Question 1



Question 1 [June 1993]

(a) What is meant by ‘data integrity’?

(b) State TWO examples where lack of data integrity can cause loss, inconvenience or embarrassment.

Suggested Response

(a) Data integrity refers to the accuracy and completeness of data when it is entered and throughout its subsequent processing.

(b) - Incomplete information in an employee’s personnel file that he/she only had a diploma and caused him/her to be short paid.

- Entering a person’s age as being 53 instead of 35 years old.

Question 2 [June 1994]

‘Data security’ refers to the protection of data from destruction or corruption. State THREE measures which can be employed to ensure data security.

Suggested Response

Any 3 of the following:

▪ Allow only authorized personnel to access computer facilities.

▪ Store data in a fireproof safe.

▪ Store data in another building or in another location.

▪ Distribute sensitive work to a number of employees.

▪ Implement a password system for computer and files to prevent unauthorized access.

▪ Encrypt data during storage or transmission so that it cannot be understood by someone without the encryption key.

▪ Install a firewall to protect system from viruses, spam and e-mail bombs, and prevent unauthorized users from gaining access when connected to the Internet.

▪ Use anti-virus software.

Question 3 [June 1995]

State a measure which can be adopted to minimize data and/or program corruption or loss in the event of a hard disk failure.

Suggested Response

Back-up data and programs on a daily basis to Zip disks or compact disks (rewritables).

Question 4 [June 1995]

What is software piracy?

Suggested Response

Software piracy is the unauthorized and illegal copying of software that is copyrighted.

Question 5 [June 1995]

Identify FOUR measures to secure data.

Suggested Response

Any 4 of the following:

▪ Allow only authorized personnel to access computer facilities.

▪ Store data in a fireproof safe.

▪ Store data in another building or in another location.

▪ Distribute sensitive work to a number of employees.

▪ Implement a password system for computer and files to prevent unauthorized access.

▪ Encrypt data during storage or transmission so that it cannot be understood by someone without the encryption key.

▪ Install a firewall to protect system from viruses, spam and e-mail bombs, and prevent unauthorized users from gaining access when connected to the Internet.

▪ Use anti-virus software.

Question 6 [June 1996]

The Statistic Department holds confidential information on the citizens of a country. Since its databases are online and are connected to the telephone company via a modem, any person with a computer and a modem can potentially access the databases. Outdated data are usually stored at other locations.

a) State ONE method which can be used to prevent unauthorized users from accessing data stored in the databases.

b) State TWO methods which can be used to prevent users from accessing data from files which they do not have access.

c) State ONE potential danger that may exist when legitimate users within the Statistic Department import data into the department’s computer.

d) State TWO strategies to protect the archived data from physical damage.

Suggested Response

(a) Use a password system.

(b) Use software to setup user accounts.

Assign users different usernames and passwords.

(c) Any 1 of the following:

▪ Virus can be easily transmitted.

▪ Data may get corrupted.

▪ Incorrect data may be imported.

(d) Store archived data in a fireproof room or safe.

Store data in a different location such as a separate building.

Question 7 [June 1997]

(a) State ONE reason why copying a program is considered to be morally wrong.

(b) Within a large company, data on each employee is stored in a central location. One file store the data on all employees. The data stored on an employee includes his or her name, address, next of kin, salary range, etc. This data is shared by several departments and an employee’s record can be viewed and modified by many employees from several departments.

State TWO problems which would arise from the sharing of the data in the company.

c) What is ‘data encryption’?

d) State TWO methods, other than data encryption, used to secure data.

Suggested Response

(a) Copying a program is morally wrong as the program does not belong to you but instead you are only licensed to use it.

(b) Any two (2) of the following:

• Data may get corrupted.

• Data may be maliciously altered.

• Loss of privacy

(c) Data encryption is a data security measure that involves the encoding or scrambling of data before transmission or storage.

(d) Use passwords

Backup data on a regular basis

Question 8 [June 1998]

(a) What is a computer virus?

(b) State TWO measures that could be implemented in order to prevent a computer virus from infecting a computer.

(c) Identify TWO ways in which a person could be affected by the misuse of personal information, which has been stored in a data bank.

(d) Identify TWO ways by which personal information, stored in a data bank, may become inaccurate.

Suggested Response

a) A computer virus is a potentially damaging program that affects or infects a computer negatively by corrupting and destroying data or by altering the way the computer works without the knowledge or permission of the user.

(b) Any 2 of the following:

▪ Install an anti-virus program and update it frequently.

▪ Scan floppy disks with an anti-virus program before opening it.

▪ Never open an e-mail attachment unless you are expecting it or it is from a trusted source.

▪ Scan downloaded programs for viruses.

▪ Never start your computer with a floppy disk in drive A unless it is an uninfected recovery disk.

▪ Write-protect your recovery disk.

(c) Any 2 of the following:

▪ Unable to secure a loan because of their credit history.

▪ Unable to gain satisfactory employment.

▪ Ineligible for a service due to health condition.

▪ Falsely accused or sentenced due to identity theft.

(d) Any 2 of the following:

▪ Information was not updated as new information becomes available.

▪ Malicious alteration of data by authorized/unauthorized persons.

▪ Data corruption by system failure or virus.

Question 9 [June 1999]

(a) In order to secure its data, a computer uses the following method for encrypting text:

A letter is replaced by the letter five letters later in alphabetical order. For example, the letter ‘A’ is replaced by ‘F’, ‘B’ is replaced by ‘G’, and so on. Note that the letter ‘A” is considered to follow the letter ‘Z’.

i) What would the word ‘ESSAY’ be stored as? (1 mark)

ii) What is the meaning of the following text?

N LTY NY (1 mark)

(b) (i) What is the purpose of a password? (1 mark)

(ii) What is meant by the term ‘archiving’? (1 mark)

iii) Within many organizations, data on personnel are stored in a central location from which various departments can access relevant information. State THREE problems that may arise because of the sharing of this type of data. (3 marks)

Suggested Response

(a) (i) JXXFD (ii) I GOT IT

(b) (i) To prevent unauthorized access to programs, files and other computer resources.

ii) It is the process and procedure for storing used files which need to be kept for a long time.

(iii) - Employees may be able to have unauthorized access to the personal data of other employees.

- Employees may be able to fraudulently modify data on themselves or others.

- Incomplete modification of data of one department may produce inconsistencies in the file system.

Question 10 [June 2000]

(i) What is ‘electronic eavesdropping’? (1 mark)

(ii) What is ‘software piracy’? (1 mark)

(iii) State TWO ways in which software piracy may be controlled. (2 marks)

Suggested Response

(i) Tapping into a communication channel to retrieve information.

(ii) The unauthorized copying of software.

(iii) - Using registration keys that are only available with purchase of the software.

- Penalties for anyone found with pirated software.

Question 11 [June 2000]

The InsureNow Insurance Company has its head office in Bridgetown, Barbados. The company handles a lot of confidential client data. Each client is assigned to a particular agent. You do not want agents to see confidential information about other agents’ clients.

(a) How can you prevent agents from viewing one another’s confidential files? (1 mark)

b) State TWO precautionary measures that can be taken to ensure that, in the case of a fire, all client data is preserved. (2 marks)

c) What can be done to ensure that the client data files are protected in the event that the computer hard disk fails? (1 mark)

d) It is sometimes necessary to send confidential data across the telephone line (using a modem) to another branch of the company 25 miles away. How can the company ensure that no one can eavesdrop on the data while it is being transmitted? (1 mark)

Suggested Response

(a) Using an individual password for each client file.

(b) - Use fireproof cabinets to store back-up copies of files.

- Keep copies of data off site.

(c) Keep back-up copies on removable storage media such as disk, CD or tape.

(d) Use data encryption.

Question 12 [June 2001]

(a) The use of information for strategic purposes can sometimes involve a violation of ethics. Give TWO ways in which this statement is true.

(b) In dealing with computer security, explain ONE advantage of software restrictions compared with physical restriction.

Suggested Response

(a) Personal information can be used in violation of privacy, for marketing purposes.

Corporate/Industrial information can be secretly used for personal or other corporate gain.

(b) Any 1 of the following:

▪ Software restrictions can allow access to a portion of data with restriction on access to other portions.

▪ Software restrictions can allow someone far away to maintain access, with the appropriate privileges still in force.

▪ Software restrictions can allow the system to be used for other things, with data access restrictions.

Question 13 [June 2002 – Specimen]

(a) What is encryption? (1 mark)

(b) “Physical access restrictions are better than passwords or encryption”. Give ONE argument in favour of the statement given. (2 marks)

(c) Give TWO methods of protecting oneself from computer viruses. (2 marks)

Suggested Response

(a) Encryption means converting a document to an unreadable form, to be deciphered only by the use of a password.

(b) There are situations where physical restriction is inappropriate, as when a file must be made available to a telecommuting employee, or when a file is stored on a computer that everyone uses. The file must be accessible to particular people whose only difference from the unauthorized persons is that they know the password.

(c) - Write-protecting diskettes whenever copying files to a strange computer.

- Use of up-to-date antivirus software.

- Using software from bona-fide sources only and even checking these for viruses.

- Operating a good backup system.

Question 14 [June 2002]

(a) A large company offers free transportation or a transport allowance to its employees. For this purpose it has prepared a list of names and addresses of employees. In those areas with many persons needing a transport, the company provides transportation.

i. Besides names and addresses, give ONE other item of information that might be desirable in this case.

ii. Explain ONE way in which the information collected here might be misused.

(b) A foreign university keeps records of past student performance on a computer database. The entire building is destroyed by fire, along with the records. Give TWO methods that might have been used to allow the record-keeping to continue.

Suggested Response

(a) i. A person’s telephone number OR e-mail address

ii. Persons may modify address to an area that employees qualify for a transport allowance.

(b) Two methods to preserve records for continuity:

• Store backups of records in fireproof cabinets.

• Keep backups of records and store them away in a remote off-campus location.

Question 15 [June 2002]

(a) Explain the term ‘electronic eavesdropping’.

(b) In the case of an encrypted file, what is the purpose of a password?

Suggested Response

(a) Electronic Eavesdropping is the illegal act of intercepting communications - fax, voice, data, email, mobile telephones, etc., often for nefarious (wicked) purposes.

(b) A password is needed to decrypt an encrypted file for it to be read by authorized persons.

Question 16 [June 2003]

(i) Briefly explain the difference between data integrity and data security. (2 marks)

(ii) Outline ONE method of ensuring the integrity of the data. (1 mark)

Suggested Response

(i) Data integrity refers to the accuracy and completeness of data when it is entered while data security refers to the protection of data from alteration, corruption, destruction or disclosure.

(ii) Any 1 of the following:

▪ Implement safeguards to secure data from alteration and corruption.

▪ Check to ensure data is error-free.

▪ Verify that data is complete.

▪ Update databases as new information becomes available.

Question 17 [June 2004]

State THREE different computer-related crimes and identify TWO measures that should be put in place to prevent them. (5 marks)

Suggested Response

Any 3 following computer-related crimes:

▪ Software piracy/theft

▪ Hacking

▪ Computer fraud

▪ Information theft

▪ Hardware theft and vandalism

▪ Internet fraud

Any 2 of the following measures:

▪ Use firewalls to prevent unauthorized access to data, information and storage media on a network.

▪ Institute laws and prosecute offenders.

▪ Install intrusion detection software.

▪ Encrypt data being transmitted over networks.

▪ Implement physical access controls.

Question 18 [June 2004]

(a) For information to be useful, it must be organized. List TWO other qualities that the information must have to make it useful. (2 marks)

(b) List THREE measures you would take to ensure that your computer system is protected from viruses.

(3 marks)

(c) The election office has a large amount of vital and sensitive information. Describe THREE steps that should be taken to protect the data against deliberate theft or corruption. (3 marks)

Suggested Response

(a) Any 2 of the following:

▪ Accurate

▪ Verifiable

▪ Timely

▪ Accessible

▪ Cost effective

(b) Any 3 of the following:

▪ Write-protecting diskettes whenever copying files to a strange computer.

▪ Use of up-to-date antivirus software.

▪ Using software from bona-fide sources only and even checking these for viruses.

▪ Scanning diskettes for viruses before opening them.

▪ Operating a good backup system.

▪ Install a personal firewall.

(c) Any 3 of the following:

▪ Implement user identification and authentication controls, e.g. usernames and passwords.

▪ Backup data regularly.

▪ Install a firewall to prevent unauthorized access, such as from hackers, and the deliberate transfer of virus codes.

▪ Implement physical access controls.

Question 19 [June 2005]

(a) Name and describe ONE physical access method which would ensure that ONLY authorized personnel have access to important computer equipment. (2 marks)

(b) Describe ONE software access method which would ensure that ONLY authorized personnel have access to software and data. (2 marks)

Suggested Response

(a) Physical access method (any of the following):

• Implement a monitoring system using video cameras and or security guards.

• Issue a badge or a card with an associated personal identification number (PIN) or a key to authorized personnel.

• Use a biometric device such as a fingerprint, palm or retinal scanner, face or voice recognition system to identify and authenticate personnel accessing premises.

(b) Software access method (any of the following):

• Implement a username and password system – using a unique combination of characters that identifies a specific user and a private password associated with the username that allows access to certain computer resources.

• Implement a callback system – to authenticate remote users and allow them to connect to and access a computer providing that upon dialing into the computer and entering their username and password, the user is at an authorized telephone number when the computer calls back the number.

• Encrypt data during storage or transmission by scrambling it so that it cannot be understood by someone without the encryption key.

• Install firewalls – to deny network access to outsiders, such as hackers, and to restrict employees’ access to sensitive data.

• Install an audit program – that monitors both successful and unsuccessful access attempts by logging these attempts (i.e. keeping a record) in a file.

Note: Biometric identification systems such as fingerprint scanner, voice or signature recognition software and devices can also be used as a software access method.

Question 20 [June 2005]

A computer technician visits a company stating that he was sent to “fix some computers”. He is not known to the company.

(a) What do you understand by computer fraud? (1 mark)

(b) Explain with reasons, TWO actions that you would carry out to verify that this technician is on official business. (4 marks)

Suggested Response

(a) Computer fraud occurs when a person in an organization makes changes to information in a computer without authorization, for personal benefits or malicious reasons. For example, when a person changes data to give himself, his friend or a family member a higher salary or in the case of banks where individuals make changes to bank accounts.

(b) One action is to confirm with the relevant authority within the company whether or not a request was made for a computer technician. Another is to request an identification card from the technician and call his company to verify that he is a legitimate employee sent by the company to carry out the repairs. These precautionary measures can act as safeguards against computer hardware theft and or vandalism.

Question 21 [June 2006]

A consultant is hired to study the computer systems at your office. One of her recommendations was as follows in the paragraph supplied:

In addition to software security needs, the department must seek ways to secure the physical components entrusted to it. A secure room is to be identified where fireproof cabinets can be placed to store backup copies of data disks and archived files. These backup copies and files must be provided with virus protection and then encrypted prior to being stored.

Explain EACH of the underlined words. (4 marks)

Suggested Response

Backup copies: These are copies of data on a computer that are stored on media such as CD-ROM discs, in a secure place away from the computer, so that data can be restored in the event that the data on the computer becomes corrupt or loss due to system failure, viruses or accidental deletion.

Archived files: These are used but important files that have been stored away in a secure place and can be easily retrieved at a later date if needed.

Virus protection: This is a security measure used to protect files and computers from corruption or destruction by installing anti-virus software.

Encrypted: This is a security measure used to maintain the confidentiality of information when it is being transmitted from one place to another or before it is stored by coding (scrambling) it so that only persons with the correct decoder can read or understand it.

Question 22 [June 2006]

A young college student is accused of Electronic Eavesdropping and Unauthorized Surveillance. During the trial it was revealed that the college student used software to access the computer of another student while she was chatting with her friends. She could read all the messages she (other student) wrote and the messages her friends wrote to her. At the end of the trial one of the charges was dropped.

(a) Explain Electronic Eavesdropping and Unauthorized Surveillance. (2 marks)

(b) Discuss which charge was kept and why. (2 marks)

Suggested Response

(a) Electronic Eavesdropping is the illegal act of intercepting communications - fax, voice, data, email, mobile telephones, etc., often for nefarious (wicked) purposes.

Unauthorized Surveillance is the illegal act of electronically intercepting and monitoring communications, and observing the movement/behaviour of individuals.

(b) The charge of Electronic Eavesdropping was kept as Unauthorized Surveillance is done on a continuous basis or over an extended period of time using mainly hardware devices, while the former is mainly done using software.

Question 23 [June 2007]

An insurance company gathers medical reports on its clients from the computer system of a certain out-patient clinic. The insurance company increases its insurance payments according to the number of visits to the clinic. State with reasons, whether this involves

(a) Electronic eavesdropping (2 marks)

(b) Electronic surveillance (2 marks)

(c) Computer fraud (2 marks)

Suggested Response

(a) The insurance company’s action would not involve electronic eavesdropping as this is the act of intercepting communications.

(b) The insurance company’s action would not involve electronic surveillance as this is the act of intercepting and monitoring communications or observing the movement /behaviour of individuals.

(c) The insurance company’s action involves computer fraud as it used information gathered from the computer of an external entity for personal gains.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download