Sample Question Paper1
Area of Impact: Business and Employment
1. Recently, thousands of customer records containing sensitive information were view-able on popular e-commerce sites. The records could be accessed and downloaded by anyone using a standard Web browser. No sophisticated hacking tools or programming knowledge were required. Many security experts think that consumer records are not properly protected on a significant number of Web sites.
(a) Identify two sensitive fields, other than those containing personal Information, in a customer record which could possibly be viewed due to this security error. [2 marks]
(b) Explain two ways in which such a security error could occur. [4 marks]
(c) Explain two reasons why large retail stores are diversifying into e-commerce. [4 marks]
(d) Discuss three reasons why many online companies have failed. [10 marks]
Area of Impact: Education
2. Currently several universities are cooperatively involved in the new e-learning venture called eArmyU. It is a college degree program in which US Army soldiers who are stationed around the world can enrol in variety of university degree programs online. Through eArmyU, soldiers can study and gain part of the credits towards their college degrees. It is expected that 80,000 soldiers will be enrolled by 2005.
(a) Describe two online services that must be provided for the student. [4 marks]
(b) Describe three different types of process which a university may use to authenticate the identify of the student at specific stages in a course of study. [6 marks]
(c) Discuss three social consequences of soldiers being able to gain credits towards their college degree through the eArmyU.
[10 marks]
Area of impact: Business and employment –Standard Level
Bank customers can access their bank accounts through an Automatic Teller Machine (ATM) or by using online banking services. However, both methods of access have the risk that criminals could gain unauthorized access to their bank account details.
A Citibank customer received the following e-mail. This is an example of phishing, the practice of trying to find out customers’ bank account information through fraudulent e-mails.
(a) Identify two ways that this e-mail could trick Citibank customers into providing sensitive information. [2 marks]
(b) Describe the steps used by the bank’s IT system to authorize a customer’s access to their bank account when using a card at an ATM. [4 marks]
(c) Explain two actions that could be taken by the bank to assist customers in identifying fraudulent e-mails. [4 marks]
(d) To what extent have ATMs and online banking changed the way that people manage their finances? [10 marks]