To solve this question, the user needs to understand the concept of security in database applications and the limitations of username/password access controls.
Option A: Sufficient to secure the application
This option is incorrect because relying solely on username/password access controls is not sufficient to secure a database application. While these controls can provide a basic level of security, they can be easily bypassed by attackers using techniques like brute force attacks or social engineering. Therefore, additional security measures are needed to ensure the safety of the application.
Option B: Sufficient only when combined with other controls
This option is correct. Username/password access controls can be an effective security measure when combined with other controls such as data encryption, firewalls, and intrusion detection systems. By layering multiple security measures, the application becomes more difficult to compromise and provides a higher level of protection against unauthorized access.
Option C: Sufficient if the passwords are longer than six characters
This option is incorrect. While longer passwords are generally more secure than shorter ones, the length of a password alone is not sufficient to secure a database application. Passwords can still be guessed or cracked using other techniques, and therefore additional security measures are needed to provide adequate protection.
Option D: Sufficient if none of the users have administrative access
This option is incorrect. Even if none of the users have administrative access, the application can still be compromised through other means such as SQL injection attacks or phishing scams. Therefore, additional security measures are needed to ensure the safety of the database application.
The Answer is: B