2022 HKDSE Information and Communication Technology Answers & Marking Scheme

To convert -58 to 8-bit two's complement:\n1. Find the binary representation of +58: \(58 = 32 + 16 + 8 + 2\), which is 00111010.\n2. Invert the bits (one's complement): 11000101.\n3. Add 1 to the result: 11000110.

1 mark for the correct option A. No marks for incorrect choices.

Referential integrity requires that a foreign key value must match an existing primary key value in the referenced table. If a record in the parent table (CLASS) is deleted while there are still matching records in the child table (STUDENT), the foreign key ClassID in STUDENT would refer to a non-existent primary key in CLASS, violating referential integrity.

1 mark for correct option C.

The Program Counter (PC) is a dedicated CPU register that holds the memory address of the next instruction to be fetched and executed. Once the instruction is fetched, the PC is incremented to point to the next instruction.

1 mark for correct option A.

Compiled programs are already fully translated into machine code, allowing direct execution by the CPU at high speed. Interpreted programs must be translated line-by-line during runtime by an interpreter, which introduces overhead and requires the interpreter to be present.

1 mark for correct option C.

To find the network ID, perform a bitwise AND operation between the IP address and the subnet mask. For the fourth octet: IP = 45 (00101101 in binary), Mask = 240 (11110000 in binary). The bitwise AND is \(00101101 \text{ AND } 11110000 = 00100000\), which is 32 in decimal. Therefore, the network ID is 192.168.10.32.

1 mark for correct option B.

In public key cryptography, to ensure confidentiality, the sender (Alice) must encrypt the message using the recipient's (Bob's) public key. Only the recipient's private key (Bob's private key) can decrypt this message.

1 mark for correct option D.

RFID uses radio waves to transfer data, which does not require a direct line of sight. This allows readers to scan hundreds of RFID tags simultaneously and from a distance, whereas barcodes must be scanned individually with direct line of sight.

1 mark for correct option B.

Let's trace the nested loops:\n- \(i = 1\): \(j\) runs from 1 to 4. \(\text{count} = 0 + (1\times1 + 1\times2 + 1\times3 + 1\times4) = 10\).\n- \(i = 2\): \(j\) runs from 2 to 4. \(\text{count} = 10 + (2\times2 + 2\times3 + 2\times4) = 10 + 18 = 28\).\n- \(i = 3\): \(j\) runs from 3 to 4. \(\text{count} = 28 + (3\times3 + 3\times4) = 28 + 21 = 49\).\n- \(i = 4\): \(j\) runs from 4 to 4. \(\text{count} = 49 + (4\times4) = 49 + 16 = 65\).\nThus, the final value of `count` is 65.

1 mark for correct option B.

The license 'CC BY-NC-ND' stands for:\n- BY (Attribution): Credit must be given.\n- NC (Non-Commercial): Commercial use is prohibited.\n- ND (No Derivatives): Modifications are prohibited.\nOption A complies with all terms: it is non-commercial (free school newsletter), has no modifications, and attributes the photographer. Options B and D violate the NC clause, while Option C violates the ND clause.

1 mark for correct option A.

In SQL, aggregate functions (such as `SUM`) cannot be used in a `WHERE` clause because the `WHERE` clause filters individual rows before grouping. To filter groups created by `GROUP BY` based on aggregate conditions, the `HAVING` clause must be used. Therefore, Option B is correct.

1 mark for correct option B.

In 8-bit two's complement, \(-75\) is represented as \(10110101_2\) and \(-85\) is represented as \(10101011_2\). Adding them gives: \(10110101_2 + 10101011_2 = 101100000_2\). Truncating to 8 bits gives \(01100000_2\), which is positive \(96_{10}\). Adding two negative numbers results in a positive number, which indicates that an arithmetic overflow has occurred.

1 mark for the correct answer B. 0 marks for incorrect options.

The bootloader (1) is non-volatile startup code, best stored in ROM. Real-time temperature logs (2) are frequently updated and do not need to persist permanently, so RAM is ideal. The user's configuration (3) needs to be non-volatile yet rewritable, making Flash Memory the most suitable.

1 mark for the correct answer A. 0 marks for incorrect options.

Thrashing occurs when the virtual memory system is overloaded, causing the operating system to spend more time swapping memory pages between RAM and the hard disk (paging file) than executing actual applications.

1 mark for the correct answer A. 0 marks for incorrect options.

(1) is correct because referential integrity prevents foreign keys from referencing non-existent primary keys. (2) is correct because 'Restrict delete' prevents deletion of a primary record if there are child records referencing it. (3) is correct because if joining a club is optional, a NULL value is permitted in the foreign key field.

1 mark for the correct answer D. 0 marks for incorrect options.

Grouping by Salesperson: 'Alice' has 2 transactions with sum 1900 and average 950. 'Bob' has 2 transactions with sum 2000 and average 1000. 'Charlie' has 2 transactions with sum 350 and average 175. The HAVING clause filters out groups where average amount is not greater than 500, which excludes Charlie. Thus, only Alice and Bob are returned with their sums.

1 mark for the correct answer A. 0 marks for incorrect options.

During routing across subnets, the logical IP addresses (source and destination) remain constant to ensure end-to-end delivery. However, the physical MAC addresses in the Layer 2 frame header are updated at each hop (router) to direct the frame to the next intermediate node on the physical link.

1 mark for the correct answer D. 0 marks for incorrect options.

A digital signature is created by hashing the message and encrypting the hash with the sender's private key. The recipient can decrypt it with the sender's public key to verify that the message indeed came from the sender (authenticity), has not been altered (integrity), and cannot be denied by the sender (non-repudiation).

1 mark for the correct answer B. 0 marks for incorrect options.

Platform as a Service (PaaS) provides a computing platform, including operating system, programming language execution environment, database, and web server, which allows users to develop, run, and manage applications without the complexity of building and maintaining the infrastructure.

1 mark for the correct answer B. 0 marks for incorrect options.

The algorithm finds the maximum value (X) and minimum value (Y) of the array. During iteration: i=1: A[1]=8 > 3 -> X=8. i=2: A[2]=2 < 3 -> Y=2. i=3: A[3]=7 (no change). i=4: A[4]=5 (no change). Thus, X=8, Y=2. Finally, X - Y = 8 - 2 = 6.

1 mark for the correct answer C. 0 marks for incorrect options.

Error (1) is a logical error because the program compiles and runs without crashing but produces incorrect logic (it calculates score1 + score2 + (score3/3) instead of (score1+score2+score3)/3). Error (2) causes the program to crash during execution due to unmatched types, which is classified as a runtime error.

1 mark for the correct answer A. 0 marks for incorrect options.

To find the 8-bit two's complement of \(-37\): 1. Represent \(+37\) in 8-bit binary: \(00100101_2\). 2. Find the one's complement by inverting the bits: \(11011010_2\). 3. Add 1 to find the two's complement: \(11011010_2 + 1_2 = 11011011_2\).

1 mark for the correct option. No marks for incorrect or multiple answers.

The referential integrity constraint ensures consistency between related tables. Under the RESTRICT rule (or NO ACTION), the system prevents the deletion of a record in the parent table ('Student') if there are corresponding matching records in the child table ('Enrollment').

1 mark for the correct option. No marks for incorrect or multiple answers.

The Program Counter (PC) stores the address of the next instruction to be fetched. Once the instruction is fetched from memory, it is loaded into the Instruction Register (IR) where it is decoded and executed.

1 mark for the correct option. No marks for incorrect or multiple answers.

The host part in the last octet is 45, which in binary is \(00101101_2\). The last octet of the subnet mask is 240, which is \(11110000_2\). Performing a bitwise AND operation: \(00101101_2 \text{ AND } 11110000_2 = 00100000_2\), which is 32 in decimal. Thus, the subnet address is '192.168.10.32'.

1 mark for the correct option. No marks for incorrect or multiple answers.

To achieve confidentiality, Alice encrypts the message with Bob's public key so that only Bob can decrypt it with his private key. To achieve authenticity and non-repudiation, Alice signs the message with her private key, which anyone can verify using Alice's public key.

1 mark for the correct option. No marks for incorrect or multiple answers.

When i = 0, the inner loop compares A[0] with A[j] for j from 1 to 5:
- j = 1: A[0] < A[1] (3 < 8) is true -> swap, A becomes [8, 3, 2, 7, 5, 10]
- j = 2: A[0] < A[2] (8 < 2) is false
- j = 3: A[0] < A[3] (8 < 7) is false
- j = 4: A[0] < A[4] (8 < 5) is false
- j = 5: A[0] < A[5] (8 < 10) is true -> swap, A becomes [10, 3, 2, 7, 5, 8].
Thus, at the end of i = 0, the array is [10, 3, 2, 7, 5, 8].

1 mark for the correct option. No marks for incorrect or multiple answers.

Option (a) is correct. It filters female students first using WHERE, groups them by Class, and then uses HAVING to filter classes with more than 5 students. Option (b) fails because Gender is used in HAVING without being grouped. Option (c) fails because aggregate functions (COUNT) cannot be used in WHERE. Option (d) has incorrect SQL keyword ordering.

1 mark for the correct option. No marks for incorrect or multiple answers.

The restrictions are: attribution (BY, default in CC), non-commercial (NC), and share-alike (SA, modified works shared under same terms). Since modifying is allowed, ND (No Derivatives) is NOT applied. Therefore, the license is CC BY-NC-SA.

1 mark for the correct option. No marks for incorrect or multiple answers.

(1) is correct as virtual memory uses secondary storage to extend address space. (2) is incorrect because secondary storage is significantly slower than physical RAM; relying heavily on virtual memory causes 'thrashing' and slows down the system. (3) is correct by definition of a page fault.

1 mark for the correct option. No marks for incorrect or multiple answers.

(1) Checking if a mandatory field is filled is a presence check. (2) Checking if the characters follow a specific template is a format check. (3) Verifying the correctness of an embedded validation digit using a mathematical algorithm is a check digit validation.

1 mark for the correct option. No marks for incorrect or multiple answers.

First, convert both numbers to decimal or compute in binary. \(A = 01001100_2 = 76_{10}\). \(B = 10110101_2\). Since MSB of \(B\) is 1, it is a negative number. Its magnitude is found by flipping the bits and adding 1: \(01001010 + 1 = 01001011_2 = 75_{10}\). Thus \(B = -75_{10}\). The subtraction is \(A - B = 76 - (-75) = 151_{10}\). The range of an 8-bit 2's complement system is \([-128, 127]\). Since 151 is outside this range, overflow occurs. Performing the subtraction in binary: \(01001100_2 - 10110101_2 = 01001100_2 + 01001011_2 = 10010111_2\). The result has a sign bit of 1, indicating a negative number, which conflicts with a positive result, confirming overflow.

1 mark for the correct answer A.

Statement (1) is correct as cache acts as a temporary buffer to speed up data access between CPU and RAM. Statement (2) is incorrect because registers are the fastest memory located directly inside the CPU core, which are faster than cache. Statement (3) is correct as cache memory is designed to be physically close to or integrated into the CPU to minimize latency.

1 mark for the correct answer B.

Operation (1) is rejected because the foreign key in `STUDENT` must reference an existing primary key in `CLASS`. Operation (2) is rejected because deleting a parent record that has associated child records would leave orphan records in `STUDENT`, violating referential integrity. Operation (3) is allowed because deleting a record from a child table does not violate any referential integrity constraints.

1 mark for the correct answer C.

The subnet mask is `255.255.255.240`. The last octet has 4 subnet bits and 4 host bits. With 4 host bits, there are \(2^4 = 16\) addresses per subnet. For the subnet starting at `192.168.10.32`:
- Subnet/Network Address: `192.168.10.32`
- First usable host address: `192.168.10.33`
- Last usable host address: `192.168.10.46`
- Broadcast Address: `192.168.10.47`
Therefore, `192.168.10.35` and `192.168.10.45` are valid host addresses. `192.168.10.47` is the broadcast address, which cannot be assigned to a host computer. Hence, (1) and (2) only.

1 mark for the correct answer B.

To achieve confidentiality, Alice must encrypt the message with the recipient's public key (Bob's public key), so that only the corresponding private key (Bob's private key) can decrypt it. To achieve authenticity, Alice must sign the message using her own private key (Alice's private key). Bob can then verify this signature using Alice's public key.

1 mark for the correct answer C.

Let's dry run the algorithm:
- Initial: `A = 45`, `B = 12`, `COUNT = 0`
- Loop 1: `A >= B` (45 >= 12 is True)
- `A = 45 - 12 = 33`
- `COUNT = 0 + 1 = 1`
- Loop 2: `A >= B` (33 >= 12 is True)
- `A = 33 - 12 = 21`
- `COUNT = 1 + 1 = 2`
- Loop 3: `A >= B` (21 >= 12 is True)
- `A = 21 - 12 = 9`
- `COUNT = 2 + 1 = 3`
- Loop 4: `A >= B` (9 >= 12 is False). The loop terminates.
- Final values: `A = 9`, `COUNT = 3`.

1 mark for the correct answer D.

Validation checks are automated procedures carried out by a computer to identify invalid data. (1) Format check and (2) Range check are validation techniques. (3) Double entry is a data verification method, which is used to check if data has been copied or entered accurately, but is not a system-automated validation rule on the input string format itself. Thus, (1) and (2) only.

1 mark for the correct answer C.

Paging is a memory management scheme that eliminates the need for contiguous allocation of physical memory. It divides physical memory into fixed-size blocks (called page frames) and virtual memory into same-sized blocks (called pages), allowing the operating system to store processes in non-contiguous physical memory locations.

1 mark for the correct answer D.

To require giving proper credit, the programmer needs 'Attribution' (BY). To restrict usage to non-commercial activities, the programmer needs 'Non-Commercial' (NC). To prevent modification/creation of derivative works, the programmer needs 'No Derivatives' (ND). Therefore, the correct combination is CC BY-NC-ND.

1 mark for the correct answer B.

To calculate the total sales amount per region, we must group the records by `Region` using `GROUP BY Region`. To filter the groups based on an aggregate condition (sum of amount > 50000), we must use the `HAVING` clause because `WHERE` cannot be used with aggregate functions like `SUM()`. Therefore, Option B is correct.

1 mark for the correct answer B.

(a) (i) 11110100 in 2's complement is negative. Invert bits: 00001011, add 1: 00001100, which is 12. Thus, -12.
(ii) Formula for range: \(-2^{n-1}\) to \(2^{n-1} - 1\). For 8 bits, this is \(-2^7\) to \(2^7 - 1\), which is -128 to 127.

(b) (i) 213 / 16 = 13 remainder 5. 13 in hex is D. Thus, D5.
(ii) Hexadecimal represents 4 bits with a single character, making it shorter and easier for humans to read, write, and debug than binary, while maintaining a simple direct conversion.

(c) (i) Denary 65 = Binary 1000001 (7-bit). Count of 1s is 2 (which is even). Therefore, the parity bit must be 0 to keep the total number of 1s even. 8-bit byte: 01000001.
(ii) A single parity bit can only detect an odd number of bit errors. If an even number of bits (e.g., 2 bits) change during transmission, the parity remains correct and the error goes undetected.

(a)(i) 1 mark for correct magnitude (12), 1 mark for negative sign (-12).
(a)(ii) 1 mark for the lower limit (-128), 1 mark for the upper limit (127).
(b)(i) 1 mark for calculating division by 16, 1 mark for correct hex value (D5).
(b)(ii) 2 marks for a well-explained reason (e.g., readability, conciseness, reducing errors).
(c)(i) 1 mark for converting 65 to binary (1000001), 1 mark for prepending the correct even parity bit (0).
(c)(ii) 2 marks for explaining that an even number of errors cancel out the parity change and go undetected.

(a) The relationship is one-to-many (one book can be borrowed multiple times). It is implemented by placing the primary key of the BOOKS table (`BookID`) as a foreign key in the LOANS table.

(b) Referential integrity ensures consistency between related tables. Specifically, it prevents a user from inserting a record in LOANS with a `BookID` that does not exist in the BOOKS table, and prevents deleting a book from BOOKS if it has active borrowing records in LOANS.

(c) The SQL query selects fields from BOOKS filtered by Category:
`SELECT Title, Author FROM BOOKS WHERE Category = 'Science';`

(d) The SQL query groups by BookID and uses HAVING to filter aggregate results:
`SELECT BookID, COUNT(*) FROM LOANS GROUP BY BookID HAVING COUNT(*) > 5;`
(Accept `COUNT(LoanID)` or `COUNT(BookID)` instead of `COUNT(*)`).

(e) Storing `Title` in the LOANS table causes data redundancy because the title is already recorded in the BOOKS table. This results in waste of storage and can cause update anomalies (e.g., if a book's title is modified in BOOKS, it would also need to be manually updated in multiple records in LOANS to maintain consistency).

(a) 1 mark for stating 'one-to-many', 1 mark for explaining foreign key linkage.
(b) 1 mark for explaining database consistency, 1 mark for applying it to the context of preventing invalid BookID in LOANS.
(c) 1 mark for correct SELECT and FROM clauses, 1 mark for correct WHERE clause.
(d) 1 mark for SELECT BookID, COUNT(*), 1 mark for GROUP BY BookID, 1 mark for HAVING COUNT(*) > 5.
(e) 1 mark for identifying data redundancy / storage waste, 2 marks for explaining update anomalies (inconsistent data when title changes).

(a) (i) A switch establishes a direct connection between the sender and the receiver (unicast), whereas a hub broadcasts data packets to all connected ports. This reduces collisions and congestion, improving overall network bandwidth and performance.
(ii) Since a hub broadcasts all data, any device on the network can easily sniff and intercept traffic intended for other devices using packet analyzers. A switch directs traffic only to the specific destination port, preventing unauthorized sniffing.

(b) (i) DHCP stands for Dynamic Host Configuration Protocol. Its main function is to automatically assign IP addresses, subnet masks, default gateways, and DNS server configurations to devices dynamically when they connect to the network.
(ii) No, it cannot. An APIPA address (e.g., 169.254.x.x) is a self-assigned link-local address. It is non-routable on the Internet, meaning the device can only communicate with other local devices on the same subnet.

(c) (i) Packet filtering firewalls inspect packets at the network and transport layers (checking source/destination IP addresses, port numbers, and protocols) without examining the data payload. Application-level gateway firewalls act as a proxy, inspecting the actual contents/payload at the application layer to verify protocol-specific commands.
(ii) A rule like: "Allow incoming TCP packets from Any IP address, with source port Any, to Destination IP [Web Server IP Address] on Destination Port 80 (HTTP) or 443 (HTTPS), and block all other incoming traffic."

(a)(i) 1 mark for mentioning hub broadcasts vs switch unicasts, 1 mark for relating this to reduced collisions/increased performance.
(a)(ii) 2 marks for explaining how switch isolates traffic compared to hub broadcasting, preventing packet sniffing.
(b)(i) 1 mark for the correct full name, 1 mark for describing auto-allocation of IP configurations.
(b)(ii) 1 mark for 'No', 1 mark for explaining that APIPA addresses are link-local / non-routable.
(c)(i) 1 mark for defining packet filtering (IP/port headers), 1 mark for defining application-level gateway (inspecting application payload/proxy).
(c)(ii) 2 marks for describing a complete rule indicating destination IP, protocol (TCP), and port (80 or 443).

(a)
(i) `largest`
(ii) `A[i]`
(iii) `A[i] > second_largest` (Accept `A[i] > second_largest And A[i] < largest`)

(b) Let's trace with N = 4, A = [12, 15, 8, 14]:
Initial: largest = 12, second_largest = -999999
- Iteration 1 (i = 2, A[2] = 15):
Since 15 > 12 is True:
second_largest = largest = 12
largest = A[2] = 15
- Iteration 2 (i = 3, A[3] = 8):
Since 8 > 15 is False,
Check Else If: 8 > 12 is False. No change. (largest = 15, second_largest = 12)
- Iteration 3 (i = 4, A[4] = 14):
Since 14 > 15 is False,
Check Else If: 14 > 12 is True:
second_largest = 14. (largest = 15, second_largest = 14)

(c) In the worst-case scenario, every element after the first (i.e. N - 1 elements) is not greater than the current `largest` but is greater than the current `second_largest` (or we simply evaluate both conditions). This forces both the `If` statement and the `Else If` statement to be evaluated. Thus, 2 comparisons are performed per iteration.
Total comparisons = \(2(N - 1)\).

(d) To find the second smallest:
1. Change initial value of `second_largest` (rename to `second_smallest`) to a very large positive number (e.g., 999999).
2. Change initial value of `largest` (rename to `smallest`) to `A[1]`.
3. Reverse all comparison operators in the conditions: change `>` to `<` in both the `If` and `Else If` statements.

(a) 1 mark for blank (i), 1 mark for blank (ii), 2 marks for blank (iii).
(b) 1 mark for correct initial setup and correct values for each iteration (total 3 iterations shown clearly, 1 mark per correct iteration step).
(c) 1 mark for stating 2(N - 1) comparisons, 1 for explaining that both If and Else If checks must run.
(d) 1 mark for changing initial values to a large infinity-like number, 1 mark for reversing the comparisons from > to <.

(a) Advantages of IoT streetlights:
1. Dynamic/Smart dimming: Sensors can detect pedestrians/vehicles and dim lights when empty, saving energy.
2. Remote monitoring/Predictive maintenance: Broken bulbs are automatically reported to the maintenance department, eliminating the need for manual physical inspection.

(b) (i) Privacy concerns:
1. Location tracking: Citizens' daily movements and travel paths can be monitored.
2. Identification without consent: High-resolution cameras might perform facial recognition or read license plates without residents' permission.
(ii) Measures:
1. Edge-side blurring/anonymization of faces and license plates before storing or transmitting.
2. Set clear data retention policies (e.g., delete recorded video feeds after 24 hours, keeping only numerical traffic data).

(c) (i) Cloud storage enables centralized data processing and analytics across the whole city. It also reduces hardware costs on individual streetlights and ensures data is not lost if a streetlight physical unit is damaged.
(ii) Risks:
1. Network dependency: If Internet connectivity is lost, real-time control and monitoring of the streetlights will fail.
2. Security vulnerability: A centralized cloud database is a high-value target for hackers; if breached, control of all city streetlights could be compromised.

(d) Edge computing means processing data locally on the streetlight's processor (at the edge of the network). Instead of streaming heavy, high-definition raw video to the cloud, the streetlight processes the video locally to count cars/pedestrians, and only sends the light-weight numerical results (e.g., "traffic count = 15") to the cloud, dramatically reducing bandwidth consumption.

(a) 1 mark for each valid advantage (e.g., energy efficiency, automatic maintenance alerts), max 2 marks.
(b)(i) 1 mark for each valid privacy concern (location tracking, facial recognition), max 2 marks.
(b)(ii) 1 mark for each valid technical/administrative measure (data masking, strict retention rules), max 2 marks.
(c)(i) 2 marks for explaining centralized management or scalability of storage.
(c)(ii) 1 mark for network connection dependency, 1 mark for cyberattack security risks.
(d) 2 marks for explaining that processing raw video locally on the device and only sending analyzed numerical metadata reduces network transmission.

(a)(i) A pet can book the same room multiple times on different dates. Therefore, the combination of PetID and RoomNo is not unique and cannot uniquely identify a booking record.\n(a)(ii) The PetID in the BOOKING table is a foreign key referencing the PetID primary key in the PET table. Every PetID in BOOKING must exist in the PET table to ensure that booking records are associated with valid registered pets.\n\n(b)(i) There is a repeating group of room details (RoomNo, RoomType, Rate) for a single invoice when multiple rooms are booked, violating the atomicity requirement of 1NF.\n(b)(ii) \n1NF:\nINVOICE (InvoiceNo, PetID, OwnerName, OwnerAddress, CheckInDate, CheckOutDate)\nINVOICE_ROOM (InvoiceNo, RoomNo, RoomType, Rate)\n\n2NF (Eliminate partial dependencies):\nINVOICE (InvoiceNo, PetID, OwnerName, OwnerAddress, CheckInDate, CheckOutDate)\nINVOICE_ROOM (InvoiceNo, RoomNo)\nROOM_DETAILS (RoomNo, RoomType, Rate)\n\n3NF (Eliminate transitive dependencies: OwnerName and OwnerAddress depend on PetID, which depends on InvoiceNo):\nINVOICE (InvoiceNo, PetID, CheckInDate, CheckOutDate) [PK: InvoiceNo, FK: PetID]\nPET_OWNER (PetID, OwnerName, OwnerAddress) [PK: PetID]\nROOM_DETAILS (RoomNo, RoomType, Rate) [PK: RoomNo]\nINVOICE_ROOM (InvoiceNo, RoomNo) [PK: (InvoiceNo, RoomNo), FK: InvoiceNo, RoomNo]\n\n(c)(i)\nSELECT RoomNo, SUM(ActualCost) AS TotalRevenue\nFROM BOOKING\nWHERE StartDate >= '2023-01-01' AND StartDate <= '2023-12-31'\nGROUP BY RoomNo;\n\n(c)(ii)\nSELECT PetID, PetName\nFROM PET\nWHERE PetID NOT IN (\n SELECT PetID\n FROM BOOKING B JOIN ROOM R ON B.RoomNo = R.RoomNo\n WHERE R.Category = 'Deluxe'\n);

(a)(i) 1 mark for pointing out that a pet can make multiple bookings for the same room over time, 1 mark for explaining that it fails the uniqueness constraint of a primary key.\n(a)(ii) 1 mark for identifying the foreign key PetID in BOOKING, 1 mark for stating it must map to a valid PetID in PET.\n(b)(i) 1 mark for identifying the repeating room attributes violating atomicity.\n(b)(ii) 1 mark for correct 1NF, 1 mark for correct 2NF, 2 marks for correct 3NF with primary/foreign keys properly defined.\n(c)(i) 1 mark for SELECT with SUM and GROUP BY, 1 mark for correct WHERE date filter, 1 mark for syntactical correctness.\n(c)(ii) 1 mark for correct subquery retrieving Deluxe room bookings, 1 mark for outer query with NOT IN, 1 mark for correct projection and syntax.

(a)(i) Cookies are stored on the client side (browser) and can be easily tampered with or stolen via Cross-Site Scripting (XSS). Sessions are stored securely on the server side, with only a session ID stored in the client cookie, preventing users from directly viewing or altering sensitive session variables.\n(a)(ii) HTTPS encrypts all communication between the browser and the server using SSL/TLS, preventing eavesdropping and tampering. It uses asymmetric cryptography (public key cryptography) during the initial handshake to establish secure symmetric keys.\n\n(b) Validation 1: Client-side. It provides instant feedback to users without waiting for a server round-trip, improving user experience and saving server bandwidth.\nValidation 2: Server-side. Checking if a student has already voted requires querying the central database, which resides securely on the server. Client-side code can be bypassed by malicious users, so security-critical integrity checks must be on the server.\n\n(c)(i) \n1. JavaScript creates an XMLHttpRequest object or uses the Fetch API in the background.\n2. An asynchronous HTTP request is sent to the web server for the voting data.\n3. The server queries the database and sends back the data (e.g., in JSON format).\n4. JavaScript parses the response and dynamically updates the DOM to display the results without page reload.\n\n(c)(ii)\nData Transmission Size: JSON is more compact because it uses simple key-value syntax, whereas XML requires verbose opening and closing tags, leading to a larger transmission payload.\nEase of Processing in JavaScript: JSON is natively supported by JavaScript and can be directly parsed into a JS object using JSON.parse(). XML requires parsing via a DOMParser, which is much more complex and computationally heavy in JS.

(a)(i) 1 mark for cookie storage location/risks, 1 mark for session storage location/security.\n(a)(ii) 1 mark for stating encryption prevents eavesdropping/tampering, 1 mark for naming asymmetric / public-key cryptography.\n(b) 1 mark for client-side (Validation 1) and server-side (Validation 2) correct allocation. 1.5 marks for explanation of Validation 1 (experience/bandwidth), 1.5 marks for explanation of Validation 2 (database security/bypassing client-side checks).\n(c)(i) 1 mark for background request initiation, 1 mark for server handling and data return, 1 mark for JS DOM update without reload.\n(c)(ii) 1 mark for JSON being smaller, 1 mark for why (no tags). 1 mark for JSON being native/easy, 1 mark for XML needing DOM parsing.

(a)(i) The base cases are when n == 0 or k == 0.\n(a)(ii) \n- solve(2, 2) = solve(1, 2) + solve(2, 1)\n- Evaluate solve(1, 2):\n Since n < k (1 < 2), solve(1, 2) = solve(1, 1)\n - solve(1, 1) = solve(0, 1) + solve(1, 0)\n - solve(0, 1) returns 1 (base case n == 0)\n - solve(1, 0) returns 1 (base case k == 0)\n - So, solve(1, 1) = 1 + 1 = 2, thus solve(1, 2) = 2\n- Evaluate solve(2, 1):\n - solve(2, 1) = solve(1, 1) + solve(2, 0)\n - We know solve(1, 1) = 2\n - solve(2, 0) returns 1 (base case k == 0)\n - So, solve(2, 1) = 2 + 1 = 3\n- Sum up: solve(2, 2) = 2 + 3 = 5.\n\n(b)(i) \nMethod 1: \(O(N^2)\)\nMethod 2: \(O(N)\)\n\n(b)(ii)\n```\nmin1 = infinity\nmin2 = infinity\nfor i from 0 to N-1 do\n if A[i] < min1 then\n min2 = min1\n min1 = A[i]\n else if A[i] < min2 then\n min2 = A[i]\n end if\nend for\nreturn min2\n```\n\n(b)(iii) \nMethod 1 with worst-case complexity \(O(N^2)\) will require around \(10^{12}\) operations when \(N = 10^6\), which will cause CPU timeout/performance bottleneck. Method 2 with \(O(N)\) complexity will execute in a fraction of a second requiring only around \(10^6\) operations, which is highly efficient and scalable.

(a)(i) 1 mark for identifying both base conditions (n == 0 or k == 0).\n(a)(ii) 1 mark for correct expansion of solve(2, 2), 1 mark for correct transition of solve(1, 2) -> solve(1, 1), 1 mark for resolving base cases to obtain intermediate values, 1 mark for correct final output 5.\n(b)(i) 1 mark for each correct time complexity (Method 1: O(N^2), Method 2: O(N)).\n(b)(ii) 1 mark for initializing tracking variables to a sufficiently large value. 1 mark for correct loop structure. 1.5 marks for correct if-clause to update min1 and shift to min2. 1.5 marks for correct else-if condition to update min2.\n(b)(iii) 1 mark for mentioning the difference in efficiency class (linear vs quadratic). 1 mark for stating that as N increases, quadratic time operations grow much faster than linear. 1 mark for indicating practical performance consequences (timeout / bottleneck).