MCQ From T215B FINALs ( 2012 To 2017 ) Version_1

1. To align two fingerprints effectively in a matching process, a reference point known as

___________is often used.
a. Principle. b. Vertex. c. Core. d. Edge.
2. ____________refers to incorrectly believing that two given sets of biometric data are not matched.
a. False acceptance b. False positive. c. False non-match d. False match.
3. Authentication of the server like the bank with the client like the client’s computer is achieved using
__________setup procedure between an HTTPS protected server and a client. *
a. TCP/IP b. TLS/SSL c. WEP/WPA d. SMTP/SOA
4. One of the following does not affect the level of security afforded during a TLS/SSL session.
a) Communication data rate b) The version of TLS/SSL
c) Authentication of the digital certificate d) The browser application
5. The level of security afforded during a TLS/SSL session is affected by the following(s):
a. The browser application. b. Authentication of the digital certificate.
c. The version of TLS/SSL. d. All of the above.
6. _____________that may include key-loggers and Trojans is generally downloaded from compromised
websites and email attachments. They can send “harvested” information to fraudsters.
a. Skimming. b. DOS attack. c. Malware. d. Eavesdropping.
7. One of attributes of the CRIAC framework which is interpreted as suitable accessibility and ease of use is__
a. Acceptability b. Reliability c. Identity d. Convenience
8. One of attributes of the CRIAC framework which is related to a feature or service working as expected, when
expected and with acceptable accuracy is____________.
a. Acceptability b. Reliability c. Identity d. Convenience
9. An important point to bear in mind when considering ________ is that it is not constant over time. *
A. Convenience B. Identity C. Reliability D. Acceptability
10. One of the following is not a form of privacy.
a) reliability b) confidentiality c) anonymity d) identity
11. Identity can be established from:
A- Something you are B- Something you know C- Something you have D- All of the above
12. _________ .Consists of small rapid fluctuations of the atmospheric air pressure that surrounds us.
a. Pixel b. Sound c. Image d. Weight
13. Adding two sinewaves having the same frequency and peak amplitude and that are ______ results in
complete cancellation of one wave by the other one. * OR
When there is an exact one half cycle difference in the waves, they are said to be: OR
The figure below shows two sinewaves, (a) and (b), that are _________________

a. Completely in phase. b. Identical phase c. Completely out of phase d. Similar phase

14. The condenser microphone and the electret microphone are two types of microphone that use the effect of_
a. Electrostatic induction. b. Electromagnetic induction c. Electrodynamic induction d. Optical induction.
15. Which type(s) of microphone(s) use the electrostatic induction physical effect?
a) The condenser microphone b) Moving coil Microphones c) Piezoelectric Microphone d) All of the above
16. A microphone that uses__________is called a moving-coil or dynamic microphone.
a. Electrostatic induction. b. Electromagnetic induction c. Electrodynamic induction d. Optical induction.
17. ______________ .exploit the phenomenon that certain types of insulating materials can develop an
electric charge when they are mechanically deformed.
A- Electrostatic induction B- Electromagnetic induction C- Electret microphone D- Piezoelectric transducer
18. When the minimum sampling rate is not respected, another sinewave with a lower frequency can be drawn
through these samples. This phenomenon is known as____________.
a. Amplification. b. modulation c. Aliasing d. Boosting
19. __________ .is a tool for video production that provides ways of creating, editing and processing videos. *
a. Compiler b. Interpreter. c. Paintbrush d. AviSynth
20. When some fingerprints from the same finger can be different, then this is called _______.
a. Large Intra-class differences. b. Large Inter-class differences. c. Large Mean-class differences. d. Large
Range-class differences.
21. _____terminals allow customers to pay for groceries, fuel, or tickets, for example, using debit or credit cards.
a. eTEL b. eCOM c. ePOS d. eCAB
22. _____________is the duration of one cycle which is the time interval between any two corresponding
points on consecutive cycles of the pressure wave.
a. Frequency b. Period c. Amplitude d. Power
23. For a sound wave, a linear progression of pitch turns out to be a _____________progression of frequency
a. Additive. b. Multiplicative. c. Subtractive d. divisible
24. The sampling frequency should be at least _________ the highest frequency contained in the sound signal.
a. Half b. Same as c. Twice d. 1.5 times
25. The method of trying all possible combinations in a key space is known as______________
a. Denial of service attack. b. Brute force attack. c. Quantum attack. d. IP sec attack.
26. In ____________, encryption and decryption are performed using a single key or, two keys that are so closely
related to each other mathematically
a. Symmetric key system b. Asymmetric key system. c. Antisymmetric key system d. Public key system
27. ___________are points in a fingerprint where ridge lines discontinue abruptly from their original path
a. Minutiae. b. Pixel. c. Edge. d. Slope
28. What is the wavelength of a sound wave generated by the tuning fork having a frequency of 420 Hz? Take the
speed of sound to be 340 meters per second.
a. 1.235 m b. 0.532 m c. 1.453 m d. 0.809 m
29. When the encryption process systematically manipulate a symbol (or a group of symbols) in the plaintext to
produce a different symbol (or group of symbols), which becomes the ciphertext, this is known
as________________
a. Transposition cipher. b. Substitution cipher. c. Matrix cipher. d. Vector cipher.
30. Encryption provides mechanism for _______________which is ensuring that the identities of people and
things are correct.
a. Integrity. b. Confidentiality. c. Authentication. d. Eavesdropping.
31. Europay, MasterCard and Visa (EMV) chip and PIN variants use _________ to keep data private.
a) Cryptography b) Encryption c) Integrity d) All of the above
32. _______________.is a family of standards that specifies how organizations should achieve the required
standards of information using Information Security Management Systems *
a. ISO/IEC 27000 b. ISO 7000 c. IPsec d. TCP/IP
33. _______is where potential victims are lured into following links to fake websites where they are encouraged
to reveal personal details or information such as passwords, PINs or security codes, which fraudsters
subsequently use. *
a. MITM attack b. Malware. c. Phishing. d. skimming
34. A motion which repeats itself regularly is known as________________.
a. Cyclic motion. b. Oscillatory motion. c. Periodic motion. d. All of the above.
35. ____________ is a device that converts energy from one form to another
a. Accelerator. b. Transducer. c. Amplifier. d. Rectifier.
36. In the context of software programs, a ____________ is a collection of instructions and statements that are
interpreted, one by one, by the program in order to perform some task.
a. Script. b. Multiplexer. c. Encoder. d. Compiler
37. Calculate the numerical code value for the second digraph in the word ‘good’.
367 OR
Calculate the numerical code value for the first digraph in the word ‘good’.
170
38. The hash function, encrypted with the sender’s private key, is referred to as ___________ *
a) Message Digest b) Authentication c) Digital Signature d) Integrity
39. In a fingerprint, the fine intra-ridge details are of interest of______________ *
a) Global Level b) Local Level c) Micro levels d) Nano level
40. One of the Matching difficulties of fingerprint matching process is the Small interclass differences, which
means _____________ *
a) Some fingerprints from same finger can be different.
b) Some fingerprints from different fingers can be different.
c) Some fingerprints from same finger can be similar.
d) Some fingerprints from different fingers can be similar
41. Some sorts of loudspeakers, which found in small portable radios, have the bass response severely lacking.
And so, low-pitched sounds played through such loudspeakers will not be heard as loud as they should be.
This is due to?
a) Audio compression b) Unintentional equalization c) Hum d) Audible noise
42. _________is an effect only heard with music, and occurs when a number of similar instruments or voices
play/sing the same tune together. *
a) Chorus b) Reverberation c) Echo d) Hum
43. In a safe organisation such as banks, ______________ relate(s) to categorizing data within files in a way that
is appropriate to the data’s sensitivity.
a) firewalls b) contingency measures c) Data leakage protection d) Antivirus
44. ______________is a best-practice framework for IT governance and infrastructure in organisations.
a) TLS b) IPsec c) ITIL d) SSL
45. ________includes the protocols, policies, procedures and organisations that provide the public key services
*
a) Asymmetric Key Infrastructure b) Public Key Infrastructure c) A Certification Authority d) A Digital
Certificate
46. The branch of science concerned with the concealment of information
A. Cryptanalysis B. Cryptography C. Cryptology D. Encryption
47. The science of breaking codes and ciphers is _______
A. Cryptanalysis B. Cryptography C. Cryptology D. Encryption
48. Privacy as ________: we might consider some of our behavior private in that it is ‘up to us’ and no business of
others (where those ‘others’ may range from the state to our employers)
A. Freedom to be ‘left alone’ B. Control of personal data C. Self-determination D. None of the above
49. ________________are the ones most commonly used by fingerprint recognition systems.
A. Lake and independent ridge B. Termination and bifurcation C. Island and spur D. Spur and crossover
50. One way to decouple from the linguistic patterns of the plaintext is to encrypt with a cipher that uses a
succession of different keys. An example of this is
A. Kirshoff cipher B. Volta cipher C. Vigenère cipher D. None of the above
51. One of the following does not being stored on the magnetic stripe of the (standard ID-1 payment )card ***
OR
In a smart card, ______________ is a code printed on the card
A. CVV1 B. CVV2 C. PVV D. A and C
52. ______________ .based smart cards ensures authentication using symmetric key cryptography.
a) SDA b) DDA c) CDA d) None of the above
53. A tuning fork has a frequency of 380 Hz. What is the wave length of sound wave generated by the tuning
fork? Take the speed of sound to be 340 meters per second.
A. 0.89 m B. 1.12 m C. 1.29 m D. none of the above
54. A sound wave has a peak to peak amplitude of 10 µPa what is its r.m.s. amplitude? *
A. 3.54 µPa B. 7.07 µPa C. 5 µPa D. none of the above
55. _____________works by superimposing one image over another image and changing their alignments until
the correlation between the corresponding pixels of the two images is maximized.
A- Minutiae-based matching B- Ridge-feature-based matching
C- Correlation-based matching D- Local-based matching
56. An embedded microprocessor can be found on:
A- DDA B- SDA C- CDA D- DDA and CDA
57. What would be the output of combining the 7-bit ASCII code for the letter ‘N’ (‘1001110’) with the randomly
generated coding data 1110101 using the XOR process?
0111011
58. ______is the process whereby the sound level is varied in some predetermined way as the sound
progresses.
A. Amplification B. Normalisation C. Fading D. Equalisation
59. One of the following sound effects is not considered as amplitude effect: OR
______________ is an example of sound editing frequency effect
a) Normalisation b) Equalisation. c) Amplification d) Fading
60. One of the following is NOT considered as Surveillance Advancements?
a) RFID b) Wimax c) Voice-based interaction d) WiFi
61. If a stream of photons meets a slot with a south-west/north-east orientation, any photon emerging will have
____________.
a) East-West orientation b) North-South orientation
c) The same orientation as the slot d) Photons will be blocked
62. One of the disadvantages of the following biometrics ___________ is that it is relatively difficult to capture,
normally involving working on a video sequence
a) Iris pattern b) Gait c) Face d) The way someone signs their name
63. One of the following cannot be considered as behavioural biometric.
a) Gait b) Voice c) Iris Pattern d) Typing pattern
64. The term that humans use when we talk about how high or how low a sound is__________? *
a) wave length b) period c) volume d) Pitch
65. Using Caesar cipher, the letter ‘C’ is the outcome of encryption process using key 5, what is the original
message?
'x'
66. Fingerprint matching is a process of evaluating the degree of similarity (or difference) of two given
fingerprints. Matching problems occur whenever there
are:
a) Large interclass differences and large intra-class differences.
b) Small interclass differences and small intra-class differences.
c) Large interclass differences and Small intra-class differences.
d) Small interclass differences and large intra-class differences.
67. In a fingerprint biometric recognition system, ______________ can cause intra-class differences.
a) a displacement b) the feature extractor accuracy c) skin condition d) all of the above
68. ______________is a strategy used by a person with criminal intent and in which messages between sender
and receiver are intercepted (by the criminal)
a) Social engineering attack b) Malware attack c) Skimming d) Man in the middle attack
69. In a pressure periodic wave, the distance between any two adjacent regions of high pressure is the same. This
distance is called ______________.
a) phase b) frequency c) wavelenth d) amplitude
70. One of the following is an example of lossless compression
a) MP3 b) Zip compression c) MPEG 1 d) MPEG 2
71. If we encrypt letters as blocks of ______________ letters, we increase the key space of a Caesar cipher to
17576.
3
72. When paper ballots are used for voting but the votes are counted electronically, then the voting system is
called ___________
a. Linear voting system b. E-voting system c. E-counting voting system d. Traditional voting system
73. In Columnar Transposition Cipher, if the keyword is “Friday”, how many characters is its anagram?
6
 Short Answers From FINALs Of T215B From 2012 To 2017
1 Digital video: sequence of digital still images displayed in rapid succession in order to simulate different types of
animations and effects. *
Frame: an image inside a video.
The resolution of the digital image is a measure of the amount of detail it can hold, and is dependent on the
number of pixels used to make up that image. *
Transducer: is a device that converts energy from one form into another.
Microphone: converts the energy of a sound wave to electrical energy.
Loudspeaker: (or a pair of headphones) carries out the reverse process, converts the electrical energy to sound
wave energy.
Pixel: small elements that form digital image, (derived from ‘PICture ELement’), each of which is associated with
a colour and an intensity (or brightness).
Size of the frame: the number of pixels across and down
Frame rate: is the number of frames that are to be displayed in a second
Colour Model: is defined as a system for creating a range of colours from a set of primary colours.
Intra-class differences: The differences between the templates of the same individual.
Inter-class differences: the differences between the templates of different individuals
Encryption: is a process by which information is changed in some systematic way so as to hide its content from
everyone except its intended recipient. *
Cryptology: The branch of science concerned with the concealment of information, a word that has its roots in
Greek from kryptos (hidden) and logos (word). *
Cryptography: the science of creating codes and ciphers. *
Cryptanalysis: the science of breaking them.
False match: refers to incorrectly believing that two given sets of biometric data are matched.
False non-match: refers to incorrectly believing that two given sets of biometric data are not matched.
Period: is the duration of one cycle which is the time interval between any two corresponding points on
consecutive cycles of the pressure wave.
Wavelength: is the distance between any two advjacent regions of high pressure (or low pressure).
The frequency (f): (of a sound wave) is defined as the number of periods that occur in 1 second and is expressed
in Hz (Hertz).
Sampling Rate: is the rate at which the analogue sound signal is sampled.
2 In the context of Cryptography, explain briefly the difference between a code and a cipher? *
A code replaces whole words, phrases or groups of symbols with alternatives (or code words).
The purpose of creating a code is not always for secrecy.
A code is used simply as an abbreviation.
A code is used to provide an alternative way of communicating information.
A code is the output of an encoding process (the reverse is decoding) and generally relies on sets of look-up
tables (codebooks) for the conversion processes.
Ciphers:
A cipher is the output of an encryption process that either replaces data symbols with alternative symbols, or
rearranges existing symbols.
The operation used to create a cipher is systematic (i.e. follows some set rules).
A cipher is almost always created for reasons of secrecy.
3 The level of security afforded during a TLS/SSL session depends on a number of factors. List three of these
factors. *
1. The browser application used at the client.
2. The version of TLS/SSL used to set up the connection.
3. Proper authentication of the digital certificate.
4 In fingerprint matching process, there are many reasons for intra-class variations. Explain briefly, three of
these reasons. ***
Reasons for intra-class variations:
- Displacement: different parts of the fingertip are presented to the sensor.
- Rotation: the fingertip is presented to the sensor at a different angle.
- Pressure of the impression: the finger is pressed on the sensor with a different force.
- Skin condition: on different occasions the fingertip may be dry, wet, scratched or dirty.
- Condition of the sensor surface: on different occasions the surface may be clean, dirty or greasy.
- Feature extraction accuracy.
5 Automated teller machines (ATMs) are often referred as ‘cash machines’. What are the services that can be
provided by ATMs (at least four)? What are their benefits (at least three)?
Some of these services are:
- Withdraw cash.
- Check an account balance.
- Print out a summary or detailed statement.
- Pay in cheques, money orders and cash.
ATM benefits:
- Reduced costs (to banks)
- Reduced delays (for customers)
- Extended availability outside normal banking hours.
6 Moving coil microphones is one type of microphones. What are its advantages and disadvantages? What is its
usage? **
Advantages:
- Moving-coil microphones are typically quite rugged.
- Moving-coil microphones are able to convert sounds more or less over the full range of audible
frequencies.
Disadvantage:
Moving-coil microphones tend not to be as sensitive as electrostatic microphone types.
Usage:
Moving-coil microphones are most often used as handheld microphones for singers and speakers, where
ruggedness is more important than sensitivity.
7 Working with sound signal in its digital form has many advantages. Explain briefly, two of these advantages.
1. Immunity from signal corruption brought about by extensive processing or through transmission or
storage.
2. Mixing and processing of sound comes down to a simple process of computation (‘number crunching’)
rather than involving complicated analogue electronic circuits and devices.
3. Computer storage techniques can easily be used for storing sound in its digital form.
8 In the context of banking, explain briefly the term “MITM attack”.
In the context of banking, MITM attack usually involves the creation of bogus website that is used as a relay, (3.5
marks) for example, to a bank’s own website whereby a bogus email could include a link to the relay site to
initiate the deception (3.5 marks).
9 Payment card PINs are often just four decimal numbers whereas passwords for other purposes are often
required to be longer. Mention at least three reasons for this. *
1. A four-digit PIN is relatively easy to remember.
2. A PIN is normally used as ‘something you know’ accompanied by ‘something you have’ – a payment card
whereas a password is often used in isolation as ‘something you know’.
3. Two-factor authentication is inherently stronger than single-factor authentication, so a short PIN is
adequate.
4. Also, when entering a PIN you are normally restricted to perhaps three attempts before the account is
blocked by the bank.
10 When money changes hands over public communication networks, such as the internet, privacy is a major
issue. Mention three protocols that can be used to achieve this issue. *
- Internet Protocol Security (IPsec),
- Transport Layer Security (TLS)
- Secure Sockets Layer (SSL)
11 Sound waves follow the principle of superposition. Explain, briefly, this principle.
- When individual sound waves meet, they pass through each other without being changed
- Where the sound waves are together, the instantaneous air pressure change at any point is simply the
sum of the air pressure changes from each individual sound at that point.
12 In the context of software programs, what is a script? State one of its advantages?
- In the context of software programs, a script is a collection of instructions and statements that are
interpreted, one by one, by the program in order to perform some task.
- One advantage of using a script is that, once you have written it, you can reuse it to perform the same
task at a later time. Or, if you want to achieve a slightly different result, you can edit an existing script
and use the edited version without having to start from scratch.
13 Describe briefly, at least, two major characteristics of Hash function? *
1. The hash function output H (M) shouldn’t reveal any information about the hash function input M. The
hash function should be a one-way hash function.
2. Even a small alteration in the hash function’s input M should result in a completely different hash. If
M’≈M then H (M’) ≠ H (M).
3. It should be extremely difficult to find a different variable length string M’ ≠ M that would compute to
the same hash function H (M).
14 As Surveillance has many benefits, it also has a set of potential and actual drawbacks. List three of these
drawbacks.
- risks inherent in large-scale computer systems;
- the potential for corruption of power;
- inequalities of access and opportunity;
- the decline in trust, principally between the state and the individual, but also within more personal
relationships;
- And the fear that the use of surveillance discourages the exploration of other solutions and other issues.
15 Explain briefly, RFID (Radio Frequency identification) technology and why it is used.
RFID (Radio Frequency Identification): tags that are small wireless devices that provides unique identifiers
which can be read by remote sensors. The original aim of these small low cost devices was to enable companies
to keep track of stock. However, there are RFID tags which can be ‘active’ – they emit signals over a greater
range and can be sensed remotely – and so concerns over their use have grown.
These tiny devices are inconspicuous, meaning that an individual might not be aware that there is an RFID tag in
a product they have bought which is transmitting information, nor will they be aware of who is able to pick up
the data.
16 Explain briefly, what Quantum cryptography systems are designed for and why?
Quantum cryptography systems are designed for key generation rather than for the direct encryption of data.
e thought to be

simple method for factoring large primes, one possible solution is quantum cryptography.
17 Even where biometric systems are more secure than conventional systems, they still have vulnerabilities.
Explain briefly, two of these vulnerabilities.
1. Some biometric identifiers may be acquired covertly and could be used to make fake objects designed to
fool automatic biometric recognition systems. For example, a photograph of a face can be taken
remotely and without the subject’s knowledge Fingerprints can be taken from smooth surfaces that the
subject touched.
2. Biometric systems, especially unsupervised ones, can be accidentally damaged or even vandalized. The
sensor, which is usually situated at an exterior location for obtaining biometric samples, is particularly
vulnerable. When a sensor is malfunctioning the whole system will not work!
3. A biometric system, and in particular a biometric identification system, requires a database to store the
biometric templates. The database usually stores information of a population of users. If this database is
corrupted or stolen, the identities of those users may be compromised.
18 Explain briefly, the two basic stages required to perform Analogue-to-digital conversion process. ****
1. Sampling: which to measure the instantaneous amplitude of the analogue sound signal at regular
intervals. The result is a set of voltage levels which represent the signal’s level at the instants the
samples were taken.
2. Quantization: which is to divide the maximum voltage range of the analogue sound signal into a number
of discrete voltage bands and assimilate each sample into a voltage band.
19 Electronic funds transfer (EFT) is a generic term that is used to describe financial transactions carried out by
computer-based systems. This includes a wide variety of possible transactions. Mention three of these
transactions. *

- Use of payment cards (debit or credit card) to purchase goods or services.

- Authorization of the electronic payment of bills using an online bank.
- Direct debit payments from customers’ accounts to service providers such as utility companies.
- Payment of salaries by an employer into an employee’s account.
- Transfer of funds to and from accounts in different countries.
20 The following is the Block Diagram of a biometric security system, explain the function of each block? *

- Sensors: Devices that capture the raw biometric data of users

- Feature extractor: Takes the raw data from the sensors as an input, extracts from it the key features and
converts them into a digital representation called a template - The storage: It is a place to hold
templates.
- The matcher: Compares the template created from an input biometric sample (the template outputted
from the feature extractor) with a stored template. It measures the similarity (or differences) between
the two templates and produces a quantitative reference such as a similarity value.
- The decision maker: Decides whether the input template and the stored template match, based on the
similarity value from the matcher
21 A malicious website hijacks the valid certificate of a genuine website’s server and masquerades as the genuine
site. What prevents the malicious website being successful in this ill thought out attempt to deceive?
- The malicious website does not have the means to encrypt the transmission in a way that could be
successfully decrypted by a client. (0.5 mark)
- To do this it would need the genuine server’s private key. (1.5 marks)
- Another problem that would confound an attempted masquerade attack would be that the genuine
server’s domain name details (and the corresponding URL) are typically embedded within the
certificate by the trusted Certification Authority and cannot be changed by an attacker. (3 marks)
(Award full mark if student talks about the keywords in bold)
22 List the most two popular colour models you have studied in course T215B presenting their primary colours?
What are they used for?
- RGB (red, green, blue).
- CMY (cyan, magenta, yellow).
- RGB for display
- CMY for printing
23 When full percentage of primary colours are presented in both models, what will be resultant colours?
RGB -> White (0.5 mark).
CMY -> Black (0.5 mark).
24 MP3 audio compression offers acceptable audio quality with a high compression ratio. Explain the MP3 coding
process (i.e. the process that occurs before the digital sound is stored or transmitted).

1. The stream of digital audio samples is sent first to a filter-bank which splits the audio into 32 frequency
bands that match the frequency characteristics of the human ear.
2. Mentioning one of the following: (2 Marks)
- The sound content of each band is analysed and coded using a psychoacoustic algorithm such as
to require the lowest possible amount of data for the given content.
- Sounds that cannot be heard, such as those masked by louder ones and those below the hearing
threshold, are removed.
- As the ear cannot determine the position of sounds with frequencies below 100 Hz, the stereo
information for those frequencies is also discarded.
3. Mentioning one of the following: (2 Marks)
- By varying the sample rate (i.e. discarding a variable proportion of the samples on a regular
basis) the coder can allocate more samples to complex sounds and fewer to a less complex
sound, adding further to the coding efficiency.
- The compressed digital audio data (which is not now in a simple sample-by-sample form) is
divided into blocks and lossless Huffman coding is used to reduce the data requirement to a
minimum.
25 Draw a graph that illustrates how the FMR and FNMR vary with respect to the threshold of a biometric
recognition system. Then, identify and annotate the following points on your graph: ZeroFMR, ZeroFNMR and
EER.

26 Briefly explain why sound waves are pressure waves? Why they are considered as traveling waves? And when
a sound wave is considered as cyclical wave?
- Sound waves are pressure waves because they consist of cyclical changes of pressure.
- Sound waves are travelling waves because the pressure variations radiate outwards from their source,
conveying energy away from the source.
- A sound wave is considered as cyclical when sound consists of cycles of repeating air pressure variations
(the student can also say: when sound contains only one frequency. Or if the student gives a correct
example, it can also be considered as correct).
27 The thresholds used in biometric recognition systems set the balance point between security and
convenience, based on that differentiate between false non-match and false match?
- False non-match: When a threshold is set too high biometric data from the same person can appear not
to match because of slight variations.
- False match: When a threshold is set too low different biometric data can appear to match when they
are not the same.
28 What will be the consequence if false match occurred? And what will be the consequence if false non-match
occurred?
- False match: The consequence is that imposters could gain access to resources they are not allowed to
access → Less security
- False non-match: The consequence is that legitimate users could be refused access to resources they are
entitled to access. → Less convenience
29 What TLS/SSL stands for? (2 marks)
Transport Layer Security (TLS) and Secure Sockets Layer (SSL).
30 The data stored in the magnetic stripe of a standard ID-1 payment card includes: Card Verification Value 1
code (CVV1), CVV2, and PIN Verification Value – PVV. What are the differences between them?
- CVV2 is printed on the card. (1 mark)
- Card Verification Value 1 code (CVV1) used to support the authenticity of the card and it is recorded
electronically on the card (2 marks) Any of the following (2 marks)
- PIN Verification Value (PVV) is an encrypted representation of the corresponding account PIN and it is
created by the card issuer.
- PVV is used to verify the user-entered PIN when, for example, you are using a bank ATM.
31 In an ATMmagnetic stripe card transaction, a derived PIN Verification Value-PVV (the processing of which
involves the user’s entered PIN in combination with other account data and a one-way function) is compared
with the PVV for the account (stored on the magnetic stripe and in a bank’s database). Plaintext PINs are not
used as the basis of this comparison. Explain why a ciphertext representation (PVV) rather than a plaintext
representation of a PIN should be used for storing the PIN data on a magnetic stripe (only) card? *

A PVV is a ciphertext representation of a PIN and so can be included in the encoded information on a card’s
magnetic stripe. If a PVV is accessed by a fraudster, the process used to create the PVV, which includes the use of
a oneway function, should ensure that the PIN cannot be accessed. It would certainly be unsafe to include the
plaintext version of the PIN within the magnetic stripe data.
32 Describe in details how the transaction occur In a Dynamic Data Authentication (DDA)?
- The terminal sends a “challenge” to the card. A challenge is in the form of a message sent by the
terminal to the card. The message incorporates unpredictable data such as that derived from the
particular transaction being undertaken.
- The card responds to the challenge it receives by returning the challenge data to the terminal encrypted
with its own private key.
- If the decrypted response received from the card matches the terminal’s original copy of the challenge
data, the card is dynamically authenticated to the terminal.
33 What Intrusion detection systems are commonly used for? Mention only three points
- They continually monitor activities to identify those that are suspicious and which could indicate the
start of an attack.
- They can detect potential threats arising from the actions of ‘trusted’ insiders as well as external
hackers.
- They use detailed knowledge about the systems and networks being protected
- They compare current use with normal patterns of service usage so that suspicious activity can be
flagged. Suspicious activity may lead to temporarily restrict access to, or disable the systems or functions
that could be under threat.
34 Explain the process of ATM transactions using magnetic stripe cards? (Hint: you can explain the process of
ATM transactions using magnetic stripe cards through a Figure.)
1. On presenting a card to an ATM, a user will be prompted to enter an account PIN using the terminal
keypad.
2. Information on the card’s stripe is read, including the PVV.
3. The two inputs (the user-entered PIN and the magnetic stripe data read by the ATM) are encrypted for
transmission to the location of a bank’s Hardware Security Module (HSM).
4. On arrival, the incoming data is decrypted so that the entered PIN, the PVV and the related account data
are recovered.
5. The HSM ensures that a transaction will only be authorised if the correct PIN is entered
6. A PVV value is derived
7. The derived PVV could be compared with the original PVV value for the related account.
8. If the derived PVV does not match the actual PVV, the transaction will be denied (1 mark for each point
from 1 to 4) (2 marks for last point)
OR through a figure

35 How Aliases can be avoided? And how the quantization error is minimized?

To avoid aliases, the minimum sampling rate has to be respected! (3 marks)

To reduce the quantization error:
- Increasing the quantisation levels (i.e. reduce the quantisation interval)
- Making the signal large
- Increasing the quantisation levels AND making the signal large.
36 List three aims of a feature extractor in the Biometric security systems?
- To reduce the complexity of the original biometric sample
- To decrease the resources required to store and process the biometric
- To prevent the original biometric data from being reconstructed from the template.
37 Electrostatic induction is another physical effect whereby the electrical charges in an object are redistributed
because of the presence of nearby charges. Condenser microphone uses this effect. Describe how condenser
microphone works? *
- There are two conducting plates, separated by a very thin air space, which are charged by placing a
voltage between them.
- One of the plates is fixed and the other plate forms a lightweight diaphragm:
- It moves towards and away from the fixed plate in response to the air pressure variations caused by
sound waves.
- When the diaphragm moves, the electrostatic induction effect causes the charge to change resulting in a
current flow between the plates.
- The induced current variations (that follow the air pressure variations) cause similar voltage variations
across a resistor that is placed in the connection to the power supply providing the charging voltage.
- These small voltage variations can then be amplified to produce a more usable electrical signal.
38 What does Digital Certificates mean? And what information a digital certificate will typically include?
Digital certificates are analogous to passports, and Certification Authorities are like Passport Authorities. (2
marks)
A digital certificate will typically include:
- A copy of the public key
- Information about the owner of the key: the owner’s name, etc.
- Information about the digital certificate: a serial number, expiry date, etc.
- Information about the CA itself: CA name, its own digital signature, etc.
39 What are account-related data carried on SDA cards’ chip?
- Data that found on a magnetic stripe card,
- Other data selected by the card issuer such as a Card Verification Value 1 (CVV1).
- The issuer’s digital certificate,
- The issuer uses its private key to provide the equivalent of a digital signature.
40 Draw the block diagrams for both Electronic Codebook (ECB) and Cipher-block chaining (CBC)?
41 There are several EMV (Europay, MasterCard and Visa) chip and PIN variants, list them and mention what is
the cryptography system used in those variants indicating what does that cryptography system provides? **
- SDA (Static Data Authentication)
- DDA (Dynamic Data Authentication)
- CDA (Combined Data Authentication or, alternatively, Combined DDA with Application Cryptogram
Generation).
- All the variants use public key cryptography, but in different ways.
- public key cryptography is used to provide assurances about authentication and integrity as well as a
means to keep data private.
42 Draw a figure to represent the period and wavelength of a sinusoidal wave?

43 How do humans hear SOUND, list all details starting from source of sound? *
- The source of sound creates small rapid fluctuations of the atmospheric air pressure that surrounds it.
- The atmospheric fluctuations spread outwards from the source through the surrounding air. (1 mark)
- When the pressure variations achieve the listener, they act on the listener’s hearing mechanism.
- The movements of the eardrum are detected by the hearing mechanism and are interpreted by the brain
as sound. (2 marks)
44 When someone logs on to a secure site (indicated by ‘https’ in the URL), the site’s server automatically sends
its digital certificate to his/her computer by means of security processes that are carried out using a collection
of algorithms operating together under the umbrella of a security protocol that provides interoperability for
secure interaction between applications. What may the security protocol include? (4 marks)
- An algorithm for authenticating the communicating parties to each other.
- An algorithm for generating a shared secret key.
- An algorithm for encryption.
- An algorithm for checking integrity.
45 List two examples of the common encryption algorithms?
DES, 3DES, RSA, AES, RC2, RC4, RC5, IDEA…
46 Compare between the magnetic stripe card and Dynamic Data Authentication card (DDA)?
Magnetic stripe payment card:
- The data storage capacity is very limited and is totally passive. o There is no ability to carry out any on-
board computational processes.
- The data written to and stored on the magnetic stripe is intended to be permanent.
EMV DDA card:
- has an embedded microprocessor and various types of semiconductor memory allowing it to process
data on board.
- can monitor card activity and execute its issuer’s policies.
- has a co-processor that can execute sophisticated encryption of messages used.
47 When the hash function is encrypted by with the sender’s private key, the outcome is referred to as what?
digital signature
48 What are the benefits of encrypting the hash function by the sender’s private key?
Integrity of the message and authentication of sender.
49 List three disadvantages of Electronic Codebook (ECB) and two disadvantages of Cipher-block chaining (CBC)?
Drawbacks of ECB:
- Two similar blocks of plaintext will result in similar blocks of ciphertext
- Since the position of the ciphertext blocks remains fixed relative to the plaintext blocks this introduces a
vulnerability.
- ECB is not practical when data involves long repetitive strings of 1s and 0s, such as a picture data.
Drawbacks of CBC:
- A single encryption error in one block is cascaded through to the following blocks.
- The decryption relies on knowledge of the previous block.
50 Matching methods for fingerprints can be broadly classified into three categories: Correlation-based,
Minutiae-based and Ridge-feature-based matching. Explain the main idea of each category.
Correlation-based matching works by superimposing one image over another image and changing their
alignments (1 Mark) until the correlation between the corresponding pixels of the two images is maximised. (1
Mark)
In Minutiae-based matching, the matching is conducted by working out the similarity between Minutiae instead
of all pixels. (2 Marks)
In a Ridge-feature-based matching, other ridge features may be used to help in matching fingerprints (1 Mark)
such as: ridge orientation, ridge frequency, shape and texture, and ridge counts between minutiae (1 example: 1
Mark)
51 For the transactions that follow, how strong you believe the resulting authentication to be (strong or weak):
Using an ATM to obtain cash; Purchasing goods or services on the internet using a credit card? Argument your
answers (two arguments each).
Using an ATM to obtain cash:
- We need to have the bank card: Something we have (1 Mark)
- We need to know the PIN: Something we know (1 Mark)
- Two factors are satisfied so strong authentication. (1 Mark)
Purchasing goods or services on the internet using a credit card:
- We need to know card and personal details (e.g. card number and type, validity dates and card ‘security
code’: Something we have
- We are also normally required to give a Card Verification Value (CVV) specifically (CVV2) : Something we
have
- Providing this value gives some assurance (but not proof) that we do have the payment card in our
possession: Something we have
- The authentication is essentially single factor, so this is weak authentication (1 Mark)
52 In the context of EMV smart cards, a DDA transaction involves not only static data as stored on an SDA card,
but also dynamic data used in a challenge–response interaction. What constitutes a challenge message (and
provide example)? And explain how a DDA transaction is conducted.
A challenge incorporates unpredictable data (1 Mark) such as that derived from the particular transaction being
undertaken (1 Mark).
DDA transaction:
- The terminal sends a “challenge” to the card. (1 Mark)
- The card responds to the challenge it receives by returning the challenge data to the terminal encrypted
with its own private key. (1 Mark)
- If the decrypted response received from the card matches the terminal’s original copy of the challenge
data (1 Mark: “challenge and response are compared”), the card is dynamically authenticated to the
terminal. (1 Mark: “result”)
53 Converting an analogue audio signal to a digital signal requires two basic stages: Sampling and quantisation.
What is sampling and how often does the sound signal need to be sampled (minimum sampling rate)? Then,
explain the quantisation process.
- Sampling: to measure the instantaneous amplitude of the analogue sound signal at regular intervals. (1.5
Marks)
- Minimum sampling rate: twice bigger than the highest frequency in the sound signal (or students can say
44KHz or 40 KHz) (1.5 Marks)
- Quantisation: the maximum voltage range of the analogue sound signal is divided into a number of
discrete voltage bands (or levels). (1.5 Marks)
- Each sample is assimilated/approximated into a voltage band (or level) and therefore given the number
which represents this band. (1.5 Marks)
54 A digital audio file can be compressed before being stored. What is digital compression? What is the
difference between a lossless and lossy compression? And provide one advantage for each compression type
(lossless and lossy).
Digital compression involves minimising the amount of digital data that a sound signal requires.
With lossless compression, the digital data is stored in a compressed form such that it can be recovered, sample-
for-sample with nothing altered. In contrast, with lossy compression, some information in the digital audio signal
is removed (1.5 Marks).
Lossless compression advantage: Nothing is taken away or lost (same sound quality) (1 Mark)
Lossy compression advantage: Higher compression ratios (1 Mark)
55 In the context of sound characteristics, what is “pitch” (provide an example) and what are the differences
between “frequency” and “pitch”? Give at least two differences.
Pitch: is a term we humans use when we talk about how high or how low a sound is. (1.5 Marks)
One correct example:
We may say, for example, that men generally have lower pitched voices than women; or we may say a smoke
alarm has a very piercing high-pitched sound.
Differences between pitch and sound:
- Pitch therefore is a subjective term (subjective property of humans), whereas frequency is a measurable
physical quantity. (1.5 Marks)
- A linear change in pitch corresponds roughly to a multiplicative change in frequency. (1.5 Marks)
56 Both optical and solid-state fingerprint sensors can be designed to acquire images through users either
touching them or sweeping their fingers over them. Draw a comparison table that summarizes four
differences between a touch sensor and a sweep sensor.
Optical Solid State
Sensing area cover the whole fingertip Cover only a fraction of the size of fingertip
Capture the fingertip in one go Capture only a slice at a time
Expensive Cheaper
Simpler to produce and easier to use Sweep required to be at a steady speed and
pressure
Can’t fit in portable devices Can fit in portable devices
Fraudsters can lift a latent fingerprint off a the sweep action ‘cleans up’ the sensor on each
sensor in order to make a duplicate of it sweep so that no latent
fingerprint is left on the sensor
57 In implementing an electronic voting system, the privacy of the ballot and the issue of “prying” is crucial in
democratic elections. List three of such issues.
- So who would supply the voting computers?
- Who would program and maintain them?
- How would we check they are programmed fairly and without errors?
- What would we do if they break down during an election? How can they be kept secure and how can we
be sure they have not been compromised?
- How can we check they have provided the correct result? Will people be prepared to use them?
58 The ability to intrude into an individual’s life using information found solely online is unprecedented and is a
relatively recent phenomenon. What has changed in the recent years to make this happen?
- The rise of Web 2.0. Companies such as MySpace, Facebook, blogging sites, YouTube and Friends
Reunited began to emerge.
- This new wave differs from the first-generation Web 1.0 companies (Amazon, eBay and Egg) by being
driven primarily by user generated content.
- This means that the bulk of the content that makes up a Web 2.0 website is contributed by its individual
users rather than the company itself.
59 Mention five of the UK government’s large-scale electronic databases.
- electoral registers
- birth
- marriage and death registers
- planning applications
- National Health Service
60 In your study of fingerprints, you have met the term minutia. What is minutia? Mention three types of
minutia.
- Minutia is the point where a ridge line is discontinuous.
- Many types of minutiae can be identified from fingerprints, but the most common ones are termination,
bifurcation, lake, independent ridge, island or point, spur and crossover.
61 From your study of “Money in Plastic”, what threats to SDA card security could arise that would be unlikely to
arise with DDA?
- The signed data that was written into an SDA memory by an issuing bank doesn’t change with time, so
there is a danger it could be captured ‘wholesale’ and used to create cloned cards by writing it into other
smart cards.
 - Captured data could alternatively be used to create fake magnetic stripe cards usable in some countries
or regions where they continue to be accepted.
- A DDA card could not be used in this way because the DDA process requires a valid card response to a
unique challenge sent by the terminal.
- To create a valid response to such a challenge requires the use of the card’s private key which is stored
in a secure memory location.
62 You have studied some methods and strategies that are employed by those with malicious or criminal intent.
One of these methods is “Phishing”. Briefly describe this method.
Phishing: is where potential victims are lured into following links to fake websites where they are encouraged to
reveal personal details or information such as passwords, PINs or security codes, which fraudsters subsequently
use.
63 A tuning fork has a frequency of 384 Hz. Find the wavelength of this sound, given that the speed of sound is
340 metres per second.
Using λ = v/f = the wavelength in metres is 340÷384 = 0.885 metre.
64 As long as the sound stays in a digital form, any sort of processing of the sound is simply a matter of ‘number
crunching’. “Echo” and “Chorus” are two kinds of such processes. Give a brief definition of each.
Echo is the process whereby a delayed version of the sound is added to the un-delayed sound. Chorus is an
effect only heard with music, and occurs when a number of similar instruments or voices play/sing the same
tune together.
65 The architecture of biometric systems consists of five different components. One of these components is the
feature extractor. Explain the function of this component.
Feature extractor:
- Takes the raw data from the sensors as an input, extracts from it the key features and converts them
into a digital representation called a template.
- can be seen as a form of non-reversible compression
- It significantly reduces the complexity of the original biometric sample, decreases the resources required
to store and process the biometric and prevents the original biometric data from being reconstructed
from the template.
- Some systems further process the templates by incorporating encryption so the data is better protected.
66 You have studied two main sensor types for fingerprints scanning: optical and solid state. Discuss the solid-
state sensor by explaining the main idea behind its technology and how it functions.
- Solid-state sensors were originally designed with the aim of reducing the physical size and cost of the sensors.
- The idea was to build an all-in-one silicon chip with a two-dimensional sensory array placed directly on the chip.
-When providing a fingerprint image, users touch the sensing surface of the chip directly.
-Instead of converting optical patterns to electrical signals, solid-state sensors convert thermal,
capacitive, piezoelectric or electric field information to electrical signals.
- Capacitive sensors are the most common type employed, because of their simplicity and low cost.
67 From your study of “Money in Plastic”, you there are several EMV chip and PIN variants. One of them is the
DDA (Dynamic Data Authentication). Describe this kind of cards.
- A DDA transaction involves not only static data as stored on an SDA card, but also dynamic data used in a
challenge–response interaction.
- The integrated circuit chip on a DDA card includes a co-processor that can carry out cryptographic
processes on the card.
- The card uses this capability to respond to a challenge initiated by the terminal.
- The challenge is in the form of a message sent by the terminal to the card.
- The message incorporates unpredictable data (such as that derived from the particular transaction being
undertaken).
- The card responds to the challenge it receives by returning the challenge data to the terminal encrypted
with its own private key.
- If the decrypted response received from the card matches the terminal’s original copy of the challenge
data, the card is (dynamically) authenticated to the terminal.
- The DDA card authentication process allows a card to be authenticated offline.
- However, a bank will still periodically force transactions to be completed online to allow it to monitor
and control account activity as needed.
- By monitoring account activity, a bank can also institute other risk management policies.
- Aspects of account activity that may give rise to concern include unusual changes in the frequency,
amount and locations of transactions.
68 The basic function of a microphone is to convert the variations in air pressure that form sound waves into
equivalent variations in electrical voltage. There are three main ways of doing this; one of them is by using
“electromagnetic induction.” Explain this method and use schematic diagram to explain your idea.
- Electromagnetic induction is a physical effect whereby if an electrical conductor is moved in a magnetic
field, it has an electrical voltage induced in it.
- A microphone that uses electromagnetic induction is called a moving-coil or dynamic microphone.
- The diaphragm is a lightweight and flexibly suspended membrane.
- When sound waves reach the diaphragm, they cause it to vibrate in sympathy with the pressure
variations.
- Due to electromagnetic induction, this induces a similar voltage variation across the ends of the coil
which is suspended in a strong magnetic field, and to which the diaphragm is attached.
- The small induced voltage can then be amplified to produce a more usable electrical signal.

69 During a point of sale transaction, explain, step by step, how payment by imprinting is achieved.
- The card was handed to a check-out assistant.
- The visible embossed card data was transferred on to a transaction slip using a machine called a PDQ
imprinter.
- Other details of the goods purchased and the price were added to the transaction slip.
- The customer signed it to complete the purchase.
70 Explain briefly, why sound waves are considered as pressure traveling waves?
Sound waves are pressure waves because they consist of cyclical changes of pressure. Sound waves are travelling
waves because the pressure variations radiate outwards from their source, conveying energy away from the
source.
71 The threshold used in biometric recognition systems set the balance point between security and convenience.
Explain, briefly this effect for the threshold.
To increase the system SECURITY, the threshold should be set high
Only fingerprints with high similarity values are considered as Match
• BUT in this case, false non-match can occur.
• When a threshold is set too high biometric data from the same person can appear not to match
because of slight variations.

To increase the system CONVENIENCE, the threshold should be set Low

Fingerprints with low similarity values are considered as Match
• BUT in this case, false match can occur.
• When a threshold is set too low, different biometric data can appear to match when they are not the
same!
72 a. What is image compression?
b. Why image compression is used
c. Explain, briefly the fundamental methods for image compression with giving an example for each type.
A. The basic idea of image compression is to re-code the information in a more compact form. This data
can then be stored or transmitted, and converted back again to a suitable form when needed
(uncompressed)
B. There are two main reasons for image compression:
 First, a compressed image file takes up less storage space than the uncompressed version.
 Second, a compressed image file can be transferred more quickly. This may be Important, for example,
when loading images from the internet
C. There are two fundamental methods for compressing digital image data – lossless or lossy.
 Lossless compression:
As its name suggests, in lossless image compression no data is lost during the compression process.
 When the compressed image is decompressed, the result is exactly the same as it was before the
compression. Lossless compression is most effective where there are frequently recurring data
sequences in the image.
Graphics Interchange Format (GIF) standard is example of lossless compression
 Lossy compression:
Lossy compression reduces file size by discarding redundant data, so that only a part of the original
data is retained after compression.
The trick in developing successful compression programs is to make sensible decisions about what
kind of degradation can be allowed to occur, so that the recovered version is indistinguishable from
the original to human senses.
Example of lossy compression: MPEG, JPEG.
73 Matching methods for fingerprints can be broadly classified into three categories. Explain briefly these three
categories.
Matching methods for fingerprints can be broadly classified into three categories which are:
Correlation-based matching works by superimposing one image over another image and changing their
alignments (by moving and rotating one of the images) until the correlation between the corresponding pixels of
the two images is maximized.
In a Minutiae-based matching, the matching is conducted by working out the similarity between Minutiae instead
of all pixels. It is the most commonly used matching method adopted by automatic fingerprint recognition systems.
Ridge-feature-based matching: is used when the qualities of the fingerprint images are not good (minutiae
extraction is difficult). In a Ridge-feature-based matching, other ridge features may be used to help in matching
fingerprints such as: ridge orientation, ridge frequency, shape and texture, and ridge counts between minutiae.
74 Banks usually store a PVV on the magnetic stripe. What constitutes a PVV? what does it stand for? how do banks
create it? and why banks prefer to store the PVV on a magnetic stripe rather than the PIN data (give two
reasons)?
The PVV Combines the PIN with other account data.
PVV: Pin Verification Value
The process of creating a PVV includes encryption and subsequent transformation using a one-way function to
produce a fixed-length value (the PVV
Why banks store a PVV: (only two reasons)
A PVV is a ciphertext representation of a PIN.
If a PVV is accessed by a fraudster the process used to create the PVV, which includes the use of a one-way
function, should ensure that the PIN cannot be accessed.
It would certainly be unsafe to include the plaintext version of the PIN within the magnetic stripe data.