Past paper questions and answers
-
Upload
dasimpsonsrule -
Category
Education
-
view
738 -
download
13
description
Transcript of Past paper questions and answers
- 1. By Brad Lonergan and Bryn Lindsay
Past paper questions and answersMay/June 2009 Scenario 1
2. Scenario 1
Questions 1 and 2
Midtown Bank in the UK operates an online banking system. Some
customers have had difficulties when using this system and so the
bank has introduced phone banking. The bank has a call centre in
Mumbai, India. When using phone banking, customers are asked to
provide the same personal details as when using the online system.
Customers are asked to provide three characters from their
password. These are never the same three characters in successive
logins. The bank stores a lot of personal information about its
customers.
Tl;dr: Bank stores personal info for online banking
3. Question 1a
Identify two items of information, other than their password that
customers might be asked to provide when using the systems.
[2]
4. Answer 1a:
Two from:
User name/account number/credit card number/user id
Mothers maiden name
Favourite place
Date of birth
PIN
email address
5. Examiners comment 1a:
Many candidates managed to gain at least onemark for user
name/account number.
Many candidates were unaware of alternatives such as mothers maiden
name, date of birth etc
6. Question 1b:
Give two reasons why customers are asked to type in only three
characters from their password
[2]
7. Answer 1b:
Two from:
Hacker can only get hold of three characters in one go
Hacker might need to know the whole password to get into
account
Will probably be different three characters asked for at next log
in
Hackers would need to intercept password several times to get into
account
8. Examiners comment 1b:
A large number of candidates thought that the password was only
three characters long and gave answers such as it would be faster
to input or easier to remember.A number repeated the scenario in
their answer rather than addressing it.
9. Question 1c:
Explain why the company has its call centre in Mumbai and not in
the UK
[2]
10. Answer 1c
Two from:
Phone operators will be paid less
Buildings needed to house call centres will be cheaper to
buy/rent
Call centre opening during normal hours in India would be
unsociable hours in UK leading to a lower wage bill
Operators would be better qualified
Operators would be more motivated
Large population to choose from
11. Examiners comment 1c:
Many candidates gained marks for mentioning cheap labour costs.Many
others lost marks for saying it would be cheaper but failing to
explain in what way.Many thought that the call Centre was targeted
at Indian customer
12. Question 1d:
Explain why a customer might be frustrated when using an overseas
call centre
[2]
13. Answer 1d:
Two from:
The operator might not understand UK dialects
The customer might not understand operators accent
Operators might have difficulty with UK culture
Operators may be inclined to stick to script/may be unable to
answer out of the ordinary
questions
Bad connection resulting in poor quality of communication
14. Examiners comment 1d:
A reasonable number of candidates identified the potential problems
with accents but a surprising number thought that non-English
speakers would be employed at acall Centre for a UK bank.Many
thought that customers would be paying international call rates
every time they phoned the bank and a number thought that there
would be less security.
15. Question 2a:
Discuss the effects that the introduction of online banking has had
on the banks employees
[6]
16. Answer 2a:
Five from:
Increased unemployment for cashier staff/security staff
Increased employment for technical staff/programmers
Increased employment for call centre operators
Some workers have had to/had the opportunity to go part time
The opportunity to job share might have been provided
Flexible working hours may have been made available
Technical staff may be able to work from home
Some workers needed to retrain
Managers could be relocated
+1 for reasoned conclusion
17. Examiners comment 2a:
Most candidates scored well, however, this question was one of many
that differentiated between IGCSE candidates and AS level
candidates.Itis important that stock phrases such as unemployment
are clarified and that candidatesidentify the groups most at risk
from this.Candidates did reasonably well on other answersbut,
again, learning by rote does not help with this type of
question.Some candidates did not appear to realise that only
certain types of bank job can be done by working from home.
18. Question 2b:
Call centre operators sit at computer terminals for long periods of
time. Describe how health problems result from this computer
use.
[5]
19. Answer 2b:
Five from:
Typing at a keyboard continuously can cause RSI/wrist
problems/finger problems
Gripping a mouse and repetitive clicking can cause RSI/wrist
problems/finger problems/carpal tunnel syndrome
Sitting in the same position all day can cause lower back
pain
Sitting in the same position all day can cause deep vein
thrombosis
Staring at a computer screen all day can cause eye
strain/headaches
Poor positioning of screen can cause upper back/neck/shoulder
pain
Glare from screen can cause eye strain/headaches
20. Examiners comment 2b:
Too many candidates rephrased the question for their answers
without going into sufficient detail about what types of action
cause RSI etc. A worrying number wrote about safety problems.
Several answers were at a very basic IGCSE level by suggesting that
users get RSI, headaches, sight problems and backache without
saying how.
21. Question 2c:
Explain the social and ethical implications of bank workers being
able to access customerspersonal information.
[6]
22. Answer 2c:
Six from:
Bank workers have a personal duty of confidence to individuals
whose data is stored
Bank workers should have a personal duty of confidence to their
employer
Workers must not tell any unauthorised person about personal data
which is held
Bank must not use information for any reason except with the
permission of the individual
Workers must be asked to treat the information as confidential/it
must be obvious to them that the information is given in
confidence
Employer should ask employee to sign a confidentiality
agreement
Bank should take responsibility for any information which is passed
on
Only the least amount of information that could identify the
individual should be used
Online services allow organisations to have access to the most
private of data
Examples names, addresses, phone numbers, financial situation
Information should not be passed on from organisation to
organisation without authorisation
from the individual
Anonymised information should always omit personal details wherever
possible
Aggregated information should never identify individuals
Companies/workers must ensure the security of customer data
Workers must ensure only relevant data is used
Workers should ensure they only use up to date/accurate
information
23. Examiners comment 2c:
Candidates struggled with this question quite often writing about
how employees would rob/defraud the customers.Many just quoted the
Data Protection Act principles.There were very few high
scores.
24. Question 2d:
Describe some of the security threats that the bank and customers
must guard against when using online banking
[4]
25. Answer 2d:
Four from:
Call centres employees may copy data to pass on to criminals
who use the data to make illegal transactions
Phishing email appears to be from customer's bank
asks for customers details password, card/account number, other
security details
email makes up plausible reason
includes a website address for customer to go to which looks just
like the actual banks
website but is a fake website
Pharming fraudster redirects genuine websites traffic to own
website
customer is now sending personal details to fraudsters
website
Spyware is downloaded/software used to gather user's personal
details
Software detects key presses of user logging on to bank site
Hacking to get customer personal information to use against the
individual/to commit fraud
Hacking in order to transmit viruses
26. Examiners comment 2d:
A large number of candidates wrote about how to combat the threats
without going into any detail about the threats themselves.A number
only wrote single word answers such as hacking or viruses.Some
wrote down pharming and/or phishing without describing these in any
detail.