April 2024

Fundamental IT Engineer Examination (Subject B)

Questions must be answered in accordance with the following:

Question Nos. Q1 – Q20

Question Selection All questions are compulsory.
Examination Time 12:30 - 14:10 (100 minutes)

Instructions:
1. Use a pencil. If you need to change an answer, erase your previous answer completely
and neatly. Wipe away any eraser debris.

2. Mark your examinee information and test answers in accordance with the instructions
below. Your answer will not be graded if you do not mark properly. Do not mark or write
on the answer sheet outside of the prescribed places.
(1) Examinee Number
Write your examinee number in the space provided, and mark the appropriate space
below each digit.
(2) Date of Birth
Write your date of birth (in numbers) exactly as it is printed on your examination
admission card, and mark the appropriate space below each digit.
(3) Answers
Mark your answers as shown in the sample question below.

[Sample Question]
Which of the following should be used for marking your answer on the answer sheet?

Answer group
a) Ballpoint pen b) Crayon c) Fountain pen d) Pencil

Since the correct answer is “ d) Pencil ”, mark the answer as below:

[Sample Answer]

Sample B C D ●F G H I J K

Do not open the exam booklet until instructed to do so.

Inquiries about the exam questions will not be answered.

-1-
 Pseudo programming language notations

In algorithm and programming questions that use pseudo programming language, the
following notations are used unless otherwise stated:

[Pseudo programming language notations]

Notation Description
○ procedure(type: arg1, ...) Declares a procedure and its argument(s) arg1, ... .
○ ret-type: function(type: arg1, ...) Declares a function, its argument(s) arg1, ... , and
type of return value ret-type.
type: var1, ... Declares variables var1, ... and arrays array1, ... by
type []: array1, ... data type such as integer, real, and string.
/* comment */ Describes a comment between /* and */.
// comment Describes a comment after // till end of line.
variable ← expression Assigns the value of the expression to the variable.
procedure(arg1, ...) Calls a procedure by passing arguments arg1, ... .
function(arg1, ...) Calls a function by passing arguments arg1, ... ,
and receiving the return value.
output arg1, ... Outputs values of arg1, ... to a printing device.
return ret-val Finishes a function by passing back a return value
ret-val.
if (condition-i) Indicates the selection process.
process-i *1 *1 If condition-i is true, then execute process-i.
elseif (condition-ei) Otherwise, proceed to the next elseif or else.
process-ei *2 *2 If condition-ei is true, then execute process-ei.
else Otherwise, proceed to the next elseif or else.
process-e *3 *3 If all conditions are false, execute process-e.
endif Note: *2 and *3 can be omitted.
Note: *2 may exist twice or more.

for (sequence) Indicates the “for” iteration process.

process In the order specified in the sequence, execute the
endfor process repeatedly.
while (condition) Indicates the “while” iteration process.
process While the condition is true, execute the process
endwhile repeatedly.
do Indicates the “do - while” iteration process.
process Execute the process once, and then while the
while (condition) condition is true, execute the process repeatedly.

-2-
 Pseudo programming language notations
(continued)

[Operators and their precedence]

Type of operator Operators Precedence Note
Expression ( ), . (1) High (1) accessing member or method

Unary operator +, −, not (2) (2) logical negation

Binary operator ×, ÷, mod (3) (3) remainder

+, −
>, <, ≥, ≤, =, ≠
and (4) (4) logical product

or (5) Low (5) logical sum

[Boolean-type constants]
true, false

[Array reference]
1-dimensional array 2-dimensional array Array of arrays
Array declaration type []: name ... type [,]: name ... type [][]: name ...
Example integer []: a1 integer [,]: a2 integer [][]: aa
1 2 3 4 5 1 2 3 1 2 3 .
1 3 5 7 9 1 11 12 13 1 21 22
2 14 15 16 2 23 24 25
3 17 18 19 3 26

Data reference Data 7 is referred Data 16 is referred Data 25 is referred

to by a1[4] to by a2[2,3] to by aa[2][3]
Notation of array {1, 3, 5, 7, 9} {{11, 12, 13}, {{21, 22},
contents {14, 15, 16}, {23, 24, 25},
{17, 18, 19}} {26}}
Note: The indexes of example arrays start at 1.

[undefined state]
undefined is a state in which no value is set to a variable (or an element of an array).
By setting undefined to a variable, the variable is transformed into undefined state.

-3-
Q1. From the answer group below, select the correct combination of answers to be inserted
into ___A___ through ___C___ in the program.

A school determines the letter grade that a student will receive based on the score, which is
an integer value between 0 and 100, as follows:

Score Letter grade Description

80 – 100 D Pass with distinction
50 – 79 P Pass
0 – 49 F Fail

The function grade receives a score (non-negative integer value between 0 and 100) and
returns the letter grade as a character.

[Program]
○ character: grade(integer: score)
character: ret
if (score ___A___ 80)
ret ← "D"
elseif (score ___A___ 50)
ret ← ___B___
else
ret ← ___C___
endif
return ret

Answer group
A B C
a) = "P" "F"
b) = "F" "P"
c) > "P" "F"
d) > "F" "P"
e) ≥ "P" "F"
f) ≥ "F" "P"

-4-
Q2. From the answer group below, select the correct answer to be inserted into _______ in
the program.

A bus company operates buses between two cities. The standard ticket price is 20 US dollars
and the discount ticket price for passenger aged 10 and under or aged 60 and over is 10 US
dollars. Additionally, registered members of all ages always get the ticket at the discount
price.

The function ticketPrice receives the arguments age (a non-negative integer value) and
isMember (a boolean indicating that the passenger is a member if the value is true), which
returns the value ret as the ticket price (in US dollars).

[Program]
○ integer: ticketPrice(integer: age, boolean: isMember)
integer: ret
if ( _______ )
ret ← 10
else
ret ← 20
endif
return ret

Answer group
a) ((age ≤ 10) and (age ≥ 60)) and isMember
b) ((age ≤ 10) and (age ≥ 60)) or isMember
c) ((age ≤ 10) or (age ≥ 60)) and isMember
d) ((age ≤ 10) or (age ≥ 60)) or isMember

-5-
Q3. From the answer group below, select the correct answer to be inserted into _______ in
the program.

The program outputs the even numbers between 1 and 100. Subsequently, it prints the sum
of those even numbers. Note that division is performed for data type integer, that is, a ÷ b is
the quotient of a divided by b.

[Program]
integer: i
integer: sum ← 0

for(increase i from 1 to 100 by 1)

if( _______ )
output i
sum ← sum + i
endif
endfor
output sum

Answer group
a) i ÷ 2 = 0 b) i ÷ 2 ≠ 0
c) i mod 2 = 0 d) i mod 2 ≠ 0
e) i = 2 f) i ≠ 2

-6-
Q4. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the program.

The function sumDigits receives a non-negative integer value num as argument, and returns
the sum of the digits of num.

[Program]
○ integer: sumDigits(integer: num)
integer: sum ← 0
while (num > 0)
sum ← ___A___
num ← ___B___
endwhile
return sum

Answer group
A B
a) sum + num mod 10 num mod 10
b) sum + num mod 10 integer part of (num ÷ 10)
c) sum × 10 + num mod 10 num mod 10
d) sum × 10 + num mod 10 integer part of (num ÷ 10)
e) sum + integer part of (num ÷ 10) num mod 10
f) sum + integer part of (num ÷ 10) integer part of (num ÷ 10)
g) sum × 10 + integer part of (num ÷ 10) num mod 10
h) sum × 10 + integer part of (num ÷ 10) integer part of (num ÷ 10)

-7-
Q5. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the program.

The function division receives two integer values a and b and returns the quotient of a
divided by b. The function modulus receives two integer values a and b and returns the
remainder of a divided by b. The procedure convert receives the value of seconds as the
input argument and outputs that value in the form of hours, minutes, and seconds. For
example, when the procedure convert is called as convert(5450) the output is “1, 30,
50”. Here, suppose that the range of input values satisfy 0 ≤ input < 86400.

[Program]
○ convert(integer: input)
integer: hour, minute, second
second ← modulus(input, 60)
minute ← ___A___
hour ← ___B___
output hour, minute, second

○ integer: division(integer: a, integer: b)

integer: u
u ← integer part of (a ÷ b)
return u

○ integer: modulus(integer: a, integer: b)

integer: u
u ← a mod b
return u

Answer group
A B
a) division(modulus(input, 60), 60) division(input, 3600)
b) division(modulus(input, 60), 60) division(modulus(input, 60), 60)
c) division(modulus(input, 60), 60) modulus(division(input, 60), 60)
d) modulus(division(input, 60), 60) division(input, 3600)
e) modulus(division(input, 60), 60) division(modulus(input, 60), 60)
f) modulus(division(input, 60), 60) modulus(division(input, 60), 60)

-8-
Q6. From the answer group below, select the correct answer to be inserted into _______ in
the program.

The function count1 receives the bit8 type (8-bit type) argument byte, and returns the
number of bits 1 in the argument. For example, when the function count1 is called as
count1(11001011), the return value is 5.
Here, operator & represents a bitwise logical product, operator | represents a bitwise logical
sum; operator >> represents a logical shift to the right, and operator << represents a logical
shift to the left. For example, v << n performs a logical shift of the value of v by n bits to
the left.

[Program]
○ integer: count1(bit8: byte)
bit8: rbyte ← byte
integer: r ← 0
integer: i
for (increase i from 1 to 8 by 1)
if (( _______ ) ≠ 00000000)
r ← r + 1
endif
endfor
return r

Answer group
a) rbyte & (00000001 << (i - 1))
b) rbyte & (00000001 << i)
c) rbyte & (00000001 << (i + 1))
d) rbyte | (00000001 << (i - 1))
e) rbyte | (00000001 << i)
f) rbyte | (00000001 << (i + 1))

-9-
Q7. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the program.

The Fibonacci sequence is a sequence in which each number is equal to the sum of the two
preceding numbers. In this question, the sequence starts with 0 and 1. The first 10 values in
the sequence are 0, 1, 1, 2, 3, 5, 8, 13, 21, 34. For example, the 8-th number 13 is the sum of
the two preceding numbers 5 and 8.

The function fibo takes an integer value n as the argument and returns the value at the n-th
position. Here, n reflects the position of the number in the sequence, starting with 1 (one).
When n is 9, the function returns 21.

[Program]
○ integer: fibo(integer: n)
if ( ___A___ )
return n - 1
else
return ___B___
endif

Answer group
A B
a) n = 1 fibo(n-1) + 1
b) n = 1 fibo(n-1) + n
c) n = 1 fibo(n-1) + fibo(n-2)
d) n > 1 fibo(n-1) + 1
e) n > 1 fibo(n-1) + n
f) n > 1 fibo(n-1) + fibo(n-2)
g) (n = 1) or (n = 2) fibo(n-1) + 1
h) (n = 1) or (n = 2) fibo(n-1) + n
i) (n = 1) or (n = 2) fibo(n-1) + fibo(n-2)

- 10 -
Q8. From the answer group below, select the correct combination of answers to be inserted
into ___A___ through ___C___ in the program. Here, the array index starts at 1.

The program implements a stack. The stack implementation only accepts positive integers.
The function empty checks whether the stack is empty. The function full checks whether
the stack is full. If the stack is not full, the function push pushes an element with a specified
value onto the stack. If the stack is not empty, the function pop removes an element from the
stack and returns its value. In the program, areas outside of the array must not be referenced.

[Program]
global: integer []: content
← {undefined, undefined, undefined, undefined}
global: integer: index ← 1
global: integer: max ← 4 /* max size of the stack */

○ boolean: empty()
if (index = 1)
return true
else
return false
endif

○ boolean: full()
if ( ___A___ )
return true
else
return false
endif

○ boolean: push(integer: i)
if (not full())
content[index] ← i
index ← ___B___
return true
else
return false
endif

○ integer: pop()
if (not empty())
index ← ___C___
return content[index]

- 11 -
 else
return -1
endif

Answer group
A B C
a) index > max index - 1 index + 1
b) index > max index + 1 index - 1
c) index ≥ max index - 1 index + 1
d) index ≥ max index + 1 index – 1
e) index < max index - 1 index + 1
f) index < max index + 1 index - 1
g) index ≤ max index - 1 index + 1
h) index ≤ max index + 1 index - 1

- 12 -
Q9. From the answer group below, select the correct combination of answers to be inserted
into ___A___ through ___C___ in the program. Here, the array index starts at 1.

The procedure preorder traverses a binary tree and outputs the value of each node by
following the sequence: root, left subtree, and right subtree using a stack (Last In, First Out).
Each node of the binary tree is represented by the class Node. The table shows the description
of the class Node. The Node-type variable holds a reference to an instance of the class Node.
The argument root holds a reference to the root of the binary tree, which is an instance of
the class Node. In the program, areas outside of the array must not be referenced.

Table Class Node

Member variable Type Description
info character Character type value to be stored in a node
of a binary tree.
left Node A reference to the left child of a binary
tree. If there is no left child, the status is
undefined
right Node A reference to the right child of a binary
tree. If there is no right child, the status is
undefined

[Program]
○ preorder(Node: root)
Node []: stack ← {undefined, …, undefined}
// an array with sufficient number of elements
Node: v
integer: sp ← 1 // The stack pointer
stack[sp] ← root // Push root to the stack
while (sp is not ___A___ )
v ← stack[sp] // Pop an element from the stack
output v.info
sp ← sp − 1
if ( ___B___ is not undefined)
sp ← sp + 1
stack[sp] ← ___B___
endif
if ( ___C___ is not undefined)
sp ← sp + 1
stack[sp] ← ___C___
endif
endwhile

- 13 -
Answer group
A B C
a) 0 v.left v.right
b) 0 v.right v.left
c) −1 v.left v.right
d) −1 v.right v.left

- 14 -
Q10. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the program.

The procedure Insert inserts an integer number given by the argument after the last element
of the linear circular linked list. Each element of the linear circular linked list is represented
by the class ListElement. The figure shows the description of the class ListElement. The
ListElement-type variable holds a reference to an instance of the class ListElement. The
global variable listHead holds a reference to the head element of the linear circular linked
list. Remember that in the circular linked list the last element points to the listHead. Here,
if the list is empty, listHead is set to undefined.

Member variable Type Description

val integer The value of an element.
next ListElement Reference to the instance that holds the
next element in the list.

Constructor Description
ListElement(integer: newItem) Initialize the member variable val with
the argument newItem.
Figure Class ListElement

[Program]
global: ListElement: listHead ← undefined

○ Insert(integer: newItem)
ListElement: tmp, newNode
newNode ← ListElement(newItem)
if (listHead is undefined)
listHead ← newNode
listHead.next ← listHead
else
tmp ← listHead
while (tmp.next is not ___A___ )
tmp ← ___B___
endwhile
tmp.next ← newNode
newNode.next ← listHead
endif

- 15 -
Answer group
A B
a) newNode listHead.next
b) listHead tmp.next
c) tmp listHead
d) listHead newNode.next

- 16 -
Q11. From the answer group below, select the correct combination of answers to be inserted
into ___A___ through ___C___ in the program. Here, the array index starts at 1.

The program sorts the data in ascending order using the selection sort algorithm. The
algorithm repeatedly selects the smallest element from the unsorted portion of the array and
swaps it with the first element of the unsorted portion until the entire array is sorted.

[Program]
integer []: data ← {12, 11, 13, 5, 6}
integer: i, j, temp, minPos
integer: size ← the number of elements in data
for (increase i from 1 to (size – 1) by 1)
minPos ← i
for (increase j from ___A___ to size by 1)
if (data[j] ___B___ data[minPos])
minPos ← j
endif
endfor
temp ← ___C___
___C___ ← data[minPos]
data[minPos] ← temp
endfor

Answer group
A B C
a) 1 < data[i]
b) 1 < data[i + 1]
c) 1 > data[i]
d) 1 > data[i + 1]
e) i + 1 < data[i]
f) i + 1 < data[i + 1]
g) i + 1 > data[i]
h) i + 1 > data[i + 1]

- 17 -
Q12. From the answer group below, select the correct answer to be inserted into ______ in
the program.

A string of character(s) is called a palindrome if it reads the same forwards and backwards.
Here the input string consists of only the uppercase Roman alphabet. As an example, the
string "MADAM" is a palindrome as it remains the same when written backwards (right to left).
The procedure isPalindrome receives a string str as a parameter and outputs whether the
string str is a palindrome or not. The procedure should use the minimum number of
iterations for any number of characters in the string. Note that division is performed for data
type integer, that is, a ÷ b is the quotient of a divided by b.

[Program]
○isPalindrome(string: str)
integer: i, j, len
boolean: flag
flag ← true
len ← number of characters in str
i ← 1
j ← len
while ( ______ )
if (the i-th character of string str ≠ the j-th character of string str)
flag ← false
exit the while block
endif
i ← i + 1
j ← j - 1
endwhile
if (flag)
output str, " is a palindrome."
else
output str, " is not a palindrome."
endif

Answer group
a) i < j - 1
b) i < (len ÷ 2) + 1
c) i < (len ÷ 2) - 1
d) i < len ÷ j
e) i < j ÷ 2

- 18 -
Q13. From the answer group below, select the correct combination of answers to be inserted
into ___A___ through ___C___ in the program. Here, the array index starts at 1.

The function are_brackets_balanced checks for balanced brackets. It parses the given
array of characters and when an opening bracket (“(”, “[”, “{”) is encountered, this is pushed
onto the stack. When a closing bracket (“)”, “]”, “}”) is encountered, an element is popped
from the stack and tested if it corresponds to the opening bracket. If the closing bracket
matches its corresponding opening bracket, the process continues. Otherwise, it fails and the
function returns false. After all characters have been processed, it returns false if any
characters remain on the stack, otherwise it returns true. For simplicity, only brackets are
considered as arguments to the function. The table shows examples of arguments provided
to are_brackets_balanced and the return values.

Table Examples of arguments provided to the function

are_brackets_balanced and the return values
Function call Return value
are_brackets_balanced({"(", "{", "}", ")", "[", "]"}) true
are_brackets_balanced({"(", "{", "}", "[", "]"}) false
are_brackets_balanced({"(", "{", ")", "}", "[", "]"}) false

The function are_brackets_balanced uses class Stack. The figure describes class Stack.

Constructor Description
Stack() Initialize a stack.

Method Return value Description

push(character: arg) None Pushes arg onto the stack.
pop() character Returns the value popped from the stack.
isEmpty() boolean Returns true if the stack is empty.
Figure Class Stack

[Program]
global: character [][]: brackets ← {
{"(", ")"},
{"{", "}"},
{"[", "]"}
}

- 19 -
○ boolean: are_brackets_balanced(character[]: expr)
Stack: stack ← Stack()
character: c, stacked_bracket

for (c in expr)
if (is_opening_bracket(c))
stack.push(c)
else
if (stack.isEmpty())
return false
endif
stacked_bracket ← stack.pop()
if (get_closing_bracket(stacked_bracket) ___A___ )
return false
endif
endif
endfor
return ___B___

○ boolean: is_opening_bracket(character: c)
character []: chars
for (chars in brackets)
if (chars[1] = c)
return true
endif
endfor
return false

○ character: get_closing_bracket(character: c)
character []: chars
for (chars in brackets)
if (chars[1] = c)
return ___C___
endif
endfor
return undefined

- 20 -
Answer group
A B C
a) = c not stack.isEmpty() chars[1]
b) = c not stack.isEmpty() chars[2]
c) = c stack.isEmpty() chars[1]
d) = c stack.isEmpty() chars[2]
e) ≠ c not stack.isEmpty() chars[1]
f) ≠ c not stack.isEmpty() chars[2]
g) ≠ c stack.isEmpty() chars[1]
h) ≠ c stack.isEmpty() chars[2]

- 21 -
Q14. From the answer group below, select the correct answer to be inserted into _________ in
the description. Here, the array indexes start at 1.

The function calcSim takes two vectors (arrays) as input, calculates their similarity, and
returns a value that characterizes the similarity. A large similarity indicates that the vectors
are similar, and a small similarity indicates that the vectors are dissimilar. For example, to
quantify the similarity between two documents, you can create a vector of occurrences of
some words for each of the two documents and input them into calcSim. When the function
calcSim({2, 2, 1, 0, 4}, {3, 1, 1, 1, 2}) is called, the return value rounded to
the first decimal place is _________ .

[Program]
// Assume that arrays v1 and v2 have the same number of one or more elements
// and that the arrays are not all-zero.
○ real: calcSim(integer []: v1, integer []: v2)
integer: i, x, y
integer: sxx ← 0
integer: syy ← 0
integer: sxy ← 0
for (increase i from 1 to the number of elements in v1 by 1)
x ← v1[i]
y ← v2[i]
sxx ← sxx + x × x
syy ← syy + y × y
sxy ← sxy + x × y
endfor
return sxy ÷ (square root of (sxx × syy))

Answer group
a) 0.1 b) 0.2 c) 0.3 d) 0.4
e) 0.5 f) 0.6 g) 0.7 h) 0.8
i) 0.9 j) 1.0

- 22 -
Q15. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the program. Here, the array index starts at 1.

N-grams are continuous sequences of words, symbols, or tokens in a document. N-grams of

texts are extensively used in text mining and natural language processing tasks. An n-gram
model is built by counting how often word sequences occur in corpus text and then
estimating the probabilities. The figure shows an example of the unigrams, bigrams, and
trigrams of the example sentence “ITPEC includes members from 6 countries.”

unigram ITPEC includes members from 6 countries

bigram ITPEC includes includes members members from from 6 6 countries

trigram ITPEC includes members includes members from members from 6 from 6 countries

Figure Example of unigrams, bigrams, and trigrams

The procedure NGRAMS generates n-grams from text and outputs them. If the argument for n
is 1, the procedure outputs the unigram result. If n is 2, the procedure outputs the bigram
result and so on. The input text is a string of words separated by a space, so it is needed to
split the string to generate n-grams. The table shows the description of the functions used in
the program. In this question, the operator “+” is used for both arithmetic calculation of
integer data type and concatenation of one or more strings into one string. In the program,
areas outside of the array must not be referenced.

Table Functions
Function Return value Description
split(string: str) string [] Returns the words that are separated with a
space in the text str

[Program]
○ NGRAMS(integer: n, string: text)
string []: words ← split(text)
string: s
integer: i, j, length
length ← the number of elements in words
for (increase i from 1 to ( ___A___ ) by 1)
s ← ""
for (increase j from i to ( ___B___ ) by 1)
s ← s + words[j] + " "
endfor

- 23 -
 output s
endfor

Answer group
A B
a) length n
b) length i + n
c) length i + n − 1
d) length − n n
e) length − n i + n
f) length − n i + n − 1
g) length − n + 1 n
h) length − n + 1 i + n
i) length − n + 1 i + n − 1

- 24 -
Q16. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the program.

The function m_sin calculates and returns the approximate value of sin(x) for the argument
x using the Maclaurin expansion. The program calculates sin(x) using the approximate
formula below:
sin(x) = x/1! - x3/3! + x5/5! - … + (-1)n × ( x(2n+1)/(2n+1)!)
Here, ! is the factorial symbol, and n is the first integer for which | x(2n+1) / (2n+1)! | ≤ 10-7 is
satisfied.

[Program]
○ real: m_sin(real: x)
real: vn ← x
real: k ← 1
real: sum ← vn
real: epsi ← 1×10-7
while (abs(vn) ___A___ ) // abs(vn) returns the absolute value of vn
k ← k + 2
vn ← ___B___
sum ← sum + vn
endwhile
return sum

Answer group
A B
a) ≤ epsi − vn × x ÷ k
b) ≤ epsi − vn × x2 ÷ k2
c) ≤ epsi − vn × x2 ÷ ((k − 1) × k)
d) ≤ epsi − vn × xk ÷ k2
e) ≤ epsi − vn × xk ÷ ((k − 1) × k)
f) > epsi − vn × x ÷ k
g) > epsi − vn × x2 ÷ k2
h) > epsi − vn × x2 ÷ ((k − 1) × k)
i) > epsi − vn × xk ÷ k2
j) > epsi − vn × xk ÷ ((k − 1) × k)

- 25 -
Q17. From the answer group below, select the correct combination of answers to be inserted
into ___A___ and ___B___ in the description.

An information systems company S has a guideline related to any issue for workers doing
their daily job. The company has an information security team responsible for related issues
and updates workers’ knowledge on information security.

One morning, a company worker who had just started his daily job and successfully signed
into the company’s enterprise system received the following email:

From: Administration Department Staff

To: To whom it may concern
Subject: Action Required: Please update your bank account information.

This email has been sent to employees who failed to receive their paychecks because
their bank account information is incorrect. Please use the link below to update your
account information ASAP. Please complete the update by noon today to receive
your next paycheck in time.

Link: https://www.example.com/company-s/paycheck&param=xnt6a5mv9YeKK1

Soon, the worker realized that something wrong. He followed the guideline instead of
clicking on the link in the email because he suspected this is a ___A___ attack, and it is
typically conducted through ___B___ . He also informed the company’s information
security team to deal with the issue.

A few days later, the worker received an email from the information security team leader.
The email was to notify that the issue was resolved, thanking the worker for his
responsibility in handling the case according to the guideline.

Answer group
A B
a) man in the middle email with incorrect digital signatures
b) man in the middle links with malicious HTTP request parameters
c) phishing email directing someone to a spoofed web site
d) phishing email with incorrect digital signatures
e) SQL injection email directing someone to a spoofed web site
f) SQL injection links with malicious HTTP request parameters

- 26 -
Q18. From the answer group below, select the most appropriate combination of answers to be
inserted into ____A____ through ____C____ in Table 1.

Company X is a small trading company. The company is about to provide a new e-commerce
web site for customers to make purchases online. The company will also hosts its own email
service for the employees to conduct business with partners and customers. Company X will
utilize public key infrastructure (PKI) to provide security for both the web server and email
service. PKI uses public key cryptography to manage the identity of servers or persons and
is widely used on the Internet.

Mr. T, the IT support person of company X is assigned to prepare the web server and email
service in accordance with the following requirements:

 The e-commerce web application will run on the web server that is certified by a third-
party certification authority. All connections to the web server will be secured using
HTTPS.

 The staff directory along with the contact information will be published on the web site
to enable business partners and customers to use the information to securely
communicate with employees of company X.

The actions taken by Mr. T are shown in Table 1.

Table 1 Actions taken by Mr. T

No Action
1 To enable secure and trusted connections to the web server, Mr. T submits the web
server certificate along with the ____A____ to the third-party certification
authority. The certification authority signs the certificate with its own private key.
Then, he installs the signed certificate on company X’s web server.
2 To allow business partners and customers to send encrypted email messages to
particular contacts in company X, Mr. T publishes the ____B____ along with the
employee’s information in the staff directory on company X’s web site.
3 To send digitally signed email messages to partners and customers, the employees
of company X are required to install the ____C____ on their email clients.
Therefore, Mr. T provides support to the employees who require assistance.

- 27 -
Answer group
A B C
a) web server’s private key Employees’ private key customers’ private key
b) web server’s private key Employees’ private key customers’ public key
c) web server’s private key employees’ private key employee’s public key
d) web server’s public key employees’ public key customers’ private key
e) web server’s public key employees’ public key customers’ public key
f) web server’s public key employees’ public key employee’s private key

- 28 -
Q19. From the answer group below, select the most appropriate combination of answers to be
inserted into ____A____ and ____B____ in the following description.

Company Y is an online retailer providing e-commerce web applications for customers to

make purchases online and also allows customers to post product reviews. The web
application was developed and maintained in-house. The properties of the e-commerce web
application are shown in Figure 1.

• The web application resides on the web server in the demilitarized zone (DMZ), and
the database used by the web application resides on the database server in the internal
network.
• The firewall is properly configured, the customers can only access the web server in
the DMZ, and the database can only be accessed from the web server.
• The web server allows access only through the HTTPS service, and the certificate is
properly configured.
• The customers can login using their registered email address and password.
• The password is hashed and stored on the database.
• The customer is locked out and notified by email with a recovery link if there are 5
consecutive incorrect login attempts.
• Third-party payment gateways are used to perform financial transactions. The credit
card information of customers is not stored in the database.
• There is a password recovery system which allows the customer to reset the password
through a password recovery link sent to the registered email address.

Figure 1 Properties of the e-commerce web application

Due to recent incidents with multiple customers reporting that their accounts were
compromised, the management tasked the IT team to investigate and address the issues. The
IT team found that many customer accounts logins were unnoticed by the actual account
owners, and some of the accounts were used to post fake reviews. The IT team also
discovered unauthorized access to the database with illegal queries executed with no trace
of administration login.

The IT team concluded that the incidents are most likely caused by using the same password
on other leaked sites and ____A____ . They proposed to implement 2-factor authentication
and ____B____ to mitigate respective issues in the future. The management then agreed to
the plan, and the solutions was implemented accordingly.

- 29 -
Answer group
A B
a) connection tapping database encryption
b) connection tapping web application firewall
c) online brute force attacks CAPTCHA
d) online brute force attacks more complex password policy
e) SQL injection database encryption
f) SQL injection web application firewall

- 30 -
Q20. From the answer group below, select the correct combination of answers to be inserted
into ___A___ through ___C___ in the description.

A zone is a group of interfaces that have similar functions or features. Zones establish the
security borders of a network. A zone defines a boundary where traffic is subjected to policy
restrictions when crossing into another region of a network. An inspection policy is applied
to traffic moving between zones. Inter-zone policies offer considerable flexibility. Hence,
different inspection policies can be applied to multiple host groups connected to the same
router interface.

Company Z, intends to apply a zone-based policy firewall in their datacenter. Thus, they
develop the network topology shown in Figure 1.

PUBLIC zone
PRIVATE zone
The Internet
PC-1
・・・

DMZ zone

PC-n Server-1
・・・

Server-n

Figure 1 Network topology

These zones have the following characteristics:

• The DMZ zone represents a zone where servers accessed from the Internet are
located. Even if a server in the DMZ zone is breached, direct access to the internal
PCs of the datacenter is prevented.
• The PUBLIC zone represents the entire network outside the datacenter.
• The PRIVATE zone represents the internal network. All datacenter PCs are located
in this zone.

The security policy for the datacenter should be:

• Hosts in the ___A___ zone cannot connect to hosts in the ___B___ zone.

- 31 -
 • Hosts in the ___A___ zone can only access the DNS service on all hosts in the
___C___ zone and HTTP/HTTPS service on limited hosts in the ___C___ zone
to retrieve software updates.
• Hosts in the ___B___ zone can connect to hosts in the ___A___ zone on all
TCP, UDP and ICMP services.
• Hosts in the ___B___ zone can reach the ___C___ zone but not vice versa.
• Hosts in the ___C___ zone can reach HTTPS service on hosts in the ___A___
zone. This policy will restrict access to other services available on each server.

Answer group
A B C
a) DMZ PUBLIC PRIVATE
b) DMZ PRIVATE PUBLIC
c) PRIVATE DMZ PUBLIC
d) PRIVATE PUBLIC DMZ
e) PUBLIC DMZ PRIVATE
f) PUBLIC PRIVATE DMZ

_ _
Company names and product names appearing in the test questions are trademarks or registered
trademarks of their respective companies. Note that the ® and ™ symbols are not used within the text.

- 32 -