Core Computing

Question 1

What does HTML stand for?

Answer 1

HyperText Markup Language

Question 2

What does CSS stand for ?

Answer 2

Cascading Style Sheets

Question 3

What does svg stand for?

Answer 3

Scalable Vector Graphics

Question 4

What does URL stand for?

Answer 4

Uniform resource locator

Question 5

What is a selector?

Answer 5

This is used to refer to an element that you will modify in your CSS.

Question 6

What format do we use when selecting an id in CSS ?

Answer 6

idname{

       css goes here
                             }

Question 7

What format do we use when selecting class in CSS?

Answer 7

if its just a class then .classname{css}

if its a element with a class e.g. <p class = lol> then
p.lol {css}

Question 8

Can we style in html?

Answer 8

Yes

Question 9

How do we style in HTML?

Answer 9

We use style element. Then you type the CSS inside of it.

Question 10

Why do we use CSS instead of just styling in HTML?

Answer 10

CSS provides better efficiency and saves memory.

Question 11

What parts must a url always have?

Answer 11

. scheme/protocol
. host/domain name
. path (the /// part)

Question 12

What does the port look like in the URL?

Answer 12

:123

Question 13

How do we create hyperlinks in HTML?

Answer 13

we use the a element and its attribute href.

E.g.

<a>An Example Website</a>

Question 14

How do we link CSS file or JavaScript file to html?

Answer 14

We make use of the script tag and the src attribute.
E.g.

<script>

</script>

Question 15

How do we use images in HTML ?

Answer 15

We use the img element and its attributes src for the name of the image file.
We must also include the alt attribute

E.g.

<img></img>

Question 16

Why do we need the alt attribute when using the img element ?

Answer 16

Its a standard and the alt attribute helps people with screen reader know what the image is

Question 17

Why is better to download the image?

Answer 17

It prevents hotlinking. This is when instead of putting a file in src you put a link to an image. This is bad because if the image from the link is changed or deleted so will yours

Question 18

Why is svg good for images?

Answer 18

It offers higher resolution images

Question 19

Name some markup languages ?

Answer 19

xml,html,svg

Question 20

What is svg?

Answer 20

It is a mark up language for images

Question 21

What do you need at the start of every html doc ?

Answer 21

<!DOCTYPE html>

Question 22

Who created HTML ?

Answer 22

Tim Berners-Lee

Question 23

What kinda markup do we prefer in HTML?

Answer 23

Descriptive not procedural

Question 24

What is the difference between client and server?

Answer 24

Server operations are remote, whereas client operations are performed locally by a web browser.

Question 25

What is information security ?

Answer 25

Information security is the preservation of confidentiality, integrity and availability of information

Question 26

Define confidentiality.

Answer 26

preventing the disclosure of information to anyone or anything that is not authorised to view or otherwise access that information

Question 27

Define integrity

Answer 27

Preserving the integrity of information is the safeguarding of its accuracy and completeness

Question 28

Define availability ?

Answer 28

if the information can be accessed by authorised entities on demand whenever they need it for legitimate purpose

Question 29

Explain the trade that happens when trying to improve information security

Answer 29

• Often in an attempt to improve confidentiality a trade-off is made in which integrity or availability is decreased/threatened and the same goes for the other 2
• An example of this may be repeating credit card details during a phone purchase repeating the details in short integrity by authorised individuals may over here this information which threatens confidentiality

Question 30

Define an asset

Answer 30

An asset is anything of value to an organisation

Question 31

Define a threat

Answer 31

A threat is a potential cause of an incident that may result in harm to system organisation

Question 32

Define vulnerability

Answer 32

vulnerabilities are weaknesses In an information asset or information system itself that can be exploited

Question 33

Define impact

Answer 33

The result of an information security incident caused by threats which affects the assets

Question 34

Define risk

Answer 34

The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation

Question 35

Must all information be protected ?

Answer 35

Yes

Question 36

Define business critical information

Answer 36

Info about the business without this information the business will not be able to function

Question 37

Define personal information

Answer 37

Info on employees and customers by law this needs to be protected

Question 38

Define strategic information

Answer 38

Info that provides organisations with a competitive advantage and directs their activities

Question 39

Define high cost information

Answer 39

info whose gathering storage processing and transmission require a long time and involve a high cost

Question 40

Define business processes.

Answer 40

• Business processes are the steps taken to Accomplish certain task that really should be considered In their own right
• These can be processes protected as trade secrets or processes That ensure effective delivery Of business goals as well as the mission Of the organisation
• Or they can be processes that ensure legal requirements

Question 41

What is network security?

Answer 41

Network security is the steps to both manage the network perimeter and protect the internal network

Question 42

How do we protect the network perimeter?

Answer 42

by filtering and inspecting all traffic to the network perimeter. This can be done by :
Firewall - monitors and controls incoming and outgoing network traffic based on predetermined security rules
. Malware - prevents malicious content

Question 43

How do we protect internal network ?

Answer 43

○ Segregate networks - This is done by identifying grouping and fascinating critical business systems and appropriate networks
. Secure WAPs
○ Enable secure administration
○ Configure the exception handling process
○ Monitor network
Assurance processes

Question 44

What should an organisation do to prevent its personnel from falling victim to social engineering?

Answer 44

. Security policy
. Induction process
. Make personnel aware of risks
. Have security training and see if it works
. promote incident reporting e.g. tfl see it say it sort it

Question 45

What must security policies have to remain viable?

Answer 45

○ Individual responsible for the policy
○ A schedule reviews
○ Method for making recommendation for reviews
Specific policy insurance and revision date

Question 46

Define policy

Answer 46

A principle or rule to guide decisions and achieve rational outcomes

Question 47

Define standards

Answer 47

A standard is a agreed way of doing something to a specific or measurable level of quality. It is an created by a recognised body and it is officially documented .

Question 48

Define a guideline

Answer 48

A set of recommended actions to assist in complying with the policy

Question 49

Define procedure

Answer 49

A list of steps/instructions for performing some action or accomplishing the task

Question 50

What is authentication ?

Answer 50

Checking that only authorised individuals can view or modify protected information assets

Question 51

What are the 3 authentication mechanisms and give examples?

Answer 51

○ Something a supplicant knows e.g. password, pin or security questions
○ Something a supplicant has e.g. smart cards, bank card

. Something a supplicant is e.g. fingerprint, eye scan, voice, palmprint,boimetric

Question 52

Give some pros and cons on passwords?

Answer 52

Pro -They are simple for designers and users and can provide good protection if used correctly

Cons - Protection is often compromised by the user This is because users make them too short or personal so they’re easy to remember or They are also never changed and the same password is used for multiple systems making passwords weaker.

. People also forget passwords

Question 53

What is a way to protect passwords

Answer 53

. dont give them out
. To protect against password guessing we can lock people after three failed attempts

. However this enables a form of denial of service because attackers deliberately locked try lock out users which has an affect on availability

Question 54

What is the acronym for the requirements for biometrics and define the words for each acroynm?

Answer 54

CAPCUPD

Collectability - It should be easy and harmless to collect

Acceptability - The trait should be accepted by the public

Performance - It should be fast and accurate regardless of the resources or environment

Circumvention - Using fraudulent methods should be difficult

Universality - Everyone should have this trait

Persistence - The trait shouldn’t change too much over time

Distinctiveness - The ability of the trait to change between 2 people

Question 55

How is the effectiveness of biometrics evaluated ?

Answer 55

False reject rate (FRR) -the percentage of how many users that should have access are denied

False acceptance rate(FAR) - the percentage of how many users that shouldnt have access are accepted

Crossover error rate (CER) - Level at which the number of false rejections equals to false acceptances

Question 56

Define identity?

Answer 56

The properties of an individual resource that can be used to identify uniquely one individual or resource

Question 57

What is accounting ?

Answer 57

Ensures that user activities can be tracked back to them

Question 58

Define audit ?

Answer 58

Formal or informal review of actions processes, policies and procedures

Question 59

What are the 4 access control policies ?

Answer 59

DAC) Discretionary Access Control - Controls access based upon identity. Straight forward to implement and flexible

MAC) Mandatory Access Control - controls access based upon security labels
Used when stronger security guarantees that is required, Centralised control of information

(RBAC) Role Based Access Control - controls access based upon roles

(ABAC) Attribute Based Access Control - controls access based upon attributes

Question 60

What is strong authentication?

Answer 60

The use of two or more authentication mechanisms from at least two different authentication factors. Sometimes called MFA or 2FA

Question 61

What is the difference between factor and mechanisms ?

Answer 61

factors are what we know,posses or is whereas the mechanisms are pins and etc

Question 62

What are the 3 file permissions

Answer 62

read write execute

Question 62

What are the 3 file permissions

Answer 62

Read,Write,Execute

Question 63

What kind of user will have greater access?

Answer 63

admins as they are responsible for removing users from groups or modifying the whole groups access rights

Question 64

What is cryptography ?

Answer 64

Cryptography is a way of turning plaintext (our secret message) into ciphertext (an unreadable version that can later be turned back into the plaintext

Question 65

What are the 4 principles of modern cryptography?

Answer 65

1. Large enough key space to resist exhaustive search
2. Resistant to frequency analysis
3. Small change in plaintext results in large change in ciphertext
4. Security depends only on secrecy of key, and not on secrecy of algorithm

Question 66

Give some info on symmetric encryption?

Answer 66

. Sometimes called private key encryption

. uses the same “secret key” to encipher and decipher message

• Both sender and receiver must possess encryption key

If either copy of the key is compromised, a hacker can decrypt and read messages

Question 67

Give some info on asymmetric encryption?

Answer 67

. Sometimes called public key encryption

. uses two different but related keys to encrypt/decrypt messages

. Typically used to encrypt a symmetric session key rather than the plaintext message

Question 68

Name some encryption codes?

Answer 68

• Caeser cipher
• Exhaustive Search
  . Substitution and Transposition

Question 69

Name some example symmetric cryptosystems

Answer 69

Data Encryption Standard (DES)

Advanced Encryption Standard (AES)

Question 70

Name some example asymmetric cryptosystems

Answer 70

RSA(Have a look at how it works)

Elliptic curves

Question 71

What is the formula for risk?

Answer 71

Risk = likelihood x impact

Question 72

What elements of risk must be analysed when using component driven approaches?

Answer 72

threat,vulnerability and impact

Question 73

Define threat

Answer 73

the individual, group or circumstance which causes a given impact to occur, e.g., lone hacker and etc

Question 74

Name 2 Risk assessment methods/frameworks

Answer 74

Octave Allegro

NIST 800-30

Question 75

Name 2 information security assessment methods/frameworks

Answer 75

NIST CSF

ISO/IEC 270000 series

Question 76

What are the 4 control strategies for risk assessment?

Answer 76

• Avoid
• Accept
• Reduce
• Transfer

Question 77

What are the risk assessment steps

Answer 77

1.) Identify risk
2.) Analyse risk
3.) Treat Risk
4.) Monitor and review

Question 78

What is Qualitative risk analysis ?

Answer 78

Uses scale of qualifying attributes to describe magnitude of consequences/likelihood (VL,L,M,H,VH)

Question 79

Give some advantages and disadvantages of qualitative risk analysis ?

Answer 79

Advantage - ease of understanding by all relevant personnel

Disadvantage - Dependecnce on subjective choice of the scale

Question 80

What is quantitative risk analysis?

Answer 80

Uses scale of objective numerical values for consequences/likelihood

Question 81

Give some advantages and disadvantages of quantitative risk analysis

Answer 81

Advantage - related directly to info security objectives/concerns of organization

Disadvantage - Lack of data on new risks

. Accurate/missing data in general could create illusion of worth/accuracy of risk assessment

Question 82

What does CBA stand for

Answer 82

Cost Benefit Analysis

Question 83

What does ACS stand for

Answer 83

Annualized cost of safeguard

Question 84

What does ALE stand for

Answer 84

Annualized Loss Expectancy

Question 85

What does ARO stand for

Answer 85

Annualized Rate of Occurence

Question 86

What does SLE stand for?

Answer 86

Single Loss Expectancy

Question 87

What is the formula for ALE

Answer 87

ALE = SLE × ARO

Question 88

What is th formula for CBA

Answer 88

CBA = ALE(prior) - (ALE(post) + ACS)

Question 89

Name and explain the 4 risk treatment options?

Answer 89

Retain/Accept risk retention - organisation may tolerate (but not ignore) risk
* Avoid/Terminate risk avoidance - organisation may decide not to do the thing that incurs risk
* Share/Transfer risk sharing - transfer risk via an insurance policy or a third party
* Modify/Reduce risk modification - adopt controls to lower the current level of risk by reducing likelihood and impact

Question 90

When developing software what security should you also include?

Answer 90

. Defensive coding
. Testing
. Back ups
. Assurance of availability
. Compliance with legal requirements
. security of communication
. auditing

Question 91

What is cross site scripting (XSS)?

Answer 91

occurs when an attacker injects malicious code into a trusted website, which is then unknowingly executed by a user’s web browser.

Question 92

How do you prevent XSS?

Answer 92

Implement escapes in all your code

Question 93

What is sql injection ?

Answer 93

occurs when an attacker manipulates input fields on a website to execute unauthorized SQL commands on the website’s database

Question 94

What are some ways to secure the development environment?

Answer 94

• Separate business and development functions
• Consider your development environment compromised
• Trust your developers, verify their actions

Question 95

Why is formal change control and 2 person control important ?

Answer 95

In formal change the Separation of duties ensures the person responsible for testing the code isn’t also responsible for its implementation

Two person control requires that an additional person signs off on the code changes, to reduce accidental or malicious flaws

Question 96

Give some info on patches

Answer 96

. Patches are updates that address security vulnerabilities within a program or product.

Patches should be rolled out at the earliest opportunity because attackers may already know vunerable spots or try to reverse engineer

. Patches should be tested

Question 97

Define certification

Answer 97

a certificate that the product, service or system in question meets specific requirements

Question 98

Define accreditation

Answer 98

A formal recognition by an independent body that a certification body operates according to international standards

Question 99

What does HCI stand for?

Answer 99

Human Computer Interaction

Question 100

What is HCI ?

Answer 100

HCI is the study of interaction between people and computers?

Question 101

What are the 2 major goals of HCI?

Answer 101

• To improve the interactions between people and computers (machines?)
• Making computers more usable and receptive to the user’s needs

Question 102

What are the 3 sub domains of HCI

Answer 102

Usability, User Experience(UX) and User centred design

Question 103

Describe Usability

Answer 103

Usability is making systems easy to learn, easy to use, limiting errors and the severity of errors.

Question 104

What vocab comes under usability?

Answer 104

. error rates
. time to complete tasks, task failures
. number of lookups made

Question 105

Define user experience

Answer 105

User experience is the user’s entire experience with a interface — not just how well the interface worked, but how they expected it to work, how they feel about using it, and how they feel about the system overall.

Question 106

What vocab comes under user experience?

Answer 106

satisfaction, intuitive, frustration, good experience, difficult, confusing.

Question 107

Describe user centered design

Answer 107

an iterative design process in which designers focus on the users and their needs in each phase of the design process. They do this via a variety of research and design techniques, to create highly usable and accessible products for them

Question 108

Why is HCI important?

Answer 108

. Bad interfaces can waste users time and cause fustration and errors
. Users often leave website or apps with bad interfaces in frustration

Question 109

Name the paradigms in HCI along with some examples

Answer 109

Command Line Interface(CLI) - Users control the computer by typing in commands.
Examples - command prompt app in Windows, and Terminal in macOS

Graphical User Interface (GUI) - Users directly manipulates graphical representations on a computer screen with a pointing device
Example - Apple 2

Natural user interface (NUI) - a system for human-computer interaction that a user operates via intuitive actions related to natural, everyday human behaviour like touch gesture or voice
Examples - Speech recognition(Sirri,Cortana), Touch screen, Gesture recognition(xbox kinect,wii),Eye tracker

Metaverse - the concept of a highly immersive virtual world where people gather to socialize, play, and work
Example VR

Question 110

Is user interface a subset of HCI ?

Answer 110

Yes

Question 111

Give some human forms of input?

Answer 111

Touch,sight,sound,smel,taste

Question 112

List Nielsen’s 10 Usability Heuristics

Answer 112

1.) Match between system and the real world - Systems should speak the users language
E.g. Computer science language: [0][0], [0][2] * Excel speaks users’ language: [A][1], [B][3]

2.) Consistency & standards - Users should not have to wonder whether different words, situations, or actions mean the same thing

3.) Visibility of system status E.g. loading bar

4.) User control and freedom - Users often choose system functions by mistake and will need a clearly marked “emergency exit” to leave the unwanted state E..g. Undo and redo

5.) Error prevention E.g. When you are about to delete a file you get a message asking are you sure before you delete it

6.) Help users recognize, diagnose, and recover from errors E.g if you type wrong password you get a message saying you chose the wrong password

7.) Recognition rather than recall E.g visited links in chrome are purple

8.) flexibility and efficiency of use

9.) Aesthetic and minimalist Design E.g when you search something on google the most relevant thing shows up

10.) Help and documentation E.g Manuals and online help

Question 113

Define Usability Testing ?

Answer 113

Evaluating usability of a web-page, app or other software by testing it with real users.

Question 114

Give some reasons for why usability testing cannot be done?

Answer 114

○ not enough time
○ not enough money
○ no expertise in doing it
○ no lab or location in which to perform it
○ don’t know how to interpret the results

Question 115

When should usability testing be performed?

Answer 115

Early in the software lifecycle and it should be done often/repeatedly.

Question 116

Give some info on Traditional testing

Answer 116

Its expensive and scientific

Question 117

Gibe some info on lost our lease testing.

Answer 117

. Tested cheaply and often
. Not scientific

Question 118

Give some info on multiple testing

Answer 118

More users can find many problems

. You test with many users

Question 119

Give some on Usability Study room set up

Answer 119

a quiet room where someone can interact with a interface
* Participant sits at computer and performs tasks with interface
* Moderator / facilitator guides the user through the process
. Others on dev team observe user, either from the side or from another room or hidden camera
. Record the user and watch later

Question 120

List some things about the user and what they should do for the test to run smoothly

Answer 120

• Anybody with decent people skills can do it.
• Be friendly.
• Don’t lead the user or give them hints about what to do.
• Probe; when they give feedback, ask for more details.
  . Ask user to do a specific thing and watch to see how they d

Question 121

What is an Exploratory/Formative test?

Answer 121

It looks to see if the user can actually do thnigs

Question 122

What happens in an Assessment/Summative test?

Answer 122

The user performs an actual task

Question 123

What happens in a comparison test?

Answer 123

match up different prototypes or designs

Question 124

What happens in a verification test?

Answer 124

• verifies that UI is okay or that a fix works

Question 125

What should a usability test plan include?

Answer 125

1. Type Of Test
2. Purpose/Goals/Objectives
3. Participant Characteristics
4. Task List
   
   • Possibly have users try same tasks in different orders
5. Test Environment / Equipment
6. Moderator’s Role
7. Evaluation Metrics And Data To Be Collected
8. Report

Question 126

What data can be collected from a test?

Answer 126

Percentages and counts of task completed/failed and count errors

Tine required to access info for help,recover from errors and complete tasks

Question 127

What do performance goals do ?

Answer 127

Decide specific goals you want users to achieve.

Question 128

List some things that show if a user has failed

Answer 128

• Don’t understand the point of the site.
  
  • They use different vocabulary than you, so they can’t find a word for the action to do.
  • Their notion of how to categorize is different.
  • Site is too busy / cluttered.
• Not clear what the options are on the screen.

Question 129

List some limitations of usability testing

Answer 129

• Test results don’t prove that a product/design/UI “works”
• Testing may not be the best use of your time.
• Doesn’t tell you if the market wants/needs a product like yours.

Question 130

What is accessibility?

Answer 130

Software accessibility means that websites, apps, tools and technologies are designed and developed so that people with
disabilities can perceive, understand and interact with the software technology with ease.

Question 131

What is impairment

Answer 131

Anything that has a major effect on people’s ability to carry out normal day to day activities

Question 132

List the 5 types of impairment and examples where possible.

Answer 132

• Speech
  
  • Visual(blindness, low vision, colour blindness)
  • Motor(cerbral palsy, Parkinson’s disease, arthritis)
  • Cognitive (dyslexia, attention deficit disorder)
    Auditory (sound, hearing impaired audience)

Question 133

Why is accessibility important?

Answer 133

Limited accessibility reduces the Internet’s potential as an effective tool.

* Assistive/adaptive software will not work if web pages are coded incorrectly coded 

* The web is spreading rapidly in all things we do and we need to avoid digital isolation and social exclusion.  . The population is aging so the number of people with impairments are increasing

Question 134

When is a website said to be accessible ?

Answer 134

when anyone regardless of circumstance can access it

Question 135

What are the 2 approaches to designing for accessibiility?

Answer 135

Design for all

Inclusive design

Question 136

What is design for all?

Answer 136

AKA Universal design. This means going beyond only designing for user experience and accounts for everything

Question 137

What is inclusive design?

Answer 137

to design for accessibility based on 4 criteria:
- Varying ability
- If it works for those with disabilities
- Mental state
- Usability and aesthetics being compatible

Question 138

Define Percievable

Answer 138

Info and UI components must be presentable to users such that they are visible to all of their senses

Question 139

Define Operable?

Answer 139

This means that users must be able to operate the user interface and all its components

Question 140

Define understandable

Answer 140

This means that users must be able to understand the information as well as the operation of the user interface

Question 141

Define robust

Answer 141

This means that users must be able to access the content as technologies advance

Question 142

What is a standard ?

Answer 142

A standard is an agreed way of doing something to a specific or measurable level of quality. It is created by a recognised body and it is officially documented .

Question 143

Why do we need standards?

Answer 143

. Standards promote best practice
. Standards encourage consistency
. Standards are independent so a majority agree on them
. Standards ensure businesses are compliant

Question 144

Define a principle

Answer 144

an abstract design rule

Question 144

Define a guideline

Answer 144

advice on how to achieve a principle

Question 145

Give 2 benefits of guidelines

Answer 145

• Guidelines provides a clear instruction on a range of issues that designers will encounter
  . Guidelines will help usability specialists evaluate the designs of their products

Question 146

What is evaluation?

Answer 146

the process by which the interface is tested against the needs and practices of the user.

Question 147

What can we lean from evaluation ?

Answer 147

We can get rid of problems to do wih functionalitiy, usability,user experience and etc

* Designers can learn about what users think and what makes a good system. 

.Find out how effective and efficient is the software being studied, and how much the users enjoy using it and how much it annoys and frustrates them, and where they “get stuck“

Question 148

Name the 5 types of evaluation

Answer 148

. Summative Evaluation
. Formative Evaluation
. Analytic Evaluation
. Empirical evaluation
. Lab - based Usability Evaluation

Question 149

Give some info on summarative evaluation.

Answer 149

○ Often happens at the end of the development process
○ Provides an evaluation or summary of the end product
. Matches system to requirements specification

Question 150

Give some info on formative evaluation

Answer 150

○ Happens during the development process
○ Used to inform the development process hence is applied to a prototype rather than a complete system
○ Takes account of users(knowledge, skills, gender, age, disability, etc.)
. Takes account of user tasks or goals

Question 151

Give some info on analytic evaluation

Answer 151

○ Consists of formal methods for analysing interfaces v Heuristic evaluation
. Cognitive Walkthrough – task related
. Goals Operations Methods Selection Rules (GOMS)- task related
. Aims to investigate existing situation, not envision new systems

Question 152

Give some info on empirical evaluation

Answer 152

○ users participate in trials of prototype interfaces
○ requires careful design of the trial’s content and conduct
○ may involve benchmark tasks
○ may involve collecting and processing subjective opinions
○ Evaluating with user participation
Field studies and controlled experiments