All of it

Question 1

Data collection methods

Answer 1

Autonomous devices

Passive and active data collection

Manual data collection

Usage data

Question 2

Size of a sound file

Answer 2

File size = sample rate × sample
resolution × length of sound

Or

File size = bit rate × length of sound

Question 3

Advanced storage techniques

Answer 3

Redundant Array of Inexpensive
Disks (RAID)

Network Attached Storage (NAS)

High availability storage

Storage Area Networks usage (SAN)

Cloud storage

Hosted storage

Question 4

Size of an image file

Answer 4

Size of an image = row * columns * bpp

Question 5

Data

Answer 5

Data can be defined as a set of recorded facts, numbers or events that has no initial meaning or structure. The main purpose of data collection is to gather information in a measured and systematic manner to ensure accuracy and facilitate data analysis. Data only becomes valuable once this has happened as it gives context and meaning in relation to why it was gathered.

Question 6

Methods to help store data

Answer 6

Virtualisation: Is the process of turning hardware into a software equivalent without sacrificing functionality.

Hosted instance: Instances are the virtual machines that run operating systems’ images such as Linux.

Hosted solution: When you rent a virtual server from a company that takes over the responsibility for maintaining and keeping your server running.

Clustering: A group of two or more computer systems that run in parallel together to achieve a goal.

Blockchain storage: A way of saving data in a decentralised network, which utilises the unused hard disk space of users across the world to store files.

Question 7

Descriptive analytics

Answer 7

It can involve breaking down data and summarising its main features and characteristics. It presents what has happened in the past without exploring why or how.

Question 8

Artificial Intelligence (AI)

Answer 8

Artificial intelligence (AI) is the simulation of human intelligence processes by machines.

Question 9

Units of data

Answer 9

Unit Symbol Value
Byte B 8 bits
Kilobyte KB 1024
bytes
Megabyte MB 1024 KB
Gigabyte GB 1024 MB
Terabyte TB 1024 GB
Petabyte PB 1024 TB
Exabyte EB 1024 PB
Zettabyte ZB 1024 EB
Yottabyte YB 1024 ZB

Question 10

General storage methods

Answer 10

Digitally sampled sound

Bitmapped graphics

Compressed audio

Compressed video

Question 11

Cloud computing services

Answer 11

Data storage

E-mail

Virtualised software

Remotely hosted applications

Question 12

Data visualisation

Answer 12

Involves presenting the data visually or graphically to detect patterns, trends and correlations that are not usually apparent from raw data.

Question 13

Management Information System

Answer 13

A management information system(MIS) is a collection of systems and procedures that gather data from multiple sources and compile them in a readable format.

Question 14

Project Management Software
(PMS)

Answer 14

Project management software (PMS) is a software tool that helps organise, manage and track projects.

Question 15

Data Warehouse

Answer 15

A data warehouse (DW or DWH) is a
system used for reporting and data
analysis.

Question 16

Data mining

Answer 16

Data mining is considered an
interdisciplinary field that joins the
techniques of computer science and
statistics together.

Question 17

Social and ethical implications of AI

Answer 17

Is it acceptable if AI becomes more knowledgeable than humans?

How many jobs will be lost to AI?

How much data does AI gather?

Does AI take away people’s privacy?

How can we safeguard AI from discrimination and bias?

Who is accountable if a wrong decision is made?

How do we know what information AI is generating?

How do we know the information generated by AI is accurate?

How do we know if AI has been manipulated?

Is AI gathering too much information?

Question 18

Large data sets

Answer 18

Large data sets refer to data sets that
are too large or complex to be dealt
with by traditional data-processing
application software.

Question 19

Neural network modelling

Answer 19

A neural network is a series of
algorithms that tries to recognise
underlaying relationships in a set of
data through a process that mimics the
way the human brain operates.

Question 20

Natural Language Processing (NLP)

Answer 20

A subset of artificial intelligence is
known as natural language processing
(NLP). The aim of this subset is to
develop computer systems which can
understand text or voice data in the
same way as human beings.

Question 21

Data Flow Diagrams (DFD)

Answer 21

Data flow diagrams (DFD) are used to
show the flow of data in a business
information system. Specific rules and
symbols must be used when creating
these diagrams.

Question 22

Cyber security

Answer 22

How individuals and organisations reduce the risk of cyber-attacks, and how to prevent unauthorised access to the personal information we store on our devices and online.

Question 23

Risks associated with online marketing
communications:

Answer 23

Spam and unwanted e-mail

Phishing and scam attempts

Privacy concerns

Ad fraud

Brand safety

Misinformation

Question 24

The importance of large data sets to
the operation and competitiveness of
organisations

Answer 24

Health sector: Electronic health records (EHRs), patient
data and clinical trial data are used to improve patient care, support medical research and streamline operations.

Finance sector: Transaction data, credit history and
market data are used to make informed investment
decisions, identify fraud and improve risk management strategies.

Retail sector: Customer data, sales data and supply chain data are used to improve marketing and sales campaigns, optimise supply chain operations and provide personalised customer experiences.

Question 25

MAC addresses and MAC address
spoofing

Answer 25

The Media Access Control (MAC) address is a unique
identifier assigned to a Network Interface Controller (NIC) for use as a network address in communications within a network segment. The use of unique MAC addresses can
create security risks:
MAC spoofing

Privacy concerns

Network security

Network performance

Question 26

Cryptocurrencies and why they can sometimes be
associated with cyber security

Answer 26

Blockchain is a decentralised, digital ledger that records transactions across a network of computers. It uses cryptography to secure and validate transactions, ensuring that the ledger is tamper-proof. The most well-known application of blockchain technology is cryptocurrency. Blockchain technology is used in cybersecurity in the following ways:

Decentralised identity

management

Cyber threat intelligence sharing

Secure record keeping

Data privacy

Chain security

Cyber insurance

Question 27

Security and integrity problems during online file
updates:

Answer 27

Unauthorised access

Incomplete updates

Man-in-the-middle attacks

Denial of service

Malicious software

Rollback attacks

To mitigate these risks, organisations should use secure methods for transmitting and verifying the integrity of update files.

Question 28

The types and operation
of malicious software:

Answer 28

Type of malware:
Virus
Trojan
Worm
Ransomware
Adware
Spyware
Rootkit

Operations of malware:
Data theft
System disruption
Spamming
Cryptojacking
Extortion

Question 29

Accidental and malicious/deliberate damage

Answer 29

Accidental damage is any damage or loss of data that is not intentional. Actions that are intended to cause harm to data are classed as malicious damage.

Accidental:
Human error
Accidental data file deletion
Software corruption
Hardware malfunction
Natural disasters
Power failure

Malicious:
Malware
Phishing and social engineering
DDoS attacks
SQL injection
Insider threats
Ransomware

Question 30

The threats to the
privacy of the individual
from the use of data
mining:

Answer 30

Data breaches

Unauthorised data sharing

Discrimination

Profiling

Lack of control

Inaccurate data

Question 31

The legal and professional
responsibilities in identifying and
mitigating threats and vulnerabilities

Answer 31

Preventing and mitigating the damage caused by
malicious or deliberate attacks requires a multi-layered
approach that includes security awareness training,
regular security updates, penetration testing and incident
response planning.

Question 32

Black hat hacking, white hat hacking and penetration testing

Answer 32

Black hat Hacking: A hacker gains unauthorised access
to computer systems, networks or
data with malicious intent. This type of
hacking is illegal and unethical, and the
individuals who engage in it are known
as black hat hackers.

White Hat Hacking: Also known as ethical hacking, a
hacker uses hacking techniques to
improve security. White hat hackers
are security professionals who identify
vulnerabilities and weaknesses in
computer systems and networks
and report them to the relevant
organisations.

Penetration Testing: Also known as pen testing, this is a security testing technique used to
evaluate the security of a system
by simulating an attack. It identifies
security vulnerabilities and weaknesses
and provides recommendations for
improving its security.

Question 33

A range of mechanisms for attacking
vulnerabilities

Answer 33

Brute force attacks

SQL injection

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

Buffer overflow

Remote Code Execution (RCE)

Directory traversal

Man-in-the-middle (MitM) attacks

Denial of Service (DoS) and Distributed Denial of
Service (DDoS) attacks

Social engineering

Question 34

A range of mechanisms for defence
from threats and vulnerabilities

Answer 34

Firewalls

Encryption

Access control

Antivirus software

Patches and updates

Backups

User education and awareness training

Network segmentation

Intrusion detection and prevention systems

Virtual Private Network (VPN) technology

Question 35

Security measures

Answer 35

Encryption

Firewalls

Antivirus software

Hierarchical access levels

Question 36

Biometrics

Answer 36

The use of unique physiological or behavioural
characteristics to identify individuals to provide a reliable means of identification and authentication that is difficult to imitate.

Examples include:

fingerprint recognition

facial recognition

iris recognition

voice recognition

signature recognition

behavioural biometrics.

Question 37

Biometrics Benefits and Drawbacks

Answer 37

Benefits:
Increased security
Convenience
Reduced fraud
Increased accuracy

Drawbacks:
Bias and discrimination
Cost
Technical limitations
Privacy concerns

Question 38

Cryptography

Answer 38

The practice of securing communication and data through the use of mathematical algorithms. The purpose of cryptography is to protect the confidentiality, integrity and authenticity of data.

Techniques of cryptography:

Symmetric key cryptography

Asymmetric key cryptography

Hash functions

Digital signatures

Steganography

Random number generation

Quantum cryptography

Question 39

Diagnosing and tracing data over
packet switched networks

Answer 39

Tracert: a network diagnostic tool used to track the path taken by data packets from a source computer to a destination computer.

Whois: a protocol and database system that stores information about registered domain names and the associated organisations and individuals.

IP address masking and impersonating: the process of hiding or changing the real IP address of a device or network to appear as if it originates from a different location or device.

Question 40

Resilience controls

Answer 40

Cyber resilience is the ability of an organisation to withstand and
quickly recover from cyber-attacks, system failures and other security
incidents.

Question 40

Consequences of a cyber-attack

Answer 40

Financial loss

Reputational damage

Legal liability

Intellectual property theft

System downtime

Long-term damage

Question 41

Legal and professional responsibilities

Answer 41

General Data Protection Regulation (GDPR)

Network and Information Systems Regulations (NISR)

Adherence to professional standards, such as ISO 2700

Responsibility for the protection of personal data

Duty of care to ensure the continuity of critical business functions

Ensuring the security and confidentiality of sensitive information

Question 42

Resilience controls to
prevent a cyber-attack

Answer 42

Boundary firewall and Internet gateway

Staff training

Secure system configuration

Access control

Malware protection

Patch management

Question 43

The impact of damaged software:

Answer 43

System crashes

Loss of data

Security vulnerabilities

Inefficient performance

Compatibility issues

Question 44

Effects of websites being unavailable:

Answer 44

Loss of reputation

Loss of competitive advantage

Legal and social implications

Financial loss

Question 45

Temporary or permanent loss of data and information

Answer 45

Temporary loss of data and information:
The loss of access to information due to technical issues such as power outages and system crashes.

Can usually be restored from backups or through other recovery processes.

Permanent loss of data and information:
Can occur due to physical damage to storage devices, deliberate destruction, or the permanentfailure of storage devices.

The complete and permanent destruction of information that cannot be restored.

Question 46

Resilience controls for recovery from and mitigation of a cyber-attack

Answer 46

Planning alternative premises, communication methods and facilities: Used in Business Continuity
Planning (BCP) and Disaster
Recovery Planning (DRP) to ensure
that critical business operations
can continue in the event of a
cyber-attack.

What-if scenarios:
Allows for preparation and mitigation of a cyber-attack.
Hypothetical scenarios allow organisations to plan how they would respond to a cyber-attack and identify vulnerabilities.

Regular backups of data:
Used in disaster recovery and BCP.
Backups ensure that critical data
can be restored in the event of a
data loss, minimising the impact
on the organisation.

Question 47

Social engineering

Answer 47

Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices.

Question 48

The legal framework to protect against social engineering

Answer 48

The Computer Misuse Act 1990: This Act makes it a criminal offence to gain unauthorised access to computer systems through hacking, viruses and other forms of cyber-attacks.

The Fraud Act 2006: This Act makes it a criminal offence to carry out deception with the intention of making a gain or causing a loss. Social engineering scams, such as phishing and vishing, are often covered under the Fraud Act.

The General Data Protection Regulation (GDPR): This regulation, which is enforced by the Information Commissioner’s Office (ICO), requires organisations to protect the personal data of individuals and to report data breaches to the ICO within 72 hours.

The Privacy and Electronic Communications (EC Directive) Regulations 2003: This regulation regulates the use of electronic communication services, including e-mail, voice calls and text messages. It requires organisations to obtain consent from individuals before sending marketing communications and to provide individuals with the option to opt out of such communications.

Question 49

Social engineering within different sectors

Answer 49

Social engineering has been used to gain access within specific sectors, including:

commerce

personal finance and home banking

process control.

Question 50

Social engineering techniques

Answer 50

Phishing: Fraudulent e-mails, text messages or websites that appear to be from trustworthy sources are used to trick victims into revealing sensitive information such as passwords, credit card numbers and bank details.

Vishing: Voice phishing uses voice calls, voicemails or interactive voice response (IVR) systems to trick individuals into revealing sensitive information or installing malware on their devices.

Baiting: When an attacker leaves a physical item, such as a USB drive or CD, in a public place with the intention of tricking someone into taking it and using it on their computer.

E-mail hacking: The unauthorised access or manipulation of someone else’s e-mail account or e-mail messages.

Pretexting: A false scenario or cover story is used to manipulate someone into divulging sensitive information or performing a certain action, e.g. opening an e-mail or responding to a message.

Quid pro quo scams: When an attacker offers something desirable or valuable to a victim in exchange for sensitive information or access to their computer, e.g. offering to provide technical support in exchange for remote access.

Active digital footprints: Information that is actively shared online (e.g. through social media) that can be used to build a more successful cyber-attack.

Passive digital footprints: Data or information left behind as a result of online activities, such as browsing history or IP addresses, that can be used to create more convincing social engineering attacks.

Question 51

The Internet

Answer 51

The Internet is a huge network of computers, servers, and other devices that are connected to each other and can communicate with one another using standardised communication protocols. This allows individuals, businesses and organisations all over the world to share information, communicate and collaborate in real-time, regardless of location.
The Internet has transformed the way we live, work and interact with each other, enabling new forms of communication and commerce, and has become an essential tool for people and businesses.

Question 52

Standards

Answer 52

Internet standards are essential for ensuring the interoperability, functionality and security of the Internet. They define the protocols, technologies and practices used to transmit information and provide common ground for communication between different devices and systems. The World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) are two key organisations that play a role in the development and maintenance of Internet standards. The W3C focuses on developing standards for the World Wide Web including HTML, CSS, and JavaScript. The IETF develops and maintains technical standards for the Internet as a whole.

Question 53

Functionality provided by DNS

Answer 53

Load balancing

Redirection

Authentication

Service directory

Question 54

The infrastructure of the Internet

Answer 54

Servers

Data centres

Network routers

Fibre optic cables

Wireless towers

Question 55

Hardware components of computer
networks

Answer 55

Routers

Switches

Firewalls

Hubs

Bridges

Access points

Modems

Network interface card
(NIC)

Question 56

Software components of computer
networks

Answer 56

Operating systems

Network management

Network security software

Communication protocols

Network performance monitoring and analysis tools

Virtual private network

Remote access software

Back-up and recovery

Question 57

Infrastructure components of
computer networks

Answer 57

Cables and wiring

Network servers

Storage area networks

Wireless access points

Data centres

Network racks and
cabinets

Power back-up systems

Cooling systems

Question 58

Packet switching

Answer 58

Packet switching is the method used to transmit data over a network using the Internet protocol. It works by dividing large amounts of data into smaller, manageable units called packets and then transmitting each packet individually over the network.

Question 59

How technology
supports mobile phone
communication

Answer 59

Mobile phone
masts

Cells

Handoffs

Base station
controller

IMIE and IMSI

SIP

SS7

IPv6

Question 60

Routing

Answer 60

In TCP/IP networks, routing refers to the process of determining the path an IP packet should take to reach its destination.

Question 61

Hubs

Answer 61

A hub is a networking device that allows multiple devices to be connected to a single network.

Question 62

Switched hubs

Answer 62

Switched hubs, also known as switches, are advanced versions of traditional hubs and provide dedicated connections between devices, allowing for faster data transmission and reduced network congestion.

Question 63

Cloud computing and cloud storage

Answer 63

Cloud computing involves the delivery of a range of computing services over the Internet, while cloud storage refers specifically to the storage of data on remote servers. Cloud computing can include cloud storage, but it also includes other services such as processing power, software, and more.

Question 64

Routers

Answer 64

Routers are networking devices that forward data packets between computer networks.

Question 65

Repeaters

Answer 65

Repeaters are networking devices used to extend the range of a network.

Question 66

Wireless access points

Answer 66

Wireless access points (WAPs) are networking devices that enable devices to connect to a wireless network and access network resources, such as the Internet.

Question 67

Media converters

Answer 67

Media converters are networking devices used to convert signals from one type of physical medium to another.

Question 68

Transmission speeds

Answer 68

The formula for calculating transmission speeds:
Transmission speed= file size/time taken to transfer a file

When considering the end user experience, it is important to consider the user’s expectations and the purpose of the file transfer. To improve the end user experience, it may be necessary to optimise the transfer or provide alternative methods of file transfer, such as compression or streaming.

Factors that can affect the transmission speed and file delivery time include:

network bandwidth

congestion

latency

file size

file type.