All of it

Question 1

Data collection methods

Answer 1

Autonomous devices

Passive and active data collection

Manual data collection

Usage data

Question 2

Size of a sound file

Answer 2

File size = sample rate × sample
resolution × length of sound

Or

File size = bit rate × length of sound

Question 3

Advanced storage techniques

Answer 3

Redundant Array of Inexpensive
Disks (RAID)

Network Attached Storage (NAS)

High availability storage

Storage Area Networks usage (SAN)

Cloud storage

Hosted storage

Question 4

Size of an image file

Answer 4

Size of an image = row * columns * bpp

Question 5

Data

Answer 5

Data can be defined as a set of recorded facts, numbers or events that has no initial meaning or structure. The main purpose of data collection is to gather information in a measured and systematic manner to ensure accuracy and facilitate data analysis. Data only becomes valuable once this has happened as it gives context and meaning in relation to why it was gathered.

Question 6

Methods to help store data

Answer 6

Virtualisation: Is the process of turning hardware into a software equivalent without sacrificing functionality.

Hosted instance: Instances are the virtual machines that run operating systems’ images such as Linux.

Hosted solution: When you rent a virtual server from a company that takes over the responsibility for maintaining and keeping your server running.

Clustering: A group of two or more computer systems that run in parallel together to achieve a goal.

Blockchain storage: A way of saving data in a decentralised network, which utilises the unused hard disk space of users across the world to store files.

Question 7

Descriptive analytics

Answer 7

It can involve breaking down data and summarising its main features and characteristics. It presents what has happened in the past without exploring why or how.

Question 8

Artificial Intelligence (AI)

Answer 8

Artificial intelligence (AI) is the simulation of human intelligence processes by machines.

Question 9

Units of data

Answer 9

Unit Symbol Value
Byte B 8 bits
Kilobyte KB 1024
bytes
Megabyte MB 1024 KB
Gigabyte GB 1024 MB
Terabyte TB 1024 GB
Petabyte PB 1024 TB
Exabyte EB 1024 PB
Zettabyte ZB 1024 EB
Yottabyte YB 1024 ZB

Question 10

General storage methods

Answer 10

Digitally sampled sound

Bitmapped graphics

Compressed audio

Compressed video

Question 11

Cloud computing services

Answer 11

Data storage

E-mail

Virtualised software

Remotely hosted applications

Question 12

Data visualisation

Answer 12

Involves presenting the data visually or graphically to detect patterns, trends and correlations that are not usually apparent from raw data.

Question 13

Management Information System

Answer 13

A management information system(MIS) is a collection of systems and procedures that gather data from multiple sources and compile them in a readable format.

Question 14

Project Management Software
(PMS)

Answer 14

Project management software (PMS) is a software tool that helps organise, manage and track projects.

Question 15

Data Warehouse

Answer 15

A data warehouse (DW or DWH) is a
system used for reporting and data
analysis.

Question 16

Data mining

Answer 16

Data mining is considered an
interdisciplinary field that joins the
techniques of computer science and
statistics together.

Question 17

Social and ethical implications of AI

Answer 17

Is it acceptable if AI becomes more knowledgeable than humans?

How many jobs will be lost to AI?

How much data does AI gather?

Does AI take away people’s privacy?

How can we safeguard AI from discrimination and bias?

Who is accountable if a wrong decision is made?

How do we know what information AI is generating?

How do we know the information generated by AI is accurate?

How do we know if AI has been manipulated?

Is AI gathering too much information?

Question 18

Large data sets

Answer 18

Large data sets refer to data sets that
are too large or complex to be dealt
with by traditional data-processing
application software.

Question 19

Neural network modelling

Answer 19

A neural network is a series of
algorithms that tries to recognise
underlaying relationships in a set of
data through a process that mimics the
way the human brain operates.

Question 20

Natural Language Processing (NLP)

Answer 20

A subset of artificial intelligence is
known as natural language processing
(NLP). The aim of this subset is to
develop computer systems which can
understand text or voice data in the
same way as human beings.

Question 21

Data Flow Diagrams (DFD)

Answer 21

Data flow diagrams (DFD) are used to
show the flow of data in a business
information system. Specific rules and
symbols must be used when creating
these diagrams.

Question 22

Cyber security

Answer 22

How individuals and organisations reduce the risk of cyber-attacks, and how to prevent unauthorised access to the personal information we store on our devices and online.

Question 23

Risks associated with online marketing
communications:

Answer 23

Spam and unwanted e-mail

Phishing and scam attempts

Privacy concerns

Ad fraud

Brand safety

Misinformation

Question 24

The importance of large data sets to
the operation and competitiveness of
organisations

Answer 24

Health sector: Electronic health records (EHRs), patient
data and clinical trial data are used to improve patient care, support medical research and streamline operations.

Finance sector: Transaction data, credit history and
market data are used to make informed investment
decisions, identify fraud and improve risk management strategies.

Retail sector: Customer data, sales data and supply chain data are used to improve marketing and sales campaigns, optimise supply chain operations and provide personalised customer experiences.

Question 25

MAC addresses and MAC address spoofing

Answer 25

The Media Access Control (MAC) address is a unique identifier assigned to a Network Interface Controller (NIC) for use as a network address in communications within a network segment. The use of unique MAC addresses can create security risks: MAC spoofing Privacy concerns Network security Network performance

Question 26

Cryptocurrencies and why they can sometimes be associated with cyber security

Answer 26

Blockchain is a decentralised, digital ledger that records transactions across a network of computers. It uses cryptography to secure and validate transactions, ensuring that the ledger is tamper-proof. The most well-known application of blockchain technology is cryptocurrency. Blockchain technology is used in cybersecurity in the following ways: Decentralised identity management Cyber threat intelligence sharing Secure record keeping Data privacy Chain security Cyber insurance

Question 27

Security and integrity problems during online file updates:

Answer 27

Unauthorised access Incomplete updates Man-in-the-middle attacks Denial of service Malicious software Rollback attacks To mitigate these risks, organisations should use secure methods for transmitting and verifying the integrity of update files.

Question 28

The types and operation of malicious software:

Answer 28

Type of malware: Virus Trojan Worm Ransomware Adware Spyware Rootkit Operations of malware: Data theft System disruption Spamming Cryptojacking Extortion

Question 29

Accidental and malicious/deliberate damage

Answer 29

Accidental damage is any damage or loss of data that is not intentional. Actions that are intended to cause harm to data are classed as malicious damage. Accidental: Human error Accidental data file deletion Software corruption Hardware malfunction Natural disasters Power failure Malicious: Malware Phishing and social engineering DDoS attacks SQL injection Insider threats Ransomware

Question 30

The threats to the privacy of the individual from the use of data mining:

Answer 30

Data breaches Unauthorised data sharing Discrimination Profiling Lack of control Inaccurate data

Question 31

The legal and professional responsibilities in identifying and mitigating threats and vulnerabilities

Answer 31

Preventing and mitigating the damage caused by malicious or deliberate attacks requires a multi-layered approach that includes security awareness training, regular security updates, penetration testing and incident response planning.

Question 32

Black hat hacking, white hat hacking and penetration testing

Answer 32

Black hat Hacking: A hacker gains unauthorised access to computer systems, networks or data with malicious intent. This type of hacking is illegal and unethical, and the individuals who engage in it are known as black hat hackers. White Hat Hacking: Also known as ethical hacking, a hacker uses hacking techniques to improve security. White hat hackers are security professionals who identify vulnerabilities and weaknesses in computer systems and networks and report them to the relevant organisations. Penetration Testing: Also known as pen testing, this is a security testing technique used to evaluate the security of a system by simulating an attack. It identifies security vulnerabilities and weaknesses and provides recommendations for improving its security.

Question 33

A range of mechanisms for attacking vulnerabilities

Answer 33

Brute force attacks SQL injection Cross-Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Buffer overflow Remote Code Execution (RCE) Directory traversal Man-in-the-middle (MitM) attacks Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks Social engineering

Question 34

A range of mechanisms for defence from threats and vulnerabilities

Answer 34

Firewalls Encryption Access control Antivirus software Patches and updates Backups User education and awareness training Network segmentation Intrusion detection and prevention systems Virtual Private Network (VPN) technology

Question 35

Security measures

Answer 35

Encryption Firewalls Antivirus software Hierarchical access levels

Question 36

Biometrics

Answer 36

The use of unique physiological or behavioural characteristics to identify individuals to provide a reliable means of identification and authentication that is difficult to imitate. Examples include: fingerprint recognition facial recognition iris recognition voice recognition signature recognition behavioural biometrics.

Question 37

Biometrics Benefits and Drawbacks

Answer 37

Benefits: Increased security Convenience Reduced fraud Increased accuracy Drawbacks: Bias and discrimination Cost Technical limitations Privacy concerns

Question 38

Cryptography

Answer 38

The practice of securing communication and data through the use of mathematical algorithms. The purpose of cryptography is to protect the confidentiality, integrity and authenticity of data. Techniques of cryptography: Symmetric key cryptography Asymmetric key cryptography Hash functions Digital signatures Steganography Random number generation Quantum cryptography

Question 39

Diagnosing and tracing data over packet switched networks

Answer 39

Tracert: a network diagnostic tool used to track the path taken by data packets from a source computer to a destination computer. Whois: a protocol and database system that stores information about registered domain names and the associated organisations and individuals. IP address masking and impersonating: the process of hiding or changing the real IP address of a device or network to appear as if it originates from a different location or device.

Question 40

Resilience controls

Answer 40

Cyber resilience is the ability of an organisation to withstand and quickly recover from cyber-attacks, system failures and other security incidents.

Question 40

Consequences of a cyber-attack

Answer 40

Financial loss Reputational damage Legal liability Intellectual property theft System downtime Long-term damage

Question 41

Legal and professional responsibilities

Answer 41

General Data Protection Regulation (GDPR) Network and Information Systems Regulations (NISR) Adherence to professional standards, such as ISO 2700 Responsibility for the protection of personal data Duty of care to ensure the continuity of critical business functions Ensuring the security and confidentiality of sensitive information

Question 42

Resilience controls to prevent a cyber-attack

Answer 42

Boundary firewall and Internet gateway Staff training Secure system configuration Access control Malware protection Patch management

Question 43

The impact of damaged software:

Answer 43

System crashes Loss of data Security vulnerabilities Inefficient performance Compatibility issues

Question 44

Effects of websites being unavailable:

Answer 44

Loss of reputation Loss of competitive advantage Legal and social implications Financial loss

Question 45

Temporary or permanent loss of data and information

Answer 45

Temporary loss of data and information: The loss of access to information due to technical issues such as power outages and system crashes. Can usually be restored from backups or through other recovery processes. Permanent loss of data and information: Can occur due to physical damage to storage devices, deliberate destruction, or the permanentfailure of storage devices. The complete and permanent destruction of information that cannot be restored.

Question 46

Resilience controls for recovery from and mitigation of a cyber-attack

Answer 46

Planning alternative premises, communication methods and facilities: Used in Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) to ensure that critical business operations can continue in the event of a cyber-attack. What-if scenarios: Allows for preparation and mitigation of a cyber-attack. Hypothetical scenarios allow organisations to plan how they would respond to a cyber-attack and identify vulnerabilities. Regular backups of data: Used in disaster recovery and BCP. Backups ensure that critical data can be restored in the event of a data loss, minimising the impact on the organisation.

Question 47

Social engineering

Answer 47

Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices.

Question 48

The legal framework to protect against social engineering

Answer 48

The Computer Misuse Act 1990: This Act makes it a criminal offence to gain unauthorised access to computer systems through hacking, viruses and other forms of cyber-attacks. The Fraud Act 2006: This Act makes it a criminal offence to carry out deception with the intention of making a gain or causing a loss. Social engineering scams, such as phishing and vishing, are often covered under the Fraud Act. The General Data Protection Regulation (GDPR): This regulation, which is enforced by the Information Commissioner’s Office (ICO), requires organisations to protect the personal data of individuals and to report data breaches to the ICO within 72 hours. The Privacy and Electronic Communications (EC Directive) Regulations 2003: This regulation regulates the use of electronic communication services, including e-mail, voice calls and text messages. It requires organisations to obtain consent from individuals before sending marketing communications and to provide individuals with the option to opt out of such communications.

Question 49

Social engineering within different sectors

Answer 49

Social engineering has been used to gain access within specific sectors, including: commerce personal finance and home banking process control.

Question 50

Social engineering techniques

Answer 50

Phishing: Fraudulent e-mails, text messages or websites that appear to be from trustworthy sources are used to trick victims into revealing sensitive information such as passwords, credit card numbers and bank details. Vishing: Voice phishing uses voice calls, voicemails or interactive voice response (IVR) systems to trick individuals into revealing sensitive information or installing malware on their devices. Baiting: When an attacker leaves a physical item, such as a USB drive or CD, in a public place with the intention of tricking someone into taking it and using it on their computer. E-mail hacking: The unauthorised access or manipulation of someone else's e-mail account or e-mail messages. Pretexting: A false scenario or cover story is used to manipulate someone into divulging sensitive information or performing a certain action, e.g. opening an e-mail or responding to a message. Quid pro quo scams: When an attacker offers something desirable or valuable to a victim in exchange for sensitive information or access to their computer, e.g. offering to provide technical support in exchange for remote access. Active digital footprints: Information that is actively shared online (e.g. through social media) that can be used to build a more successful cyber-attack. Passive digital footprints: Data or information left behind as a result of online activities, such as browsing history or IP addresses, that can be used to create more convincing social engineering attacks.

Question 51

The Internet

Answer 51

The Internet is a huge network of computers, servers, and other devices that are connected to each other and can communicate with one another using standardised communication protocols. This allows individuals, businesses and organisations all over the world to share information, communicate and collaborate in real-time, regardless of location. The Internet has transformed the way we live, work and interact with each other, enabling new forms of communication and commerce, and has become an essential tool for people and businesses.

Question 52

Standards

Answer 52

Internet standards are essential for ensuring the interoperability, functionality and security of the Internet. They define the protocols, technologies and practices used to transmit information and provide common ground for communication between different devices and systems. The World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) are two key organisations that play a role in the development and maintenance of Internet standards. The W3C focuses on developing standards for the World Wide Web including HTML, CSS, and JavaScript. The IETF develops and maintains technical standards for the Internet as a whole.

Question 53

Functionality provided by DNS

Answer 53

Load balancing Redirection Authentication Service directory

Question 54

The infrastructure of the Internet

Answer 54

Servers Data centres Network routers Fibre optic cables Wireless towers

Question 55

Hardware components of computer networks

Answer 55

Routers Switches Firewalls Hubs Bridges Access points Modems Network interface card (NIC)

Question 56

Software components of computer networks

Answer 56

Operating systems Network management Network security software Communication protocols Network performance monitoring and analysis tools Virtual private network Remote access software Back-up and recovery

Question 57

Infrastructure components of computer networks

Answer 57

Cables and wiring Network servers Storage area networks Wireless access points Data centres Network racks and cabinets Power back-up systems Cooling systems

Question 58

Packet switching

Answer 58

Packet switching is the method used to transmit data over a network using the Internet protocol. It works by dividing large amounts of data into smaller, manageable units called packets and then transmitting each packet individually over the network.

Question 59

How technology supports mobile phone communication

Answer 59

Mobile phone masts Cells Handoffs Base station controller IMIE and IMSI SIP SS7 IPv6

Question 60

Routing

Answer 60

In TCP/IP networks, routing refers to the process of determining the path an IP packet should take to reach its destination.

Question 61

Hubs

Answer 61

A hub is a networking device that allows multiple devices to be connected to a single network.

Question 62

Switched hubs

Answer 62

Switched hubs, also known as switches, are advanced versions of traditional hubs and provide dedicated connections between devices, allowing for faster data transmission and reduced network congestion.

Question 63

Cloud computing and cloud storage

Answer 63

Cloud computing involves the delivery of a range of computing services over the Internet, while cloud storage refers specifically to the storage of data on remote servers. Cloud computing can include cloud storage, but it also includes other services such as processing power, software, and more.

Question 64

Routers

Answer 64

Routers are networking devices that forward data packets between computer networks.

Question 65

Repeaters

Answer 65

Repeaters are networking devices used to extend the range of a network.

Question 66

Wireless access points

Answer 66

Wireless access points (WAPs) are networking devices that enable devices to connect to a wireless network and access network resources, such as the Internet.

Question 67

Media converters

Answer 67

Media converters are networking devices used to convert signals from one type of physical medium to another.

Question 68

Transmission speeds

Answer 68

The formula for calculating transmission speeds: Transmission speed= file size/time taken to transfer a file When considering the end user experience, it is important to consider the user’s expectations and the purpose of the file transfer. To improve the end user experience, it may be necessary to optimise the transfer or provide alternative methods of file transfer, such as compression or streaming. Factors that can affect the transmission speed and file delivery time include: network bandwidth congestion latency file size file type.