Unit #5 Exam – Style Questions

1 a) i. What is meant by a cookie? [1]

Cookies are small files or code stored on a user’s computer. They are sent by a web server to a browser on
a user’s computer. Each cookie is effectively a small look-up table containing pairs of (key, data) values.

ii. Describe the difference between a session cookie and a persistent cookie. [2]

Session cookies

This type of cookie is stored in temporary memory on the computer, doesn’t actually collect any
information from the user’s computer and doesn’t personally identify a user. Hence, session cookies cease
to exist on a user’s computer once the browser is closed or the website session is terminated.

Persistent (permanent) cookies

Persistent cookies remember a user’s log in details (so that they can authenticate the user’s browser). They
are stored on the hard drive of a user’s computer until the expiry date is reached or the user deletes it.
These cookies remain in operation on the user’s computer even after the browser is closed or the website
session is terminated.

iii. Give three uses of persistent cookies. [3]

 Allow the website to remember users’ passwords, email addresses and invoice details, so they
won’t have to insert all of this information every time they Visit or every time they purchase
something from that website
 Serve as a memory, enabling the website to recognize users every time they visit it
 Save users’ items in a virtual shopping basket/cart
 Track internet habits and users’ website histories or favourites/bookmarks
 Target users with advertising that matches their previous buying or surfing habits
 Store users’ preferences (for example, recognize customized web pages) are used in online financial
transactions

2 A company has several offices. It uses the Internet to transfer data between offices.
The company also makes payments to staff and suppliers using online banking.

The company is concerned about spyware and other security aspects of using the
Internet.

a) Explain what is meant by spyware and how it is used to obtain data. [3]

Spyware is software that gathers information by monitoring a user’s activities carried out on their
computer. The gathered information is sent back to the cybercriminal who originally sent the spyware.
They are primarily designed to monitor and capture web browsing and other activities and capture personal
data (for example, bank account numbers, passwords and credit/debit card details).

b) The company uses a web page to log on to the online bank.

Identify one method that could be used by the online bank to reduce the impact of
spyware when logging on.

State how the method prevents the use of spyware. [2]

One method that could be used by the online bank to reduce the impact of spyware when logging on is
implementing Multi-factor Authentication (MFA).

How MFA prevents the use of spyware:

Enhanced Authentication: Multi-factor authentication requires users to provide multiple forms of

identification to access their accounts.
Spyware Resistance: Even if spyware manages to capture the user's login credentials (e.g., username and
password) during the login process, it cannot obtain the additional factors required for multi-factor
authentication (e.g., one-time codes from a mobile app or biometric data).

c) The company has installed a firewall as part of its data security. Describe how a
firewall can help protect against unauthorized access to data. [4]

A firewall is a network security device or software that acts as a barrier between a trusted internal network
(such as a company's network) and untrusted external networks (such as the internet). It monitors and
controls incoming and outgoing network traffic based on predefined security rules, helping to protect
against unauthorized access to data.

Here's how a firewall can help protect against unauthorized access to data:

Packet Filtering: A firewall uses packet filtering to inspect individual data packets as they travel between
the internal network and external networks. It checks the packet's source and destination addresses, port
numbers, and other header information against a set of predefined rules. If a packet matches an allowed
rule, it is allowed to pass through the firewall. Otherwise, it is blocked or dropped.

Access Control: Firewalls implement access control policies that determine which types of network traffic
are allowed or denied. For example, the firewall may allow web browsing and email traffic while blocking
certain types of file transfers or specific network protocols that pose security risks.

By implementing a firewall as part of its data security strategy, the company can effectively control and
monitor network traffic, allowing only authorized and legitimate data to pass through while blocking
unauthorized access and potential threats from reaching sensitive data and resources on the internal
network. This helps protect against unauthorized access to data.

d) State two other methods the company could use to help prevent unauthorized access
to data.

Method 1: Encryption: Implementing encryption is a powerful method to safeguard data from

unauthorized access, even if attackers manage to breach the network defenses. Encryption converts
sensitive data into an unreadable format using cryptographic algorithms. Only authorized users with the
decryption keys can decipher and access the original data.

Method 2: Access Control and Authentication: Enforcing strict access control and authentication
measures is crucial to prevent unauthorized users from gaining access to sensitive data. [2]
3 Six statements are shown on the left and six computer terms are shown on the right.

By drawing lines, connect each statement correct term. [6]

set of rules that must be obeyed

Cookies
when transferring files and data
across the internet

software used to access, translate

World Wide Web
and display web pages on a user’s
(WWW)
screen

collection of multimedia web pages Digital currency

and other information on
websites; these resources are

accessed by a browser
worldwide collection of Hypertext
interconnected network computers transfer protocol
that make use of TCP and IP (http)
protocols

Internet
small file or program downloaded
when user visits a website; it
remembers user preferences and
other data
Web browser
financial system which allows the
transfer of funds and purchasing
items electronically

4 a) John uses two step verification when purchasing some items from a website. There
are five stages in the process. These stages are listed below but are not in correct order.

Place the five stages into their correct order.

A – user takes note of the one-time authentication code

B – user enters the one-time authentication code into the original device

C – user enters website user name and password into device

D – user is authenticated and allowed access to website to order items

E – one-time authentication code sent to user’s email address [4]

The correct order of the five stages in the two-step verification process is:

C – user enters website user name and password into the device.

E – one-time authentication code is sent to the user's email address.

A – user takes note of the one-time authentication code.

B – user enters the one-time authentication code into the original device.

D – user is authenticated and allowed access to the website to order items.

b) One form of authentication is fingerprint recognition. A school is using fingerprints to
uniquely identify each student. The system is used to act as a register instead of the
existing manual system. Describe how fingerprint recognition can be used so that the
school knows exactly which students are presently attending. [5]

Using fingerprint recognition for student attendance tracking can significantly improve the accuracy and
efficiency of the register system. Here's how it can be implemented to identify each student uniquely and
track their attendance:

Enrollment: Initially, each student's fingerprint needs to be enrolled in the system. This process involves
capturing the fingerprint image of each student using a fingerprint scanner. The captured fingerprint data is
then processed and converted into a unique biometric template, which serves as a digital representation of
the fingerprint.

Database Creation: The school creates a centralized database that stores the biometric templates of all
enrolled students along with their corresponding student IDs or names.

Attendance Tracking: When students arrive at school, they need to place their fingers on the fingerprint
scanner at the designated attendance checkpoint. The scanner captures their fingerprints in real-time.

Fingerprint Verification: The captured fingerprint is then compared with the biometric templates stored
in the database to find a match. If a match is found, the system identifies the student and records their
attendance.

Real-time Updates: The attendance information is updated in real-time, allowing the school to know
exactly which students are presently attending and who is absent.

Accuracy and Security: Fingerprint recognition is highly accurate and secure, making it difficult for
students to impersonate others and ensuring that the attendance data is reliable.

Automated Reports: The fingerprint recognition system can generate automated attendance reports for
teachers and school administrators, providing insights into student attendance patterns and helping to
identify trends or issues that may require attention.

5 a) Describe four ways cybercriminals can use to trick a user into downloading
malicious code onto their computers using social engineering. [4]

Cybercriminals often use social engineering tactics to trick users into downloading and executing malicious
code on their computers. Here are four common methods they employ:

Phishing Emails: Cybercriminals send phishing emails that appear to be from legitimate sources, such as
banks, social media platforms, or well-known companies. These emails usually contain urgent or enticing
messages, urging the user to click on a link or download an attachment. The link or attachment may lead to
a malicious website or download a malware-infected file onto the user's computer.

Fake Software Updates: Cybercriminals create fake pop-up notifications or websites that mimic
legitimate software update prompts. Unsuspecting users may click on the fake update button, unknowingly
downloading malware instead of a legitimate update.

Social Media Scams: They may create fake accounts or hack into existing accounts to share links or files
that appear to be interesting or sensational. Users who trust the source may click on these links or
download files, unknowingly installing malware on their devices.

Malicious Ads and Downloads: Cybercriminals inject malicious code into legitimate-looking online
advertisements, downloads, or software packages. Users may come across these ads or downloads on
websites, file-sharing platforms, or even legitimate app stores. When users click on these links or download
files, they inadvertently download malware onto their computers.
b) There are four stages in the course of action when a cybercriminal targets an
individual using social engineering.

Describe each of the four stages in the diagram below which depicts these stages.

Stage 1

Stage 2
Stage 4

Stage 3

The four stages in the course of action when a cybercriminal targets an individual using social engineering
are:

Research and Reconnaissance: In this stage, the cybercriminal gathers information about the target
individual. They may use various methods, such as searching social media profiles, public records, or
company websites to learn more about the individual's personal details, interests, relationships, and
professional affiliations.

Building Trust and Rapport: Armed with the gathered information, the cybercriminal begins building a
relationship of trust with the target. This can be through various means, including sending personalized
phishing emails, engaging in social media interactions, or even establishing fake online personas to appear
as trustworthy contacts.

Exploiting Emotions and Urgency: In this stage, the cybercriminal exploits the target's emotions, such as
fear, curiosity, greed, or a sense of urgency. They might use emotionally charged language, alarming
messages, or tempting offers to manipulate the victim into taking immediate action.

Executing the Attack: Once the target is emotionally manipulated and feels a sense of trust, the
cybercriminal executes the final phase of the social engineering attack. This may include sending a
convincing phishing email with a malicious attachment, directing the target to a fake website to steal login
credentials, or convincing the victim to transfer money or share sensitive data.

c) Some cybercriminals have decided to hack into a company’s financial system.

Customers buy goods using digital currency.

i. How does digital currency vary from traditional fiat currency? [2]

Digital currency exists purely in a digital format. It has no physical form unlike conventional fiat currency
(for example, $, £, €, and ¥).

Digital currency is an accepted form of payment to pay for goods or services. As with cash or credit/debit
cards, digital currency can be transferred between various accounts when carrying out transactions. It has
made it possible to bank online (for example, using PayPal) or via a smart phone app (for example, Apple
Pay). This is all possible because money only exists as data on a computer system, but it can be transferred
into physical cash if we need it.

ii. Explain how block chaining could protect the company and the customers from
hackers. [4]

Block chain technology can provide robust security and protection against hackers for both the company
and its customers. This design offers several ways in which it enhances security:

Immutable Data: Once data is recorded on a block chain, it becomes practically impossible to alter or
delete without consensus from the majority of the network participants.

Decentralization and Consensus Mechanisms: Block chain operates on a network of distributed nodes,
eliminating the need for a central authority or single point of failure.
Enhanced Data Encryption: Block chain employs advanced cryptographic techniques to secure data.
Transactions and customer information are encrypted with public and private keys, ensuring that only
authorized parties with the correct private keys can access and decrypt the data.

Transaction Transparency and Auditing: Block chain's transparent and auditable nature allows all
participants on the network to view transaction history.

Protection against Data Loss: Block chain's distributed nature means that data is replicated across
multiple nodes in the network. This redundancy provides protection against data loss due to hardware
failures or cyber attacks.

6 HTML can be used to create the structure and the presentation of web pages.

a) Describe what is meant by HTML structure. [2]

In HTML, the structure is created using a set of markup tags, also known as HTML elements. These
elements are enclosed within angle brackets (< >).

The HTML structure is hierarchical, with elements nested inside each other to create a parent-child
relationship. Each element can have content and other elements as its children.

Some of the tags of HTML are:

<html>: The root element that wraps the entire web page.

<head>: Contains meta-information about the document, such as the title of the page.

<body>: Contains the visible content of the web page, including text, images, and other media.

<header>, <main>, <footer>: Sectioning elements used to define different parts of the page (header, main
content, and footer, respectively).

<h1> and <p>: Heading and paragraph elements used for text content.

b) Gloria writes a paragraph as an answer to an examination question about accessing

a website. Use the list given to complete Gloria’s answer by inserting the correct four
missing terms. Not all terms will be used.

– browser

– cookies

– Hypertext Markup Language (HTML)

– hypertext transfer protocol (http)

– hypertext transfer protocol secure (https)

– Internet Protocol address (IP address)

– Media Access Control address (MAC address)

– web server

The user enters the URL of the website. The ---browser--- uses the DNS server to look up the --- Internet
Protocol address (IP address) ---of the website.

The browser sends a request to the --web server-- to obtain the website files. The website files are sent as --
- Hypertext Markup Language (HTML) --- that is interpreted by the browser. [4]

Cambridge IGCSE Computer Science 0478, Paper 11 Q9, Oct/Nov 2019

7 An art gallery has a website that is used to display and sell art.

a) The gallery uses Secure Socket Layer (SSL) to provide a secure connection when
selling art.

Describe the process of SSL and how it provides a secure connection. [6]

Secure Sockets Layer (SSL) is a type of protocol – a set of rules used by computers to communicate with
each other across a network. This allows data to be sent and received securely over the internet. The SSL
protocol ensures that sensitive data (such as personal information, payment details, and login credentials)
transmitted between the user and the website remains confidential and secure from eavesdropping and
unauthorized access.

When a user logs onto a website, SSL encrypts the data – only the user’s computer and the web server are
able to make sense of what is being transmitted. A user will know if SSL is being applied when they see
https or the small padlock in the status bar at the top of the screen.

The steps below show what happens when a user wants to access a secure website and receive and send
data to it:

1. The user’s browser sends a message so that it can connect with the required website which is
secured by SSL
2. The browser then requests that the web server identifies itself
3. The web server responds by sending a copy of its SSL certificate to the user’s browser
4. If the browser can authenticate this certificate, it sends a message back to the web server to allow
communication to begin
5. Once this message is received, the web server acknowledges the web browser, and the SSL-
encrypted two-way data transfer begins

b) The art gallery also uses a firewall.

Six statements are given about firewalls.

Tick (✔) to show if the statement is True or False.

Statement True False

Firewalls are only available as hardware devices ✔

Firewalls allow a user to set rules for network traffic ✔

Firewalls will automatically stop all malicious traffic ✔

Firewalls only examine traffic entering a network ✔

Firewalls encrypt all data that is transmitted around network ✔

Firewalls can be used to block access to certain websites ✔