###BeginCaseStudy###
Testlet 1
Overview
Application Overview
Contoso, Ltd., is the developer of an enterprise resource planning (ERP) application.
Contoso is designing a new version of the ERP application. The previous version of the ERP application used
SQL Server 2008 R2. The new version will use SQL Server 2014.
The ERP application relies on an import process to load supplier data. The import process updates thousands
of rows simultaneously, requires exclusive access to the database, and runs daily.
You receive several support calls reporting unexpected behavior in the ERP application.
After analyzing the calls, you conclude that users made changes directly to the tables in the database.
Tables
The current database schema contains a table named OrderDetails. The OrderDetails table contains
information about the items sold for each purchase order. OrderDetails stores the product ID,
quantities, and discounts applied to each product in a purchase order. The product price is stored in a
table named Products.
The Products table was defined by using the SQL_Latin1_General_CPl_CI_AS collation. A column named
ProductName was created by using the varchar data type.
The database contains a table named Orders. Orders contain all of the purchase orders from the last 12
months. Purchase orders that are older than 12 months are stored in a table named OrdersOld.
Stored Procedures
The current version of the database contains stored procedures that change two tables. The following shows
the relevant portions of the two stored procedures:
Customer Problems
Installation Issues
The current version of the ERP application requires that several SQL Server logins be set up to function
correctly. Most customers set up the ERP application in multiple locations and must create logins multiple
times.
Index Fragmentation Issues
Customers discover that clustered indexes often are fragmented. To resolve this issue, the customers
defragment the indexes more frequently.All of the tables affected by fragmentation have the following columns that are used as the clustered index key:
Backup Issues
Customers who have large amounts of historical purchase order data report that backup time is unacceptable.
Search Issues
Users report that when they search product names, the search results exclude product names that contain
accents, unless the search string includes the accent.
Missing Data Issues
Customers report that when they make a price change in the Products table, they cannot retrieve the price that
the item was sold for in previous orders.
Query Performance Issues
Customers report that query performance degrades very quickly. Additionally, the customers report that users
cannot run queries when SQL Server runs maintenance tasks.
Import Issues
During the monthly import process, database administrators receive many supports call from users who report
that they cannot access the supplier data. The database administrators want to reduce the amount of time
required to import the data.
Design Requirements
File Storage Requirements
The ERP database stores scanned documents that are larger than 2 MB. These files must only be accessed
through the ERP application. File access must have the best possible read and write performance.
Data Recovery Requirements
If the import process fails, the database must be returned to its prior state immediately.
Security Requirements
You must provide users with the ability to execute functions within the ERP application, without having direct
access to the underlying tables.
Concurrency Requirements
You must reduce the likelihood of deadlocks occurring when Sales.Proc1 and Sales.Proc2 execute.
###EndCaseStudy###
You need to recommend a solution that addresses the security requirement.
What should you recommend?
A.
Revoke user permissions on the tables. Create stored procedures that manipulate data. Grant the users the
EXECUTE permission on the stored procedures.
B.
Grant the users the SELECT permission on the tables. Create views that retrieve data from the tables.
Grant the users the SELECT permission on the views.
C.
Deny the users SELECT permission on the tables. Create views that retrieve data from the tables. Grant the
users the SELECT permission on the views.
D.
Deny the users the SELECT permission on the tables. Create stored procedures that manipulate data.
Grant the users the EXECUTE permission on the stored procedures.
Explanation:
* Security Requirements
You must provide users with the ability to execute functions within the ERP application, without having direct
access to the underlying tables.