1 An airport holds details of flights in a database using the table Flight. An extract of the table is shown below.

FlightID FlightNumber DestinationCode DestinationName DepartureDate DepartureTime

1355 OC0089 JFK John F. Kennedy 03/07/18 09:50
1453 CS1573 LHR Heathrow 03/07/18 10.30
1921 OC7750 JFK John F. Kennedy 04/07/18 8.30
1331 AM0045 YHZ Halifax 04/07/18 14.25
1592 HB0326 RTM Rotterdam 04/07/18 19.10
1659 CS0123 LHR Heathrow 04/07/18 07.20

The airline wishes to ensure the database is normalised.

(i) Describe why the database can be considered to be in First Normal Form.

[2]

(ii) Describe why the database can be considered to be in Second Normal Form.

[2]

(iii) Describe why the database can not be considered to be in Third Normal form.

© OCR 2022. You may photocopy this page. 1 of 45 Created in ExamBuilder

 [2]

© OCR 2022. You may photocopy this page. 2 of 45 Created in ExamBuilder

 2(a) A hotel uses a computer system to keep track of room bookings. The hotel staff are able to query a database to
discover which rooms are booked or which rooms are free.

The hotel’s computer network uses a client-server model.

(i) Describe what is meant by the term ‘client-server’ in this context.

[3]

(ii) Give two advantages of client-server compared to peer-to-peer.

[2]

© OCR 2022. You may photocopy this page. 3 of 45 Created in ExamBuilder

 (b) The hotel’s network uses multiple switches.

Explain the purpose of a network switch.

[3]

(c) * The hotel is concerned about the security of its computer network.

Discuss the threats which potentially exist to the hotel’s computer network and how these threats could be
eliminated or reduced.

© OCR 2022. You may photocopy this page. 4 of 45 Created in ExamBuilder

 [9]

© OCR 2022. You may photocopy this page. 5 of 45 Created in ExamBuilder

 (d) The hotel stores data about rooms, customers and bookings in a database. Each customer can book multiple
rooms and each room can be booked multiple times.

(i) Draw an Entity Relationship Diagram for this database.

[4]

(ii) Define what is meant by the term ‘foreign key’, giving one example of where a foreign key would be used in
the hotel booking database.

Definition

Example

© OCR 2022. You may photocopy this page. 6 of 45 Created in ExamBuilder

 [3]

(iii) Describe two different ways that hashing could be used in this database.

[4]

© OCR 2022. You may photocopy this page. 7 of 45 Created in ExamBuilder

 (e) The hotel booking database enforces referential integrity.

Explain what is meant by the term ‘referential integrity’ and how this could potentially be broken.

[2]

3 A company sells garden furniture. It has decided to create a relational database. A first, incomplete database
design includes two tables PRODUCT and ORDER.

PRODUCT (ProductId, ProductType, Size, Price,…)

ORDER (OrderId, OrderDate, ProductId,…)

For example, the product which has ProductId 12345 is a large bench which has a price of £150.

You should use only the data given above.

(i) Explain the use of a primary key in this database.

[2]

(ii) Explain the use of a foreign key in this database.

[4]

© OCR 2022. You may photocopy this page. 8 of 45 Created in ExamBuilder

 4 An insurance company's offices have a large number of black and white printers.

The company's technicians keep accurate records of the printers in the building, and the quantity of toner
cartridges in stock, in a flat file database. An extract of the database is shown in Fig. 1.

Printer Model Location Notes Cartridge Quantity in Re-order URL

Code stock
LasPrint office 3 LP-7XB 12 www.megacheapprint.com / toner /
LP753 LP-7XB
LasPrint office 6 drum LP-7XB 12 www.megacheapprint.com / toner /
LP710 replaced LP-7XB
Zodiac reception Zod17 4 www.zodiaclaserprinting.com / shop /
ZN217 Z17
Zodiac conference had to add Zod17 4 www.megacheapprint.com / toner /
ZN217 Room 2 RAM LP-7XB
LasPrint office 8 LP-7XB 12 www.megacheapprint.com / toner /
LP753 LP-7XB

Fig. 1

Describe two issues, referring to Fig. 1, that might arise from using a flat file database structure.

[4]

© OCR 2022. You may photocopy this page. 9 of 45 Created in ExamBuilder

 5(a) A company sells garden furniture. It has decided to create a relational database. A first, incomplete database
design includes two tables PRODUCT and ORDER.

PRODUCT (ProductId, ProductType, Size, Price,…)

ORDER (OrderId, OrderDate, ProductId,…)

For example, the product which has ProductId 12345 is a large bench which has a price of £150.

A CUSTOMER table is added. An entity-relationship (E-R) diagram is shown.

Explain why this design would be inefficient for customers.

[2]

© OCR 2022. You may photocopy this page. 10 of 45 Created in ExamBuilder

 (b) Some of the Structured Query Language (SQL) for this database is

SELECT Surname, Title, PhoneNo

FROM CUSTOMER
WHERE Town = “Coventry”
ORDER BY Surname

Describe the purpose of this code and give one situation in which it may be used.

[5]

© OCR 2022. You may photocopy this page. 11 of 45 Created in ExamBuilder

 6 A database stores information about songs on a music streaming service.

One of the tables called Song has the fields.

A band called RandomBits removes their permission for their songs to be streamed.

The company removes all the songs belonging to RandomBits from their service.

(i) Identify the law with which the company are complying.

[1]

(ii) Write an SQL statement that will remove all songs by RandomBits from the table Song.

[2]

(iii) When the songs have been removed, explain what must happen to the table PlayListEntry if the
database is to retain its referential integrity. (You are not expected to write the SQL to do this).

[1]

© OCR 2022. You may photocopy this page. 12 of 45 Created in ExamBuilder

 7(a) Every bank account has an account number and sort code. The sort code identifies the bank branch (location of
the bank) with which the account is held and the account number uniquely identifies the bank account. An extract
from a bank's database table is shown in Fig. 5.1.

State why the table in Fig. 5.1 is not in Third Normal Form.

[1]
(b) Explain how the database could be put into Third Normal Form.

[3]

© OCR 2022. You may photocopy this page. 13 of 45 Created in ExamBuilder

 (c) *A bank needs to ensure the data stored in its database is accurate at all times including when customers
deposit or withdraw funds.

Discuss how the bank can ensure the accuracy of its data and the importance of doing so.

[9]

© OCR 2022. You may photocopy this page. 14 of 45 Created in ExamBuilder

 8(a) RestaurantReview is a website that allows users to leave reviews and ratings for different restaurants.

The website uses a database with the following structure.

The database management system ensures referential integrity is maintained.

Whenever a review is added to the system, the restaurant’s average rating is updated. This transaction is ACID.

The A in ACID refers to Atomic.

Describe what is meant by the term ‘Atomic’ in the context of ACID transactions. You should refer to the example
of a review being added.

[2]

(b) Whenever a review is added to the system, the restaurant’s average rating is updated. This transaction is ACID.

The A in ACID refers to Atomic.

State what the letters CID refer to in ACID.

[3]

© OCR 2022. You may photocopy this page. 15 of 45 Created in ExamBuilder

 9(a) The video table consists of the following fields: VideoID, VideoName, Presenter, Topic.

(i) Describe what is meant by the term primary key.

[2]

(ii) Write an SQL query that finds the name and presenter of all videos on the Topic of “The CPU”.

[4]

(b) The Big Brains exam board has produced a website that allows students to access revision videos.

All pages in the site contain the following tag in the head section.

The exam board wants to use a database to keep track of which videos each student has viewed. The structure
it plans to use is shown below:

(i) Identify one reason why this structure would not be suitable.

[1]

(ii) Draw a new version of the structure to solve this problem.

[3]

© OCR 2022. You may photocopy this page. 16 of 45 Created in ExamBuilder

 10(a) A web forum stores all its content in a database.

The forum stores details of its users in the table called Users. An extract of Users is shown below.

userID username passwordHash locked

1 Zeus 8dfa46a79248037752bba6166fcb34f8 1
2 Hera 74d39d60507eb55e000c6ec5c1265891 0
3 Poseidon b015d770d0208ddcce2c2c719fe29371 0

Describe what is meant by the term ‘primary key’, giving an example from the table above.

[2]

© OCR 2022. You may photocopy this page. 17 of 45 Created in ExamBuilder

 (b) The user’s password is passed to a function that generates a hash and the result is stored in passwordHash.

(i) Describe what is meant by the term ‘hash’.

[1]

(ii) Describe one advantage to storing the password as a hash.

[2]

© OCR 2022. You may photocopy this page. 18 of 45 Created in ExamBuilder

 (c)
Write an SQL statement to get just the passwordHash and locked values of the user Apollo.

[3]
(d)
Sometimes users can have their accounts locked if they behave inappropriately. When this is the case the
locked field is set to 1 rather than 0.

Write an SQL statement that locks the account of the user Hades

[3]

© OCR 2022. You may photocopy this page. 19 of 45 Created in ExamBuilder

 (e) The function checkAccess takes in the password the user has entered (givenPassword) along with the
password hash (passwordHash) and locked value (locked).

passwordHash and locked have already been extracted from the database before being passed to the
function. It should return the value true if a user should be allowed access to a system and false if they aren’t.

Your function should make use of the pre-written function hash() which takes in a string and returns the hash
of that string.

e.g.

hash("Hello") returns f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0

Complete the function checkAccess.

function checkAccess (givenPassword, passwordHash, locked)

© OCR 2022. You may photocopy this page. 20 of 45 Created in ExamBuilder

 endfunction
[4]

© OCR 2022. You may photocopy this page. 21 of 45 Created in ExamBuilder

 11(a) Explain what the code in Fig. 8.1 does.

[5]
(b) In certain scenarios the user's IP address is logged in a database.

(i) Describe what is meant by an IP Address.

[2]

(ii) Explain why the programmers have chosen to store the user's IP address.

[2]

© OCR 2022. You may photocopy this page. 22 of 45 Created in ExamBuilder

 (c) An extract from the database is shown below:

(i) The username admin is entered into the form.

State what the value of statement would be after line 03 of the code in Fig. 8 .1 is run.

[1]

(ii) State what the value of hashInDB would be after line 04 of the code in Fig. 8.1 is run.

[1]

© OCR 2022. You may photocopy this page. 23 of 45 Created in ExamBuilder

 (d) In SQL the character ; denotes the next statement and the characters –– denote a comment.

The username DenverJ34'; DROP TABLE users; –– is entered into the form.

(i) State what the value of statement would be after line 03 is run.

[1]

(ii) Describe what happens when line 04 is run.

[2]

(iii) State the name of a law the user has broken by entering the username
DenverJ34'; DROP TABLE users; --

[1]

© OCR 2022. You may photocopy this page. 24 of 45 Created in ExamBuilder

 12(a) An airport holds details of flights in a database using the table Flight. An extract of the table is shown below.

FlightID FlightNumber DestinationCode DestinationName DepartureDate DepartureTime

1355 OC0089 JFK John F. Kennedy 03/07/18 09:50
1453 CS1573 LHR Heathrow 03/07/18 10.30
1921 OC7750 JFK John F. Kennedy 04/07/18 8.30
1331 AM0045 YHZ Halifax 04/07/18 14.25
1592 HB0326 RTM Rotterdam 04/07/18 19.10
1659 CS0123 LHR Heathrow 04/07/18 07.20

Describe what the SQL statement below does.

SELECT FlightNumber FROM Flight WHERE DestinationCode='JFK'

[2]

© OCR 2022. You may photocopy this page. 25 of 45 Created in ExamBuilder

 (b) The airport cancels all its flights to Heathrow on 4th July 2018.

The SQL statement below shows all the data for flights going to Halifax. Rewrite it so it instead removes all
flights to Heathrow on 4th July 2018.

SELECT * FROM Flight WHERE DestinationName='Halifax'

[3]

© OCR 2022. You may photocopy this page. 26 of 45 Created in ExamBuilder

 13(a) A website has the following code.

The page is linked to a style sheet. The message Unauthorised access to this system will be prosecuted is red with a
monospace font. (Note this is the only text on the page that has this formatting)

Write the segment of CSS code that would appear on the style sheet to make the message appear in the way
described.

[3]
(b) Explain the meaning of the HTML line

[2]

© OCR 2022. You may photocopy this page. 27 of 45 Created in ExamBuilder

 (c) *The line sends the contents of the form to be processed by the
server. This is done by code written in a language called PHP which is designed for server side processing.
Conversely JavaScript is traditionally used for client side processing.

Discuss the difference between server and client side processing with respect to webpages. You should refer to
the advantages, drawbacks and best uses of both approaches.

[9]

Part of the code on the server can be represented in pseudocode below.

In the pseudocode:
RunSQL (A, B) runs SQL statement A on database B. In this case it will always return a single value.
valueFromForm (controlName) gets the value entered into the input control with the name controlName

© OCR 2022. You may photocopy this page. 28 of 45 Created in ExamBuilder

 END OF QUESTION PAPER

© OCR 2022. You may photocopy this page. 29 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

1 i - No Repeating fields/data 2 (AO2.1)

- Data is atomic
- Has a primary Key
Examiner’s Comments
(1 Mark per -, max 2)
The definition for 1NF was answered well
by most candidates.

ii - Is in First Normal Form 2 (AO2.1)

- Every field is dependent on the
primary key.
Examiner’s Comments
(1 Mark per -, max 2)
The definition for 2NF was not as well
answered with most candidates omitting to
state that the database must first be in
1NF.

iii - Has a transitive relationship/ A non- 2 (AO1.2)

key field depends on another non-key
field.
- DestinationName depends on Examiner’s Comments
DestinationCode
(1 Mark per -, max 2) Fewer candidates scored well on this part
of the normalisation question. Many
identified that there was a transitive
relationship between DestinationName and
DestinationCode but few could describe
this with clarity.

Total 6

2 a i Client computers connect to server 3

Server provides access to a AO1.2
resource/service
In this case hotel staff use client
computers to connect to database on
server (or other sensible example).

ii e.g. 2
AO1.1
only one point of failure
easier to manage users/access
Easier to backup
Easier to keep data secure.
Technicians can more easily remotely
install / monitor.

© OCR 2022. You may photocopy this page. 30 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

b Joins computers/devices together on a 3

LAN AO1.1
Receives packets/data
Recipient’s address is given in packet
header/it uses the mac address
Send packets/data
Out the correct port /to the specific
computer device

c Mark Band 3–High Level (7-9 marks) 9 AO1

The candidate demonstrates a thorough AO1.1 Malware and viruses are software that can
knowledge and understanding of network (2) have a negative impact on computer
security. The material is generally accurate AO1.2 systems
and detailed. (2) Spyware and keyloggers can record
AO2.1 information entered and send back to a
The candidate is able to apply their (2) third party
knowledge and understanding directly and AO3.3 Phishing attacks attempt to steal data by
consistently to the context provided. (3) fraudulently appearing as legitimate emails
Evidence/examples will be explicitly asking for secure information
relevant to the explanation. Denial of Service Attacks can overload a
computer system with traffic and effectively
The candidate provides a thorough disable access for legitimate users
discussion which is well balanced.
Evaluative comments are consistently AO2
relevant and well-considered. Hotel’s systems could be disrupted by
DDOS attacks so no external bookings
There is a well-developed line of reasoning able to be made.
which is clear and logically structured. The Phishing and spyware attacks may
information presented is relevant and compromise visitor security and result in
substantiated. financial loss
Malware, viruses could destroy hotel data
Mark Band 2-Mid Level (4-6 marks) Theft of customer data would be an issue
The candidate demonstrates reasonable under Data Protection Act / GDPR for
knowledge and understanding of network which the hotel could be prosecuted
security; the material is generally accurate
but at times underdeveloped. AO3
Education for staff and customers is
The candidate is able to apply their important to deal with recognising and
knowledge and understanding directly to dealing with threats
the context provided although one or two Up to date software, limitations of use of
opportunities are missed. devices such as USB sticks and restricted
Evidence/examples are for the most part access to wireless networks can all limit
implicitly relevant to the explanation. risks.
Use of Firewall to restrict traffic entering
The candidate provides a sound and leaving the network.
discussion, the majority of which is Should be balanced against customer
focused. Evaluative comments are for the experience; will customers return if they
most part appropriate, although one or two have no access to It facilities?
opportunities for development are missed.

© OCR 2022. You may photocopy this page. 31 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

There is a line of reasoning presented with

some structure. The information presented
is in the most part relevant and supported
by some evidence.

Mark Band 1-Low Level (1-3 marks)

The candidate demonstrates a basic
knowledge of network security; the material
is basic and contains some inaccuracies.
The candidate makes a limited attempt to
apply acquired knowledge and
understanding to the context provided.
The candidate provides a limited
discussion which is narrow in focus.
Judgments if made are weak and
unsubstantiated. The information is basic
and communicated in an unstructured way.
The information is supported by limited
evidence and the relationship to the
evidence may not be clear.

0 marks
No attempt to answer the question or
response is not worthy of credit.

d i -Customer, Room and Booking entities, 4

must be singular AO2.2
-Customer joined to Booking and Room
joined to booking and no other links
-Customer to Booking relationship
indicated as one-many -Room to Booking
relationship indicated as one-many

ii A field that links to a (primary) key in a 3

second table AO1.1
Example : Customer ID // RoomID… (1)
… in Booking table AO2.1
(2)

iii Hashing for security 4

…e.g. hash passwords in database AO1.2
…to make sure they cannot be read if (2)
they are stolen AO2.2
Hashing for direct access (2)
…e.g. Customer/Room/Booking
records can be quickly accessed
…by using hash of index as address

© OCR 2022. You may photocopy this page. 32 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

e Database/relationships are consistent 2 Accept example that is not related to the

// each foreign key links to an AO1.1 database given (as this is an AO1
existing/valid primary key (1) question)
Suitable example of being broken (e.g. AO1.2 (1)
if primary key is deleted/updated,
foreign keys are no longer valid /
changes should be cascaded)

Total 30

© OCR 2022. You may photocopy this page. 33 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

3 i Unique identifier 2
ProductId identifies a product / OrderId Examiner's Comments
identifies an order
Most students got the “Unique identifier” as
was expected, a few were able to go on
and say what it was used for. Most
candidates were assumed to have not read
the question correctly.

ii Primary key from one table used as an 4

attribute in another table Examiner's Comments
to link tables / represent relationship
ProductId (is foreign key) in ORDER… A well answered question.
…to show which product has been
ordered

Total 6

4 Data might be inconsistent…(A01.1) 4

… For example the amount of LP-7XB Examiner's Comments
toner cartridges might be reduced in
one record but not in other records. Many candidates achieved some marks on
(A02.2) this question. However some did not use
the terminology expected at this level of
Space is wasted through redundant study e.g. data redundancy; data
data… (A01.1) inconsistency.
… For example the Re-order URL for
each toner cartridge is stored multiple
times. (A02.2)

Total 4

© OCR 2022. You may photocopy this page. 34 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

5 a Only one product can be on an order 2

Customer would have to make a Examiner's Comments
separate order for each product
required A few candidates showed a lack of
understanding of the E-R Diagram and
said that customers would not be able to
see the products, but most were able to
correctly analyse what was asked for.

b Lists attributes Surname, Title, 5 Accept other relevant purposes

PhoneNo
from the table CUSTOMER
for all customers in Coventry
in ascending order of Surname Allow A - Z / alphabetical
e.g. for local promotions / new store
opening Examiner's Comments

Another question that was targeted at

precise technical language, it was clear
from the candidates responses that some
only had very superficial knowledge of this
topic.

Total 7

6 i Copyright, Design and Patents Act 1 Accept Copyright Act / Law

ii 2
(1
mark per –, max 2)

iii All entries in which 1

contain songs by RandomBits must be
removed.

Total 4

© OCR 2022. You may photocopy this page. 35 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

7 a Branch name depends on Sort Code (i.e. 1

there is a transitive relationship).

b Create another table for Branches which 3

should include sort-code and branch name.
(1) Make sort code the primary key of the
BRANCH table/ Add a primary key to
BRANCH. (1) Remove Branch name from
Customers, leave sortcode as primary key/
Remove sort-code and branch name from
customers and add the primary key values
from BRANCS as the foreign key (1)

ALTERNATIVE ANSWER (ER-DIAGRAM)

Two tables CUSTOMER and BRANCH (or
similar names) (1)
Link from CUSTOMER to BRANCHES is
Many (1) to One (1)

c Mark Band 3-High Level (7–9 marks) 2 Answers may include, but are not limited
The candidate demonstrates a thorough to, some of the points below.
knowledge and understanding of
transaction processing. The material is
generally accurate and detailed.

2 AO1: Knowledge and Understanding

2 Transactions should be:

Atomic; They should either succeed or fail
but never partially succeed.

The candidate is able to apply their 3 Consistent: The transaction should only
knowledge and understanding directly and change the database
consistently to the context provided. according to the rules of the database.
Evidence/examples will be explicitly Isolated: Each transaction shouldn’t
relevant to the explanation. affect/overwrite other transactions
concurrently being processed.
The candidate provides a thorough Durable: Once a transaction has been
discussion which is well balanced. started it is remains no matter what
Evaluative comments are consistently happens.
relevant and well-considered. Records should be locked when in use. If
one transaction is amending a record, no
There is a well-developed line of reasoning other transaction should be able to until the
which is clear and logically structured. The first transaction is complete.
information presented is relevant and Transactions should maintain referential
substantiated. integrity. Changes to data in one table
must take into account data in linked
Mark Band 2–Mid Level (4–6 marks) tables.
The candidate demonstrates reasonable Data should have redundancy – if part of a
knowledge and understanding of database is lost it should be recoverable

© OCR 2022. You may photocopy this page. 36 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

transaction processing; the material is from elsewhere.

generally accurate but at times Data entered must be accurate in the first
underdeveloped. place.
Security measures need to be in place to
The candidate is able to apply their prevent malicious tampering of data.
knowledge and understanding directly to Data entered should be validated
the context provided although one or two (automatically checked it is sensible) and
opportunities are missed. verified (checked that the data entered
Evidence/examples are for the most part matches the original).
implicitly relevant to the explanation.
AO2.1: Application
The candidate provides a sound Ensuring the accuracy of transactions will
discussion, the majority of which is be partly down to the DBMS and partly
focused. Evaluative comments are for the down to the code accessing the DBMS.
most part appropriate, although one or two Referential Integrity is often enforced by
opportunities for the database management system.
development are missed. Redundancy can be provided in a number
of ways. This could be a RAID setup or
There is a line of reasoning presented with mirroring servers.
some structure. The information presented Bank may use validation and verification
is in the most part relevant and supported when data is input. Security procedures
by some evidence. may include firewall, enforcement of
sensible passwords and enforced user
Mark Band 1–Low Level (1–3 marks) access rights.
The candidate demonstrates a basic Validation may include range checks, list
knowledge of transaction processing; the checks, presence checks etc.
material is basic and contains some Verification may include double entry and
inaccuracies. The candidate makes a proof reading,
limited attempt to apply acquired
knowledge and understanding to the
context provided. AO3.3: Evaluation
It is essential the bank follows the
The candidate provides a limited precautions discussed. Verification and
discussion which is narrow in focus. validation help ensure the data is initial
Judgments if made are weak and data is sound (garbage in = garbage out)
unsubstantiated. If they make mistakes with their financial
data they may lose money or overcharge
The information is basic and customers and lose business/find
communicated in an themselves in legal trouble.
unstructured way. The information is Without redundancy data could be lost.
supported by limited evidence and the Without careful transaction processing, one
relationship to the evidence may not be transaction could accidentally overwrite
clear. another or half complete leading to
inaccurate data.
0 marks Under the Data Protection Act they have
No attempt to answer the question or an obligation to keep personal data
response is not worthy of credit. accurate. Verification and Validation.

Total 13

© OCR 2022. You may photocopy this page. 37 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

8 a – A transaction / review can only fully 2

complete or not complete / cannot AO1.1 (1) Examiner’s Comments
partially complete AO2.1 (1)
– In this case, it should not be possible This question was generally well attempted
for the review to be added without the by most candidates. Those who did not
(average) rating being updated. gain credit referred to atomic being the
lowest level of detail which is incorrect in
(1 mark per -, max 2) this context.

b – Consistency 3
– Isolation AO1.1 Examiner’s Comments
– Durability
(1 mark per -, max 3) Well attempted by most candidates. In
general, candidates either scored three or
zero marks.

Total 5

9 a i A field that has a unique value / a 2 Up to 2 marks for a valid description.

unique identifier (1) for every record in
that table (1) – in this case VideoID (1).

ii SELECT VideoName, Presenter (1) 4 For 4 marks.

FROM Video (1) WHERE Topic (1)
=“The CPU” (1). Do not award first mark if any other field or
SELECT *

SELECT VideoName, Presenter FROM

Video WHERE Topic=“The CPU”

b i Many to Many relationships are not 1 For 1 mark.

allowed / in 3NF (1).

ii Table added between student and 3 For 3 marks.

video (1).
Student to middle table 1:M
relationship (1).
Middle table to video M:1 relationship
(1).

Total 10

© OCR 2022. You may photocopy this page. 38 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

10 a A field which has a unique value for every 2

record / A unique identifier. (1)
(AO1.1 –

E.g. userID (1) 1, AO2.1

-1)

Examiner’s Comments
Well received and answered by most
candidates.

b i A result generated by applying an 1

algorithm / numeric process to a value. (1)
(AO1.1)

ii Hash functions are one way / can’t 2

be reverse (1)

If someone gains access to the (AO1.2 1

database they cannot access user’s mark,
password. (1) Examiner’s Comments
AO2.1 Many candidates achieved the mark in
part i) few achieved both marks in part ii)
1 mark) mostly stating as opposed to describing the
advantage e.g. ‘those who gain
unauthorised access cannot access
passwords’ without going on to say ‘hash
functions are one way’.

c SELECT passwordHash, locked (1) 3 Do not award first mark for SELECT *
FROM Users (1)
WHERE username=‘Apollo’ (1) (AO 3.2)

Examiner’s Comments
In most cases, candidates who achieved
marks in c) went on to achieve marks in d)
with few candidates achieving all marks in
either. Many candidates did not use correct
SQL statement structure or syntax e.g.
confusing attribute names with string
literals.

© OCR 2022. You may photocopy this page. 39 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

d UPDATE Users (1) 3 Allow other updating method

SET locked=1 (1) e.g. a DELETE statement followed by an
INSERT statement, for full marks e.g.
(AO 3.2)
WHERE username=‘Hades’ (1)

Examiner’s Comments
In most cases, candidates who achieved
marks in c) went on to achieve marks in d)
with few candidates achieving all marks in
either. Many candidates did not use correct
SQL statement structure or syntax e.g.
confusing attribute names with string
literals.

e Takes a hash of givenPassword 4 Example code:

(NB this may be done inline e.g.
if hash (givenPassword)==pa (AO 3.2)
sswordHash and locked==0
then (1)

Returns true if password is correct

and account is unlocked. (1) Candidates may have taken a different
approach - any solution that fulfils the
Returns false if account is locked (1) criteria on the left should get them marks.

Returns false if password is

incorrect (1)
Examiner’s Comments
Candidates were asked to complete a
function in this question. Although many
students demonstrated reasonable logic in
solving this problem, some used output
statements rather than returned values
from the function, therefore, not gaining full
marks.

Total 15

© OCR 2022. You may photocopy this page. 40 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

11 a Any five from: 5

Takes the username and password from
the form (1)
Uses the username to create an SQL
statement (1) to get the passwordHash
belonging to the given username (1) Runs
the SQL Statement (1) hashes the given
password and compares it to the retrieved
hash (1)
If they match it generates a success
webpage, otherwise it records the user’s IP
address. (1)

b i Any two from: 2

A numerical address made of 4 numbers
each between 0 and 255 / 32 hexadecimal
digits (1)
That uniquely identifies a device on a
network. (1)
It is a logical identifier (i.e. can change on a
physical device) (1)

ii IP address can help identify a user… (1) 2

…so company can potentially track users
attempting to gain unauthorised access (1)

c i SELECT passwordHash FROM users 1

WHERE name = ‘admin’

ii 0e5a511 1

d i SELECT passwordHash FROM users 1

WHERE name = ‘DenverJ34’; DROP
TABLE users; ’ --

ii Gets passwordHash for username 2

DenverJ34 (1)
then deletes the table called users. (1)

iii Computer Misuse Act 1

Total 15

© OCR 2022. You may photocopy this page. 41 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

12 a - Gets/selects/outputs the flight 2 (AO2.2)

numbers from the ‘Flight’ table
- Of flights with the destination JFK
- It returns OC0089 and OC7750 Examiner’s Comments
(1 Mark per -, Max 2)
Many candidates achieved full marks on
this question. Candidates were credited for
describing the statement and/or stating the
output. Those who did not achieve full
marks generally stated that the statement
‘outputs the flight numbers of flights with
the destination of JFK’ omitting to state that
the flight numbers will be extracted from
the flight table.

b - SELECT * changed to DELETE 3 (AO3.2) DELETE FROM Flight WHERE

DestinationName='Heathrow' AND
- Halifax changed to Heathrow DepartureDate=4/7/18
DestinationName='Heathrow'/
DestinationCode='LHR' Accept quotation marks or #s around the
date.
- Added AND
DepartureDate=4/7/18 Do not give first mark if asterisk is kept (i.e.
DELETE *)
(1 Mark per -, Max 3)
The Departure Date condition could be
placed before the Destination Name.

Examiner’s Comments

Most candidates did not achieve the first

mark for the DELETE statement because
they included the wildcard i.e. DELETE *.
Many went on to achieve the rest of the
marks giving the criteria, using correct SQL
statements.

Total 5

© OCR 2022. You may photocopy this page. 42 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

13 a Code enclosed within #warning{…} (1) 3 #warning{

color: red; (1) color: red;
font-family: monospace; (1) font-family: monospace;
}
Also accept hex color and RGB color
notations.
Don’t penalise for missing semicolons.

Accept a named suitable font like Courier

New.

b Creates a textbox (1) 2

To hold the username/which is referred to
as username (1)

c Mark Band 3–High Level (7–9 marks) 2

The candidate demonstrates a thorough 2 Answers may include, but are not limited
knowledge and understanding of client and to, some of the points below.
server side processing. The material is
generally accurate and detailed.

2 AO1: Knowledge and Understanding

© OCR 2022. You may photocopy this page. 43 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

The candidate is able to apply their 3 Server side processing takes place on the
knowledge and understanding directly and webserver. Data is sent from the browser
consistently to the context provided. to the server, the server processes it and
Evidence/examples will be explicitly sends the output back to the browser.
relevant to the explanation. Client side processing takes place in the
web browser.
The candidate provides a thorough
discussion which is well balanced. AO2.1: Application
Evaluative comments are consistently Client side processing doesn’t require data
relevant and well-considered. to be sent back and forth meaning code is
much more responsive.
There is a well-developed line of reasoning Code is visible which means it can be
which is clear and logically structured. The copied. The browser may not run the code
information presented is relevant and either because it doesn’t have the
substantiated. capability or because the user has
intentionally disabled client side code.
Mark Band 2–Mid Level (4–6 marks) Server side processing takes away the
The candidate demonstrates reasonable reliance of the browser having the correct
knowledge and understanding of client and interpreter. It hides the code from the user,
server side processing; the material is protecting copyright and avoiding it being
generally accurate but at times amended/circumvented. Server side
underdeveloped. processing puts extra load on the server.
This is at the cost of the company hosting
The candidate is able to apply their the website.
knowledge and understanding directly to
the context provided although one or two AO3.3: Evaluation
opportunities are missed. Client side processing is best used when
Evidence/examples are for the most part it’s not critical code that runs. If it is critical
implicitly relevant to the explanation. then it should be carried out on the server.
Client side processing is also best where a
The candidate provides a sound quick response is needed – an example
discussion, the majority of which is being games.
focused. Evaluative comments are for the Server side processing is best used where
most part appropriate, although one or two it is integral that processing is carried out.
opportunitiesfor development are missed. It is often used for generating content. It
can be used to access data including
There is a line of reasoning presented with secure data. For this reason any data
some structure. The information presented passed to it has to be checked carefully.
is in the most part relevant and supported With some things like validation good
by some evidence. practice is to do both: First on the client for
a quick response if there is an issue, then
Mark Band 1-Low Level (1-3 marks) The on the server in case the client side
candidate demonstrates a basic knowledge processing has been circumvented.
of client and server side processing; the
material is basic and contains some
inaccuracies. The candidate makes a
limited attempt to apply acquired
knowledge and understanding to the
context provided.

© OCR 2022. You may photocopy this page. 44 of 45 Created in ExamBuilder

 Question Answer/Indicative content Marks Guidance

The candidate provides a limited

discussion which is narrow in focus.
Judgments if made are weak and
unsubstantiated. The information is basic
and communicated in an unstructured way.
The information is supported by limited
evidence and the relationship to the
evidence may not be clear.

0 marks
No attempt to answer the question or
response is not worthy of credit.

Total 14

© OCR 2022. You may photocopy this page. 45 of 45 Created in ExamBuilder

Powered by TCPDF (www.tcpdf.org)