| Date | May 2019 | Marks available | 3 | Reference code | 19M.2.SL.TZ0.2 |
| Level | SL | Paper | 2 | Time zone | no time zone |
| Command term | Explain | Question number | 2 | Adapted from | N/A |
Question
A school maintains a database of students’ details and teaching resources on a central server. This data can be accessed by all teachers in the school.
Teachers may need to edit resources when preparing their lessons.
When storing student details, data security is an important consideration.
The school has appointed a database administrator (DBA).
A DBA is required to carry out tasks such as ensuring there is a strategy to recover the database if it becomes corrupted and that the data is shared ethically.
Explain how concurrent use of the school database is possible in this situation.
Describe two ways that data security in the school's database can be maintained.
Describe one strategy that could be used to ensure the data can be recovered if the database becomes corrupted.
Suggest how the privacy of student data can be ensured.
Markscheme
Award [3 max].
The ability of a database to allow multiple teachers to affect multiple transactions;
Allowing concurrent processing while ensuring transaction isolation;
Thus, ensuring the update of one teacher does not affect the update of another teacher;
While one transaction (by a teacher) is accessing a resource from a shared folder, it places a lock, an access restriction, on the resource, controlling the level of access allowed by another transaction by another teacher;
Award [4 max].
Award [1] for identifying a way of maintaining data security and [1] for a development up to [2 max]
Mark as [2] and [2]
Minimizing permissions;
Restrict users to have permission only to the means to do their job. Some can view, modify and insert some only view etc.;
Auditing changes;
Log changes made to teachers and permissions through auditing. This gives a trail to follow should you have problems. Without authorization no one gets grant of permissions;
Minimizing table access;
Isolate the teachers from the data tables they do not need / Create views and user defined functions to support user access requirements and not give access to the tables;
Award [2 max].
Award [1] for identifying a way of maintaining data security and [1] for a development up to [2 max].
Deferred update;
does not physically update the database on disk until a transaction has reached its commit point/if a transaction fails before reaching its commit point, it will not have changed the database in any way so UNDO is not required;
Shadow paging;
When a page is to be modified, a shadow page is allocated in which changes are made;
When it is ready to become durable, all pages that refer to original are updated to refer new replacement page;
Back-up;
Back-up copies of the entire database is done to ensure the database is at the most updated version of the original;
Award [3 max].
Award [1] for the method, award [1] for the explanation and [1] for the example up to [3 max].
Data masking or data obfuscation;
is the process of hiding original data with random characters;
e.g.: suppressing certain characters in the student address, student id etc.;
Data encryption;
Conversion of data into non-readable gibberish creates highly secure results such as scrambling the student_ID;
The only way to gain access to the data is to unlock it with a key or password which only those authorized can access;
Examiners report
Many students gave generic answers for isolation in this section. Few of the students gave very precise explanations as well.
Most students were able to do this question.
A majority of candidates were able to identify at least one way of maintaining data consistency but did not relate to the recovery part of the answer.
Methods of anonymising data was a challenge for most students.
