CompTIA DataSys+ Study Guide E-Book

Table of Contents

Cover

Table of Contents

Title Page

Copyright

Dedication

Acknowledgments

About the Authors

About the Technical Editors

Introduction

The DataSys+ Exam

What Does This Book Cover?

Exam DS0-001 Exam Objectives

DS0-001 Certification Exam Objective Map

How to Contact the Publisher

Assessment Test

Answers to Assessment Test

Chapter 1: Today's Data Systems Professional

Data Drives the Modern Business

Data Systems

Careers in Data Systems

Summary

Chapter 2: Database Fundamentals

Types of Databases

Programming and Database Operations

Summary

Exam Essentials

Review Questions

Chapter 3: SQL and Scripting

Flavors of SQL

Automating Operations

Summary

Exam Essentials

Review Questions

Chapter 4: Database Deployment

Planning and Design

Implementation, Testing, and Deployment

Summary

Exam Essentials

Review Questions

Chapter 5: Database Management and Maintenance

Monitoring and Reporting

Maintenance

Facilitating Operations

Data Management Tasks

Summary

Exam Essentials

Review Questions

Chapter 6: Governance, Security, and Compliance

Data Governance

Identity and Access Management

Data Security

Data Classification

Routine Auditing

Summary

Exam Essentials

Review Questions

Chapter 7: Database Security

Database Infrastructure Security

Database Attacks

Summary

Exam Essentials

Review Questions

Chapter 8: Business Continuity

The Nature of Disaster

Disaster Recovery Planning

Backup and Restore

Summary

Exam Essentials

Review Questions

Appendix: Answers to Review Questions

Chapter 2: Database Fundamentals

Chapter 3: SQL and Scripting

Chapter 4: Database Deployment

Chapter 5: Database Management and Maintenance

Chapter 6: Governance, Security, and Compliance

Chapter 7: Database Security

Chapter 8: Business Continuity

Index

End User License Agreement

List of Tables

Chapter 1

TABLE 1.1 Gigabyte Storage Costs over Time

TABLE 1.2 Highest-Demand Occupations

Chapter 2

TABLE 2.1 Customer Data

TABLE 2.2 Customer and Address Data

TABLE 2.3 Address Data

TABLE 2.4 Address Data with Foreign Key

Chapter 3

TABLE 3.1 Common Data Types

TABLE 3.2 Data Manipulation Language Operations

TABLE 3.3 Customer Table

TABLE 3.4 Address Data

TABLE 3.5 Name and Work Address Result Set

TABLE 3.6 LEFT JOIN Name and Address Result Set

Chapter 4

TABLE 4.1 Availability Targets

TABLE 4.2 Default Database Ports

TABLE 4.3 Default Database Ports

Chapter 5

TABLE 5.1 Common Database Index Types

TABLE 5.2 Effective Date Logic

TABLE 5.3 Initial Phone_Type Data Values

TABLE 5.4 Initial Phone_Type Data Values

Chapter 6

TABLE 6.1 Sample Data Classification Matrix

Chapter 8

TABLE 8.1 Business Impact Analysis

List of Illustrations

Chapter 1

FIGURE 1.1 Analytics is made possible by modern data, storage, and computing...

FIGURE 1.2 Storage costs have decreased over time.

FIGURE 1.3 SQLQuery

Chapter 2

FIGURE 2.1 Sample Customer table

FIGURE 2.2 Sample Address table

FIGURE 2.3 Customer and Address tables

FIGURE 2.4 Key-value sample data

FIGURE 2.5 JSON document sample data

FIGURE 2.6 Data in a graph

FIGURE 2.7 Sample data in CSV form

FIGURE 2.8 Comparing SQL execution plans

Chapter 3

FIGURE 3.1 DDL for sample Customer table

FIGURE 3.2 Sample Address table

FIGURE 3.3 SQL INSERT syntax

FIGURE 3.4 SQL SELECT syntax

FIGURE 3.5 SQL UPDATE syntax

FIGURE 3.6 SQL DELETE syntax

FIGURE 3.7 Two independent sets

FIGURE 3.8 Union of two sets

FIGURE 3.9 Comparing UNION and UNION ALL result sets

FIGURE 3.10 Intersection of two sets

FIGURE 3.11 INTERSECT result set

FIGURE 3.12 Difference between two sets

FIGURE 3.13 Differences between sets

FIGURE 3.14 TCL example

FIGURE 3.15 Illustrating the consistency principle

FIGURE 3.16 Before-update trigger example

FIGURE 3.17 After-update trigger example

FIGURE 3.18 Stored procedure example

FIGURE 3.19 Customer data

FIGURE 3.20 Custom function

FIGURE 3.21 Using a view to restrict access

FIGURE 3.22 Using a view to combine data from multiple tables

FIGURE 3.23 Employee and Order tables

FIGURE 3.24 Server-side and client-side scripts

Chapter 4

FIGURE 4.1 Transactional data sources

FIGURE 4.2 Analytical data sources

FIGURE 4.3 Travel history data

FIGURE 4.4 Direct database integration

FIGURE 4.5 Centralized database integration

FIGURE 4.6 Single database server

FIGURE 4.7 Active-active database cluster

FIGURE 4.8 Active-passive database cluster

FIGURE 4.9 Vertical scaling

FIGURE 4.10 Horizontal scaling

FIGURE 4.11 Conceptual data model

FIGURE 4.12 Entity-relationship diagram line terminators

FIGURE 4.13 Logical data model

FIGURE 4.14 Data in first normal form

FIGURE 4.15 Data in second normal form

FIGURE 4.16 Data in third normal form

FIGURE 4.17 Physical data model

FIGURE 4.18 Package history view

FIGURE 4.19 Physical data model with package history view

FIGURE 4.20 Excerpt of an entity relationship diagram

FIGURE 4.21 One-to-one cardinality

FIGURE 4.22 Many-to-many cardinality

FIGURE 4.23 Resolving a many-to-many relationship

FIGURE 4.24 Flat network

FIGURE 4.25 Network with public and private subnets

FIGURE 4.26 DNS host-name resolution

FIGURE 4.27 Border and internal firewalls

FIGURE 4.28 Firewall rules for web and database traffic

FIGURE 4.29a Range control with referential integrity

FIGURE 4.29b Range control with a check constraint

FIGURE 4.30a Primary key

FIGURE 4.30b Primary key and unique constraint

FIGURE 4.31 Queries with and without bind variables

FIGURE 4.32a Uncovered query

FIGURE 4.32b Covered query

Chapter 5

FIGURE 5.1 Database CPU utilization

FIGURE 5.2 Data load failure notification

FIGURE 5.3 Database replication

FIGURE 5.4 Deadlocked transactions

FIGURE 5.5 Connection pooling

FIGURE 5.6 Load-balanced database

FIGURE 5.7 Load-balanced application and database

FIGURE 5.8 Customer table data dictionary entry

FIGURE 5.9 Updated Customer table data dictionary entry

FIGURE 5.10a Original Customer entity

FIGURE 5.10b Modified Customer entity

FIGURE 5.11 Generating DDL from an ERD in Lucidchart

FIGURE 5.12 Updating a table definition using Oracle SQL Developer Data Mode...

FIGURE 5.13 ALTER TABLE DDL from Oracle SQL Developer Data Modeler

FIGURE 5.14a Customer and Customer_Address ERD

FIGURE 5.14b Customer and Customer_Address UML classes

FIGURE 5.15 Updated Customer table

FIGURE 5.16 New Phone and Phone_Type tables

FIGURE 5.17 Creating duplicate data

FIGURE 5.18 Duplicate resolution process

FIGURE 5.19 Data sharing with shared schemas

FIGURE 5.20 Data sharing with APIs

Chapter 6

FIGURE 6.1 Organizational example

FIGURE 6.2 Access roles over time

FIGURE 6.3 Danger of user-based access

FIGURE 6.4 Sample organization chart

FIGURE 6.5 Sample user group-based roles

FIGURE 6.6 Biometric authentication with a (a) retinal scanner (b) fingerpri...

FIGURE 6.7 Authentication token

FIGURE 6.8 Creating a password in LastPass

FIGURE 6.9 Encrypted network connection

FIGURE 6.10 HTTPS padlock

FIGURE 6.11 Encrypted ETL process

FIGURE 6.12 Data masking ETL process

FIGURE 6.13 Re-identification by combining data sets

Chapter 7

FIGURE 7.1 Cooling equipment on a data center roof

FIGURE 7.2 Network firewalls divide networks into three zones.

FIGURE 7.3 Account number input page

FIGURE 7.4 Account information page

FIGURE 7.5 Account information page after blind SQL injection

FIGURE 7.6 A WAF

FIGURE 7.7 On-path attack

FIGURE 7.8 Windows Defender Antimalware package

Chapter 8

FIGURE 8.1 US earthquake risk map

FIGURE 8.2 Flood hazard map for Miami–Dade County, Florida

FIGURE 8.3 Failover cluster with network load balancing

Guide

Cover

Table of Contents

Title Page

Copyright

Dedication

Acknowledgments

About the Authors

About the Technical Editors

Introduction

Begin Reading

Appendix: Answers to Review Questions

Index

End User License Agreement

Pages

i

v

vi

vii

ix

xi

xiii

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

1

2

3

4

5

6

7

8

9

10

11

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

332

333

CompTIA® DataSys+ Study Guide

Exam DS0-001

Copyright © 2024 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada and the United Kingdom.

ISBNs: 9781394180059 (paperback), 9781394180073 (ePDF), 9781394180066 (ePub)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA and DataSys+ are trademarks or registered trademarks of CompTIA, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and authors have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2023944288

Cover image: © Jeremy Woodhouse/Getty ImagesCover design: Wiley

To Renee. You inspire me to be a better person. Thank you for your love and friendship over the last 25 years. I love you.

—Mike

To Allison, the love of my life. Thank you for accompanying me on life's adventures, for your curious blend of logic and passion, and for your unwavering energy and support. I'm so excited to spend the rest of my life with you.

—Sharif

Acknowledgments

Books like this involve work from many people, and as authors, we truly appreciate the hard work and dedication that the team at Wiley shows. We would especially like to thank senior acquisitions editor Kenyon Brown. We have worked with Ken on multiple projects and consistently enjoy our work with him.

We also greatly appreciated the editing and production team for the book. First and foremost, we'd like to thank our technical editor, John Paul Mueller. John provided us with invaluable insight as we worked our way through the many challenges inherent in putting out a book covering a brand-new certification. We also benefited greatly from the assistance of Shahla Pirnia, whose careful eye helped keep us on track.

We'd also like to thank the many people who helped us make this project successful, including Kathryn Hogan, PhD, our project manager, who brought great talent to the project, and Magesh Elangovan, our content refinement specialist, who guided us through layouts, formatting, and final cleanup to produce a great book. We would also like to thank the many behind-the-scenes contributors, including the graphics, production, and technical teams who make the book and companion materials into a finished product.

Our agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful opportunities, advice, and assistance throughout our writing careers.

Finally, we would like to thank our families who support us through the late evenings, busy weekends, and long hours that a book like this requires to write, edit, and get to press.

About the Authors

Mike Chapple, PhD, Security+, CySA+, CISSP, is author of the best-selling CISSP (ISC)2Certified Information Systems Security Professional Official Study Guide (Sybex, 2021) and the CISSP (ISC)2Official Practice Tests (Sybex, 2021). He is an information technology professional with more than 25 years of experience in higher education, the private sector, and government.

Mike currently serves as teaching professor in the IT, Analytics, and Operations Department at the University of Notre Dame's Mendoza College of Business, where he teaches undergraduate and graduate courses on cybersecurity, data management, and business analytics.

Before returning to Notre Dame, Mike served as executive vice president and chief information officer of the Brand Institute, a Miami-based marketing consultancy. Mike also spent four years in the information security research group at the National Security Agency and served as an active-duty intelligence officer in the US Air Force.

Mike has written more than 30 books. He earned both his BS and PhD degrees from Notre Dame in computer science and engineering. Mike also holds an MS in computer science from the University of Idaho and an MBA from Auburn University.

Learn more about Mike and his other certification materials at his website, CertMike.com.

Sharif Nijim, MS, is an associate teaching professor of IT, Analytics, and Operations in the Mendoza College of Business at the University of Notre Dame, where he teaches undergraduate and graduate courses in business analytics and information technology.

Prior to Notre Dame, Sharif cofounded and served on the board of a customer data-integration company serving the airline industry. Sharif also spent more than a decade building and optimizing enterprise-class transactional and decision support systems for clients in the energy, healthcare, hospitality, insurance, logistics, manufacturing, real estate, telecommunications, and travel and transportation sectors.

Sharif earned both his BBA and his MS from the University of Notre Dame.

About the Technical Editor

John Mueller is a freelance author and technical editor. He has writing in his blood, having produced 124 books and more than 600 articles to date. The topics range from networking to artificial intelligence and from database management to heads-down programming. Some of his current books include discussions of data science, data security, machine learning, and algorithms. His technical editing skills have helped more than 70 authors refine the content of their manuscripts. John has provided technical editing services to various magazines, performed various kinds of consulting, and written certification exams. Be sure to read John's blog at http://blog.johnmuellerbooks.com. You can reach John on the Internet at [email protected]. John also has a website at www.johnmuellerbooks.com. Be sure to follow John on Amazon at www.amazon.com/John-Mueller/e/B000AQ77KK.

Introduction

If you're preparing to take the CompTIA DataSys+ exam, you'll undoubtedly want to find as much information as you can about data and analytics. The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test, but not so much that you'll be overloaded with information that's outside the scope of the exam.

We've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the data field, we recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.

If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.

Don't just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.

The DataSys+ Exam

The DataSys+ exam is designed to be a vendor-neutral certification for data systems professionals and those seeking to enter the field. CompTIA recommends this certification for those currently working, or aspiring to work, in data systems and database administration roles.

The exam covers five major domains.

Database Fundamentals

Database Deployment

Database Management and Maintenance

Data and Database Security

Business Continuity

These five areas include a range of topics, from Structured Query Language (SQL) to scripting and from data security to business continuity, while focusing heavily on scenario-based learning. That's why CompTIA recommends that those attempting the exam have 2–3 years of hands-on work experience, although many individuals pass the exam before moving into their first database administration role.

The DataSys+ exam is conducted in a format that CompTIA calls “performance-based assessment.” This means the exam combines standard multiple-choice questions with other, interactive question formats. Your exam may include several types of questions such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems.

The exam costs $358 in the United States, with roughly equivalent prices in other locations around the globe. More details about the DataSys+ exam and how to take it can be found here:

www.comptia.org/certifications/datasys

You'll have 90 minutes to take the exam and will be asked to answer up to 90 questions during that time period. Your exam will be scored on a scale ranging from 100 to 900, with a passing score of 700.

You should also know that CompTIA is notorious for including vague questions on all of its exams. You might see a question for which two of the possible four answers are correct—but you can choose only one. Use your knowledge, logic, and intuition to choose the best answer and then move on. Sometimes, the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don't let this frustrate you; answer the question and move on to the next one.

CompTIA frequently does what is called item seeding, which is the practice of including unscored questions on exams. It does so to gather psychometric data, which is then used when developing new versions of the exam. Before you take the exam, you will be told that your exam may include these unscored questions. So, if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question. You never really know whether a question is seeded, however, so always make your best effort to answer every question.

Taking the Exam

Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher.

https://store.comptia.org/Certification-Vouchers/c/11293

Currently, CompTIA offers two options for taking the exam: an in-person exam at a testing center and an at-home exam that you take on your own computer.

This book includes a coupon that you may use to save 10 percent on your CompTIA exam registration.

In-Person Exams

CompTIA partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to “Find a test center.”

www.pearsonvue.com/comptia

Now that you know where you'd like to take the exam, simply set up a Pearson VUE testing account and schedule an exam on their site.

On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.

Be sure to review the Candidate Identification policy at www.comptia.org/testing/testing-policies-procedures/test-policies/candidate-id-policy to learn what types of ID are acceptable.

At-Home Exams

CompTIA began offering online exam proctoring in response to the coronavirus pandemic. As of the time this book went to press, the at-home testing option was still available and appears likely to continue. Candidates using this approach will take the exam at their home or office and be proctored over a webcam by a remote proctor.

Because of the rapidly changing nature of the at-home testing experience, candidates who want to pursue this option should check the CompTIA website for the latest details.

After the Data Systems Exam

Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.

What Does This Book Cover?

This book covers everything you need to know to pass the Data Systems exam.

Chapter 1

: Today's Data Systems Professional

Chapter 2

: Database Fundamentals

Chapter 3

: SQL and Scripting

Chapter 4

: Database Deployment

Chapter 5

: Database Management and Maintenance

Chapter 6

: Governance, Security, and Compliance

Chapter 7

: Database Security

Chapter 8

: Business Continuity

Appendix

: Answers to Review Questions

Study Guide Elements

This study guide uses a number of common elements to help you prepare. These include the following:

Summaries

  The summary section of each chapter briefly explains the chapter, allowing you to easily understand what it covers.

Exam Essentials

  The exam essentials focus on major exam topics and critical knowledge that you should take into the test. The exam essentials focus on the exam objectives provided by CompTIA.

Chapter Review Questions

  A set of questions at the end of each chapter will help you assess your knowledge and if you are ready to take the exam based on your knowledge of that chapter's topics.

Interactive Online Learning Environment and Test Bank

The authors have worked hard to create some really great tools to help you with your certification process. The interactive online learning environment that accompanies the CompTIA DataSys+ Study Guide: Exam DS0-001 includes a test bank with study tools to help you prepare for the certification exam—and increase your chances of passing it the first time! The test bank includes the following:

Sample tests

  All the questions in this book are included online, including the assessment test at the end of this Introduction and the review questions at the end of each chapter. In addition, there is a custom practice exam with 90 questions. Use these questions to assess how you're likely to perform on the real exam. The online test bank runs on multiple devices.

Flashcards

  The online text bank includes more than 100 flashcards specifically written to hit you hard, so don't get discouraged if you don't ace your way through them at first. They're there to ensure that you're really ready for the exam. And no worries—armed with the review questions, practice exams, and flashcards, you'll be more than prepared when exam day comes. Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.

Glossary

  A glossary of key terms from this book is available as a fully searchable PDF.

Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.

Like all exams, the DataSys+ certification from CompTIA is updated periodically and may eventually be retired or replaced. At some point after CompTIA is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.

Exam DS0-001 Exam Objectives

CompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry's best practices. They do this by establishing committees for each of its exam programs. Each committee comprises a small group of IT professionals, training providers, and publishers who are responsible for establishing the exam's baseline competency level and who determine the appropriate target-audience level.

Once these factors are determined, CompTIA shares this information with a group of hand-selected subject matter experts (SMEs). These folks are the true brainpower behind the certification program. The SMEs review the committee's findings, refine them, and shape them into the objectives that follow this section. CompTIA calls this process a job-task analysis (JTA).

Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly reflect job requirements. Only then can the SMEs go to work writing the hundreds of questions needed for the exam. Even so, they have to go back to the drawing board for further refinements in many cases before the exam is ready to go live in its final state. Rest assured that the content you're about to learn will serve you long after you take the exam.

CompTIA also publishes relative weightings for each of the exam's objectives. The following table lists the five DataSys+ objective domains and the extent to which they are represented on the exam:

Domain

% of Exam

1.0 Database Fundamentals

24%

2.0 Database Deployment

16%

3.0 Database Management and Maintenance

25%

4.0 Data and Database Security

23%

5.0 Business Continuity

12%

DS0-001 Certification Exam Objective Map

Objective

Chapter

1.0 Database Fundamentals

1.1 Compare and contrast database structure types

Chapter 2

1.2 Given a scenario, develop, modify, and run SQL code

Chapter 3

1.3 Compare and contrast scripting methods and scripting environments

Chapter 3

1.4 Explain the impact of programming on database operations

Chapter 2

2.0 Database Deployment

2.1 Compare and contrast aspects of database planning and design

Chapter 4

2.2 Explain database implementation, testing, and deployment phases

Chapter 4

3.0 Database Management and Maintenance

3.1 Explain the purpose of monitoring and reporting for database management and performance

Chapter 5

3.2 Explain common database maintenance processes

Chapter 5

3.3 Given a scenario, produce documentation and use relevant tools

Chapter 5

3.4 Given a scenario, implement data management tasks

Chapter 5

4.0 Data and Database Security

4.1 Explain data security concepts

Chapter 6

4.2 Explain the purpose of governance and regulatory compliance

Chapter 6

4.3 Given a scenario, implement policies and best practices related to authentication and authorization

Chapter 6

4.4 Explain the purpose of database infrastructure security

Chapter 7

4.5 Describe types of attacks and their effects on data systems

Chapter 7

5.0 Business Continuity

5.1 Explain the importance of disaster recovery and relevant techniques

Chapter 8

5.2 Explain backup and restore best practices and processes

Chapter 8

Exam objectives are subject to change at any time without prior notice and at CompTIA's discretion. Please visit CompTIA's website (www.comptia.org) for the most current listing of exam objectives.

How to Contact the Publisher

If you believe you’ve found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

Assessment Test

Kathleen, a data systems analyst at a midsize tech company, is monitoring and configuring the alerts for the company's cloud-based database. The company wants to manage storage resources effectively to prevent unexpected interruptions. Kathleen wants to set a primary alert related to storage management based on a management-by-exception strategy. Which primary alert should Kathleen set up?

An alert when the database size reaches 70 percent of the total storage capacity

An alert when there's an unusual surge in active users

An alert when the system encounters a sudden increase in error rates

An alert when the database read/write ratio significantly deviates from the normal range

Paige, a database administrator at a multinational company, needs to change the data type of the postal code attribute in the address table to accommodate Canadian addresses, which contain characters and numbers. Which SQL command should she use to achieve this?

ALTER TABLE

DROP TABLE

CREATE TABLE

SELECT

Raseel, a database administrator at a growing company, is responsible for designing and deploying a new database system. She must consider various assets and factors to ensure optimal performance and scalability while adhering to budget constraints. Which of the following factors should Raseel prioritize when acquiring hardware assets for the new database system?

Storage, network bandwidth, and decorative server cases

Processing capacity, memory, storage, and network bandwidth

Number of database administrators, processing capacity, and storage

Open-source software, processing capacity, and memory

Brian is planning to conduct a disaster recovery test. During the test, he will relocate personnel to the hot site, activate the site, and simulate live operations by processing the same data at the hot site as the organization processes at the primary site. The primary site will be taken offline once the test is underway. What type of test is Brian planning?

Parallel test

Structured walk-through

Full-interruption test

Simulation test

Tanika is a data systems analyst at an e-commerce startup working on a class diagram using UML. Which of the following tools best suits her needs?

Microsoft Word

erwin

Google Sheets

Lucidchart

Beth's organization needs to develop policies and procedures to ensure the quality, security, privacy, and regulatory compliance of their data. She would like to identify the appropriate person to lead their data governance activities and work with stakeholders to establish policies and procedures for specific subject area domains. What role in the company would normally be responsible for developing policies and procedures for their data quality, security, privacy, and regulatory compliance and leading their data governance activities?

Data owner

Organizational data steward

Subject area data steward

Data custodian

Hassan is a data systems analyst at a midsize e-commerce company. He notices an increasing number of deadlocks in the company's central transaction processing database, impacting the overall performance. Which steps should Hassan take to prevent deadlocks from occurring frequently?

Start and end transactions explicitly and minimize transaction size.

Increase the number of concurrent connections to the database.

Increase the size of the connection pool.

Increase the time period for reaping and refreshing dead connections.

Jenn is a software developer working on a new flight booking application. She needs to interact with a relational database storing flight data but wants to focus on the application's business logic rather than dealing with complex SQL queries. Which technique would best suit Jennifer's requirements?

Object-oriented programming (OOP)

User experience (UX)

SQL execution plan optimization

Object-relational mapping (ORM)

Hamid is a data systems analyst at an established financial services company. His primary responsibility is to ensure the database system's optimal performance. After observing a constant slowdown in the database's responsiveness, he uses Oracle Enterprise Manager to identify poorly performing queries. Exploring the execution plan for a frequently executed query that supports order processing activities, Hamid sees that the query is doing a full table scan. Hamid realizes that this is causing a bottleneck and decides to take steps to improve this query's performance. Which of the following actions would be most appropriate for Hamid?

Rewrite the query to use joins instead of subselects.

Change the code to use bind variables.

Increase the number of cached sequence values.

Create an index to cover the query.

Caroline is a senior network administrator at a logistics company and is configuring an internal firewall to allow web servers in the perimeter network to connect to a PostgreSQL database in a private network using its default port. Which network port must she open to allow traffic to reach the database?

1521

1433

5432

50000

Samantha is developing an application prototype and needs to store application data in a relational database. Which of the following is the most cost-effective option?

MariaDB

Oracle Enterprise Edition

IBM Db2 Standard

Cassandra

John Paul works for a merchant that frequently handles credit card information. She would like to deploy a security control that can detect the presence of credit card records across a variety of systems. What detection technology would be best-suited for this task?

Watermarking

Pattern matching

Host-based

Network-based

Omar is selecting a fire-suppression system for his organization's data center. He would like to use a technology that deploys water only at specific sprinkler heads when a fire is detected. He hopes that this approach will limit the damage in the facility when water is deployed. What type of system would best meet his needs?

Wet pipe sprinkler system

Dry pipe sprinkler system

Pre-action sprinkler system

Deluge sprinkler system

Omar is a data systems analyst for a large healthcare organization regulated by the Health Insurance Portability and Accountability Act (HIPAA). The vendor has just released a new patch for the company's database software. The patch is not urgent and addresses minor software defects. Omar is wondering when the best time to apply the patch would be. What should Omar do?

Apply the patch immediately in the production environment without testing.

Ignore the patch since it is not urgent and addresses minor software defects.

Test the patch in a nonproduction environment before scheduling a time to apply it in production.

Apply the patch during peak usage hours to ensure maximum user impact.

Sarah is a cybersecurity analyst at an online store. She is tasked with ensuring the security of the store's web applications and database server to prevent SQL injection attacks. Which of the following security measures should Sarah prioritize to protect the web applications and database server against these attacks?

Implement browser-based input validation.

Create an input allow list on the server side.

Create an input deny list for all user inputs.

Deploy a web application firewall only.

Gary is designing a multifactor authentication system to protect a database containing highly sensitive information. The database uses a password authentication approach already. What technology could Gary add to best secure the database?

PIN

Security questions

Fingerprint recognition

Passphrase

Patrizia, a database developer at a midsize company, is in the planning phase of designing a new database. She wants to ensure that the database will meet the needs of its users and applications. Which stakeholders should Patrizia consult to gain insights into business trends and patterns using advanced analytics and predictive models?

Executive management

Data scientists

System administrators

Customers

The backup administrator configures a system to perform full backups on Sundays at 1 a.m. and incremental backups on Mondays through Saturdays at 1 a.m. The system fails on Wednesday at 4 p.m. What backups must be applied?

Sunday only

Sunday and Wednesday only

Sunday, Monday, and Wednesday only

Sunday, Monday, Tuesday, and Wednesday

Fayez manages a team of Java developers and wants an object-relational mapping (ORM) tool to insulate his developers from writing database-specific code. What is his best option?

Hibernate

ActiveRecord

RedBean

Django

Zara is a database administrator at a large corporation. She wants to automate monitoring and maintenance activities on her company's database to improve operational consistency and save time for higher-value tasks. Which type of script would be most suitable for Zara's use case?

Client-side script

ETL

ELT

Server-side script

Answers to Assessment Test

A.  While all of these alerts are relevant to managing a database, this question asks specifically about storage resources, making a surge in active users, an increase in error rates, or a different read/write ratio incorrect. Since database size correlates to storage use, configuring a size-based alert is the best approach, as described in option A.

A.  CREATE TABLE creates a new table, DROP TABLE permanently removes a table, and SELECT retrieves data from a table. Paige should use the ALTER TABLE command to modify the data type of an existing column in the address table.

B.  Decorative server cases are irrelevant to the database system's performance, scalability, or reliability. The number of database administrators is not directly related to hardware acquisition. Open-source software is not a hardware asset. The most appropriate choice is to prioritize processing capacity, memory, storage, and network bandwidth when acquiring hardware assets.

C.  Full-interruption tests activate the alternate processing facility and take the primary site offline. Parallel tests also activate the alternate facility but keep operational responsibility at the primary site. Structured walk-throughs and simulation tests do not activate the alternate site.

D.  As a diagramming tool that supports UML, Lucidchart is Tanika's best option. erwin is a data modeling tool, Microsoft Word is a word processor, and Google Sheets is for maintaining spreadsheets.

B.  The organizational data steward is responsible for developing policies and procedures for an organization's data quality, security, privacy, and regulatory compliance. While data owners work with data stewards to establish policies and procedures for their data domain, they are not responsible for developing policies and procedures for an organization's data quality, security, privacy, and regulatory compliance. Subject area data steward is incorrect because while they work on behalf of their data owner to handle daily tasks and are delegated governance activities, their role is specific to their subject area and not responsible for developing policies and procedures for an organization's data quality, security, privacy, and regulatory compliance. Data custodian is incorrect because their role is to implement technical controls that execute data governance policies, such as configuring applications, dashboards, and databases. While important, they are not responsible for developing policies and procedures for an organization's data quality, security, privacy, and regulatory compliance.

A.  Deadlocks happen when two or more transactions lock a resource the other needs and block each other indefinitely. Starting and ending transactions explicitly and minimizing transaction size are two ways to prevent deadlocks from happening. Since this likely requires code changes, Hassan needs to include developers in this approach. Increasing the size of the connection pool, the time for reaping and refreshing dead connections, or the limit of concurrent connections are ways to address how clients connect to the database and don't directly impact deadlocks.

D.  Object-oriented programming (OOP) makes software more modular, reusable, and scalable. User experience (UX) design focuses on improving a system's ease of use, efficiency, and usefulness. SQL execution plan optimization refers to understanding and optimizing query performance by examining database engine steps to execute a SQL query. Object-relational mapping (ORM) presents relational data as objects in an object-oriented programming language, allowing developers to work with OOP languages like Java, Python, and C++ without writing the underlying database queries.

D.  Creating an index is the best option, as full table scans suggest an index does not cover the query. Rewriting the query to use joins instead of subselects is appropriate if the execution plan shows that the query used subselects inefficiently. Changing the code to use bind variables is appropriate if the optimizer needs to parse the query for each execution. Increasing the number of cached sequence values does not impact full table scans.

C.  The default port for Oracle is 1521, the default for Microsoft SQL Server is 1433, and the default for IBM Db2 is 50000. 5432 is the default port for PostgreSQL.

A.  You have to pay for both Oracle Enterprise Edition and IBM Db2 Standard. While Cassandra is open-source, it is not a relational database. This makes MariaDB the optimal choice.

B.  John Paul should select a pattern recognition system because that technology can easily recognize the presence of data with regular patterns, such as credit card numbers. Watermarking technology would require that the organization mark every record that contains credit card data and would be difficult to use in this scenario. The choice of host-based and/or network-based monitoring depends more on where the data exists than what type of data is used. He would likely use a combination of both host-based and network-based DLP but deploy pattern recognition technology on those platforms.

C.  An appropriate fire suppression system for Omar's needs is a pre-action sprinkler system. This system requires two independent events before water is released, providing an additional layer of protection against accidental water discharge. The first event is the detection of smoke or heat, which opens a valve that fills the pipes with water. The second event occurs when a fire is detected by a separate fire detection system, which opens the sprinkler heads in the affected area to release the water. This approach reduces the risk of water damage caused by accidental sprinkler discharge or leaks. A wet pipe sprinkler system has water constantly in the pipes, which means water will flow from all activated sprinkler heads, potentially causing damage to areas that are not affected by the fire. A dry pipe sprinkler system is similar to a wet pipe system, but with air in the pipes until a fire activates the system. A deluge sprinkler system is designed for high hazard areas, where a large volume of water is needed quickly to suppress fires, and is not suitable for most data center environments.

C.  Testing the patch in a nonproduction environment is the best option. Even though the patch addresses minor defects and isn't time-sensitive, it's still essential to ensure the patch doesn't interfere with the database configuration or client applications before applying it to the production environment. Ignoring the patch could lead to support issues and is not a good choice. Applying the patch in production without testing it first is similarly unwise, as the impact of the patch is unknown.

B.  Creating an input allow list on the server side is the most effective measure to prevent SQL injection attacks, as it specifies the exact type of input expected from users and ensures only valid and safe input is accepted. Deploying a web application firewall only, while providing an additional layer of defense, should not be the sole security measure, as input validation remains the primary defense against injection attacks. Creating an input deny list for all user inputs, or input blacklisting, is less effective than input whitelisting, since attackers may still bypass the blacklist. Implementing browser-based input validation should not be relied upon as a security control, as attackers can easily bypass it.

C.  The system already uses a password, which is a “something you know” factor. Therefore, Gary should add either a “something you have” or “something you are” factor. Fingerprint recognition is a “something you are” (or biometric) authentication factor and would constitute multifactor authenticaiton when combined with a password. The answers to security questions, personal identification numbers (PINs), and passphrases are all “something you know” factors and would not create multifactor authentication when combined with a password.

B.  Executive management is an important stakeholder group that uses data from the database to track operational performance metrics and inform strategic decisions. However, they typically rely on reporting tools and do not perform advanced analytics and predictive modeling directly.

System administrators operate the virtual or physical servers where the database runs, handling tasks such as server sizing and disk-space allocation. While they play a crucial role in the database infrastructure, they do not directly analyze the data or work on predictive models.

Customers typically interact with the database indirectly, using an application to submit orders or retrieve information. They are essential end users of the database but do not perform advanced analytics or develop predictive models.

Data scientists are essential stakeholders to consult during the planning phase of database design, as they use the database to perform advanced analytics, develop predictive models, and gain insights into business trends and patterns. Their input can help shape the database structure to support their analytical work.

D.  With incremental backups, you must first restore the most recent full backup and then apply all incremental backups that occurred since that full backup. Therefore, the administrator must restore the backups from Sunday, Monday, Tuesday, and Wednesday.

A  While all of these are ORM frameworks, Django is for Python, RedBean is for PHP, and ActiveRecord is for Ruby on Rails. Hibernate is an ORM for Java.

D.  Client-side scripts run on a client machine and are vulnerable to connectivity issues. ETL and ELT scripts move data between databases. Server-side scripts run on the database server and are ideal for administrative tasks.