structure of an existing table. For
gu

example, adding a new column too the Customers table:

ALTER TABLE Customers
rin

ADD ContactNo VARCHAR(20);

ee

DROP TABLE: Used to delete an existing table and its data. For example:
in

DROP TABLE Customers;

ng

2. DML (Data Manipulation Language): DML is used to manipulate and

re

retrieve data within the database. It includes commands for inserting,

ha

updating, deleting, and querying data stored in the tables. DML

bi

statements focus on the actual data manipulation rather than the structure.

Examples of DML statements:

INSERT INTO: Used to insert new records into a table. For example:
INSERT INTO Customers (CustomerID, Name, Address)
VALUES (1, 'John Doe', '123 Main St');
UPDATE: Used to modify existing data in a table. For example, updating the
address for a customer:
UPDATE Customers
SET Address = '456 Elm St'
WHERE CustomerID = 1;
DELETE FROM: Used to delete records from a table. For example,
deleting a customer record:
DELETE FROM Customers
WHERE CustomerID = 1;
SELECT: Used to retrieve data from one or more tables based on
specific conditions. For example, selecting all customers:
SELECT * FROM Customers;

4.(b). Explain the following operations with the help of examples.

(i)Set of Intersection operation.
(ii)Natural Join operation.

om
(iii)Division operation.

.c
Ans:-(i) Set of intersection operation:- In database management systems

i ty
(DBMS), the set intersection operation is used to retrieve the common elements

rs
or rows from two or more sets or tables. It returns a new set that contains only
ve
the elements or rows that exist in all the input sets.
ni
gu

Let's considerr an example to illustrate the set intersection operation:

rin

Suppose we have two tables: Customers and Orders.

ee
in

Customer Table:-
ng
re
ha
bi

ID NAME

1. Deepak

2. Vandna

3. Atul
Order Table:-
Id Product
1. Mobile
2. Cooler
3. Laptop
4. A.C
Now, let's say we want to find the customers who have placed orders. We can
perform a set intersection operation between the Customers table and the Orders
table based on a common attribute, which is the ID .

The result of the set intersection operation will be:

ID NAME
A ME
AM

om
1. Deepak

.c
2. Vandna

i ty
3. Atul
rs
ve
ni
gu
rin
ee

(ii)ans:- Natural Join Operation:-

Operation: In database management
in

systems (DBMS), a natural join operation is used to combine two or more tables
ng

based on their matching column names. It automatically determines the columns

re

with the same name in the participating tables and combines the rows that have
ha

matching values in those columns.

bi

Let's consider an example to illustrate the natural join operation:

Suppose we have two tables: Customers and Orders

-
Id Name Country
1. Deepak India
2. Suraj Australia
3. Atul England
Order Table:-
Id Product Date
1. Laptop 2022
2. Mobile 2023
3. Cooler 2015
The result of the natural join operation will be:-
Id Name Country Product Date
1 Deepak India Laptop 2022
2 Suraj Australia Mobile 2023

om
3 Atul England Cooler 2015

.c
i ty
rs
ve
(iii)Ans:- Division Operation:- In database management systems
ni

(DBMS), the division operation is a relational algebra operation used to find

gu

records in one table that match all values in another table. It is typically used
rin

when you want to identify entities in one table that are associated with all
ee

entities in another table based on certain conditions.

in

The division operation is performed by comparing two tables and retrieving the
ng

records from one table that have a matching relationship with all records in the
re

other table.
ha

Let's consider an example to illustrate the division operation:

bi

Suppose we have two tables: Employees and Projects.

Employee Table:-
Employee-Id Employee-Name
1. Deepak
2. Suraj
3. Atul
Project Table:-
Project-Id Project-Name
101. Project1
102. Project2
103. Project3
Let's say we want to find employees who are assigned to all projects.

To perform the division operation, we need to find tuples in the Employees

relation that match all tuples in the Projects relation based on the ProjectID

om
attribute.

.c
The division operation Employees ÷ Projects, in this case, would yield the

ty
following result:

i
rs
ve
Result table:-
ni

Employee-Id Employee-Name
gu

1. Deepak
rin
ee

The result shows that only employee John (EmployeeID 1) is assigned to all
in

projects (ProjectID 101, 102, and 103). Employee Jane (EmployeeID 2) is not
ng

assigned to ProjectC (ProjectID 103), and employee Alex (EmployeeID 3) is

re

not assigned to ProjectA (ProjectID 101).

ha

So, the result of the division operation gives us the employee(s) who are
bi

assigned to all projects .

5(a)What are the difference between in Primary index and

secondary index?

Ans:- In a database management system, primary and secondary indexes

are used to improve the efficiency of data retrieval operations. The main
differences between primary indexes and secondary indexes are as follows:

1. Definition:
 Primary Index: A primary index is a type of index that is based
on the primary key of a table. It uniquely identifies each record
in the table.
Secondary Index: A secondary index is an index that is created
on a non-key attribute of a table. It provides an alternate path
to access the data and is not based on the primary key.
2. Key Attributes:
Primary Index: It is based on the primary key attribute of a
table. The primary key is a unique identifier for each record in
the table.
Secondary Index: It is based on non-key attributes of a table.
These attributes may not have unique values and can be used
for efficient searching or sorting operations.

om
3. Uniqueness:

.c
Primary Index: It guarantees the uniqueness of the index entries

ty
as it is based on the primary key.

i
rs
Secondary Index: It does not guarantee the uniqueness of index
ve
entries as it is created on non-
non-key
non -key attributes that may have
ni
duplicate values.
gu

4. Number of Indexes:
in

Primary Index: Only one primary index can be created on a

er

table as it is based on the primary key, which is unique.

Secondary Index: Multiple secondary indexes can be created on
a table. Each secondary index is associa
associated with a specific non-
key attribute.
re

5. Storage Overhead:
ha

Primary Index: It requires additional storage space as the index

bi

entries are stored separately from the actual table data.

Secondary Index: It also requires additional storage space for
index entries.
6. Impact on Insertion and Modification:
Primary Index: As it is based on the primary key, any change to
the primary key may require reorganization of the entire table
and index.
Secondary Index: It does not have a direct impact on the table
structure, so changes to non-key attributes do not affect the
index or table organization.
7. Query Performance:
 Primary Index: It is generally efficient for accessing individual
records based on their primary key values.
Secondary Index: It can improve the performance of queries
involving non-key attributes, allowing for efficient searching
and sorting.
6.Show that the two phase locking protocol ensures conflict
serializability and that transaction can be serialized according to
their lock points.
Ans:- The two-phase locking protocol (2PL) is a concurrency control
protocol used in database systems to ensure serializability and prevent
conflicts between transactions. It consists of two phases: the growing phase
and the shrinking phase. Let's examine how 2PLL ensures conflict

om
serializability and allows transactions to be serialized based on their lock
points.

.c
ty
1. Conflict Serializability:

i
rs
Two transactions conflict if they access the same data item and
ve
at least one of them performs a write operation. Conflict can
ni
lead to data inconsistency and incorrect results.
gu

2PL ensures conflict serializability by requiring transactions to

rin

acquire and release locks in a strict order. Each transaction

ee

must follow a protocol of acquiring locks before accessing data

and releasing locks after completing its operation.
in
ng

During the growing phase, a transaction acquires all the locks it

needs to complete its execution. Once a transaction releases a
re

lock in the shrinking phase, it cannot acquire any new locks.

ha

By enforcing the strict ord

ordering of lock acquisitions and
bi

releases, 2PL guarantees that conflicting transactions are

serialized in a way that avoids data inconsistencies.
2. Serialization based on Lock Points:
Lock points refer to the moments when a transaction acquires
all the required locks. Transactions can be serialized based on
their lock points, ensuring a consistent and correct execution
order.
In 2PL, a transaction cannot release any locks until it completes
its execution. This property allows transactions to maintain their
lock positions and ensures serialization based on lock points.
 Consider two transactions T1 and T2, where T1 acquires locks
before T2. If T1 acquires all its required locks (lock point) before
T2 starts acquiring its locks, then T1's execution will be
serialized before T2's execution.
Serialization based on lock points ensures that transactions do
not interfere with each other, preventing conflicts and
maintaining data consistency.
7(a).Make a list of security concerns for a bank. For each item on
your list, state whether this concern relates to physical security ,
human security, operating-system security or database security.
Ans:- Here's a list of security concerns for a bank, along with their corresponding
security categories:

om
1. Unauthorized accesss to bank premises: Physical security

.c
2. Theft or robbery of cash and assets: Physical security

ty
3. Employee misconduct or fraud: Human security

i
4. Social engineering attacks targeting bank employees: Human security

rs
5. Insider threats or unauthorized access to customer data: Human security,
ve
database security
ni
6. Breach of customer privacy and confidentiality: Database security
gu

7. Malware or hacking attacks on banking systems: Operating-system

Operating security,
rin

database security
8. Data breaches and unauthorized access to sensitive customer
custom information:
ee

Database security
in

9. Phishing attacks targeting customers' login credentials: Human security,

ng

operating-system
system security
10.ATM
ATM skimming and card cloning: Physical security, operating-system
operating
re

security
ha

11.Denial
Denial of Service (DoS) attacks on online banking
banki systems: Operating-
bi

system security, database security

12.Vulnerabilities in software applications and systems: Operating-system
security, database security
13.Insider trading and market manipulation: Human security
14.Compliance with regulatory requirements and anti-money laundering
(AML) regulations: Human security, database security
15.Physical security of data centers and backup facilities: Physical security

It's important to note that some security concerns can fall into multiple categories,
as they may involve a combination of physical security, human security, operating-
system security, and database security. Banks need to address these concerns
comprehensively to ensure the overall security of their operations and protect
customer data and assets.
7(b).Explain web and distributed database with the help of
example.
1. Ans:- Web Database: A web database is a database that is specifically
designed to be accessed and utilized by web applications and websites. It
allows users to store and retrieve data over the internet through web
browsers. Web databases are typically used to manage dynamic content,
user information, and other data required for web-based applications.
Examples of web databases include MySQL, PostgreSQL, and MongoDB.

For example, consider an e-commerce website that needs to store and retrieve
product information, user profiles, and order details. The website can use a web
database to store this data. When a user visits the website and performs an action
such as adding items to a shopping cart or making a purchase, the web application
interacts with the web database to retrieve and update the necessary data.

om
2. Distributed Database: A distributed database refers to a database system in

.c
which data is spread across multiple physical locations or nod
nodes. Each node

ty
in the distributed database may store a subset of the data, and the nodes are

i
rs
connected through a network. The distributed nature of the database allows
ve
for improved scalability, fault tolerance, and performance. Examples of
ni
distributed databases
ases include Apache Cassandra, Amazon DynamoDB, and
gu

Google Spanner.
rin

For example, consider a multinational corporation with offices in different

ee

countries. Each office has its own database server storing regional data.
in

Instead of maintaining separate databa

databases, the corporation can implement
ng

a distributed database system where each office's database server is a node

re

in the distributed database. This allows employees in any office to access

ha

and manipulate data from any other office, providing a centralized and
consistent view of the corporation's data across all locations.
bi

9.Write short note on any one of the following.

(a) SQL Injection
(b) Database Recovery
Ans:- (a) SQL Injection:- SQL injection is a security vulnerability that
occurs when an attacker manipulates user input to execute malicious SQL
statements within an application's database query. It allows the attacker to
bypass security measures and gain unauthorized access to the database or
perform unauthorized operations. SQL injection can have severe
consequences, such as data theft, modification, or even complete database
compromise.
Here's a high-level overview of how SQL injection works and some
preventive measures:

1. Exploiting SQL Injection:

The attacker identifies a vulnerable application that doesn't
properly validate or sanitize user input before using it in SQL
queries.
The attacker then injects malicious SQL code as part of the user
input to manipulate the intended SQL query's logic or execute
additional SQL statements.
2. Examples of SQL Injection:
Login Bypass: Attacker inputs in a username or
password field, causing the SQL query to always evaluate to

om
true and bypass the login authentication.

.c
Union-Based
Based Attack: Attacker uses the keyword to inject

ty
additional queries and retrieve data from other database tables.

i
rs
Database Modification: Attacker injects SQL statements to
ve
delete, update, or insert unauthorized data into the database.
ni
Database recovery refers to the process of restoring a database to a
gu

consistent and usable state after a failure or a system crash. It involves

rin

recovering data that was in-flight

flight or in a partially updated state at the time
of the failure
ilure and ensuring that the database remains in a consistent state.
ee
in

The recovery process typically consists of the following steps:

ng
re

1. Identification of Failure: The first step is to identify the type and

ha

extent of the failure. Failures can include hardware failures, software

bi

crashes, power outages, or human errors.

2. Analysis of Transaction Logs: Transaction logs play a crucial role in
database recovery. They record the sequence of database operations,
such as updates, inserts, and deletes, before they are committed. By
analyzing the transaction logs, the recovery process can determine
which operations were completed, which were in progress but not
committed, and which were yet to begin at the time of failure.
3. Undo Phase (Rollback): In the undo phase, the recovery process rolls
back incomplete or uncommitted transactions by applying undo
operations. The undo phase restores the database to the state it was
in before the failed transactions started, thereby maintaining data
consistency.
4. Redo Phase: In the redo phase, the recovery process applies redo
operations to bring the database up to the point of failure. Redo
operations reapply changes that were committed but may not have
been written to the database due to the failure. This ensures that all
committed transactions are properly reflected in the recovered
database.
5. Consistency Checks: After the undo and redo phases, the recovered
database undergoes consistency checks to ensure that all integrity
constraints are satisfied and that the data is in a valid and consistent
state.
6. Bring the Database Online: Once the recovery process is complete
and the database is consistent, it can be brought back online,
allowing users and applications to access and operate on the

om
recovered data.

.c
i ty
rs
ve
ni
gu
rin
ee
in
ng
re
ha
bi