INFO2222 S1 2021 Final Exam
In this exam you will be presented with questions that will differ depending on your student ID
number. Please read and follow the instructions carefully in order to ensure that you are answering
the correct question. Answering the incorrect question will result in being awarded a zero for that
section.
Your student ID is a nine digit number and is distinct from your unikey. Please do not use your unikey
when determining which questions you are required to answer.
In answering the questions in this exam you will be required to write and submit a single pdf document
to canvas containing your answers. This document should additionally contain all images and other
materials required to support your answer. Answers to questions should be presented in the order
in which they appear in this exam book and should be clearly marked as to which question and
version you are answering.
This exam contains a total of 100 marks.
Good luck.
1
INFO2222 S1 2021 Final Exam
Scenario A: Group Emailer
Read this section if the final digit of your Student ID is 1, 2 or 3.
In this scenario you are presented with the problem of designing a website with a ‘mass’ emailing
feature. Your site will contain the following concrete tasks:
Account registration
Enrolment of email recipients
Creation of groups of email recipients
Creation of parameterised messages to send to groups
Sharing of email groups between users of the website
Page 2 of 11
INFO2222 S1 2021 Final Exam
Scenario B: Group Timetabling
Read this section if the final digit of your Student ID is 4, 5 or 6.
In this scenario you are presented with the problem of designing a website where groups can share
and coordinate meeting times using a common timetable format. Your site will contain the following
concrete tasks:
Account registration
Entering of timetable information
Creation of groups of users
Sharing of timetables between users
Calculation of commonly available free times
Page 3 of 11
INFO2222 S1 2021 Final Exam
Scenario C: Group Feedback
Read this section if the final digit of your Student ID is 7, 8, 9 or 0.
In this scenario you are presented with the problem of designing a website where groups can anony-
mously share feedback on each other’s performance. Your site will contain the following concrete
tasks:
Account registration
Group creation
Inviting other users to a group
Sharing of anonymous group feedback with other members of the group
Evaluation of group cohesion from feedback scores
Page 4 of 11
INFO2222 S1 2021 Final Exam
Target Audience
The target audience for your website will depend on the eighth digit of your unikey, please read it
carefully
Read this section if the eighth digit of your Student ID is 1, 2 or 3
The target audience for your scenario will be high school staff and students.
Read this section if the eighth digit of your Student ID is 4, 5 or 6
The target audience for your scenario will be mental health workers and patients in a clinical environ-
ment.
Read this section if the eighth digit of your Student ID is 7, 8, 9 or 0.
The target audience for your scenario will be hiring staff and potential job applicants.
Page 5 of 11
INFO2222 S1 2021 Final Exam
1 Usability: Problem and Requirements – (20 Marks)
1.1 Identifying the Users (5 Marks)
Compare the user profile of each target audience assigned to your scenario. Discuss the
implications of your analysis.
1.2 Identifying Tasks (5 Marks)
Describe the main set of tasks that are to be performed on the website by each target audience
assigned to your scenario .
Page 6 of 11
INFO2222 S1 2021 Final Exam
1.3 Identifying the Context – (10 Marks)
This question will vary depending on the final digit of your Student ID, please read it carefully.
1.3.1 Email Spam
Read this section if the final digit of your Student ID is 1, 2 or 3
The sending of mass e-mail can be annoying and may end up being considered spam by its recipients.
However, mass emails are commonly used in organisations to communicate with a large number of
people with a low overhead.
How will you attempt to research the organisational context in which your email system will be used
Suggest an interface feature that can be incorporated into the website to reduce the risk of important
emails being ignored by the intended recipients.
1.3.2 Timetable Privacy
Read this section if the final digit of your Student ID is 4, 5 or 6
Timetabling schedules can differ depending on the purpose of the meeting e.g. work meetings are
usually scheduled during working hours while informal meet-ups can be held outside working hours.
How will you attempt to research the social context in which your website will be used
Suggest an interface feature that can be incorporated into the website that will reassure users that only
the information necessary for arranging a meeting will be shared with the timetabling system.
1.3.3 Constructive Criticism
Read this section if the final digit of your Student ID is 7, 8, 9 or 0
There are many barriers in giving constructive feedback on performance during group work with some
users being reluctant to give feedback and risk damaging their working relationship.
How will you attempt to understand the social context in which your website will be used
Suggest an interface feature that can be incorporated into the website to provide users with sense of
re-assurance that their identities will be protected when feedback is given.
Page 7 of 11
INFO2222 S1 2021 Final Exam
2 Usability – Design and Evaluation (25 marks)
2.1 Communicating the Design – (10 Marks)
Draw wireflows to illustrate each screen that a user sees while navigating your website to complete
their goal. You may need multiple pages to achieve this. Be sure to clearly label each
elements to indicate the sequence of viewing.
2.2 Accessibility – (5 Marks)
Describe suitable interface features that can be incorporated into your website to cater to any accessi-
bility needs your users may have.
2.3 Evaluation – (10 Marks)
Perform a cognitive walkthrough on your wireflows for each of the tasks required by your scenario.
Discuss if your design sufficiently supports users during the stages of execution and evaluation.
3 Usability – General Questions – (5 Marks)
In your opinion, is it possible to maintain usability while generalising a website to cater to a wide
user base
Page 8 of 11
INFO2222 S1 2021 Final Exam
4 Security: Authentication and User Expectations – (15 Marks)
4.1 Authentication – (5 Marks)
This question will vary depending on the seventh digit of your Student ID, please read it carefully.
Propose an authentication scheme with the following properties:
4.1.1 TFA with Biometrics
Read this section if the seventh digit of your Student ID is 1, 2 or 3
You should propose and construct a scheme by which users may only access the site using two fac-
tor authentication. One of the factors must be biometric. Discuss methods of securely storing all
information required to authenticate a user.
4.1.2 TFA with Physical Key
Read this section if the seventh digit of your Student ID is 4, 5 or 6
You should propose and construct a scheme by which users may only access the site using two factor
authentication. One of the factors must involve some physical authentication token. Discuss methods
of securely storing all information required to authenticate a user.
4.1.3 One time Use Passwords
Read this section if the seventh digit of your Student ID is 7, 8, 9 or 0
You should propose and construct a scheme by which users may only access the site with a one
time use password. Your scheme should contain a secure method of obtaining subsequent passwords.
Discuss methods of securely storing all information required to authenticate a user.
4.2 Security Goals – (5 Marks)
For your given scenario and design, discuss which security goals are relevant and which are irrelevant.
Provide arguments for each situation and discuss how the required security goals may be satisfied.
You should discuss any challenges to your security goals that may be presented by your authentication
system.
4.3 Ethics, Legality and Privacy – (5 Marks)
For your given scenario, design and authentication scheme, discuss any ethical, legal or privacy related
considerations you must make with regards to your users data.
Page 9 of 11
INFO2222 S1 2021 Final Exam
5 Security: Threat Modelling – (20 Marks)
5.1 Threats – (10 Marks)
Present a table of potential technical threats to your system as you have constructed it so far. You
should make reference to the wireframes in your wireflow where necessary. For each threat in your
threat model you should include:
A description of the threat
A brief example of the threat
An estimation of the potential damage caused by a attack associated with the threat
An estimation of the complexity or probability with which the attack will occur
The associated severity of the attack
You should attempt to order your table by the severity of each threat (It does not matter if this is
ascending or descending).
5.2 Controls – (10 Marks)
Present controls where possible for each of the threats you have listed in the previous question. For
each control you should discuss and evaluate the complexity of implementing that particular control.
Given the severity of the threat and the complexity of the controls; rank your controls by the order in
which they should be implemented by a development team.
If any of the threats you presented could not be controlled you should discuss why this is the case.
Page 10 of 11
INFO2222 S1 2021 Final Exam
6 Security: General Questions – (15 Marks)
6.1 Networks (10 Marks)
This question will vary depending on the sixth digit of your Student ID, please read it carefully.
6.1.1 Link and Network Layer
Read this section if the sixth digit of your Student ID is 1, 2, 3, 4 or 5
Discuss any problems pertaining to authentication using a combination of the sender’s MAC
and IP addresses.
Discuss any features of these layers that provide secrecy, integrity or anonymity to the packets
transmitted.
Discuss how the network layer can be used for vulnerability scanning.
6.1.2 Transport Layer
Read this section if the sixth digit of your Student ID is 6, 7, 8, 9 or 0
Discuss any problems pertaining to authenticating a connection using both TCP and UDP.
Discuss any features of this layer that provides secrecy, integrity or anonymity to the packets
transmitted.
Discuss how the transport layer can be used for vulnerability scanning.
6.2 This Exam – (5 Marks)
Within the context of this exam, construct a threat model pertaining to potential collusion and cheat-
ing during this exam. Discuss what controls have been implemented and numerically evaluate their
efficacy. Discuss the trade-off between any further controls and potential privacy considerations of
students sitting the exam.
Page 11 of 11
