Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cam Tech Level 2 IT - Unit 2 > Exam paper > Flashcards

Exam paper Flashcards

You may prefer our related Brainscape-certified flashcards:
Certified Sommelier Exam (CMS 2) flashcards
1
Q

Identify one possible target of a cyber security attack. (1 mark)

A
  • Individual (1)
  • Data / information (1)
  • Equipment (1)
  • Organisation (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Identify two purposes of cyber security. (2 marks)

A
  • To protect information / data (1)
  • To keep information / data confidential (1)
  • To maintain the integrity of information / data (1)
  • To maintain the availability of information / data (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Some of the data stored in an accounts spreadsheet has been deliberately changed.
Identify the type of cyber security incident that has occurred. (1 mark)

A

Data modification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Many organisations use the cloud to store files and folders.

Identify one reason why files and folders stored in the cloud should be kept secure.

A

To prevent them from being accessed by unauthorised users. (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A delivery company holds details of its customers in a database. The company has recently been
the target of a cyber-attack on its customer database.
During the attack, some of the data held in the customer database was deliberately removed.
Identify the type of cyber-attack that occurred. (1 mark)

A

• Data destruction (1)
OR
• Data theft (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A delivery company holds details of its customers in a database. The company has recently been
the target of a cyber-attack on its customer database.
During the attack, some of the data held in the customer database was deliberately removed.
Describe two impacts of this cyber-attack on the delivery company (4 marks)

A

• Loss of reputation and trust from customers (1)
who feel the company cannot be trusted with
their personal details (1)
• Customer decrease (1) as customers begin to use
alternative companies that have good security measures in place (1)
• May have to pay compensation (1) to customers
whose details have been removed/ affected (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In a cyber attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order.
Which type of cyber attacker would use this method? (1 mark)

A

Phisher (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In a cyber attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order.
Identify and describe the type of threat that has occurred during this cyber-attack. (3 marks)

A

Fake / hoax emails (1st)
One from:
• The link in the email can link to a fake website (1) that
contains malware / virus / (1)
• Customers can be asked to reveal private / personal
details (1) that can then be used for identity theft (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In a cyber attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order.
Legislation could be used to prosecute these cyber attackers.
Identify one act of legislation that could be used to prosecute these cyber attackers. (1 mark)

A

Computer Misuse Act (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Following the cyber-attacks, it has been recommended that the delivery company review its organisational policy on access management.
Describe two ways in which access management could be used to increase the safety of data held in the customer database. (4 marks)

A

• User/names (1) could be used to determine the level of
access to the database (1)
• Could be used to determine the actions that can be
carried out on the database (1) e.g. read
only/write/amend (1)
• Audit trails (1) could show who accesses the
database/what actions were carried out (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Progress Pets is an online shop that is run from the owner’s home. The broadband connection
is provided wirelessly through a router. The router provides the broadband access for the
family and does not require a password to join.
Orders from the online shop are placed via email with the order form as an attachment. The order form includes the customer contact and payment details as well as details of the goods
they wish to order.
. The website could be used as a platform by cyber attackers.
Describe the following type of cyber attacker and provide an example of how they could exploit the website.
Phisher (with example) (3 marks)

A

• Someone who pretends to be a business /
organisation/person (1) to try to get personal information from someone (1)
• Example: Pretends to be from the business asking for
clarification of payment details for an order (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Progress Pets is an online shop that is run from the owner’s home. The broadband connection
is provided wirelessly through a router. The router provides the broadband access for the
family and does not require a password to join.
Orders from the online shop are placed via email with the order form as an attachment. The order form includes the customer contact and payment details as well as details of the goods
they wish to order.
. The website could be used as a platform by cyber attackers.
Describe the following type of cyber attacker and provide an example of how they could exploit the website.
Scammer (with example) (3 marks)

A

• Someone who sets up a fraudulent website /business (1)
that may be very similar to the real website business (1)
• Example: Could copy the website but have a slightly
different web address, giving contact details of the fake
business (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data theft is one type of cyber security incident that might affect Progress Pets
Identify two other types of cyber security incidents that might affect it. (2 marks)

A
  • Data destruction (1)
  • Data manipulation (1)
  • Malware (1)
  • Social engineering/accept examples (1)
  • Unauthorised access (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To increase the level of cyber security and reduce vulnerabilities, different measures can be
taken by Progress Pets.
Identify one possible vulnerability of the Progress Pets website. (1 mark)

A
  • Hacking (1)
  • DoS (1)
  • Virus (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe how using a password to access the wireless router will increase the level of
cyber security for Progress Pets. (2 marks)

A

• When combined with user name (1) the password and
user name need to be correct (1)
• People who do not live at the house / passers-by (1) will
not be able to access the connection (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identify two other logical protection measures which could be implemented and explain how these
could be used by the owner of Progress Pets (4 marks)

A

• Anti-virus software (1st) to scan all incoming emails/
attachment and move any suspicious files (1)
• Encryption (1st) to ensure that all information and data
held on the computer system is kept secure and if
intercepted cannot be understood (1)
• Firewall (1st) to control the data that can/cannot enter
the system and protect it from threats and attacks (1)
• Secure backups of data (1st) should be carried out
regularly with the backup stored away from the system in
a safe place (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Identify one physical protection measure that could be implemented and explain how this
could be used by the owner of Progress Pets. (2 marks)

A

• Locks on doors (1st) to keep computer equipment used
for Progress Pets secure (1)
• Device locks (1st) to ensure that no-one can use a flash
drive/memory stick etc. that may contain a virus (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Discuss the impacts on customers of Progress Pets if their order forms were hacked. (9 marks)

A

• Personal data is held on the order form, so identity theft
may occur
• Payment details can lead to theft of money if card details
are provided
• Customers may not use the business again as they have
no trust in the security
• Identity theft can lead to, for example, debts being run
up passports being issued in error identity being used for
criminal activity etc.
• Credit/debit cards/bank accounts etc. may need to be changed, this can take time and cause financial upset
/inconvenience
• Passwords/user names on other websites may need to be changed, this can take time and cause distress/
inconvenience
• Customers could sue the owner of the online shop for
distress and inconvenience caused

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Identify two reasons why cyber security is important to an individual 2 marks)

A
  • To protect personal data / keep data safe (1)
  • To stay safe online (1)
  • To avoid financial loss (1)
  • To avoid identity theft(1)
  • Stops unauthorised access (1)
  • Protect hardware (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Data in a sports club database has been deleted without authorisation.
Identify the type of cyber security incident which has occurred. (1 mark)

A

• Data destruction (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Identify two motivations of a cyber criminal (2 marks)

A
  • Financial gain (1)
  • Publicity (1)
  • Fraud (1)
  • Espionage (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A cafe offers customers free Wi-Fi access. Customers do not need to enter a password to access the Wi-Fi.
Identify and describe one intentional cyber security incident which may occur at the cafe. (3 marks)

A
  • Hacking (1st) by an individual (1) into the unsecured Wi-Fi(1)
  • DoS (1st) by bombarding the servers (1) with (useless) traffic(1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A cafe offers customers free Wi-Fi access. Customers do not need to enter a password to access the Wi-Fi.
Customers may download files from unauthorised websites when using the Wi-Fi.
Identify and describe one other accidental cyber security incident which may occur when the Wi-Fi at the cafe is used. (3 marks)

A

• Responding to a fake email (1st) which triggers an attack (1) e.g. virus / malware / spyware (1)
• Clicking on a hyperlink (1st) in an email / fake website (1) which can download a virus (1)
Use of a portable storage device (1st) which may contain a virus (1) which could spread to the network (1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The owners of a cafe have been advised to increase the cafe’s cyber security.
Explain two reasons why the owners would increase the cafe’s cyber security. (4 marks)

A
  • To protect (1) information / data (1)
  • To keep information / data (1) confidential (1)
  • To maintain (1) the integrity / availability of information / data (1)
  • To protect the network / data / computer equipment (1) from cyber attacks / hacking / infection from viruses (1)
  • To prevent unauthorised users (1) gaining access (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Other than customers, identify two possible targets at a cafe for a cyber security attack. (2 marks)

A
  • Data / Information (1)
  • Equipment (1)
  • Staff (1)
  • Owner (1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Cyber security can be increased by providing customers with a strong password for access to the Wi-Fi.
Describe one characteristic of a strong password (2 marks)

A
  • Mixture (1) of upper and lower case letters (1)
  • Includes (1) numbers / special characters (1)
  • Cannot be linked to the cafe (1) eg. the name (1)
  • not recognisable word (1) e.g. XYP9!F
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A company’s customers have reported they are receiving emails from that company asking them to download an attachment.
Identify and describe one type of threat which could occur if customers did download the attachment. (3 marks)

A
  • Receive a virus (1st) which could infect the system (1) or be passed to contacts (1)
  • Download spyware (1st) which would be a threat to security (1) by disclosing codes and other information (1)
  • Be a victim of hacking (1st) which would allow others to steal information (1) and use it for their own benefit (1)
28
Q

A pet store’s web page contains the owners’ names and contact details with their pet names.
Identify the act which covers the holding of these personal details. (1 mark)

A

• Data protection act (DPA) (1)

29
Q

Explain how having no security on a pet store’s web page breaks the act you have identified in the previous question. (3 marks)

A

• Data must be kept secure (1) by having no security on the web page (1) anyone can see the owner’s details (1)

30
Q

The pet store is looking to implement an Acceptable Use Policy for its staff.
Describe, giving an example, what is meant by an Acceptable Use Policy (3 marks)

A
  • Guidelines and instructions (1) relating to the use of email / Internet (1)
  • Describes what staff can use (1) cannot use (1) e.g the email / internet for whilst at work (1)
  • Example - facebook (1) e.g. not using the company’s email for personal reasons / accessing social media from work
31
Q

A company has been advised to move the server to a room and implement physical security protection measures.
Identify one physical security protection measure which could be implemented. (1 mark)

A
  • Locking the server room (1)
  • Using a keypad (1)
  • RFID staff badges (1)
  • Biometric
32
Q

Explain how physical security measures identified in the previous answer can protect a server. (3 marks)

A
  • Locking the server room - keys to room (1) can be kept secure (1) so that only staff who are authorised can access the room (1)
  • Using a keypad - keypad number (1) is known only (1) by staff who need to access the room (1)
  • RFID staff badges - badges can be given to authorised staff (1) to allow them to enter the server room (1) and provides an audit of who entered the room (1)
  • Biometric - Use of face / fingerprint (1) to allow access (1) to authorised individuals (!)
33
Q

A cyber security incident has occurred on a company’s website.
Discuss the possible impacts of cyber security incidents on that company. (9 marks)

A
  • Loss of reputation as customers will see them as unreliable.
  • Lack of trust from owners as they feel their details are not safe
  • Loss of business data / information meaning that, unless these are backed up, details may have to be gathered again
  • Possibility of website being used by scammers to defraud customers who are not aware of issues, leading to further loss of trust and reputation
  • Decrease in revenue as customers change to another company.
34
Q

Cyber security aims to protect networks.

Identify TWO OTHER items that cyber security is designed to protect.

A
  • Computers (1)
  • Programs (1)
  • Data (1)
  • Information (1)
  • Individuals / People / Employees / Customers (1)
35
Q

A cyber security attack has resulted in records being removed.
What type of cyber security incident has occurred?

A
  • (Data) theft (1)
  • Deletion (1)
  • Destruction (1)
36
Q

Unauthorised access has been made to computer materials stored on a network.
Which Act has been broken?

A

Computer Misuse Act (1)

37
Q

One purpose of cyber security is to keep data and information confidential.
Identify one other purpose of cyber security.

A
  • To maintain the integrity of information/data (1)
  • To maintain the availability of information/data (1)
  • To protect information/data (1)
38
Q

An ice cream seller has a number of shops. Each shop has several computer devices on a network connected to the Internet. The computer devices can be used to check stock levels of ice cream and, using supplier details stored on the devices, to order more. The devices are also used to process customers’ online orders.
The shops have been targeted by a cyber security attack. The attack caused a Denial of Service (DoS)
Identify the type of vulnerability that can lead to a Denial of Service (DoS) threat.

A

System

39
Q

Describe how a Denial of Service (DoS( attack can occur (3 marks)

A

The network will be flooded (1) with traffic (1) making it

unavailable to users (1) server cannot handle traffic (1)

40
Q

The shops’ services have suffered disruption following the Denial of Service (DoS) attack.
Identify and describe ONE disruption impact of the Denial of Service (DoS) on the shops. (3 marks)

A

• Operational (1) Data may have been lost during the
attack (1) it will take time to install any backups of data(1)
• Operational (1) the backups may not include the most upto-date data (1) so there may be a time delay to recover
the latest data (1)
• Commercial (1) the shops will not be able to fully carry
out (1) the day-to-day running of the shops (1)
• Financial (1) customers may not be able to place orders
for ice cream (1) leading to loss of revenue (1)
• Financial (1) increased costs may be incurred (1) as the
shops have to improve the security (1)
• Financial (1) customers cannot place orders (1) loss of
reputation (1)

(You must identify the type of impact before you describe it)

41
Q

One other threat to the network is a botnet.

Describe what is meant by a botnet. (3 marks)

A

• A type of malware (1) that allows an attacker to take
control of a system (1) without the users knowledge (1)
• Group of computers (1) infected with malware (1)
controlled by third party (1)

42
Q

During the attack, malware was installed on the network.

Identify TWO types of malware.

A
  • Virus (1)
  • Trojan (1)
  • Ransomware (1)
  • Adware (1)
  • Spyware (1)
43
Q

Some ice cream suppliers have received emails asking them to click on a link and provide their bank account details.
Identify and describe the type of attacker that uses this method.(3 marks)

A

• Phisher (1st)
• The emails pretend to be from the ice cream shops (1)
• The link in the email (1) takes the supplier to a fake
website (1)
• To get them to enter personal information (1) into a fake
website (1)

44
Q

An online TV and film streaming business operates a subscription service that can be accessed using an app. Customers select the streaming package they would like, input their personal and bank details and then have access to a one-month free trial. When the trial has ended the customer’s bank account is debited each month with the cost of the streaming service. These details are stored in a database. The customer relations team have access to this database in case of any customer queries.
The app is also used to log-in to the service to change their package or cancel their subscription.
Customers access the TV programmes and films by inputting their email address and password.
Identify TWO reasons why it is important that the streaming business has cyber security.

A

• Customer personal / payment details are stored (1)
• Customer personal / payment details must be kept secure
(1)
• Business data must be kept secure (1)
• To meet legislative requirements (1)

45
Q

Identify and describe ONE type of attacker who may be a threat to the streaming business. (3 marks)

A

• Hacker/Cyber criminal / cyber terrorist (1st)
• (Hackers) find a weakness in a computer system (1) and
exploits / gains unauthorised access (1)
• Uses their technical knowledge (1)

46
Q

Identify ONE possible motivation of the attacker.

A
  • Financial gain (1)
  • Publicity (1)
  • Fraud (1)
  • Espionage (1)
  • Revenge (1)
47
Q

Some customers of the streaming service have reported that the films that they are streaming contain unexpected images of dogs.
Identify and describe the type of threat that may have occurred. (3 marks)

A

• Virus/Malware (1st)
o Files / films are infected (1) when the file / film is
streamed the virus is included (1)
• Insider (1st)
o Employee from within the organisation (1)
changed the file before it was uploaded (1)
• Unauthorised access /hacker (1st)
o Accessed the system (1) without authorisation (1)
changed the contents of the file (1)

The type of threat must be correct before marks for the
description can be awarded.

48
Q

Identify and describe ONE logical prevention measure that could be used to stop this type of attack. (3 marks)

A

• Anti-virus software (1st)
o Tries to detect a virus (1) before it enters the
system (1)
o If a virus is detected (1) it is removed /
quarantined (1)
• Passwords (1st)
o Required before access is granted (1)
combination of letters and numbers (1) can be
biometric (1)
• Any other valid suggestion

49
Q

Explain how this threat to the streaming service could have been accidentally started. (3 marks)

A

• By clicking a link (1) in an email (1) which downloads a
virus to the files / films / TV programmes (1)
• Downloading files (1) from a website (1) which includes a virus which is installed when the file is saved (1)
• Employee overlooked for promotion (1) not monitored (1) and takes revenge (1)

50
Q

Following the attack, some customers reported that their email address was no longer recognised.
Identify the type of cyber security incident that may have occurred.

A
  • Data destruction/erasure (1)

* Data modification (1)

51
Q

The streaming business has introduced a Code of Conduct for its customer relations team.
Discuss how the Code of Conduct could help the customer relations team increase the security of the customer details in the database. (9 marks)

A

• CoC sets out what is and is not acceptable behaviour
• Sets down policy and procedures relating to the operation of the customer relations team and how customer data should be processed / accessed.
• All team members will have access to the CoC
• May have to sign that they have read and understood the contents
• This agreement can be used in case of any breach by a team member
• Defines how customer data can be collected / used
• Explains the security procedures that have to be carried out when dealing with customers e.g. asking security questions
• Defines how customer data should be processed and
stored

7-9 marks
Learner has shown a detailed level of understanding
by discussing how a CoC will increase security.
Relevant and appropriate examples are provided.
Specialist terms will be used correctly and
appropriately.
4-6 marks
Learner has shown a good level of understanding by
describing how a CoC will increase security.
Descriptions may be limited in depth in the
expansion(s).
Some relevant examples are provided although these
may not always be appropriate.
Specialist terms will be used appropriately and for the
most part correctly.
1-3 marks
Learner has identified points relevant to the use of a
CoC to increase security.
This may take the form of a bulleted list.
Examples, if used, may lack relevance.
There will be little, if any, use of specialist terms.

52
Q

One type of cyber security incident is data manipulation.

Identify TWO OTHER types of cyber security incidents.

A
  • Data destruction (1)
  • Data modification (1)
  • Data theft (1)
  • Denial of service (1)
  • Phishing (1)
  • Pharming (1)
53
Q

An organisation is one target for a cyber security attack.

Identify TWO OTHER targets for a cyber security attack.

A
  • Individuals (1)
  • Data (1)
  • Information (1)
  • Equipment (1)
  • System (1)
54
Q

One purpose of cyber security is to maintain the integrity of information and data.
Identify ONE OTHER purpose of cyber security.

A
  • To protect information/data (1)
  • To keep information/data confidential (1)
  • To protect system from infection (1)
  • To maintain the availability of information/data (1)
  • To protect identity/prevent identity theft (1)
55
Q

A cinema has a website with all the pages using the same colours and logo. The website allows customers to book and pay for tickets to see films. Customers must register and provide an email address to book tickets. The customers can select the film they want to see and the seats they want to sit in. Payments for the tickets are made using a credit or debit card.
Some customers have reported that when they navigate to the booking page of the website it does not use the same colours and logo as the homepage.
Identify the type of threat that may have occurred.

A
  • Fraudulent websites (1)
  • Fraudulent webpage (1)
  • Pharming (1)
56
Q

Explain how the threat identified in the previous card may have accidentally occurred. (3 marks)

A

• Customers clicking (1) on a rogue hyperlink (1) on the
website (1)
• Customer is redirected (1) from the genuine/real site (1) to a fake site (1)

57
Q

Other than the threat you described in the previous flashcard, identify and describe one other type of threat that may occur. (3 marks)

A

• Identity theft (1st) customer details could be stolen (1)
when inputting details on the fraudulent booking webpage(1)
• Virus (1st) the fraudulent booking webpage may
download (1) a virus when customers input details /
submit the booking request (1)
• Hoax emails (1st) when customer input their email
address (1) this could be used by the cyber attackers (1)
• Denial of service (1) disruption to the service (1) by
overloading the server with requests (1)

58
Q

Some customers have been receiving emails asking for money to be paid to keep using the online booking page.
Identify and describe the type of cyber attacker that is sending the emails. (3 marks)

A

• Scammer (1st)
• A person who attempts to steal money (1) by deception/
tricking the victim (1)
• Phisher (1st)
• Poses an employee (1) to get customer to give up
details/sends fake emails (1)

59
Q

Identify and describe one other possible target of a cyber security attack. (3 marks)

A
  • Data/information (1st) customer records / financial / film history (1) held by the cinema (1)
  • Equipment (1st) storage devices (1) used to hold records / run the website (1)
60
Q

Explain how encryption can be used to keep the credit and debit card details secure. (3 marks)

A

• Scrambles / (1) the card number / start / end dates / CVO number(1) so that they are unreadable / not
understandable (1)
• these can only be unscrambled / decrypted (1) by using an encryption code (1)
• If the card details are accessed (1) by someone without
the encryption code (1) then they will be meaningless (1)

61
Q

An electricity supplier holds customer records in a secure cloud storage area. The records hold personal, contact and bank details for each customer. The records also include electricity bill information and payment history.
Each customer has a unique user name and password for access to the secure cloud area. Customers can only access their own customer record. The customer record is used by customers for entering an electricity meter reading and for paying the electricity bill.
Identify TWO reasons why it is important that the electricity supplier uses cyber security for the cloud storage area.

A

• Customer personal details are stored (1)
• Customer payment details are stored (1)
• To meet legislative requirements/GDPR/Data Protection
(1)
• To protect customer information/data (1)
• To keep customer information/data confidential (1)
• To maintain the integrity of customer information/data (1)
• To prevent virus destroying/accessing customer data (1)

62
Q

The electricity supplier tasks secure backups of data each day.
Describe how the secure backups of customer records could be used by the electricity supplier after a cyber security attack. (3 marks)

A

• Backup could be used to restore customer records (1)
depending on when the backup was taken (1) little
customer record data may be missing (1)
• Backups may be securely stored (1) so may not have
been affected by the attack. (1) meaning the data will not be lost (1)

63
Q

The electricity supplier uses logical protection measures to protect the customer records. It uses user names and passwords as well as secure backups of data and encryption.
Identify and describe TWO OTHER logical protection measures that could be used to protect the customer records. (6 marks)

A

• Access rights and permissions (1st) based on usernames (1) which limit accessibility to records (1)
• (token) authentication (1st) when the username /
password is input (1) a token / code is emailed to the
account to be input before access is granted (1)
• Anti-virus software (1st) checks for any viruses (1) and
alerts user / automatically quarantines them (1)
• Firewalls (1st) monitors traffic into and out of the cloud
storage area (1) and if traffic doesn’t meet the rules it is
denied access (1)
• Token authentication (1) additional layer of security (1)
message sent to second device (1)

1st mark for the protection method, up to 2 for
description. Must be appropriate to securing the cloud-based customer records

64
Q

A cyber attacker has placed a ‘worm’ on the cloud storage area.
Describe what is meant by a worm. (2 marks)

A

• A program that replicates itself (1) so it can spread to
other computer devices (1)
• Deletes data (1)

65
Q

Identify TWO motivations of the cyber attacker who infected the secure cloud storage area with the worm. (2 marks)

A 
• Financial gain (1)
• Publicity (1)
• Fraud (1)
• Malicious intent (1)
Not espionage or political
66
Q

A cyber security attack has taken place on the cloud storage area and customer records have been accessed.
Discuss how the financial disruption caused by the cyber security attack could affect the electricity supplier and its customers. (9 marks)

A

Supplier
• Customers’ electricity readings may have been changed
so bills are inaccurate
• Payments may be delayed
• Difficulty in identifying which records have been edited /
deleted
• Extra staff may be needed to investigate / solve the
issues caused
• Some payments may be made twice so supplier will need
to refund the extra payment
• The backup may not be fully up to date depending on the
time difference between the backup being taken and the
attack
• Any other valid suggestion
Customers
• Incorrect bills may be issued meaning payments are
wrong
• Payments may be missed leading to issues with credit
referencing
• Payments made may not be on the customer records
• Identity theft may occur as contact details may have been accessed
• Bank details are stored so accounts may be accessed, and money stolen
• Credit cards / loans may be taken out by the attackers with no knowledge of the customers

7-9 marks
Learner has shown a detailed level of understanding
by discussing the disruption that may occur.
The supplier and customers are considered
Relevant and appropriate examples are provided.
Specialist terms will be used correctly and
appropriately.
4-6 marks
Learner has shown a good level of understanding by
explaining the disruption that may occur. Explanations
may be limited in depth in the expansion(s).
The supplier and / or the customer are considered.
Some relevant examples are provided although these
may not always be appropriate.
Specialist terms will be used appropriately and for the
most part correctly.
1-3 marks
Learner has identified points relevant to the disruption
that may occur.
This may take the form of a bulleted list.
Examples, if used, may lack relevance.
There will be little, if any, use of specialist terms.

Cam Tech Level 2 IT - Unit 2 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions