| Date | May 2022 | Marks available | 2 | Reference code | 22M.1.SL.TZ0.3 |
| Level | SL | Paper | 1 | Time zone | no time zone |
| Command term | Identify | Question number | 3 | Adapted from | N/A |
Question
Schools told not to use cloud computing software applications
Schools in the German state of Hesse will no longer be able to use cloud computing services with software applications, such as G Suite and Office 365, due to new data protection rules. This has identified the risk of schools’ data being stored and accessed by third parties from outside of Germany.
In contrast, many schools in other parts of the world use cloud computing services and software applications. These applications allow students to access software that was previously only installed on their computers.
Identify two types of cloud computing software applications that students might use at school.
If the schools in Hesse can no longer use cloud computing software applications, they will need to store their data on a local file server and access it through a local area network (LAN).
Identify two ways in which data could be secured if the school stored it locally.
Identify two ways in which students could authenticate themselves on their local area network (LAN).
The European Union’s (EU) General Data Protection Regulation (GDPR) governs data protection and privacy in the EU. Its regulations give users certain rights in terms of their data.
Explain three principles that should be included in data protection regulations such as GDPR.
A new school has opened in Switzerland, and its principal and IT manager are considering two options:
Option 1: Using a local client–server network.
Option 2: Using a cloud-based service.
Evaluate these two options.
Markscheme
Answers may include:
- Word processor: Google Docs / Microsoft Word.
- Spreadsheet: Google Sheets / Microsoft Excel.
- Email: Gmail / Microsoft Outlook.
- Presentation: Google Slides / Microsoft PowerPoint / Apple Keynote.
- Website design: Google Sites.
- Calendars: Google Calendar.
- Online forms: Google Forms / Microsoft Forms.
- Collaboration tools: Microsoft Teams / Google Classroom.
- Storage apps: Microsoft OneDrive / Google Drive.
- Video Communication: Zoom, Skype, Teams, Meet etc.
- Learning Management Systems: Blackboard/ Moodle / PowerSchool / Canvas / Schoology etc.
Award [1] for identifying each application up to [2].
Note to examiners:
DO NOT accept Microsoft Office / Office 365 / Google Workspace / Gsuite as these are mentioned in the stimulus materials on the question paper.
Answers may include:
- Different levels of access
- Login (username and password / biometrics)
- Firewalls, proxy server
- Encryption
- Audit trails
- Anti-virus / anti-malware software
- Physical security of the servers
Award [1] for identifying each way the data can be stored securely up to [2].
Answers may include:
- Single-factor/primary authentication
- Two-factor authentication (2FA)
- Single sign-on (SSO)
- Multi-factor authentication (MFA)
Award [1] for identifying each way in which students could authenticate themselves on their local area network (LAN), up to [2].
Answers may include:
- The right to know who has access to my data
- … and for the purposes it is being used for.
- The level of security used to protect the data
- … so only appropriate users of the data have access.
- The purpose that the data will be used for
- … will it be shared with third parties?
- Data will not be processed without informed consent from the owner
- … unless there is a legal requirement to process the data.
- Requires that the holder of the data controller provides information to the data subject
- … in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
- The data subject has the right to be forgotten
- … so data can be deleted after it has served its required purpose.
- Data should be stored on a server within the same country or within a country with similar data protection legislation in place.
- … so that the owner of the data is sure that its security remains protected.
Award [1] for identifying a principle that should be included in data regulation principles such as GDPR and [1] for a development up to [2].
Mark as [2] + [2] + [2].
Answers may include:
Option 1:
Advantages
- The management of the client–server network can be carried out in-house which will mean the way in which the network is set up can be tailored to the school’s needs (systems).
- There will be fewer costs to external agencies for the upkeep of the network i.e. there is no monthly fee / subscription fees, etc., which will need to be managed by the IT manager.
- The IT manager will have complete knowledge about where their data is held.
- A client–server network allows in-house control of backup and security (this could be argued from both sides depending on the competency of the IT staff).
- The principal will be able to claim the data is more secure as it is housed on a school server instead of on a third-party server (systems).
Disadvantages
- The hardware costs for network infrastructure as well as software licensing costs will need to be paid by the school and managed by the IT manager/principal (costs).
- The IT manager/principal will need to employ staff who can manage the network and maintain the hardware or arrange for this to be outsourced (costs).
Option 2:
Advantages
- The management of the client–server network can be carried out remotely by the cloud service provider which will mean that IT manager will not have to carry out a number of tasks linked to the maintenance of the network (feasibility).
- The cloud-based provider will provide backing up facilities as part of the service so the IT manager will not have to address this issue (reliability, systems).
- The cloud-based provider will be able to provide up-to-date versions of software and services more efficiently than the IT manager who may have to buy them in after carrying out due diligence (systems).
- Increasing the storage capacity of the network would be easily done by requesting this from the cloud service provider (systems). No additional hardware or infrastructure will be required (cost, feasibility).
Disadvantages
- There will still be a need to have some hardware and software on site (for example print servers) which will need to be purchased and maintained by the IT manager (cost, systems).
In part (c) of this question it is expected there will be a balance between the terminology related to digital systems and the terminology related to social and ethical impacts.
Keywords: education, data, security, reliability, network, cloud, client, server, systems, ethics, values, cost, feasibility
Refer to SL/HL paper 1, part c markbands when awarding marks. These can be found under the "Your tests" tab > supplemental materials > Digital society markbands and guidance document.
Examiners report
Syllabus sections
-
22M.1.SL.TZ0.1a.ii:
Identify two ways the smartwatch and cellphone (mobile phone) could use to communicate with each other.
-
22M.1.SL.TZ0.3c:
A new school has opened in Switzerland, and its principal and IT manager are considering two options:
Option 1: Using a local client–server network.
Option 2: Using a cloud-based service.
Evaluate these two options.
-
22M.1.SL.TZ0.3a.iii:
Identify two ways in which students could authenticate themselves on their local area network (LAN).
-
22M.1.SL.TZ0.1c:
Many people use smartwatches to monitor their vital signs and manage their health.
To what extent should an individual use a smartwatch to manage their health?
-
19M.2.SL.TZ0.1:
In Source A, employees are using an embedded microchip to gain access to the building.
Identify two digital systems, in addition to implanted microchips, that an employee could use to gain access to a building in Source A.
-
21M.1.SL.TZ0.2c:
Discuss whether Daniela should make every teacher at Orams Academy use the same learning platform or allow each teacher to choose their own preferred learning management approach.
-
18N.1.SL.TZ0.3a.ii:
Identify two file compression techniques.
-
22M.1.SL.TZ0.1a.iii:
Outline one reason why protocols such as https are used in the URL to enable digital devices such as the smartwatch and cellphone to communicate with each other.
-
22M.1.SL.TZ0.3a.i:
Identify two types of cloud computing software applications that students might use at school.
-
22M.1.SL.TZ0.4a.iii:
Describe the difference between identification and authentication.
-
22M.1.SL.TZ0.4b.ii:
Explain why using high-resolution images could be a challenge to the implementation of a facial recognition system.
-
18M.2.SL.TZ0.1:
Identify two trends of social media usage that can be seen in Source A.
-
19N.1.SL.TZ0.3a.iii:
Outline how a firewall functions.
-
21N.1.SL.TZ0.1a.ii:
Identify two features of a virtual private network (VPN).
-
18M.1.SL.TZ0.2a.i:
Identify two characteristics of a peer-to-peer (P2P) network.
-
18M.1.SL.TZ0.2a.ii:
Identify two characteristics of a strong password.
-
18M.1.SL.TZ0.2c:
Bitcoin transactions are made between individuals without the knowledge of banks, governments, or credit card companies. Some governments are investigating whether they should regulate digital transactions, such as those made using bitcoins.
To what extent is it appropriate for governments to regulate digital transactions, such as those made using bitcoins?
-
17N.1.SL.TZ0.1a.ii:
Identify the steps used by the voice biometrics technology to authenticate a customer calling CBR Bank.
-
17N.1.SL.TZ0.2a.i:
In addition to providing access to the internet, identify two functions of an internet service provider (ISP).
-
17N.1.SL.TZ0.2a.ii:
Identify two characteristics of a proxy server.
-
17N.1.SL.TZ0.2b:
Many schools block access to social networking websites like Twitter, Facebook and YouTube. However, other schools are investigating two different options:
- Monitoring the network to view what websites the students are viewing.
- Giving different ages of students different levels of access to social media sites.
Analyse these two options.
-
18M.1.SL.TZ0.1c:
The Okavango Medical Centre has received additional funding from the local authority. The centre is investigating the possibility of using these funds to purchase IT equipment that would allow surgeons in Gaborone to carry out surgery remotely.
Evaluate the impact of the purchase of this IT equipment on the medical centre and its patients.
-
18M.1.HL.TZ0.6:
Policing as a human activity?
Toby Walsh, Professor of Artificial Intelligence at the University of New South Wales, Australia, notes that the use of police robots raises “many important questions that we, as a society, have to think about”.
Singapore has started testing patrol robots that survey pedestrian areas in the city-state. Xavier, the mall-cop robot, will be autonomously rolling through the Toa Payoh central district for three weeks scanning for “undesirable social behaviours”.
Figure 4 shows an example of a patrol robot.
Figure 4: An example of a patrol robot
[Image by Jdietsch. PatrolBot.jpg (https://commons.wikimedia.org/wiki/File:PatrolBot.jpg).
Under copyright and licensed under a Creative Commons Attribution 3.0 International License,
https://creativecommons.org/licenses/by-sa/3.0/deed.en (image cropped)]
It has been claimed that the use of patrol robots will lead to more efficient policing.Discuss the extent to which police departments should use patrol robots as a strategy to aid policing.
-
18N.1.SL.TZ0.3b.i:
Explain why each image has its resolution reduced before it is uploaded to ACP’s website.
-
17N.1.SL.TZ0.2a.iii:
Identify two ways that the government could have determined the identity of the persons responsible for posting the offensive images on social media.
-
18M.1.SL.TZ0.1a.i:
Identify two characteristics of voice over internet protocol (VOIP).
-
18M.1.SL.TZ0.2a.iii:
The use of a password is one method of authentication.
Identify two other methods of authentication.
-
21M.1.SL.TZ0.3a.i:
Lyrebird uses a person’s voice print to determine their identity.
Identify three other methods of biometric identification that could be used to determine a person’s identity.
-
21M.1.SL.TZ0.2a.iii:
Identify two potential disadvantages of using online digital media.
-
21M.1.SL.TZ0.3a.ii:
A person’s voice print can be compressed.
Identify three problems that may result from compressing the voice print.
-
18N.1.SL.TZ0.2a.iii:
Outline the difference between the internet and the World Wide Web.
-
19N.1.SL.TZ0.3b:
There are two possible methods for ensuring students use the TailorEd online learning system responsibly. They are:
- restricting access to sites that may be considered inappropriate
- educating the students about acceptable use.
Analyse these two methods.
-
20N.1.HL.TZ0.5:
Clouds under the sea
Microsoft has located one of its data centres on the seabed. Project Natick is now operating 100 feet below the surface of the North Sea (see Figure 4).
Figure 4: An artist’s representation of a data centre on the sea bed
[Adapted under sea photo by NOAA on Unsplash]
Microsoft has chosen to develop data centres on the seabed because they claim there are concerns about the environmental impact of data centres built on land. These seabed data centres can be constructed and placed on the sea bed in 90 days. This is compared to the two years that are required for land-based data centres.
Google patented their design for an underwater data centre in 2009. Even though functioning prototypes have been trialled, none have been used commercially.
The demand for data storage is doubling every two years, so it is likely that an increasing number of data centres will need to be constructed. These data centres can be constructed either under the sea or on land.
Discuss whether companies like Microsoft should build data centres on the seabed.
-
21N.1.SL.TZ0.3c:
The chief executive officer of MediResearch is considering using cloud-based storage to store the genome data.
Discuss whether MediResearch should move to cloud-based storage.
-
20N.1.SL.TZ0.2a.i:
Identify two pieces of information that would be used to identify a device on the IT network.
-
18M.2.SL.TZ0.4:
Mobile devices provide many benefits for children but can also be used inappropriately. Some groups claim it is the responsibility of parents to ensure their children use their mobile devices responsibly, while other groups claim that responsibility lies with other stakeholders, such as schools.
With reference to all the sources and your own knowledge, to what extent do you agree that parents should be responsible for ensuring their children develop safe and healthy habits for mobile device usage?
-
17N.1.SL.TZ0.1c:
The chief executive officer (CEO) of CBR Bank, Alice McEwan, said in a recent interview, “CBR Bank will be replacing all passwords, PINs and personal verification questions for our online banking and mobile banking with voice biometrics recognition.”
To what extent are the changes proposed by Alice beneficial for both CBR Bank’s customers and CBR Bank’s IT support?
-
19M.1.SL.TZ0.2b.iii:
Explain why the data collected about Hurricane Irma was not encrypted prior to being transmitted.
-
18N.1.SL.TZ0.2c:
The government of Cameroon is watching the results of the Agritexte initiative. It is considering two options:
- extending the functionality of Agritexte into a web-based information system
- investing in education and training on the use of the existing Agritexte SMS system.
Evaluate these two options.
-
19N.1.SL.TZ0.2b:
Two methods for informing tourists about wildfires in Kinakora National Park are:
- short message service (SMS) texting/text messaging
- posting information on the Kinakora National Park website.
Analyse these two methods.
-
18M.1.SL.TZ0.2b.iii:
Some users of bitcoins are concerned that their anonymity may be compromised by their bitcoin address.
Explain one way in which a bitcoin address may be used to reveal information about a bitcoin user.
-
19M.1.SL.TZ0.3a.ii:
Identify two features of authentication.
-
19M.1.SL.TZ0.3a.iii:
Identify two features of encryption.
-
19M.1.HL.TZ0.5:
How to appropriately interact in an online environment
Increasing numbers of parents are claiming digital technologies that monitor online activities are the best way to protect their children from offensive content. A number of companies, such as mSpy and Qustodio, have developed online monitoring apps.
Other parents claim it is not necessary to monitor their children’s online behaviour, preferring to encourage their children to develop the knowledge and skills to make appropriate choices.
Parents can consider two different interventions to ensure their children use the online environment appropriately:
- Monitor their children’s online behaviour using apps
- Encourage their children to develop the knowledge and skills to use the online environment and make appropriate choices.
With reference to real-life scenarios, evaluate these two interventions.
-
17N.1.SL.TZ0.1a.i:
In addition to their voice, identify two ways how a customer can be recognized by CBR Bank’s biometrics technology.
-
17N.1.SL.TZ0.2c:
Many citizens have raised concerns about the surveillance of their web browsing history or the censorship of selected websites by their national government.
To what extent is it appropriate for national governments to use surveillance and censorship to control citizens’ access to websites?
-
18M.1.SL.TZ0.2b.i:
Explain one reason why bitcoin makes use of encryption when transmitting data.
-
18N.1.SL.TZ0.3a.iii:
Outline one problem that may be caused by the use of file compression techniques.
-
18N.1.SL.TZ0.3b.ii:
Explain why each image is watermarked before it is uploaded to ACP’s website.
-
21M.1.SL.TZ0.2a.ii:
Identify two reasons why there might be a lack of bandwidth at times on the school’s network.
-
21M.1.SL.TZ0.2b:
The increasing use of cloud-based applications and online collaborative tools has led to Orams Academy introducing an acceptable use policy for students and teachers.
Explain three reasons why Orams Academy decided to introduce an acceptable use policy.
-
19N.1.HL.TZ0.5:
Sharing dashcam* footage with police
Many police departments have started campaigns to encourage members of the public to upload footage of possible offences committed by drivers to police websites. The police are looking for footage of activities such as dangerous driving and driving whilst talking on a cellphone/mobile phone.
Members of the public can create an account on the police website to upload footage from their dashcam (see Figure 3). They can also upload their dashcam footage anonymously.
The police claim that using dashcam footage uploaded by the public will help reduce the number of accidents caused by dangerous driving.
Figure 3: An example of a dashcam
* dashcam: a video camera mounted in a vehicle to record activity on roads
Discuss whether this dashcam footage should be used by the police as part of their strategy to reduce the number of accidents caused by dangerous driving. -
20N.1.SL.TZ0.2c:
Discuss whether Xingu Academy should become a bring-your-own-device (BYOD) school.
-
21N.1.SL.TZ0.1a.iii:
Identify two features of a protocol.
-
21N.1.SL.TZ0.1c:
To what extent is it acceptable for Rajesh to use services like a virtual private network (VPN) to access content that may be blocked in the country he is visiting?
-
21N.1.HL.TZ0.5:
Smart farming
A government in East Africa is using the expertise of scientists at a university in the region to promote the culture of smart farming and increase the productivity of farmers (see Figure 5). To do this, they have developed an app that the farmers can use to assist them in their decision-making.
Figure 5: An example of farming in East Africa
[Palmer, N., 2010. A farmer at work in Kenya’s Mount Kenya region [image] [online] Available at: https://commons.wikimedia.org/wiki/File:2DU_Kenya_86_(5367322642).jpg (CC BY-SA 2.0) https://creativecommons.org/licenses/by-sa/2.0/deed.en [Accessed 18 May 2020].]
Unfortunately, the scientists who developed the app have received many complaints from farmers who have been unable to use it. They are considering two options:
- making the existing system more user-friendly
- educating the farmers to use the existing system.
The scientists claim by making changes to the app it will make the app more user-friendly for the farmers. However, the farmers claim it would be better to provide them with education, such as training, so they can use the existing app.
Evaluate these two claims.
